From db8e9d4acd29897f2bb4fa8e641d12cd3be377da Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Fri, 10 Jan 2025 10:05:13 +0800
Subject: [PATCH] Optimize spec files and fix CVE in batches through rebuild

---
 ...180.patch => 0005-fix-CVE-2024-28180.patch |  0
 podman.spec                                   | 32 ++++++++++++++-----
 podman.yaml                                   |  2 +-
 3 files changed, 25 insertions(+), 9 deletions(-)
 rename 0001-fix-CVE-2024-28180.patch => 0005-fix-CVE-2024-28180.patch (100%)

diff --git a/0001-fix-CVE-2024-28180.patch b/0005-fix-CVE-2024-28180.patch
similarity index 100%
rename from 0001-fix-CVE-2024-28180.patch
rename to 0005-fix-CVE-2024-28180.patch
diff --git a/podman.spec b/podman.spec
index 4eb1d3e..85088f7 100644
--- a/podman.spec
+++ b/podman.spec
@@ -2,7 +2,7 @@
 
 Name:          podman
 Version:       4.9.4
-Release:       8
+Release:       10
 Summary:       A tool for managing OCI containers and pods.
 Epoch:         1
 License:       Apache-2.0 and MIT
@@ -11,12 +11,12 @@ Source0:       https://github.com/containers/podman/archive/refs/tags/v%{version
 Source1:       https://github.com/containers/dnsname/archive/18822f9a4fb35d1349eb256f4cd2bfd372474d84/dnsname-18822f9.tar.gz
 Source2:       https://github.com/containers/gvisor-tap-vsock/archive/refs/tags/v0.7.1.tar.gz
 Source3:       https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.3.tar.gz
-Patch0:        0001-podman-4.9.4-add-support-for-loongarch64.patch
 
-Patch0001:    0001-fix-CVE-2024-28180.patch
+Patch0001:    0001-podman-4.9.4-add-support-for-loongarch64.patch
 Patch0002:    0002-fix-CVE-2023-3978.patch
 Patch0003:    0003-fix-CVE-2023-48795.patch
 Patch0004:    0004-fix-CVE-2022-3064.patch
+Patch0005:    0005-fix-CVE-2024-28180.patch
 
 BuildRequires: gcc golang btrfs-progs-devel glib2-devel glibc-devel glibc-static
 BuildRequires: gpgme-devel libassuan-devel libgpg-error-devel libseccomp-devel libselinux-devel
@@ -95,6 +95,7 @@ dynamic port forwarding.
 
 %package help
 Summary:        Help document for the podman package
+Buildarch:      noarch
 Conflicts:      docker docker-latest docker-ce docker-ee moby-engine
 
 %description help
@@ -116,16 +117,22 @@ when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0].
 %prep
 %setup -n %{name}-%{version}
 sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
-%patch0001 -p1
+
 # untar dnsname
 tar zxf %{SOURCE1}
-%patch0002 -p1
-%patch0004 -p1
+
 # untar %%{name}-gvproxy
 tar zxf %{SOURCE2}
-%patch0003 -p1
+
 # untar go-md2man
 tar zxf %{SOURCE3}
+
+# apply patch
+%patch0002 -p1
+%patch0003 -p1
+%patch0004 -p1
+%patch0005 -p1
+
 %ifarch loongarch64
 cd dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84
 export GOSUMDB="sum.golang.org"
@@ -135,7 +142,7 @@ go mod tidy
 go mod download
 go mod vendor
 cd -
-%patch0 -p1
+%patch0001 -p1
 %endif
 
 
@@ -299,6 +306,15 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %{_bindir}/%{name}sh
 
 %changelog
+* Thu Jan 09 2025 duyiwei <duyiwei@kylinos.cn> - 1:4.9.4-10
+- Type:bugfix
+- CVE:CVE-2024-9355、CVE-2019-9514、CVE-2024-24791、CVE-2022-32189、CVE-2022-41715、CVE-2022-2880、CVE-2022-1962、CVE-2023-45290、CVE-2024-24783、CVE-2024-24785
+- SUG:NA
+- DESC: Optimize spec files and fix CVE in batches through rebuild
+
+* Tue Aug 20 2024 Xuebing Li <lixuebing@cqsoftware.com.cn> - 1:4.9.4-9
+- Add 'Buildarch: noarch' to the help subpackage
+
 * Tue Apr 30 2024 zhangbowei <zhangbowei@kylinos.cn> - 1:4.9.4-8
 - Type:bugfix
 - CVE:NA
diff --git a/podman.yaml b/podman.yaml
index 9f95c1c..33bcc56 100644
--- a/podman.yaml
+++ b/podman.yaml
@@ -1,4 +1,4 @@
 version_control: github
-src_repo:  containers/libpod
+src_repo:  containers/podman
 tag_prefix: ^v
 seperator: .
-- 
Gitee