Compare commits
No commits in common. "imports/c9/buildah-1.24.2-4.el9_0" and "c8-stream-1.0" have entirely different histories.
imports/c9
...
c8-stream-
|
@ -1 +1 @@
|
|||
09993f8aad3024403e1e2aa76aa3d11d1023cceb SOURCES/release-1.24-7b559a3.tar.gz
|
||||
d3fcf1950a92f35210dc390cde164f6e428826d1 SOURCES/buildah-e94b4f9.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
SOURCES/release-1.24-7b559a3.tar.gz
|
||||
SOURCES/buildah-e94b4f9.tar.gz
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
From 840e7dad513b86f454573ad415701c0199f78d30 Mon Sep 17 00:00:00 2001
|
||||
From: TomSweeneyRedHat <tsweeney@redhat.com>
|
||||
Date: Tue, 24 Mar 2020 20:10:22 -0400
|
||||
Subject: [PATCH] Fix potential CVE in tarfile w/ symlink
|
||||
|
||||
Stealing @nalind 's workaround to avoid refetching
|
||||
content after a file read failure. Under the right
|
||||
circumstances that could be a symlink to a file meant
|
||||
to overwrite a good file with bad data.
|
||||
|
||||
Testing:
|
||||
```
|
||||
goodstuff
|
||||
|
||||
[1] 14901
|
||||
|
||||
127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 -
|
||||
127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 -
|
||||
no FROM statement found
|
||||
|
||||
goodstuff
|
||||
```
|
||||
|
||||
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
||||
---
|
||||
imagebuildah/util.go | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff -up a/imagebuildah/util.go.CVE-2020-10696 b/imagebuildah/util.go
|
||||
--- a/imagebuildah/util.go.CVE-2020-10696
|
||||
+++ b/imagebuildah/util.go
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
|
||||
"github.com/containers/buildah"
|
||||
"github.com/containers/storage/pkg/chrootarchive"
|
||||
+ "github.com/containers/storage/pkg/ioutils"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
@@ -47,7 +48,7 @@ func downloadToDirectory(url, dir string
|
||||
}
|
||||
dockerfile := filepath.Join(dir, "Dockerfile")
|
||||
// Assume this is a Dockerfile
|
||||
- if err := ioutil.WriteFile(dockerfile, body, 0600); err != nil {
|
||||
+ if err := ioutils.AtomicWriteFile(dockerfile, body, 0600); err != nil {
|
||||
return errors.Wrapf(err, "Failed to write %q to %q", url, dockerfile)
|
||||
}
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
From eedab4fd872c3be8ab15af767897f92c78a71fde Mon Sep 17 00:00:00 2001
|
||||
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
||||
Date: Mon, 21 Feb 2022 14:58:40 -0500
|
||||
Subject: [PATCH] helpers.bash: Use correct syntax
|
||||
|
||||
Fixes gating test failure:
|
||||
```
|
||||
/usr/share/buildah/test/system/./helpers.bash: line 474: !is_cgroupsv2: command not found
|
||||
```
|
||||
|
||||
Co-authored-by: Yiqiao Pu <ypu@redhat.com>
|
||||
|
||||
I'm just the committer.
|
||||
|
||||
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
||||
---
|
||||
tests/helpers.bash | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/helpers.bash b/tests/helpers.bash
|
||||
index bd2794c974..3e72108bec 100644
|
||||
--- a/tests/helpers.bash
|
||||
+++ b/tests/helpers.bash
|
||||
@@ -433,9 +433,9 @@ function skip_if_rootless() {
|
||||
##################################
|
||||
function skip_if_rootless_and_cgroupv1() {
|
||||
if test "$BUILDAH_ISOLATION" = "rootless"; then
|
||||
- if !is_cgroupsv2; then
|
||||
- skip "${1:-test does not work when \$BUILDAH_ISOLATION = rootless} and not cgroupv2"
|
||||
- fi
|
||||
+ if ! is_cgroupsv2; then
|
||||
+ skip "${1:-test does not work when \$BUILDAH_ISOLATION = rootless} and not cgroupv2"
|
||||
+ fi
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -471,7 +471,7 @@ function skip_if_cgroupsv2() {
|
||||
# skip_if_cgroupsv1 # Some tests don't work with cgroupsv1
|
||||
#######################
|
||||
function skip_if_cgroupsv1() {
|
||||
- if !is_cgroupsv2; then
|
||||
+ if ! is_cgroupsv2; then
|
||||
skip "${1:-test does not work with cgroups v1}"
|
||||
fi
|
||||
}
|
2631
SPECS/buildah.spec
2631
SPECS/buildah.spec
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue