!5 fix CVE-2022-27650

From: @fu-shanqing Reviewed-by: @yangzhao_kl Signed-off-by: @yangzhao_kl
2022-06-07 02:12:00 +00:00 · 2022-06-07 02:12:00 +00:00 · 755a72123b
commit 755a72123b
parent f060e8f509 a7b8932e62
2 changed files with 19 additions and 1 deletions
--- a/crun.spec
+++ b/crun.spec
@ -1,9 +1,10 @@
 Name:            crun
 Version:         1.4.3
-Release:         1
+Release:         2
 Summary:         A fast and low-memory footprint OCI Container Runtime fully written in C.
 URL:             https://github.com/containers/%{name}
 Source0:         https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.xz
+Patch0:          fix-CVE-2022-27650.patch
 License:         GPLv2+ and LGPLv2.1+
 BuildRequires:   autoconf automake gcc python
 BuildRequires:   libcap-devel systemd-devel yajl-devel libseccomp-devel libselinux-devel
@ -42,6 +43,9 @@ rm -rf %{buildroot}%{_prefix}/lib*
 %{_mandir}/man1/*

 %changelog
+* Mon May 23 2022 fushanqing <fushanqing@kylinos.cn> - 1.4.3-2
+- fix CVE-2022-27650.
+
 * Tue Mar 1 2022 fu-shanqing <fushanqing@kylinos.cn> - 1.4.3-1
 - Update to 1.4.3

--- a/fix-CVE-2022-27650.patch
+++ b/fix-CVE-2022-27650.patch
@ -0,0 +1,14 @@
+diff -Naru crun-1.4.3/src/exec.c crun-1.4.3-new/src/exec.c
+--- crun-1.4.3/src/exec.c	2021-11-05 14:53:28.000000000 +0800
+++ crun-1.4.3-new/src/exec.c	2022-05-23 13:51:13.000000000 +0800
+@@ -304,8 +304,8 @@
+           capabilities->effective = exec_options.cap;
+           capabilities->effective_len = exec_options.cap_size;
+ 
+-          capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
+-          capabilities->inheritable_len = exec_options.cap_size;
+          capabilities->inheritable = NULL;
+          capabilities->inheritable_len = 0;
+ 
+           capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
+           capabilities->bounding_len = exec_options.cap_size;