From aa8bade4bdccc33afc6aeba44593adf56037c17e Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Wed, 9 Jul 2025 11:13:20 +0800
Subject: [PATCH 1/2] [CVE]update to skopeo-1.14.5-4

to #ICKZIU

update to skopeo-1.14.5-4 for CVE-2025-22871 CVE-2025-6032

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 skopeo.spec | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/skopeo.spec b/skopeo.spec
index cbd3fd1..7657c0b 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -1,15 +1,9 @@
 %global debug_package %{nil}
 %global with_check 0
-%global anolis_release .0.1
 
 %if 0%{?rhel} > 7 && ! 0%{?fedora}
-%ifarch loongarch64
-%define gobuild(o:) \
-go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
-%else
 %define gobuild(o:) \
 go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
-%endif
 %else
 %define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
 %endif
@@ -22,7 +16,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 Epoch: 2
 Name: skopeo
 Version: 1.14.5
-Release: 3%{anolis_release}%{?dist}
+Release: 4%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: https://%{import_path}
@@ -33,7 +27,6 @@ Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar
 %else
 Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz
 %endif
-
 BuildRequires: git-core
 BuildRequires: golang >= 1.17.7
 BuildRequires: /usr/bin/go-md2man
@@ -129,8 +122,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
-* Wed Aug 14 2024 Wenlong Zhang<zhangwenlong@loongson.cn> - 2:1.14.5-3.0.1
-- add loong64 support for skopeo
+* Tue May 06 2025 Jindrich Novy <jnovy@redhat.com> - 2:1.14.5-4
+- rebuild for CVE-2025-22871
+- Resolves: RHEL-89254
 
 * Mon Aug 05 2024 Jindrich Novy <jnovy@redhat.com> - 2:1.14.5-3
 - rebuild for  golang fixes
-- 
Gitee


From 62aedc8fbbd58270e6556cef0d54ca676be1af36 Mon Sep 17 00:00:00 2001
From: Wenlong Zhang <zhangwenlong@loongson.cn>
Date: Fri, 30 Dec 2022 15:41:15 +0800
Subject: [PATCH 2/2] add loong64 support for skopeo

Signed-off-by: Wenlong Zhang <zhangwenlong@loongson.cn>
---
 skopeo.spec | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/skopeo.spec b/skopeo.spec
index 7657c0b..a9e1099 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -1,9 +1,15 @@
 %global debug_package %{nil}
 %global with_check 0
+%global anolis_release .0.1
 
 %if 0%{?rhel} > 7 && ! 0%{?fedora}
+%ifarch loongarch64
+%define gobuild(o:) \
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
+%else
 %define gobuild(o:) \
 go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
+%endif
 %else
 %define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
 %endif
@@ -16,7 +22,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 Epoch: 2
 Name: skopeo
 Version: 1.14.5
-Release: 4%{?dist}
+Release: 4%{anolis_release}%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: https://%{import_path}
@@ -27,6 +33,7 @@ Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar
 %else
 Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz
 %endif
+
 BuildRequires: git-core
 BuildRequires: golang >= 1.17.7
 BuildRequires: /usr/bin/go-md2man
@@ -122,6 +129,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
+* Wed Jul 09 2025 Wenlong Zhang<zhangwenlong@loongson.cn> - 2:1.14.5-4.0.1
+- add loong64 support for skopeo
+
 * Tue May 06 2025 Jindrich Novy <jnovy@redhat.com> - 2:1.14.5-4
 - rebuild for CVE-2025-22871
 - Resolves: RHEL-89254
-- 
Gitee