Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cni for openSUSE:Factory checked in at 2023-01-10 14:59:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cni (Old) and /work/SRC/openSUSE:Factory/.cni.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cni" Tue Jan 10 14:59:10 2023 rev:17 rq:1057017 version:1.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cni/cni.changes 2022-11-18 15:43:36.922583769 +0100 +++ /work/SRC/openSUSE:Factory/.cni.new.32243/cni.changes 2023-01-10 14:59:23.049069464 +0100 @@ -1,0 +2,29 @@ +Fri Dec 30 11:08:28 UTC 2022 - Andrea Manzini <andrea.manz...@suse.com> + +- added patch 0001-fix-upstream-CVE-2021-38561.patch for [bsc#1206711] + +------------------------------------------------------------------- +Thu Dec 29 14:06:02 UTC 2022 - andrea.manz...@suse.com + +- Update to version 1.1.2: + * Fix successfully unmarshalled nil raw result + * spec: fix format + * invoke: if Result CNIVersion is empty use netconf CNIVersion + * cnitool: address golint error + * libcni: handle empty version when parsing version + * Switch to ginkgo/v2 + * add security heading to README + * Maintainers: add Mike Zappa + * introduce hybridnet to thrid-party plugins + * Fix incorrect pointer inputs to `json.Unmarshal` + * fix version of cni v0.8.1 does not have a directory of github.com/containernetworking/cni/pkg/types/100 refer to https://github.com/containernetworking/cni/tree/v0.8.1/pkg/types + * Spec: Container runtime shall tear down namespaces + * Update README.md + * Updated README.md to include Netlox loxilight CNI + * documentation: update Multus link in README.md to point to the k8snetworkplumbingwg repository + * [exec-plugins]: support plugin lists + * skel: remove superfluous err nil check in (*dispatcher).pluginMain + * Remove Gabe Rosenhouse as maintainer + * skel: print out CNI versions supported in help text. + +------------------------------------------------------------------- New: ---- 0001-fix-upstream-CVE-2021-38561.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cni.spec ++++++ --- /var/tmp/diff_new_pack.G3PzbP/_old 2023-01-10 14:59:23.769073318 +0100 +++ /var/tmp/diff_new_pack.G3PzbP/_new 2023-01-10 14:59:23.773073340 +0100 @@ -1,7 +1,7 @@ # # spec file for package cni # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,8 @@ Source0: %{name}-%{version}.tar.gz Source1: 99-loopback.conf Source2: vendor.tar.gz +# PATCH-FIX-UPSTREAM bsc#1206711 +Patch0: 0001-fix-upstream-CVE-2021-38561.patch BuildRequires: golang-packaging BuildRequires: shadow BuildRequires: systemd-rpm-macros @@ -49,7 +51,10 @@ range of support and the specification is simple to implement. %prep -%autosetup -a2 +%autosetup -a2 -N +pushd vendor/golang.org/x/text +%autopatch -p1 +popd %build export GOFLAGS=-mod=vendor ++++++ 0001-fix-upstream-CVE-2021-38561.patch ++++++ >From 383b2e75a7a4198c42f8f87833eefb772868a56f Mon Sep 17 00:00:00 2001 From: Russ Cox <r...@golang.org> Date: Mon, 9 Aug 2021 15:09:12 -0400 Subject: [PATCH] language: turn parsing panics into ErrSyntax We keep finding new panics in the language parser. Limit the damage by reporting those inputs as syntax errors. Change-Id: I786fe127c3df7e4c8e042d15095d3acf3c4e4a50 Reviewed-on: https://go-review.googlesource.com/c/text/+/340830 Trust: Russ Cox <r...@golang.org> Run-TryBot: Russ Cox <r...@golang.org> TryBot-Result: Go Bot <go...@golang.org> Reviewed-by: Roland Shoemaker <rol...@golang.org> --- internal/language/language.go | 43 +++++++++++++++++++++++++++++++---- internal/language/parse.go | 7 ++++++ language/parse.go | 22 ++++++++++++++++++ 3 files changed, 68 insertions(+), 4 deletions(-) diff --git a/internal/language/language.go b/internal/language/language.go index f41aedcfc..6105bc7fa 100644 --- a/internal/language/language.go +++ b/internal/language/language.go @@ -251,6 +251,13 @@ func (t Tag) Parent() Tag { // ParseExtension parses s as an extension and returns it on success. func ParseExtension(s string) (ext string, err error) { + defer func() { + if recover() != nil { + ext = "" + err = ErrSyntax + } + }() + scan := makeScannerString(s) var end int if n := len(scan.token); n != 1 { @@ -461,7 +468,14 @@ func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) { // ParseBase parses a 2- or 3-letter ISO 639 code. // It returns a ValueError if s is a well-formed but unknown language identifier // or another error if another error occurred. -func ParseBase(s string) (Language, error) { +func ParseBase(s string) (l Language, err error) { + defer func() { + if recover() != nil { + l = 0 + err = ErrSyntax + } + }() + if n := len(s); n < 2 || 3 < n { return 0, ErrSyntax } @@ -472,7 +486,14 @@ func ParseBase(s string) (Language, error) { // ParseScript parses a 4-letter ISO 15924 code. // It returns a ValueError if s is a well-formed but unknown script identifier // or another error if another error occurred. -func ParseScript(s string) (Script, error) { +func ParseScript(s string) (scr Script, err error) { + defer func() { + if recover() != nil { + scr = 0 + err = ErrSyntax + } + }() + if len(s) != 4 { return 0, ErrSyntax } @@ -489,7 +510,14 @@ func EncodeM49(r int) (Region, error) { // ParseRegion parses a 2- or 3-letter ISO 3166-1 or a UN M.49 code. // It returns a ValueError if s is a well-formed but unknown region identifier // or another error if another error occurred. -func ParseRegion(s string) (Region, error) { +func ParseRegion(s string) (r Region, err error) { + defer func() { + if recover() != nil { + r = 0 + err = ErrSyntax + } + }() + if n := len(s); n < 2 || 3 < n { return 0, ErrSyntax } @@ -578,7 +606,14 @@ type Variant struct { // ParseVariant parses and returns a Variant. An error is returned if s is not // a valid variant. -func ParseVariant(s string) (Variant, error) { +func ParseVariant(s string) (v Variant, err error) { + defer func() { + if recover() != nil { + v = Variant{} + err = ErrSyntax + } + }() + s = strings.ToLower(s) if id, ok := variantIndex[s]; ok { return Variant{id, s}, nil diff --git a/internal/language/parse.go b/internal/language/parse.go index c696fd0bd..47ee0fed1 100644 --- a/internal/language/parse.go +++ b/internal/language/parse.go @@ -232,6 +232,13 @@ func Parse(s string) (t Tag, err error) { if s == "" { return Und, ErrSyntax } + defer func() { + if recover() != nil { + t = Und + err = ErrSyntax + return + } + }() if len(s) <= maxAltTaglen { b := [maxAltTaglen]byte{} for i, c := range s { diff --git a/language/parse.go b/language/parse.go index 11acfd885..59b041008 100644 --- a/language/parse.go +++ b/language/parse.go @@ -43,6 +43,13 @@ func Parse(s string) (t Tag, err error) { // https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers. // The resulting tag is canonicalized using the canonicalization type c. func (c CanonType) Parse(s string) (t Tag, err error) { + defer func() { + if recover() != nil { + t = Tag{} + err = language.ErrSyntax + } + }() + tt, err := language.Parse(s) if err != nil { return makeTag(tt), err @@ -79,6 +86,13 @@ func Compose(part ...interface{}) (t Tag, err error) { // tag is returned after canonicalizing using CanonType c. If one or more errors // are encountered, one of the errors is returned. func (c CanonType) Compose(part ...interface{}) (t Tag, err error) { + defer func() { + if recover() != nil { + t = Tag{} + err = language.ErrSyntax + } + }() + var b language.Builder if err = update(&b, part...); err != nil { return und, err @@ -142,6 +156,14 @@ var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight") // Tags with a weight of zero will be dropped. An error will be returned if the // input could not be parsed. func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) { + defer func() { + if recover() != nil { + tag = nil + q = nil + err = language.ErrSyntax + } + }() + var entry string for s != "" { if entry, s = split(s, ','); entry == "" { ++++++ _service ++++++ --- /var/tmp/diff_new_pack.G3PzbP/_old 2023-01-10 14:59:23.837073682 +0100 +++ /var/tmp/diff_new_pack.G3PzbP/_new 2023-01-10 14:59:23.841073703 +0100 @@ -5,7 +5,7 @@ <param name="filename">cni</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">v1.0.1</param> + <param name="revision">v1.1.2</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.G3PzbP/_old 2023-01-10 14:59:23.857073789 +0100 +++ /var/tmp/diff_new_pack.G3PzbP/_new 2023-01-10 14:59:23.861073811 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/containernetworking/cni.git</param> - <param name="changesrevision">c7f5f70554d026e7a3bc5a0ab52280576a2379d1</param></service></servicedata> + <param name="changesrevision">3363d143688bb83ca18489ac8b9dc204c1d49c4a</param></service></servicedata> (No newline at EOF) ++++++ cni-1.1.2.tar.gz ++++++ ++++++ vendor.tar.gz ++++++
