folkslinux
/
CBL-Mariner
mirror of https://github.com/microsoft/CBL-Mariner.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
CBL-Mariner/SPECS/moby-compose/moby-compose.spec

115 lines
4.8 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Summary: Define and run multi-container applications with Docker
Name: moby-compose
Version: 2.17.3
Release: 6%{?dist}
License: ASL 2.0
Vendor: Microsoft Corporation
Distribution: Mariner
Group: Tools/Container
URL: https://github.com/docker/compose
Source0: https://github.com/docker/compose/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: CVE-2023-44487.patch
# Patch can be removed when grpc go module is updated to version v1.62.0, patches backported to v1.50.0
# These are the patches backported in order to get access to the security fix
# https://github.com/grpc/grpc-go/commit/6eabd7e1834e47b20f55cbe9d473fc607c693358
# https://github.com/grpc/grpc-go/commit/8eb4ac4c1514c190ee0b5d01a91c63218dac93c0
# https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721
Patch1: patch-server.go-to-support-single-serverWorkerChannel.patch
Patch2: Change-server-stream-context-handling.patch
Patch3: prohibit-more-than-MaxConcurrentStreams-handlers.patch
Patch4: CVE-2023-45288.patch
Patch5: CVE-2023-48795.patch
Patch6: CVE-2024-24786.patch
# Patch for CVE-2024-23650 (buildkit) must be redone if the package is updated and
# the vendored code begins including any of the following modules:
# github.com/moby/buildkit/control (for control.go)
# github.com/moby/buildkit/exporter/containerimage (for writer.go)
# github.com/moby/buildkit/frontend/gateway (for gateway.go)
# github.com/moby/buildkit/solver/llbsolver (for bridge.go and solver.go)
# github.com/moby/buildkit/sourcepolicy (for matcher.go)
# github.com/moby/buildkit/util/tracing/transform (for attribute.go and span.go)
Patch7: CVE-2024-23650.patch
# Patch for CVE-2023-2253 (distribution/distribution) must be redone if the package is updated and
# the vendored code begins including any of the following modules:
# github.com/docker/distribution/configuration (for configuration.go)
# github.com/docker/distribution/catalog (for catalog.go)
Patch8: CVE-2023-2253.patch
# Leverage the `generate_source_tarball.sh` to create the vendor sources
# NOTE: govendor-v1 format is for inplace CVE updates so that we do not have to overwrite in the blob-store.
# After fixing any possible CVE for the vendored source, we must bump v1 -> v2
Source1: %{name}-%{version}-govendor-v1.tar.gz
BuildRequires: golang
Requires: moby-cli
%description
Compose is a tool for defining and running multi-container Docker applications.
With Compose, you use a YAML file to configure your applications services.
Then, with a single command, you create and start all the services from your
configuration.
%prep
%autosetup -N -n compose-%{version}
# Apply vendor before patching
%setup -q -n compose-%{version} -T -D -a 1
%autopatch -p1
%build
go build \
-mod=vendor \
-trimpath \
-tags e2e \
-ldflags "-w -X github.com/docker/compose/v2/internal.Version=%{version}" \
-o ./bin/build/docker-compose ./cmd
%install
mkdir -p "%{buildroot}/%{_libexecdir}/docker/cli-plugins"
install -D -m0755 bin/build/docker-compose %{buildroot}/%{_libexecdir}/docker/cli-plugins
%files
%license LICENSE
%{_libexecdir}/docker/cli-plugins/docker-compose
%changelog
* Thu Jun 06 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.3-6
- Bump release to rebuild with go 1.21.11
* Tue May 28 2024 corvus-callidus <108946721+corvus-callidus@users.noreply.github.com> - 2.17.3-5
- Fix for CVE-2024-24786, CVE-2024-23650, CVE-2023-2253
* Tue May 28 2024 Bala <balakumaran.kannan@microsoft.com> - 2.17.3-4
- Fix for CVE-2023-48795
* Thu Apr 18 2024 Chris Gunn <chrisgun@microsoft.com> - 2.17.3-3
- Fix for CVE-2023-45288
* Wed Mar 20 2024 Henry Beberman <henry.beberman@microsoft.com> - 2.17.3-2
- Correct license to ASL 2.0
* Wed Feb 21 2024 Sam Meluch <sammeluch@microsoft.com> - 2.17.3-1
- Upgrade to version 2.17.3
- Add patch for vendored golang.org/grpc
* Fri Feb 02 2024 Daniel McIlvaney <damcilva@microsoft.com> - 2.17.2-7
- Address CVE-2023-44487 by patching vendored golang.org/x/net
* Mon Oct 16 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.2-6
- Bump release to rebuild with go 1.20.9
* Tue Oct 10 2023 Dan Streetman <ddstreet@ieee.org> - 2.17.2-5
- Bump release to rebuild with updated version of Go.
* Mon Aug 07 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.2-4
- Bump release to rebuild with go 1.19.12
* Thu Jul 13 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.2-3
- Bump release to rebuild with go 1.19.11
* Thu Jun 15 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.17.2-2
- Bump release to rebuild with go 1.19.10
* Tue Mar 14 2023 Muhammad Falak R Wani <mwani@microsoft.com> - 2.17.2-1
- Original version for CBL-Mariner
- License Verified
Reference in New Issue View Git Blame Copy Permalink