packages/containernetworking-plugins
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!33 Rebuild for golang cves: CVE-2023-24534,CVE-2023-24536,CVE-2023-24537 and CVE-2023-24538

Browse Source 
From: @starlet-dx 
Reviewed-by: @yangzhao_kl 
Signed-off-by: @yangzhao_kl
This commit is contained in:
openeuler-ci-bot 2023-12-29 01:12:13 +00:00 committed by Gitee
commit 9127b6f52c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
containernetworking-plugins.spec
View File

@ -16,7 +16,7 @@
Name: %{project}-%{repo}
Version: 1.1.1
Release: 2
Release: 4
Summary: Libraries for use by writing CNI plugin
License: ASL 2.0
URL: https://github.com/containernetworking/plugins
@ -99,7 +99,12 @@ rm -rf plugins/main/windows
# Use correct paths in cni-dhcp unitfiles
sed -i 's/\/opt\/cni\/bin/\%{_prefix}\/libexec\/cni/' plugins/ipam/dhcp/systemd/cni-dhcp.service
%ifarch sw_64 loongarch64
%__rm -rf vendor/golang.org/x/sys
%__cp -af %{_prefix}/lib/golang/src/cmd/vendor/golang.org/x/sys vendor/golang.org/x/
%endif
%build
export ORG_PATH="github.com/%{project}"
export REPO_PATH="$ORG_PATH/%{repo}"
@ -119,7 +124,13 @@ for d in $PLUGINS; do
if [ -d "$d" ]; then
plugin="$(basename "$d")"
echo " $plugin"
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -s -w -linkmode=external -extldflags '%__global_ldflags %{?__golang_extldflags} -Wl,-z,now ' " -a -v -x -o "${PWD}/bin/$plugin" "$@" github.com/containernetworking/plugins/$d
go build \
%ifarch sw_64 sw64
-buildmode exe \
%else
-buildmode pie \
%endif
-compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '%__global_ldflags %{?__golang_extldflags}'" -a -v -x -o "${PWD}/bin/$plugin" "$@" github.com/containernetworking/plugins/$d
fi
done
@ -192,8 +203,14 @@ VERSIONFLAGS="
"
TAGS="apparmor seccomp netcgo osusergo providerless"
STATIC="-extldflags '-static -lm -ldl -lz -lpthread'"
GO111MODULE=off CGO_ENABLED=0 GOPATH=$TMPDIR go build -tags "$TAGS" -buildmode=pie -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC -s -w -linkmode=external -extldflags '-Wl,-z,relro -Wl,-z,now ' " -o %{_builddir}/cni
GO111MODULE=off CGO_ENABLED=0 GOPATH=$TMPDIR go build -tags "$TAGS" \
%ifarch sw_64
-buildmode exe \
%else
-buildmode pie \
%endif
-ldflags "$VERSIONFLAGS $LDFLAGS $STATIC -s -w -linkmode=external -extldflags '-Wl,-z,relro -Wl,-z,now ' " -o %{_builddir}/cni
%install
install -d -p %{buildroot}%{_libexecdir}/cni/
install -p -m 0755 bin/* %{buildroot}/%{_libexecdir}/cni
@ -313,6 +330,15 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%changelog
* Thu Dec 28 2023 yaoxin <yao_xin001@hoperun.com> - 1.1.1-4
- Rebuild for golang cves: CVE-2023-24534,CVE-2023-24536,CVE-2023-24537 and CVE-2023-24538
* Thu Aug 10 2023 herengui <herengui@kylinsec.com.cn> - 1.1.1-3
- Type:sync
- ID:NA
- SUG:NA
- DESC: Add support for sw_64 and loongarch64.
* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1.1.1-2
- Add PIE,BIND_NOW,RELRO,STRIP secure compilation options