runc:fix apply failed for patch of fix CVE-2024-3154

2024-05-23 10:17:42 +08:00 · 2024-05-23 10:17:42 +08:00 · 6ac02f87e4
commit 6ac02f87e4
parent 6fe4d6a3fc
4 changed files with 38 additions and 26 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-8fc687c6fb64e110866466035e90c718d58f2c7f
+288b7252b0db60842f5d7e1b9716c84c98f4ea30
--- a/patch/0039-runc-fix-CVE-2024-3154.patch
+++ b/patch/0039-runc-fix-CVE-2024-3154.patch
@ -1,35 +1,20 @@
-From eefc6ae2544a6819da9f92c5aa8e65d356da4c96 Mon Sep 17 00:00:00 2001
-From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
-Date: Sat, 9 Mar 2024 21:30:56 +0900
+From 3107921b5e32c860e476fe413dcd70174dd38401 Mon Sep 17 00:00:00 2001
+From: zhongjiawei <zhongjiawei1@huawei.com>
+Date: Thu, 23 May 2024 19:15:34 +0800
 Subject: [PATCH] features: implement returning
 potentiallyUnsafeConfigAnnotations list

-See https://github.com/opencontainers/runtime-spec/blob/v1.2.0/features.md#unsafe-annotations-in-configjson
-
-Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 ---
- docs/spec-conformance.md | 1 -
- features.go              | 5 +++++
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/docs/spec-conformance.md b/docs/spec-conformance.md
-index 91c12aea8ac..b4f3b9df660 100644
--- a/docs/spec-conformance.md
-+++ b/docs/spec-conformance.md
-@@ -9,7 +9,6 @@ Spec version | Feature                                        | PR
- -------------|------------------------------------------------|----------------------------------------------------------
- v1.1.0       | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV`       | [#3862](https://github.com/opencontainers/runc/pull/3862)
- v1.1.0       | `.process.ioPriority`                          | [#3783](https://github.com/opencontainers/runc/pull/3783)
-v1.2.0       | Features: `potentiallyUnsafeConfigAnnotations` | TODO
- 
- ## Architectures
+ features.go                | 5 +++++
+ types/features/features.go | 6 ++++++
+ 2 files changed, 11 insertions(+)

 diff --git a/features.go b/features.go
-index 81cd149ac73..eff04c1b2d2 100644
+index c9cd15c..7f76e7a 100644
 --- a/features.go
 +++ b/features.go
-@@ -64,6 +64,11 @@ var featuresCommand = cli.Command{
- 					},
+@@ -55,6 +55,11 @@ var featuresCommand = cli.Command{
+ 					Enabled: &tru,
 				},
 			},
 +			PotentiallyUnsafeConfigAnnotations: []string{
@ -40,3 +25,23 @@ index 81cd149ac73..eff04c1b2d2 100644
 		}
 
 		if seccomp.Enabled {
+diff --git a/types/features/features.go b/types/features/features.go
+index c6269ca..8b467f7 100644
+--- a/types/features/features.go
+++ b/types/features/features.go
+@@ -25,6 +25,12 @@ type Features struct {
+ 	// Annotations contains implementation-specific annotation strings,
+ 	// such as the implementation version, and third-party extensions.
+ 	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations
+	// that may appear in `config.json`.
+	//
+	// A value that ends with "." is interpreted as a prefix of annotations.
+	PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"`
+ }
+ 
+ // Linux is specific to Linux.
+-- 
+2.33.0
+
--- a/runc.spec
+++ b/runc.spec
@ -3,7 +3,7 @@

 Name: runc
 Version: 1.1.8
-Release: 15
+Release: 16
 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.

 License: ASL 2.0
@ -57,6 +57,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
 %{_bindir}/runc

 %changelog
+* Thu May 23 2024 zhongjiawei<zhongjiawei1@huawei.com> - 1.1.8-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix apply failed for patch of fix CVE-2024-3154
+
 * Thu May 09 2024 zhaosai<zhaosaisai@kylinos.cn> - 1.1.8-15
 - Type:cves
 - CVE:CVE-2024-3154
--- a/series.conf
+++ b/series.conf
@ -35,3 +35,4 @@ patch/0035-runc-Fix-undefined-behavior.patch
 patch/0036-runc-increase-the-number-of-cgroup-deletion-retries.patch
 patch/0037-runc-fix-CVE-2024-21626.patch
 patch/0038-runc-check-cmd-exist.patch
+patch/0039-runc-fix-CVE-2024-3154.patch