!242 [sync] PR-237: runc：fix CVE-2024-21626

From: @openeuler-sync-bot Reviewed-by: @flyflyflypeng Signed-off-by: @flyflyflypeng
2024-02-01 11:14:30 +00:00 · 2024-02-01 11:14:30 +00:00 · f3b737ea51
commit f3b737ea51
parent 9599d74e47 1a6ece7204
3 changed files with 2773 additions and 1 deletions
--- a/patch/0148-runc-fix-CVE-2024-21626.patch
+++ b/patch/0148-runc-fix-CVE-2024-21626.patch
--- a/runc.spec
+++ b/runc.spec
@ -2,7 +2,7 @@

 Name: docker-runc
 Version: 1.0.0.rc3
-Release: 222
+Release: 223
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.

 License: ASL 2.0
@ -41,6 +41,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc

 %changelog
+* Thu Feb 1 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-223
+- Type:CVE
+- CVE:CVE-2024-21626
+- SUG:NA
+- DESC:fix RootDir fd leaks
+
 * Fri Dec 8 2023 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-222
 - Type:bugfix
 - CVE:NA
--- a/series.conf
+++ b/series.conf
@ -139,3 +139,4 @@
 0145-runc-libcontainer-create-Cwd-when-it-does-not-exist.patch
 0146-runc-delete-do-not-ignore-error-from-destroy.patch
 0147-runc-libct-Destroy-don-t-proceed-in-case-of-errors.patch
+0148-runc-fix-CVE-2024-21626.patch