Change-Id: I0b41fab7590dd32bb8c23fedb4bd12be2dc502e6
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6618
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: A per-host daemon for Calico |
2 | 2 |
Name: calico-felix |
3 | 3 |
Version: 2.6.0 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
Group: Applications/System |
6 | 6 |
Vendor: VMware, Inc. |
7 | 7 |
License: Apache-2.0 |
... | ... |
@@ -10,6 +10,8 @@ Source0: %{name}-%{version}.tar.gz |
10 | 10 |
%define sha1 calico-felix=24f20292c2132e1b912e99a8b6977e2af6cd7b39 |
11 | 11 |
Source1: gogo-protobuf-0.4.tar.gz |
12 | 12 |
%define sha1 gogo-protobuf-0.4=4fc5dda432ad929ce203486c861b7d3e48681150 |
13 |
+Source2: go-27704.patch |
|
14 |
+Source3: go-27842.patch |
|
13 | 15 |
Distribution: Photon |
14 | 16 |
BuildRequires: git |
15 | 17 |
BuildRequires: glide |
... | ... |
@@ -33,6 +35,10 @@ mkdir -p ${GOPATH}/src/github.com/projectcalico/felix |
33 | 33 |
cp -r * ${GOPATH}/src/github.com/projectcalico/felix/. |
34 | 34 |
pushd ${GOPATH}/src/github.com/projectcalico/felix |
35 | 35 |
glide install --strip-vendor |
36 |
+pushd vendor/golang.org/x/net |
|
37 |
+patch -p1 < %{SOURCE2} |
|
38 |
+patch -p1 < %{SOURCE3} |
|
39 |
+popd |
|
36 | 40 |
mkdir -p bin |
37 | 41 |
cd proto |
38 | 42 |
protoc --plugin=/usr/share/gocode/bin/protoc-gen-gogofaster \ |
... | ... |
@@ -52,6 +58,8 @@ install ${GOPATH}/src/github.com/projectcalico/felix/bin/calico-felix %{buildroo |
52 | 52 |
%{_bindir}/calico-felix |
53 | 53 |
|
54 | 54 |
%changelog |
55 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 2.6.0-2 |
|
56 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
55 | 57 |
* Fri Nov 03 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.0-1 |
56 | 58 |
- Calico Felix v2.6.0. |
57 | 59 |
* Tue Sep 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.1-2 |
58 | 60 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
... | ... |
@@ -1,11 +1,13 @@ |
1 | 1 |
Summary: Calico Network Policy for Kubernetes |
2 | 2 |
Name: calico-k8s-policy |
3 | 3 |
Version: 1.0.0 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: Apache-2.0 |
6 | 6 |
URL: https://github.com/projectcalico/k8s-policy |
7 | 7 |
Source0: %{name}-%{version}.tar.gz |
8 | 8 |
%define sha1 calico-k8s-policy=612eafdb2afee6ffbfc432e0110c787823b66ccc |
9 |
+Source1: go-27704.patch |
|
10 |
+Source2: go-27842.patch |
|
9 | 11 |
Group: Development/Tools |
10 | 12 |
Vendor: VMware, Inc. |
11 | 13 |
Distribution: Photon |
... | ... |
@@ -68,6 +70,10 @@ mkdir -p ${GOPATH}/src/github.com/projectcalico/k8s-policy |
68 | 68 |
cp -r * ${GOPATH}/src/github.com/projectcalico/k8s-policy |
69 | 69 |
pushd ${GOPATH}/src/github.com/projectcalico/k8s-policy |
70 | 70 |
glide install -strip-vendor |
71 |
+pushd vendor/golang.org/x/net |
|
72 |
+patch -p1 < %{SOURCE1} |
|
73 |
+patch -p1 < %{SOURCE2} |
|
74 |
+popd |
|
71 | 75 |
mkdir -p dist |
72 | 76 |
CGO_ENABLED=0 go build -v -o dist/controller -ldflags "-X main.VERSION=%{version}" ./main.go |
73 | 77 |
|
... | ... |
@@ -81,6 +87,8 @@ install -vpm 0755 -t %{buildroot}%{_bindir}/ dist/controller |
81 | 81 |
%{_bindir}/controller |
82 | 82 |
|
83 | 83 |
%changelog |
84 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.0.0-2 |
|
85 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
84 | 86 |
* Tue Nov 14 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.0.0-1 |
85 | 87 |
- Calico kubernetes policy v1.0.0. |
86 | 88 |
* Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com> 0.7.0-1 |
87 | 89 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
... | ... |
@@ -1,11 +1,13 @@ |
1 | 1 |
Summary: Calico node and documentation for project calico. |
2 | 2 |
Name: calico |
3 | 3 |
Version: 2.6.7 |
4 |
-Release: 3%{?dist} |
|
4 |
+Release: 4%{?dist} |
|
5 | 5 |
License: Apache-2.0 |
6 | 6 |
URL: https://github.com/projectcalico/calico |
7 | 7 |
Source0: %{name}-%{version}.tar.gz |
8 | 8 |
%define sha1 calico=d74b2103f84ed470322b5f33b75cf552db93d830 |
9 |
+Source1: go-27704.patch |
|
10 |
+Source2: go-27842.patch |
|
9 | 11 |
Group: Development/Tools |
10 | 12 |
Vendor: VMware, Inc. |
11 | 13 |
Distribution: Photon |
... | ... |
@@ -27,6 +29,10 @@ cp -r * ${GOPATH}/src/github.com/projectcalico/calico/. |
27 | 27 |
pushd ${GOPATH}/src/github.com/projectcalico/calico |
28 | 28 |
cd calico_node |
29 | 29 |
glide install --strip-vendor |
30 |
+pushd vendor/golang.org/x/net |
|
31 |
+patch -p1 < %{SOURCE1} |
|
32 |
+patch -p1 < %{SOURCE2} |
|
33 |
+popd |
|
30 | 34 |
mkdir -p dist |
31 | 35 |
mkdir -p .go-pkg-cache |
32 | 36 |
make CALICO_GIT_VER=%{version} allocate-ipip-addr |
... | ... |
@@ -50,6 +56,8 @@ sed -i 's/. startup.env/source \/startup.env/g' %{buildroot}/usr/share/calico/do |
50 | 50 |
/usr/share/calico/docker/fs/* |
51 | 51 |
|
52 | 52 |
%changelog |
53 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 2.6.7-4 |
|
54 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
53 | 55 |
* Mon Jan 21 2019 Bo Gan <ganb@vmware.com> 2.6.7-3 |
54 | 56 |
- Build using go 1.9.7 |
55 | 57 |
* Mon Sep 24 2018 Tapas Kundu <tkundu@vmware.com> 2.6.7-2 |
56 | 58 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
0 | 69 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
... | ... |
@@ -1,11 +1,13 @@ |
1 | 1 |
Summary: Heapster enables Container Cluster Monitoring and Performance Analysis. |
2 | 2 |
Name: heapster |
3 | 3 |
Version: 1.5.4 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: Apache 2.0 |
6 | 6 |
URL: https://github.com/wavefrontHQ/cadvisor |
7 | 7 |
Source0: https://github.com/kubernetes/heapster/archive/%{name}-%{version}.tar.gz |
8 | 8 |
%define sha1 heapster=102b8f21ecebc695987701b1d97f87dda1ea5645 |
9 |
+Patch0: go-27704.patch |
|
10 |
+Patch1: go-27842.patch |
|
9 | 11 |
Group: Development/Tools |
10 | 12 |
Vendor: VMware, Inc. |
11 | 13 |
Distribution: Photon |
... | ... |
@@ -18,6 +20,11 @@ Heapster collects and interprets various signals like compute resource usage, li |
18 | 18 |
%prep |
19 | 19 |
%setup -q |
20 | 20 |
|
21 |
+pushd vendor/golang.org/x/net |
|
22 |
+%patch0 -p1 |
|
23 |
+%patch1 -p1 |
|
24 |
+popd |
|
25 |
+ |
|
21 | 26 |
%build |
22 | 27 |
mkdir -p $GOPATH/src/k8s.io/heapster |
23 | 28 |
cp -r . $GOPATH/src/k8s.io/heapster |
... | ... |
@@ -40,6 +47,8 @@ make test-unit |
40 | 40 |
%{_bindir}/eventer |
41 | 41 |
|
42 | 42 |
%changelog |
43 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.5.4-2 |
|
44 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
43 | 45 |
* Wed Sep 12 2018 Anish Swaminathan <anishs@vmware.com> 1.5.4-1 |
44 | 46 |
- Update to version 1.5.4 |
45 | 47 |
* Thu Aug 31 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.4.2-1 |
46 | 48 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
... | ... |
@@ -1,11 +1,13 @@ |
1 | 1 |
Summary: Kubernetes Metrics Server |
2 | 2 |
Name: kubernetes-metrics-server |
3 | 3 |
Version: 0.2.1 |
4 |
-Release: 1%{?dist} |
|
4 |
+Release: 2%{?dist} |
|
5 | 5 |
License: Apache License 2.0 |
6 | 6 |
URL: https://github.com/kubernetes-incubator/metrics-server/%{name}-%{version}.tar.gz |
7 | 7 |
Source0: %{name}-%{version}.tar.gz |
8 | 8 |
%define sha1 kubernetes-metrics-server-%{version}.tar.gz=ac18b1360aede4647c9dbaa72bddf735b228daf3 |
9 |
+Patch0: go-27704.patch |
|
10 |
+Patch1: go-27842.patch |
|
9 | 11 |
Group: Development/Tools |
10 | 12 |
Vendor: VMware, Inc. |
11 | 13 |
Distribution: Photon |
... | ... |
@@ -19,6 +21,11 @@ in the cluster, e.g. Horizontal Pod Autoscaler, to make decisions. |
19 | 19 |
%prep -p exit |
20 | 20 |
%setup -qn metrics-server-%{version} |
21 | 21 |
|
22 |
+pushd vendor/golang.org/x/net |
|
23 |
+%patch0 -p1 |
|
24 |
+%patch1 -p1 |
|
25 |
+popd |
|
26 |
+ |
|
22 | 27 |
%build |
23 | 28 |
export ARCH=amd64 |
24 | 29 |
export VERSION=%{version} |
... | ... |
@@ -48,5 +55,7 @@ rm -rf %{buildroot}/* |
48 | 48 |
%{_bindir}/metrics-server |
49 | 49 |
|
50 | 50 |
%changelog |
51 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 0.2.1-2 |
|
52 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
51 | 53 |
* Tue Jul 10 2018 Dheeraj Shetty <dheerajs@vmware.com> 0.2.1-1 |
52 | 54 |
- kubernetes-metrics-server 0.2.1 |
53 | 55 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,35 @@ |
0 |
+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <kunpei@google.com> |
|
2 |
+Date: Fri, 21 Sep 2018 04:40:41 +0800 |
|
3 |
+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination |
|
4 |
+ |
|
5 |
+The <isindex> element has been removed from the spec so that the |
|
6 |
+<template> element doesn't cover it. |
|
7 |
+To avoid panic, this commit adds ignoring code as a workaround. |
|
8 |
+ |
|
9 |
+Fixes golang/go#27704 |
|
10 |
+ |
|
11 |
+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac |
|
12 |
+Reviewed-on: https://go-review.googlesource.com/136575 |
|
13 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
14 |
+--- |
|
15 |
+ |
|
16 |
+diff --git a/html/parse.go b/html/parse.go |
|
17 |
+index 091fb0d..63ac179 100644 |
|
18 |
+--- a/html/parse.go |
|
19 |
+@@ -984,6 +984,14 @@ |
|
20 |
+ p.acknowledgeSelfClosingTag() |
|
21 |
+ p.popUntil(buttonScope, a.P) |
|
22 |
+ p.parseImpliedToken(StartTagToken, a.Form, a.Form.String()) |
|
23 |
++ if p.form == nil { |
|
24 |
++ // NOTE: The 'isindex' element has been removed, |
|
25 |
++ // and the 'template' element has not been designed to be |
|
26 |
++ // collaborative with the index element. |
|
27 |
++ // |
|
28 |
++ // Ignore the token. |
|
29 |
++ return true |
|
30 |
++ } |
|
31 |
+ if action != "" { |
|
32 |
+ p.form.Attr = []Attribute{{Key: "action", Val: action}} |
|
33 |
+ } |
0 | 34 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,70 @@ |
0 |
+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kunpei Sakai <namusyaka@gmail.com> |
|
2 |
+Date: Tue, 25 Sep 2018 22:55:50 +0900 |
|
3 |
+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec |
|
4 |
+ |
|
5 |
+Fixes golang/go#27842 |
|
6 |
+ |
|
7 |
+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc |
|
8 |
+Reviewed-on: https://go-review.googlesource.com/c/137275 |
|
9 |
+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com> |
|
10 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
11 |
+Reviewed-by: Nigel Tao <nigeltao@golang.org> |
|
12 |
+--- |
|
13 |
+ |
|
14 |
+diff --git a/html/parse.go b/html/parse.go |
|
15 |
+index 64a5793..488e8d3 100644 |
|
16 |
+--- a/html/parse.go |
|
17 |
+@@ -1719,8 +1719,12 @@ |
|
18 |
+ } |
|
19 |
+ p.addElement() |
|
20 |
+ case a.Select: |
|
21 |
+- p.tok.Type = EndTagToken |
|
22 |
+- return false |
|
23 |
++ if p.popUntil(selectScope, a.Select) { |
|
24 |
++ p.resetInsertionMode() |
|
25 |
++ } else { |
|
26 |
++ // Ignore the token. |
|
27 |
++ return true |
|
28 |
++ } |
|
29 |
+ case a.Input, a.Keygen, a.Textarea: |
|
30 |
+ if p.elementInScope(selectScope, a.Select) { |
|
31 |
+ p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
32 |
+@@ -1750,6 +1754,9 @@ |
|
33 |
+ case a.Select: |
|
34 |
+ if p.popUntil(selectScope, a.Select) { |
|
35 |
+ p.resetInsertionMode() |
|
36 |
++ } else { |
|
37 |
++ // Ignore the token. |
|
38 |
++ return true |
|
39 |
+ } |
|
40 |
+ } |
|
41 |
+ case CommentToken: |
|
42 |
+@@ -1775,13 +1782,22 @@ |
|
43 |
+ case StartTagToken, EndTagToken: |
|
44 |
+ switch p.tok.DataAtom { |
|
45 |
+ case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th: |
|
46 |
+- if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) { |
|
47 |
+- p.parseImpliedToken(EndTagToken, a.Select, a.Select.String()) |
|
48 |
+- return false |
|
49 |
+- } else { |
|
50 |
++ if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) { |
|
51 |
+ // Ignore the token. |
|
52 |
+ return true |
|
53 |
+ } |
|
54 |
++ // This is like p.popUntil(selectScope, a.Select), but it also |
|
55 |
++ // matches <math select>, not just <select>. Matching the MathML |
|
56 |
++ // tag is arguably incorrect (conceptually), but it mimics what |
|
57 |
++ // Chromium does. |
|
58 |
++ for i := len(p.oe) - 1; i >= 0; i-- { |
|
59 |
++ if n := p.oe[i]; n.DataAtom == a.Select { |
|
60 |
++ p.oe = p.oe[:i] |
|
61 |
++ break |
|
62 |
++ } |
|
63 |
++ } |
|
64 |
++ p.resetInsertionMode() |
|
65 |
++ return false |
|
66 |
+ } |
|
67 |
+ } |
|
68 |
+ return inSelectIM(p) |
... | ... |
@@ -8,7 +8,7 @@ |
8 | 8 |
Summary: Kubernetes cluster management |
9 | 9 |
Name: kubernetes |
10 | 10 |
Version: 1.11.3 |
11 |
-Release: 2%{?dist} |
|
11 |
+Release: 3%{?dist} |
|
12 | 12 |
License: ASL 2.0 |
13 | 13 |
URL: https://github.com/kubernetes/kubernetes/archive/v%{version}.tar.gz |
14 | 14 |
Source0: kubernetes-%{version}.tar.gz |
... | ... |
@@ -16,6 +16,8 @@ Source0: kubernetes-%{version}.tar.gz |
16 | 16 |
Source1: https://github.com/kubernetes/contrib/archive/contrib-0.7.0.tar.gz |
17 | 17 |
%define sha1 contrib-0.7.0=47a744da3b396f07114e518226b6313ef4b2203c |
18 | 18 |
Patch0: k8s-1.11-vke.patch |
19 |
+Patch1: go-27704.patch |
|
20 |
+Patch2: go-27842.patch |
|
19 | 21 |
Group: Development/Tools |
20 | 22 |
Vendor: VMware, Inc. |
21 | 23 |
Distribution: Photon |
... | ... |
@@ -64,6 +66,11 @@ sed -i -e 's|127.0.0.1:4001|127.0.0.1:2379|g' contrib-0.7.0/init/systemd/environ |
64 | 64 |
cd %{name}-%{version} |
65 | 65 |
%patch0 -p1 |
66 | 66 |
|
67 |
+pushd vendor/golang.org/x/net |
|
68 |
+%patch1 -p1 |
|
69 |
+%patch2 -p1 |
|
70 |
+popd |
|
71 |
+ |
|
67 | 72 |
%build |
68 | 73 |
make |
69 | 74 |
pushd build/pause |
... | ... |
@@ -224,6 +231,8 @@ fi |
224 | 224 |
%endif |
225 | 225 |
|
226 | 226 |
%changelog |
227 |
+* Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.11.3-3 |
|
228 |
+- Fix CVE-2018-17846 and CVE-2018-17143 |
|
227 | 229 |
* Fri Oct 26 2018 Ajay Kaher <akaher@vmware.com> 1.11.3-2 |
228 | 230 |
- Fix for aarch64 |
229 | 231 |
* Tue Oct 23 2018 Michelle Wang <michellew@vmware.com> 1.11.3-1 |