openSUSE Build Service

Aleksa Sarai (cyphar) committed about 1 year ago (revision 81)

- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.

buildservice-autocommit accepted request 1075227 from

Aleksa Sarai (cyphar) about 1 year ago (revision 80)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 1 year ago (revision 79)

  Includes fixes for the following CVEs:
   - CVE-2023-25809 bsc#1209884
   - CVE-2023-27561 bsc#1208962
   - CVE-2023-28642 bsc#1209888

buildservice-autocommit accepted request 1075138 from

Aleksa Sarai (cyphar) about 1 year ago (revision 78)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 1 year ago (revision 77)

- Drop version-specific Go requirement.

buildservice-autocommit accepted request 1075135 from

Aleksa Sarai (cyphar) about 1 year ago (revision 76)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 1 year ago (revision 75)

  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.

Aleksa Sarai (cyphar) committed about 1 year ago (revision 74)

- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.4>.
  CVE-2023-25809 CVE-2023-27561 CVE-2023-28642

  * Fix the inability to use `/dev/null` when inside a container.
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1168481
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.

buildservice-autocommit accepted request 1005073 from

Aleksa Sarai (cyphar) almost 2 years ago (revision 73)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed almost 2 years ago (revision 72)

Add BSC number bsc#1202021

buildservice-autocommit accepted request 982018 from

Aleksa Sarai (cyphar) about 2 years ago (revision 71)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 2 years ago (revision 70)

Fix bsc#1193436 reference.

buildservice-autocommit accepted request 981401 from

Aleksa Sarai (cyphar) about 2 years ago (revision 69)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 2 years ago (revision 68)

- Update to runc v1.1.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.3.
  (Includes a fix for bsc#1200088.)

  * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return `-EPERM` despite the existence of the `-ENOSYS` stub
    code (this was due to how s390x does syscall multiplexing).
  * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  * Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  * When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  * Socket activation was failing when more than 3 sockets were used.
  * Various CI fixes.
  * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  * runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
  - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch

buildservice-autocommit accepted request 978576 from

Aleksa Sarai (cyphar) about 2 years ago (revision 67)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 2 years ago (revision 66)

Fix CVE references.

buildservice-autocommit accepted request 978574 from

Aleksa Sarai (cyphar) about 2 years ago (revision 65)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 2 years ago (revision 64)

- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
  with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
  that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
  + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch

buildservice-autocommit accepted request 976494 from

Aleksa Sarai (cyphar) about 2 years ago (revision 63)

baserev update by copy to link target

Aleksa Sarai (cyphar) committed about 2 years ago (revision 62)

- Update to runc v1.1.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.2.
  CVE-2022-24769
 * A bug was found in runc where runc exec --cap executed processes with
   non-empty inheritable Linux process capabilities, creating an atypical Linux
   environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
   CVE-2022-29162.
 * `runc spec` no longer sets any inheritable capabilities in the created
   example OCI spec (`config.json`) file.

Places

Revisions of runc

Places