From 89330e0c06767f5baa1cfa114d1caa3a14c02979 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 3 Nov 2020 07:08:24 -0500 Subject: [PATCH] import podman-1.0.0-6.git921f98f.module+el8.3.0+8236+8e428216 --- SOURCES/podman-1882267.patch | 23 +++++++++++++++++++++++ SPECS/podman.spec | 15 +++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 SOURCES/podman-1882267.patch diff --git a/SOURCES/podman-1882267.patch b/SOURCES/podman-1882267.patch new file mode 100644 index 0000000..f0fd7b0 --- /dev/null +++ b/SOURCES/podman-1882267.patch @@ -0,0 +1,23 @@ +From bc5be3ca10cd4c147955fadd2586b5dd8ad0eeea Mon Sep 17 00:00:00 2001 +From: Matthew Heon +Date: Thu, 24 Sep 2020 10:42:13 -0400 +Subject: [PATCH] Fix https://bugzilla.redhat.com/show_bug.cgi?id=1882267 + +Signed-off-by: Matthew Heon +--- + cmd/podman/sigproxy.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmd/podman/sigproxy.go b/cmd/podman/sigproxy.go +index 16861bad04..92d7f4e4a9 100644 +--- a/cmd/podman/sigproxy.go ++++ b/cmd/podman/sigproxy.go +@@ -19,7 +19,7 @@ func ProxySignals(ctr *libpod.Container) { + for s := range sigBuffer { + // Ignore SIGCHLD and SIGPIPE - these are mostly likely + // intended for the podman command itself. +- if s == signal.SIGCHLD || s == signal.SIGPIPE { ++ if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG { + continue + } + diff --git a/SPECS/podman.spec b/SPECS/podman.spec index aaa8a14..e5d2d43 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -36,7 +36,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUIL Name: podman Version: 1.0.0 -Release: 4.git%{shortcommit}%{?dist} +Release: 6.git%{shortcommit}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 URL: %{git_podman} @@ -45,6 +45,9 @@ Source1: %{git_conmon}/archive/%{commit_conmon}/cri-o-%{shortcommit_conmon}.tar. # tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 # backported: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed.patch Patch0: podman-CVE-2020-10696.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1882267 +# patch: https://github.com/mheon/libpod/commit/bc5be3ca10cd4c147955fadd2586b5dd8ad0eeea.patch +Patch1: podman-1882267.patch # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required #ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} @@ -283,9 +286,17 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_mandir}/man1/docker*.1* %changelog +* Thu Sep 24 2020 Jindrich Novy - 1.0.0-6.git921f98f +- fix "podman run errors out/segfaults in container-tools-1.0-8.3.0" +- Resolves: #1882267 + +* Fri Jun 26 2020 Jindrich Novy - 1.0.0-5.git921f98f +- bump release to preserve upgrade path +- Resolves: #1821193 + * Fri Apr 03 2020 Jindrich Novy - 1.0.0-4.git921f98f - fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process" -- Resolves: #1819429 +- Resolves: #1818122 * Thu Nov 28 2019 Jindrich Novy - 1.0.0-3.git921f98f - rebuild because of CVE-2019-9512 and CVE-2019-9514