Signed-off-by: Sakib Sajal <[email protected]> --- .../kubernetes/CVE-2021-20206.patch | 92 +++++++++++++++++++ .../kubernetes/kubernetes_git.bb | 1 + 2 files changed, 93 insertions(+) create mode 100644 recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch
diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch new file mode 100644 index 0000000..dc4e902 --- /dev/null +++ b/recipes-containers/kubernetes/kubernetes/CVE-2021-20206.patch @@ -0,0 +1,92 @@ +From 5e8f9a8a72351e2fb5bcea3e3c58c935314557b6 Mon Sep 17 00:00:00 2001 +From: Navid Shaikh <[email protected]> +Date: Thu, 6 May 2021 15:41:08 +0530 +Subject: [PATCH] Bump containernetworking/cni to v0.8.1 + + Fix CVE-2021-20206 +CVE: CVE-2021-20206 +Upstream-Status: Backport [185f65fbddb5239666c0c67fb335589b7570f60c] +Signed-off-by: Sakib Sajal <[email protected]> +--- + go.mod | 4 ++-- + go.sum | 4 ++-- + vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++ + vendor/modules.txt | 2 +- + 4 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/import/go.mod b/src/import/go.mod +index e0ba549ab40..d4cc9ce01a9 100644 +--- a/src/import/go.mod ++++ b/src/import/go.mod +@@ -28,7 +28,7 @@ require ( + github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313 + github.com/codegangsta/negroni v1.0.0 // indirect + github.com/container-storage-interface/spec v1.2.0 +- github.com/containernetworking/cni v0.8.0 ++ github.com/containernetworking/cni v0.8.1 + github.com/coredns/corefile-migration v1.0.10 + github.com/coreos/go-oidc v2.1.0+incompatible + github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e +@@ -214,7 +214,7 @@ replace ( + github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 + github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2 + github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1 +- github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0 ++ github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.1 + github.com/coredns/corefile-migration => github.com/coredns/corefile-migration v1.0.10 + github.com/coreos/bbolt => github.com/coreos/bbolt v1.3.2 + github.com/coreos/etcd => github.com/coreos/etcd v3.3.13+incompatible +diff --git a/src/import/go.sum b/src/import/go.sum +index 288f4554b1f..9168f49c859 100644 +--- a/src/import/go.sum ++++ b/src/import/go.sum +@@ -113,8 +113,8 @@ github.com/containerd/ttrpc v1.0.2 h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9 + github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= + github.com/containerd/typeurl v1.0.1 h1:PvuK4E3D5S5q6IqsPDCy928FhP0LUIGcmZ/Yhgp5Djw= + github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= +-github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= +-github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= ++github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI= ++github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= + github.com/coredns/corefile-migration v1.0.10 h1:7HI4r5S5Fne749a+JDxUZppqBpYoZK8Q53ZVK9cn3aM= + github.com/coredns/corefile-migration v1.0.10/go.mod h1:RMy/mXdeDlYwzt0vdMEJvT2hGJ2I86/eO0UdXmH9XNI= + github.com/coreos/bbolt v1.3.2 h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s= +diff --git a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go +index e815404c859..e62029eb788 100644 +--- a/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go ++++ b/src/import/vendor/github.com/containernetworking/cni/pkg/invoke/find.go +@@ -18,6 +18,7 @@ import ( + "fmt" + "os" + "path/filepath" ++ "strings" + ) + + // FindInPath returns the full path of the plugin by searching in the provided path +@@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) { + return "", fmt.Errorf("no plugin name provided") + } + ++ if strings.ContainsRune(plugin, os.PathSeparator) { ++ return "", fmt.Errorf("invalid plugin name: %s", plugin) ++ } ++ + if len(paths) == 0 { + return "", fmt.Errorf("no paths provided") + } +diff --git a/src/import/vendor/modules.txt b/src/import/vendor/modules.txt +index 6a263b51686..c3b68a5f547 100644 +--- a/src/import/vendor/modules.txt ++++ b/src/import/vendor/modules.txt +@@ -257,7 +257,7 @@ github.com/containerd/containerd/pkg/dialer + github.com/containerd/ttrpc + # github.com/containerd/ttrpc => github.com/containerd/ttrpc v1.0.2 + # github.com/containerd/typeurl => github.com/containerd/typeurl v1.0.1 +-# github.com/containernetworking/cni v0.8.0 => github.com/containernetworking/cni v0.8.0 ++# github.com/containernetworking/cni v0.8.1 => github.com/containernetworking/cni v0.8.1 + ## explicit + # github.com/containernetworking/cni => github.com/containernetworking/cni v0.8.0 + github.com/containernetworking/cni/libcni +-- +2.25.1 + diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb index bc694a2..7b9aab8 100644 --- a/recipes-containers/kubernetes/kubernetes_git.bb +++ b/recipes-containers/kubernetes/kubernetes_git.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.20;name=k file://0001-generate-bindata-unset-GOBIN.patch \ file://0001-build-golang.sh-convert-remaining-go-calls-to-use.patch \ file://0001-Makefile.generated_files-Fix-race-issue-for-installi.patch \ + file://CVE-2021-20206.patch \ " DEPENDS += "rsync-native \ -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6685): https://lists.yoctoproject.org/g/meta-virtualization/message/6685 Mute This Topic: https://lists.yoctoproject.org/mt/84510127/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
