packages/k3s-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:ea5910431bee8af21dd8766f083233df8cdcd663
Branches Tags
packages:main
...
compare: packages:605996091f1b7a424e3751809a12be8090be90d3
Branches Tags
packages:main

12 Commits
ea5910431b ... 605996091f

Author SHA1 Message Date
openeuler-ci-bot
605996091f
!18 [sync] PR-17: Fix CVE-2023-25153 
From: @openeuler-sync-bot 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2024-03-18 06:20:25 +00:00
bwzhang
00428ed060 Fix CVE-2023-25153 
(cherry picked from commit 4b551d551bfde35da03b591b6a3953e235f21d02)
 2024-03-13 16:50:19 +08:00
openeuler-ci-bot
fdffe99b04
!14 Update sys to v0.4.0 
From: @huajingyun 
Reviewed-by: @wangyueliang 
Signed-off-by: @wangyueliang
 2023-07-13 05:33:10 +00:00
Jingyun Hua
d92bc6cd4f Update sys to v0.4.0 2023-07-13 01:56:36 +00:00
openeuler-ci-bot
a6c7989bd9
!13 add loong64 support 
From: @huajingyun 
Reviewed-by: @yangzhao_kl 
Signed-off-by: @yangzhao_kl
 2023-07-11 12:06:18 +00:00
Jingyun Hua
3d5303cb1b Add loong64 support 
Signed-off-by: Jingyun Hua <huajingyun@loongson.cn>
 2023-06-06 06:13:09 +00:00
openeuler-ci-bot
685b8cebe7
!10 [sync] PR-9: Add PIE,BIND_NOW,RELRO secure compilation options 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
 2023-03-03 11:11:47 +00:00
wk333
1ac70eb50b Add PIE,BIND_NOW,RELRO secure compilation options 
(cherry picked from commit e5cbee4500453efb9393b5c621e276fe06c6a395)
 2023-03-03 16:27:59 +08:00
openeuler-ci-bot
4d865d467e
!7 License compliance rectification 
From: @lauk001 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2022-08-03 08:29:23 +00:00
openeuler-ci-bot
5463144402
!4 Add src code to package ,which is dependented by k3s 
From: @wang--ge 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2022-08-03 07:36:16 +00:00
lauk001
79293efb2f License compliance rectification 2022-08-03 13:45:36 +08:00
wang--ge
bd1d7ba729 add src code to package, which is dependented by k3s 2022-08-03 11:12:22 +08:00
4 changed files with 104 additions and 5 deletions
Show Stats Expand all files Collapse all files

36
0001-Fix-CVE-2023-25153.patch Normal file
View File

@ -0,0 +1,36 @@
From e1ec32e24f11bb3f003ef876e404777c1041349b Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Wed, 13 Mar 2024 15:03:38 +0800
Subject: [PATCH] Fix CVE-2023-25153
---
images/archive/importer.go | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/images/archive/importer.go b/images/archive/importer.go
index c531049..8ba3206 100644
--- a/images/archive/importer.go
+++ b/images/archive/importer.go
@@ -232,12 +232,14 @@ func ImportIndex(ctx context.Context, store content.Store, reader io.Reader, opt
return writeManifest(ctx, store, idx, ocispec.MediaTypeImageIndex)
}
+const (
+ kib = 1024
+ mib = 1024 * kib
+ jsonLimit = 20 * mib
+)
+
func onUntarJSON(r io.Reader, j interface{}) error {
- b, err := io.ReadAll(r)
- if err != nil {
- return err
- }
- return json.Unmarshal(b, j)
+ return json.NewDecoder(io.LimitReader(r, jsonLimit)).Decode(j)
}
func onUntarBlob(ctx context.Context, r io.Reader, store content.Ingester, size int64, ref string) (digest.Digest, error) {
--
2.20.1

28
bbolt-add-loong64-support.patch Normal file
View File

@ -0,0 +1,28 @@
From 1dea428808d6a7bbc01c891649bad93adb012eb0 Mon Sep 17 00:00:00 2001
From: Jingyun Hua <huajingyun@loongson.cn>
Date: Thu, 1 Jun 2023 06:52:55 +0000
Subject: [PATCH] bbolt:add loong64 support
---
vendor/go.etcd.io/bbolt/bolt_loong64.go | 10 ++++++++++
1 file changed, 10 insertions(+)
create mode 100644 vendor/go.etcd.io/bbolt/bolt_loong64.go
diff --git a/vendor/go.etcd.io/bbolt/bolt_loong64.go b/vendor/go.etcd.io/bbolt/bolt_loong64.go
new file mode 100644
index 0000000..31c17c1
--- /dev/null
+++ b/vendor/go.etcd.io/bbolt/bolt_loong64.go
@@ -0,0 +1,10 @@
+//go:build loong64
+// +build loong64
+
+package bbolt
+
+// maxMapSize represents the largest mmap size supported by Bolt.
+const maxMapSize = 0xFFFFFFFFFFFF // 256TB
+
+// maxAllocSize is the size used when creating array pointers.
+const maxAllocSize = 0x7FFFFFFF
--
2.33.0

45
k3s-containerd.spec
View File

@ -3,11 +3,16 @@
%global version_suffix k3s1 %global version_suffix k3s1
Version: 1.6.6 Version: 1.6.6
Name: k3s-containerd Name: k3s-containerd
Release: 1 Release: 7
Summary: An industry-standard container runtime Summary: An industry-standard container runtime
License: Apache 2.0 License: Apache-2.0
URL: https://github.com/k3s-io/containerd URL: https://github.com/k3s-io/containerd
Source0: https://github.com/k3s-io/containerd/archive/refs/tags/v%{version}-%{version_suffix}.tar.gz Source0: https://github.com/k3s-io/containerd/archive/refs/tags/v%{version}-%{version_suffix}.tar.gz
#source1 from https://github.com/golang/sys version: v0.4.0
Source1: sys.tar.gz
Patch0: bbolt-add-loong64-support.patch
Patch0001: 0001-Fix-CVE-2023-25153.patch
BuildRequires: golang glibc-static make btrfs-progs-devel BuildRequires: golang glibc-static make btrfs-progs-devel
@ -19,7 +24,11 @@ system: image transfer and storage, container execution and supervision,
low-level storage and network attachments, etc. low-level storage and network attachments, etc.
%prep %prep
%autosetup -n containerd-%{version}-%{version_suffix} %autosetup -n containerd-%{version}-%{version_suffix} -p1
%ifarch loongarch64
rm -rf vendor/golang.org/x/sys
tar -xf %{SOURCE1} -C vendor/golang.org/x/
%endif
%build %build
mkdir -p k3s-containerd/bin mkdir -p k3s-containerd/bin
@ -53,15 +62,41 @@ VERSIONFLAGS="
TAGS="apparmor seccomp netgo osusergo providerless urfave_cli_no_docs" TAGS="apparmor seccomp netgo osusergo providerless urfave_cli_no_docs"
LDFLAGS=" -w -s" LDFLAGS=" -w -s"
CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd
CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd-shim-runc-v2 CGO_ENABLED=1 go build -buildmode=pie -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS -linkmode=external -extldflags '-Wl,-z,relro -Wl,-z,now'" -o k3s-containerd/bin ./cmd/containerd-shim-runc-v2
%install %install
install -d -p %{buildroot}%{_libexecdir}/containerd/ install -d -p %{buildroot}%{_libexecdir}/containerd/
cp k3s-containerd/bin/* %{buildroot}%{_libexecdir}/containerd/ cp k3s-containerd/bin/* %{buildroot}%{_libexecdir}/containerd/
mkdir -p %{buildroot}%{_libexecdir}/containerd/containerd-%{version}
cp -rf %{_builddir}/containerd-%{version}-%{version_suffix}/. %{buildroot}%{_libexecdir}/containerd/containerd-%{version}
%files %files
%{_libexecdir}/containerd/* %{_libexecdir}/containerd/containerd
%{_libexecdir}/containerd/containerd-shim-runc-v2
%{_libexecdir}/containerd/containerd-%{version}/.
%changelog %changelog
* Wed Mar 13 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2023-25153
* Wed Jul 12 2023 huajingyun <huajingyun@loongson.cn> - 1.6.6-k3s1-6
- Update sys to v0.4.0
* Tue Jun 06 2023 huajingyun <huajingyun@loongson.cn> - 1.6.6-k3s1-5
- Add loong64 support
* Fri Mar 03 2023 wangkai <wangkai385@h-partners.com> - 1.6.6-k3s1-4
- Add PIE,BIND_NOW,RELRO secure compilation options
* Wed Aug 03 2022 liukuo <liukuo@kylinos.cn> - 1.6.6-k3s1-3
- License compliance rectification
* Tue Aug 02 2022 Ge Wang <wangge20@h-partners.com> - 1.6.6-k3s1-2
- Add src code to package, which is dependended by k3s
* Fri Jul 22 2022 Ge Wang <wangge20@h-partners.com> - 1.6.6-k3s1-1 * Fri Jul 22 2022 Ge Wang <wangge20@h-partners.com> - 1.6.6-k3s1-1
- Init package - Init package

BIN
sys.tar.gz Normal file
View File

Binary file not shown.