From 06ebc724ef7838f4c7c14df919bb4a4e2a46fae1 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 11:42:05 -0400 Subject: [PATCH] import skopeo-0.1.32-6.git1715c90.module+el8.3.0+8236+8e428216 --- SOURCES/skopeo-CVE-2019-10214.patch | 16 ---------------- SPECS/skopeo.spec | 23 ++++++++--------------- 2 files changed, 8 insertions(+), 31 deletions(-) delete mode 100644 SOURCES/skopeo-CVE-2019-10214.patch diff --git a/SOURCES/skopeo-CVE-2019-10214.patch b/SOURCES/skopeo-CVE-2019-10214.patch deleted file mode 100644 index 8450aaf..0000000 --- a/SOURCES/skopeo-CVE-2019-10214.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up ./skopeo-1715c9084124875cb71f006916396e3c7d03014e/vendor/github.com/containers/image/docker/docker_client.go.CVE-2019-10214 ./skopeo-1715c9084124875cb71f006916396e3c7d03014e/vendor/github.com/containers/image/docker/docker_client.go ---- ./skopeo-1715c9084124875cb71f006916396e3c7d03014e/vendor/github.com/containers/image/docker/docker_client.go.CVE-2019-10214 2019-09-12 15:41:30.949477994 +0200 -+++ ./skopeo-1715c9084124875cb71f006916396e3c7d03014e/vendor/github.com/containers/image/docker/docker_client.go 2019-09-12 15:41:30.950478007 +0200 -@@ -480,11 +480,7 @@ func (c *dockerClient) getBearerToken(ct - authReq.SetBasicAuth(c.username, c.password) - } - logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) -- tr := tlsclientconfig.NewTransport() -- // TODO(runcom): insecure for now to contact the external token service -- tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} -- client := &http.Client{Transport: tr} -- res, err := client.Do(authReq) -+ res, err := c.client.Do(authReq) - if err != nil { - return nil, err - } diff --git a/SPECS/skopeo.spec b/SPECS/skopeo.spec index fed3152..7fda1be 100644 --- a/SPECS/skopeo.spec +++ b/SPECS/skopeo.spec @@ -43,7 +43,6 @@ Source4: registries.conf.5.md Source5: registries.conf Source6: policy.json.5.md Source7: seccomp.json -Patch0: skopeo-CVE-2019-10214.patch BuildRequires: git # If go_compiler is not set to 1, there is no virtual provide. Use golang instead. BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} @@ -74,10 +73,7 @@ This package installs a default signature store configuration and a default policy under `/etc/containers/`. %prep -%setup -q -n %{name}-%{commit0} - -# fix CVE-2019-10214 -%patch0 -p2 +%autosetup -Sgit -n %{name}-%{commit0} %build mkdir -p src/github.com/containers @@ -112,7 +108,7 @@ install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json # install secrets patch directory -install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets +install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm @@ -154,16 +150,13 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/bash-completion/completions/%{name} %changelog -* Tue Nov 26 2019 Jindrich Novy - 1:0.1.32-6.git1715c90 +* Fri Jun 26 2020 Jindrich Novy - 1:0.1.32-6.git1715c90 +- bump release to preserve upgrade path +- Related: #1821193 + +* Thu Nov 28 2019 Jindrich Novy - 1:0.1.32-4.git1715c90 - rebuild because of CVE-2019-9512 and CVE-2019-9514 -- Resolves: #1772129, #1772134 - -* Thu Sep 12 2019 Jindrich Novy - 1:0.1.32-5.git1715c90 -- Fix CVE-2019-10214 (#1734658). - -* Fri Aug 16 2019 Jindrich Novy - 1:0.1.32-4.git1715c90 -- fix permissions of rhel/secrets - Resolves: #1691543 +- Resolves: #1772130, #1772135 * Tue Dec 18 2018 Frantisek Kluknavsky - 1:0.1.32-3.git1715c90 - rebase