runc:fix CVE-2024-21626

(cherry picked from commit 6e9b77988428e4184978084eccfa08612f3c5b0f)
2024-02-01 16:51:35 +08:00 · 2024-02-01 16:51:35 +08:00 · 1a6ece7204
commit 1a6ece7204
parent 9599d74e47
3 changed files with 2773 additions and 1 deletions
--- a/patch/0148-runc-fix-CVE-2024-21626.patch
+++ b/patch/0148-runc-fix-CVE-2024-21626.patch
--- a/runc.spec
+++ b/runc.spec
@ -2,7 +2,7 @@

 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 222
+Release: 223
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.

 License: ASL 2.0
@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc

 %changelog
+* Thu Feb 1 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-223
+- Type:CVE
+- CVE:CVE-2024-21626
+- SUG:NA
+- DESC:fix RootDir fd leaks
+
 * Fri Dec 8 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-222
 - Type:bugfix
 - CVE:NA
--- a/series.conf
+++ b/series.conf
@ -139,3 +139,4 @@
 0145-runc-libcontainer-create-Cwd-when-it-does-not-exist.patch
 0146-runc-delete-do-not-ignore-error-from-destroy.patch
 0147-runc-libct-Destroy-don-t-proceed-in-case-of-errors.patch
+0148-runc-fix-CVE-2024-21626.patch