From 7e8ae9d5a423bf48f80ac6ebb08c5849ceac84d1 Mon Sep 17 00:00:00 2001
From: Lokesh Mandvekar <lsm5@fedoraproject.org>
Date: Jul 16 2021 17:20:52 +0000
Subject: buildah-1.21.3-1


- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602
- bump to v1.21.3

(cherry picked from commit 1adb2fbaff6c35d57ec301ebce133aec700bbe0e)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>

---

diff --git a/.gitignore b/.gitignore
index 7767cf1..62d8004 100644
--- a/.gitignore
+++ b/.gitignore
@@ -503,3 +503,5 @@
 /v1.21.0.tar.gz
 /v1.21.1.tar.gz
 /v1.21.2.tar.gz
+/buildah-ec35bc4.tar.gz
+/v1.21.3.tar.gz
diff --git a/buildah.spec b/buildah.spec
index 7fceacd..1ef57b0 100644
--- a/buildah.spec
+++ b/buildah.spec
@@ -25,19 +25,16 @@
 %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
 %global git0 https://%{import_path}
 
-# Used for comparing with latest upstream tag
-# to decide whether to autobuild (non-rawhide only)
-%define built_tag v1.21.2
-%define built_tag_strip %(b=%{built_tag}; echo ${b:1})
-%define download_url %{git0}/archive/%{built_tag}.tar.gz
+%global built_tag v1.21.3
+%global built_tag_strip %(b=%{built_tag}; echo ${b:1})
 
 Name: %{repo}
-Version: 1.21.2
+Version: 1.21.3
 Release: 1%{?dist}
 Summary: A command line tool used for creating OCI Images
 License: ASL 2.0
 URL: https://%{name}.io
-Source0: %{download_url}
+Source0: %{git0}/archive/%{built_tag}.tar.gz
 BuildRequires: device-mapper-devel
 BuildRequires: golang
 BuildRequires: git
@@ -111,13 +108,10 @@ mv vendor src
 
 export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
 %ifarch x86_64
-export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic"
-%if 0%{?fedora} || 0%{?centos} >= 8
-export CGO_CFLAGS="$CGO_CFLAGS -fcf-protection"
-%endif
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
 %endif
 # These extra flags present in %%{optflags} have been skipped for now as they break the build
-#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+#export CGO_CFLAGS+=" -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
 
 export GOPATH=$(pwd)/_build:$(pwd)
 export BUILDTAGS='seccomp selinux'
@@ -155,6 +149,10 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 %{_datadir}/%{name}/test
 
 %changelog
+* Fri Jul 16 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.3-1
+- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602
+- bump to v1.21.3
+
 * Wed Jun 30 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.2-1
 - bump to v1.21.2
 
diff --git a/sources b/sources
index 39af8bb..eabaff3 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (v1.21.2.tar.gz) = 09b468c4a809c66b8dfd34d3a8a283b3fbf31116fecac61461a043858a692a83642516c50def1328139d710233e99279a3653050e8bb58c363434fab129b4225
+SHA512 (v1.21.3.tar.gz) = 36db54522e8564f467eb4f0b3c7c7cfe3bc8b285a47e139d35b3d7952184d78111640ae3b36eb1ddb92e1af68b16c9d4f056884c1bb25941606ec6cfe7347295