@@ -1,7 +1,7 @@

 Summary:       A per-host daemon for Calico

 Name:          calico-felix

 Version:       2.6.0

-Release:       1%{?dist}

+Release:       2%{?dist}

 Group:         Applications/System

 Vendor:        VMware, Inc.

 License:       Apache-2.0

@@ -10,6 +10,8 @@ Source0:       %{name}-%{version}.tar.gz

 %define sha1 calico-felix=24f20292c2132e1b912e99a8b6977e2af6cd7b39

 Source1:       gogo-protobuf-0.4.tar.gz

 %define sha1 gogo-protobuf-0.4=4fc5dda432ad929ce203486c861b7d3e48681150

+Source2:       go-27704.patch

+Source3:       go-27842.patch

 Distribution:  Photon

 BuildRequires: git

 BuildRequires: glide

@@ -33,6 +35,10 @@ mkdir -p ${GOPATH}/src/github.com/projectcalico/felix

 cp -r * ${GOPATH}/src/github.com/projectcalico/felix/.

 pushd ${GOPATH}/src/github.com/projectcalico/felix

 glide install --strip-vendor

+pushd vendor/golang.org/x/net

+patch -p1 < %{SOURCE2}

+patch -p1 < %{SOURCE3}

+popd

 mkdir -p bin

 cd proto

 protoc --plugin=/usr/share/gocode/bin/protoc-gen-gogofaster \

@@ -52,6 +58,8 @@ install ${GOPATH}/src/github.com/projectcalico/felix/bin/calico-felix %{buildroo

 %{_bindir}/calico-felix

 %changelog

+*    Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 2.6.0-2

+-    Fix CVE-2018-17846 and CVE-2018-17143

 *    Fri Nov 03 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.6.0-1

 -    Calico Felix v2.6.0.

 *    Tue Sep 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 2.4.1-2

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

@@ -1,11 +1,13 @@

 Summary:        Calico Network Policy for Kubernetes

 Name:           calico-k8s-policy

 Version:        1.0.0

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        Apache-2.0

 URL:            https://github.com/projectcalico/k8s-policy

 Source0:        %{name}-%{version}.tar.gz

 %define sha1 calico-k8s-policy=612eafdb2afee6ffbfc432e0110c787823b66ccc

+Source1:        go-27704.patch

+Source2:        go-27842.patch

 Group:          Development/Tools

 Vendor:         VMware, Inc.

 Distribution:   Photon

@@ -68,6 +70,10 @@ mkdir -p ${GOPATH}/src/github.com/projectcalico/k8s-policy

 cp -r * ${GOPATH}/src/github.com/projectcalico/k8s-policy

 pushd ${GOPATH}/src/github.com/projectcalico/k8s-policy

 glide install -strip-vendor

+pushd vendor/golang.org/x/net

+patch -p1 < %{SOURCE1}

+patch -p1 < %{SOURCE2}

+popd

 mkdir -p dist

 CGO_ENABLED=0 go build -v -o dist/controller -ldflags "-X main.VERSION=%{version}" ./main.go

@@ -81,6 +87,8 @@ install -vpm 0755 -t %{buildroot}%{_bindir}/ dist/controller

 %{_bindir}/controller

 %changelog

+*   Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.0.0-2

+-   Fix CVE-2018-17846 and CVE-2018-17143

 *   Tue Nov 14 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.0.0-1

 -   Calico kubernetes policy v1.0.0.

 *   Tue Nov 07 2017 Vinay Kulkarni <kulkarniv@vmware.com> 0.7.0-1

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

@@ -1,11 +1,13 @@

 Summary:        Calico node and documentation for project calico.

 Name:           calico

 Version:        2.6.7

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        Apache-2.0

 URL:            https://github.com/projectcalico/calico

 Source0:        %{name}-%{version}.tar.gz

 %define sha1 calico=d74b2103f84ed470322b5f33b75cf552db93d830

+Source1:         go-27704.patch

+Source2:         go-27842.patch

 Group:          Development/Tools

 Vendor:         VMware, Inc.

 Distribution:   Photon

@@ -27,6 +29,10 @@ cp -r * ${GOPATH}/src/github.com/projectcalico/calico/.

 pushd ${GOPATH}/src/github.com/projectcalico/calico

 cd calico_node

 glide install --strip-vendor

+pushd vendor/golang.org/x/net

+patch -p1 < %{SOURCE1}

+patch -p1 < %{SOURCE2}

+popd

 mkdir -p dist

 mkdir -p .go-pkg-cache

 make CALICO_GIT_VER=%{version} allocate-ipip-addr

@@ -50,6 +56,8 @@ sed -i 's/. startup.env/source \/startup.env/g' %{buildroot}/usr/share/calico/do

 /usr/share/calico/docker/fs/*

 %changelog

+*   Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 2.6.7-4

+-   Fix CVE-2018-17846 and CVE-2018-17143

 *   Mon Jan 21 2019 Bo Gan <ganb@vmware.com> 2.6.7-3

 -   Build using go 1.9.7

 *   Mon Sep 24 2018 Tapas Kundu <tkundu@vmware.com> 2.6.7-2

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

@@ -1,11 +1,13 @@

 Summary:	Heapster enables Container Cluster Monitoring and Performance Analysis.

 Name:		heapster

 Version:    1.5.4

-Release:    1%{?dist}

+Release:    2%{?dist}

 License:	Apache 2.0

 URL:		https://github.com/wavefrontHQ/cadvisor

 Source0:	https://github.com/kubernetes/heapster/archive/%{name}-%{version}.tar.gz

 %define sha1 heapster=102b8f21ecebc695987701b1d97f87dda1ea5645

+Patch0:         go-27704.patch

+Patch1:         go-27842.patch

 Group:		Development/Tools

 Vendor:		VMware, Inc.

 Distribution: 	Photon

@@ -18,6 +20,11 @@ Heapster collects and interprets various signals like compute resource usage, li

 %prep

 %setup -q

+pushd vendor/golang.org/x/net

+%patch0 -p1

+%patch1 -p1

+popd

+

 %build

 mkdir -p $GOPATH/src/k8s.io/heapster

 cp -r . $GOPATH/src/k8s.io/heapster

@@ -40,6 +47,8 @@ make test-unit

 %{_bindir}/eventer

 %changelog

+*   Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.5.4-2

+-   Fix CVE-2018-17846 and CVE-2018-17143

 *   Wed Sep 12 2018 Anish Swaminathan <anishs@vmware.com> 1.5.4-1

 -   Update to version 1.5.4

 *   Thu Aug 31 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.4.2-1

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

@@ -1,11 +1,13 @@

 Summary:        Kubernetes Metrics Server

 Name:           kubernetes-metrics-server

 Version:        0.2.1

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        Apache License 2.0

 URL:            https://github.com/kubernetes-incubator/metrics-server/%{name}-%{version}.tar.gz

 Source0:        %{name}-%{version}.tar.gz

 %define sha1    kubernetes-metrics-server-%{version}.tar.gz=ac18b1360aede4647c9dbaa72bddf735b228daf3

+Patch0:         go-27704.patch

+Patch1:         go-27842.patch

 Group:          Development/Tools

 Vendor:         VMware, Inc.

 Distribution:   Photon

@@ -19,6 +21,11 @@ in the cluster, e.g. Horizontal Pod Autoscaler, to make decisions.

 %prep -p exit

 %setup -qn metrics-server-%{version}

+pushd vendor/golang.org/x/net

+%patch0 -p1

+%patch1 -p1

+popd

+

 %build

 export ARCH=amd64

 export VERSION=%{version}

@@ -48,5 +55,7 @@ rm -rf %{buildroot}/*

 %{_bindir}/metrics-server

 %changelog

+*   Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 0.2.1-2

+-   Fix CVE-2018-17846 and CVE-2018-17143

 *   Tue Jul 10 2018 Dheeraj Shetty <dheerajs@vmware.com> 0.2.1-1

 -   kubernetes-metrics-server 0.2.1

new file mode 100644

@@ -0,0 +1,35 @@

+From 2f5d2388922f370f4355f327fcf4cfe9f5583908 Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <kunpei@google.com>

+Date: Fri, 21 Sep 2018 04:40:41 +0800

+Subject: [PATCH] html: avoid panic even if unconsidered <isindex> and <template> combination

+

+The <isindex> element has been removed from the spec so that the

+<template> element doesn't cover it.

+To avoid panic, this commit adds ignoring code as a workaround.

+

+Fixes golang/go#27704

+

+Change-Id: I847391389285df2fc0eb6a795f8c93b481cdebac

+Reviewed-on: https://go-review.googlesource.com/136575

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 091fb0d..63ac179 100644

+--- a/html/parse.go

+@@ -984,6 +984,14 @@

+ 			p.acknowledgeSelfClosingTag()

+ 			p.popUntil(buttonScope, a.P)

+ 			p.parseImpliedToken(StartTagToken, a.Form, a.Form.String())

++			if p.form == nil {

++				// NOTE: The 'isindex' element has been removed,

++				// and the 'template' element has not been designed to be

++				// collaborative with the index element.

++				//

++				// Ignore the token.

++				return true

++			}

+ 			if action != "" {

+ 				p.form.Attr = []Attribute{{Key: "action", Val: action}}

+ 			}

new file mode 100644

@@ -0,0 +1,70 @@

+From d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf Mon Sep 17 00:00:00 2001

+From: Kunpei Sakai <namusyaka@gmail.com>

+Date: Tue, 25 Sep 2018 22:55:50 +0900

+Subject: [PATCH] html: update inSelectIM and inSelectInTableIM for the latest spec

+

+Fixes golang/go#27842

+

+Change-Id: I06eb3c0c18be3566bd30a29fca5f3f7e6791d2cc

+Reviewed-on: https://go-review.googlesource.com/c/137275

+Run-TryBot: Kunpei Sakai <namusyaka@gmail.com>

+TryBot-Result: Gobot Gobot <gobot@golang.org>

+Reviewed-by: Nigel Tao <nigeltao@golang.org>

+---

+

+diff --git a/html/parse.go b/html/parse.go

+index 64a5793..488e8d3 100644

+--- a/html/parse.go

+@@ -1719,8 +1719,12 @@

+ 			}

+ 			p.addElement()

+ 		case a.Select:

+-			p.tok.Type = EndTagToken

+-			return false

++			if p.popUntil(selectScope, a.Select) {

++				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

++			}

+ 		case a.Input, a.Keygen, a.Textarea:

+ 			if p.elementInScope(selectScope, a.Select) {

+ 				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+@@ -1750,6 +1754,9 @@

+ 		case a.Select:

+ 			if p.popUntil(selectScope, a.Select) {

+ 				p.resetInsertionMode()

++			} else {

++				// Ignore the token.

++				return true

+ 			}

+ 		}

+ 	case CommentToken:

+@@ -1775,13 +1782,22 @@

+ 	case StartTagToken, EndTagToken:

+ 		switch p.tok.DataAtom {

+ 		case a.Caption, a.Table, a.Tbody, a.Tfoot, a.Thead, a.Tr, a.Td, a.Th:

+-			if p.tok.Type == StartTagToken || p.elementInScope(tableScope, p.tok.DataAtom) {

+-				p.parseImpliedToken(EndTagToken, a.Select, a.Select.String())

+-				return false

+-			} else {

++			if p.tok.Type == EndTagToken && !p.elementInScope(tableScope, p.tok.DataAtom) {

+ 				// Ignore the token.

+ 				return true

+ 			}

++			// This is like p.popUntil(selectScope, a.Select), but it also

++			// matches <math select>, not just <select>. Matching the MathML

++			// tag is arguably incorrect (conceptually), but it mimics what

++			// Chromium does.

++			for i := len(p.oe) - 1; i >= 0; i-- {

++				if n := p.oe[i]; n.DataAtom == a.Select {

++					p.oe = p.oe[:i]

++					break

++				}

++			}

++			p.resetInsertionMode()

++			return false

+ 		}

+ 	}

+ 	return inSelectIM(p)

@@ -8,7 +8,7 @@

 Summary:        Kubernetes cluster management

 Name:           kubernetes

 Version:        1.11.3

-Release:        2%{?dist}

+Release:        3%{?dist}

 License:        ASL 2.0

 URL:            https://github.com/kubernetes/kubernetes/archive/v%{version}.tar.gz

 Source0:        kubernetes-%{version}.tar.gz

@@ -16,6 +16,8 @@ Source0:        kubernetes-%{version}.tar.gz

 Source1:        https://github.com/kubernetes/contrib/archive/contrib-0.7.0.tar.gz

 %define sha1    contrib-0.7.0=47a744da3b396f07114e518226b6313ef4b2203c

 Patch0:         k8s-1.11-vke.patch

+Patch1:         go-27704.patch

+Patch2:         go-27842.patch

 Group:          Development/Tools

 Vendor:         VMware, Inc.

 Distribution:   Photon

@@ -64,6 +66,11 @@ sed -i -e 's|127.0.0.1:4001|127.0.0.1:2379|g' contrib-0.7.0/init/systemd/environ

 cd %{name}-%{version}

 %patch0 -p1

+pushd vendor/golang.org/x/net

+%patch1 -p1

+%patch2 -p1

+popd

+

 %build

 make

 pushd build/pause

@@ -224,6 +231,8 @@ fi

 %endif

 %changelog

+*   Mon Jan 28 2019 Bo Gan <ganb@vmware.com> 1.11.3-3

+-   Fix CVE-2018-17846 and CVE-2018-17143

 *   Fri Oct 26 2018 Ajay Kaher <akaher@vmware.com> 1.11.3-2

 -   Fix for aarch64

 *   Tue Oct 23 2018 Michelle Wang <michellew@vmware.com> 1.11.3-1