Changelog
runc (1.1.12+ds1-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable.
* Remaining changes:
- d/control: remove the binary paragraph for runc.
- d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to
be compliant with the Apache 2 license.
- d/golang-github-opencontainers-runc-dev.install: remove this file, it
is causing a FTBFS, no need to have it in place, the library files are
already installed correctly without it.
- d/runc.*: remove all packaging related files associated to the
runc binary package
- d/rules: no need to generate manpages after build
- d/rules: remove runc binary from the binary package
- d/tests/{checkpoint,integration}: remove since they depend on the
runc binary package which is not provided by this source package
anymore
* Dropped changes:
- d/p/0001-Fix-File-to-Close.patch: Fix File to Close
- d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
init: verify after chdir that cwd is inside the container
- d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
setns init: do explicit lookup of execve argument early
- d/p/0004-init-close-internal-fds-before-execve.patch: init: close
internal fds before execve
- d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
plug leaks of /sys/fs/cgroup handle
- d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
[ Incorporated by upstream. ]
runc (1.1.12+ds1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.1.12+ds1
+ CVE-2024-21626: several container breakouts due to internally leaked fds
-- Nishit Majithia <email address hidden> Wed, 07 Feb 2024 13:26:27 +0530