Accepting request 674111 from home:cyphar:cve-2019-5736

- Add fix for CVE-2019-5736 (effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary). bsc#1121967 + CVE-2019-5736.patch OBS-URL: https://build.opensuse.org/request/show/674111 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=72
2019-02-12 14:09:26 +00:00
parent 337c2c14cc
commit 68bddaf3ee
3 changed files with 352 additions and 3 deletions
--- a/runc.spec
+++ b/runc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package runc
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 # nodebuginfo

@@ -50,6 +50,8 @@ Url:            https://github.com/opencontainers/runc
 Source0:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{_version}.tar.xz
 Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc
 Source2:        runc.keyring
+# FIX-UPSTREAM: Fix for CVE-2019-5736. bsc#1121967
+Patch:          CVE-2019-5736.patch
 BuildRequires:  fdupes
 BuildRequires:  go-go-md2man
 BuildRequires:  golang(API) = %{go_version}
@@ -85,6 +87,8 @@ Test package for runc. It contains the source code and the tests.

 %prep
 %setup -q -n %{name}-%{_version}
+# CVE-2019-5736 bsc#1121967
+%patch -p1

 %build
 # Do not use symlinks. If you want to run the unit tests for this package at