Bump to runc v1.3.3 - CVE-2025-52881

Bump to runc v1.3.3 to address CVE-2025-52881 Fixes: https://issues.redhat.com/browse/RHEL-126638 Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2025-11-29 17:48:05 +08:00 · 2025-11-06 13:38:48 -05:00
parent fc5c29d2ae
commit 871b008ddd
12 changed files with 434 additions and 123 deletions
--- a/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go
+++ b/vendor/github.com/opencontainers/runc/libcontainer/utils/utils.go
@@ -65,11 +65,11 @@ func CleanPath(path string) string {
 	return path
 }

-// stripRoot returns the passed path, stripping the root path if it was
+// StripRoot returns the passed path, stripping the root path if it was
 // (lexicially) inside it. Note that both passed paths will always be treated
 // as absolute, and the returned path will also always be absolute. In
 // addition, the paths are cleaned before stripping the root.
-func stripRoot(root, path string) string {
+func StripRoot(root, path string) string {
 	// Make the paths clean and absolute.
 	root, path = CleanPath("/"+root), CleanPath("/"+path)
 	switch {
@@ -111,5 +111,5 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str
 			userAnnotations[name] = value
 		}
 	}
-	return
+	return bundle, userAnnotations
 }