[Low] Patch kubernetes for CVE-2024-45310

Open SumitJenaHCL opened this issue 3 months ago • 0 comments

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

[ ] The toolchain has been rebuilt successfully (or no changes were made to it)
[ ] The toolchain/worker package manifests are up-to-date
[ ] Any updated packages successfully build (or no packages were changed)
[ ] Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
[ ] Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
[ ] All package sources are available
[ ] cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
[ ] LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
[ ] All source files have up-to-date hashes in the *.signatures.json files
[ ] sudo make go-tidy-all and sudo make go-test-coverage pass
[ ] Documentation has been updated to match any changes to the build system
[ ] Ready to merge

What does the PR accomplish, why was it needed? kubernetes: Patch for https://github.com/advisories/GHSA-jfvp-7x6p-h2pv

Combined 2 Patch references. -- Taken Patches from NIST: -- https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf, -- https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e
New Function syscallMode added from the Reference below: -- https://cs.opensource.google/go/go/+/refs/tags/go1.20.7:src/os/file_posix.go;l=61-75

Astrolabe Patch "https://github.com/opencontainers/runc/pull/4359" is incorrect.

Sep 10 '25 06:09 SumitJenaHCL