From f45dc05265f18b811b60adf205faad69d755fb71 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Wed, 11 Mar 2026 13:51:57 +0100
Subject: [PATCH] Rebuild for CVE fixes

Rebuilding gvisor-tap-vsock with a newer version of the golang compiler
will ensure these CVEs are fixed: CVE-2025-68121, CVE-2025-61729, CVE-2025-61728, CVE-2025-61729
They may or may not impact gvisor-tap-vsock.
---
 gvisor-tap-vsock.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gvisor-tap-vsock.spec b/gvisor-tap-vsock.spec
index 247a5f9..7b10768 100644
--- a/gvisor-tap-vsock.spec
+++ b/gvisor-tap-vsock.spec
@@ -27,7 +27,7 @@ Epoch: 6
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
 Version: 0.8.7
 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND MIT
-Release: 1%{?dist}
+Release: 2%{?dist}
 %if %{defined golang_arches_future}
 ExclusiveArch: %{golang_arches_future}
 %else
@@ -115,6 +115,14 @@ install -p -m0755 bin/gvforwarder %{buildroot}%{_gvisor_installdir}
 %{_gvisor_installdir}/gvforwarder
 
 %changelog
+* Wed Mar 11 2026 Christophe Fergeau <cfergeau@redhat.com> - 6:0.8.7-2
+- rebuild for CVE-2025-68121, CVE-2025-61726, CVE-2025-61729, CVE-2025-61728, CVE-2025-61729
+- Resolves: RHEL-140518
+- Resolves: RHEL-145414
+- Resolves: RHEL-146723
+- Resolves: RHEL-146928
+- Resolves: RHEL-149248
+
 * Fri Aug 29 2025 Jindrich Novy <jnovy@redhat.com> - 6:0.8.7-1
 - update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.8.7
 - Resolves: RHEL-111948