Revisions of runc
- Update to runc v1.1.6. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
buildservice-autocommit
accepted
request 1075227
from
Aleksa Sarai (cyphar)
(revision 80)
baserev update by copy to link target
Includes fixes for the following CVEs: - CVE-2023-25809 bsc#1209884 - CVE-2023-27561 bsc#1208962 - CVE-2023-28642 bsc#1209888
buildservice-autocommit
accepted
request 1075138
from
Aleksa Sarai (cyphar)
(revision 78)
baserev update by copy to link target
buildservice-autocommit
accepted
request 1075135
from
Aleksa Sarai (cyphar)
(revision 76)
baserev update by copy to link target
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
- Update to runc v1.1.5. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.4>. CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). bsc#1168481 * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`.
buildservice-autocommit
accepted
request 1005073
from
Aleksa Sarai (cyphar)
(revision 73)
baserev update by copy to link target
buildservice-autocommit
accepted
request 982018
from
Aleksa Sarai (cyphar)
(revision 71)
baserev update by copy to link target
buildservice-autocommit
accepted
request 981401
from
Aleksa Sarai (cyphar)
(revision 69)
baserev update by copy to link target
- Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
buildservice-autocommit
accepted
request 978576
from
Aleksa Sarai (cyphar)
(revision 67)
baserev update by copy to link target
buildservice-autocommit
accepted
request 978574
from
Aleksa Sarai (cyphar)
(revision 65)
baserev update by copy to link target
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565 + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
buildservice-autocommit
accepted
request 976494
from
Aleksa Sarai (cyphar)
(revision 63)
baserev update by copy to link target
- Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-24769 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file.
Displaying revisions 21 - 40 of 101