-
runc (1.1.4-0ubuntu1~18.04.2) bionic-security; urgency=medium
* d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
device files such as /dev/null in containers (LP: #2013318)
* SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
- debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
/sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
in libcontainer/rootfs_linux.go.
- CVE-2023-25809
* SECURITY UPDATE: Incorrect access control through /proc and /sys
- debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
/sys to be symlinks in libcontainer/rootfs_linux.go.
- CVE-2023-27561
- CVE-2023-28642
-- David Fernandez Gonzalez <email address hidden> Tue, 16 May 2023 12:07:05 +0200
-
runc (1.1.4-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).
- d/control: b-d on golang-1.18-go instead of golang-any.
- d/rules: build with Golang 1.18.
- d/rules: set GO111MODULE to off.
- d/rules: set GOCACHE.
-- Lucas Kanashiro <email address hidden> Thu, 17 Nov 2022 14:05:31 -0300
-
runc (1.1.0-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport version 1.1.0-0ubuntu1 from Jammy (LP: #1960449).
- Build with Golang 1.16
+ d/control: b-d on golang-1.16-go instead of golang-any.
+ d/rules: add Golang 1.16 to $PATH.
- d/rules: set GO111MODULE to off, to avoid Internet connection during the
build.
- d/rules: set GOCACHE to build directory.
-- Lucas Kanashiro <email address hidden> Thu, 31 Mar 2022 16:03:03 -0300
-
runc (1.0.1-0ubuntu2~18.04.1) bionic; urgency=medium
* Backport version 1.0.1-0ubuntu2 from Impish (LP: #1938908).
- Build with Golang 1.13
+ d/control: b-d on golang-1.13-go instead of golang-any.
+ d/rules: add Golang 1.13 to $PATH.
- d/rules: set GOPATH to a temporary directory.
- d/rules: set GO111MODULE to off, to avoid Internet connection during the
build.
runc (1.0.1-0ubuntu2) impish; urgency=medium
* d/p/test--skip-fs-related-cgroups-tests.patch: skip a new cgroups related
test. It requires permission to write in /sys/fs/cgroup/memory during its
execution.
-- Lucas Kanashiro <email address hidden> Tue, 21 Sep 2021 18:04:02 -0300
-
runc (1.0.0~rc95-0ubuntu1~18.04.2) bionic-security; urgency=medium
* No change rebuild in -security pocket. (LP: #1937286)
-- Marc Deslauriers <email address hidden> Fri, 23 Jul 2021 14:46:29 -0400
-
runc (1.0.0~rc95-0ubuntu1~18.04.1) bionic; urgency=medium
* New upstream release.
- Several regressions were found in 1.0.0-rc93 by upstream and fixed in
this new release.
+ Ensure the scratch pipe is read during ExportBPF (LP: #1927219).
- Drop patches applied by upstream:
+ d/patches/CVE-2021-30465/*.patch
+ d/patches/fix-patchpbf-test-on-32-bit.patch
* d/rules: set VERSION variable when building runc (LP: #1929106).
-- Lucas Kanashiro <email address hidden> Thu, 20 May 2021 11:11:34 -0300
-
runc (1.0.0~rc93-0ubuntu1~18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: symlink exchange attack
- debian/patches/CVE-2021-30465/*.patch: upstream patches to add mount
destination validation.
- CVE-2021-30465
-- Eduardo Barretto <email address hidden> Thu, 13 May 2021 18:11:36 +0200
-
runc (1.0.0~rc93-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport version 1.0.0~rc93-0ubuntu1 from Hirsute (LP: #1919322,
LP: #1916485).
- Use Go 1.13 to build it, with the default Go 1.10 it FTBFS.
+ d/control: b-d on golang-1.13-go instead of golang-any,
+ d/rules: add Go 1.13 to the $PATH.
- d/rules: set GOCACHE to a temporary directory. dh-golang sets it to
"off" which is not accepted by Go >= 1.12.
- d/rules: set GO111MODULE to "off" to avoid getting modules info online.
-- Lucas Kanashiro <email address hidden> Tue, 16 Mar 2021 15:47:19 -0300
-
runc (1.0.0~rc10-0ubuntu1~18.04.2) bionic-security; urgency=medium
* No change rebuild in the -security pocket.
-- Marc Deslauriers <email address hidden> Mon, 09 Mar 2020 07:58:37 -0400
-
runc (1.0.0~rc10-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport to bionic. (LP: #1863669, CVE-2019-19921)
-- Michael Hudson-Doyle <email address hidden> Wed, 19 Feb 2020 14:04:03 +1300
-
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.2) bionic-security; urgency=medium
* No change rebuild for the -security pocket
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport to 18.04. (LP: #1824461)
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1) disco; urgency=medium
* New upstream version.
* Fix dependencies of golang-github-opencontainers-runc-dev package.
runc (1.0.0~rc6+git20190307.2b18fe1d-0ubuntu1) disco; urgency=medium
* Update to https://github.com/opencontainers/runc/commit/2b18fe1d885ee5083ef9f0838fee39b62d653e30
- See also:
https://github.com/containerd/containerd/blob/v1.2.5/RUNC.md
https://github.com/containerd/containerd/blob/v1.2.5/vendor.conf#L23
* d/patches/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch:
dropped, applied upstream.
runc (1.0.0~rc6+git20181203.96ec2177-0ubuntu1) disco; urgency=medium
* Add "basic-smoke" autopkgtest to verify basic functionality
runc (1.0.0~rc6+git20181203.96ec2177-0~ubuntu2) disco; urgency=medium
* d/patches/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch:
Apply upstream fix for CVE-2019-5736.
runc (1.0.0~rc6+git20181203.96ec2177-0~ubuntu1) disco; urgency=medium
* Update to https://github.com/opencontainers/runc/commit/96ec2177ae841256168fcf76954f7177af9446eb
- See also:
https://github.com/containerd/containerd/blob/v1.2.2/RUNC.md
https://github.com/containerd/containerd/blob/v1.2.2/vendor.conf#L23
runc (1.0.0~rc5+dfsg1-4) unstable; urgency=medium
* New patch to disable Hugetlb tests.
runc (1.0.0~rc5+dfsg1-3) unstable; urgency=medium
* TAGS += ambient
* New patch to fix FTBFS on mips* architectures.
runc (1.0.0~rc5+dfsg1-2) unstable; urgency=medium
* New patch to fix integer overflow on i686.
* Build with "selinux" tag (Closes: #865993).
Thanks, Laurent Bigonville.
* Added myself to uploaders.
runc (1.0.0~rc5+dfsg1-1) unstable; urgency=medium
* Team upload.
[ Arnaud Rebillout ]
* Set minimum requirement for golang-gocapability-dev.
And drop the alternative name golang-github-syndtr-gocapability-dev,
this name never existed in the first place.
[ Dmitry Smirnov ]
* New upstream release
* Testsuite: autopkgtest-pkg-go
* Standards-Version: 4.1.4; Priority: optional
* debhelper to version 11; compat to version 10.
* Added "XS-Go-Import-Path".
* (Build-)Depends:
- golang-github-codegangsta-cli-dev
- golang-github-coreos-pkg-dev
- golang-golang-x-sys-dev
- golang-logrus-dev
+ golang-github-containerd-console-dev
+ golang-github-pkg-errors-dev
+ golang-github-sirupsen-logrus-dev
+ golang-github-urfave-cli-dev
-- Mike Salvatore <email address hidden> Wed, 03 Jul 2019 08:18:51 -0400
-
runc (1.0.0~rc7+git20190403.029124da-0ubuntu1~18.04.1) bionic; urgency=medium
* Backport to 18.04. (LP: #1824461)
-- Michael Hudson-Doyle <email address hidden> Tue, 16 Apr 2019 13:27:08 +1200
-
runc (1.0.0~rc4+dfsg1-6ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Container escape and root privilege escalation
- debian/patches/CVE-2019-5736.patch: nsenter: clone /proc/self/exe to
avoid exposing host binary to container
- CVE-2019-5736
-- Mike Salvatore <email address hidden> Fri, 25 Jan 2019 09:30:12 -0500
-
runc (1.0.0~rc4+dfsg1-6) unstable; urgency=medium
[ Michael Stapelberg ]
* update debian/gitlab-ci.yml (using salsa.debian.org/go-team/ci/cmd/ci)
[ Dmitry Smirnov ]
* Removed myself from uploaders.
[ Balint Reczey ]
* Team upload
* Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys
(Closes: #889704)
-- Balint Reczey <email address hidden> Tue, 10 Apr 2018 18:40:56 +0200
-
runc (1.0.0~rc4+dfsg1-5) unstable; urgency=medium
* Vcs-* urls: pkg-go-team -> go-team.
-- Alexandre Viau <email address hidden> Mon, 05 Feb 2018 23:05:40 -0500
-
runc (1.0.0~rc4+dfsg1-2) unstable; urgency=medium
* Mark runc breaking docker.io (<= 1.13.1~ds1-2) (Closes: #877146)
-- Balint Reczey <email address hidden> Sat, 30 Sep 2017 11:50:52 -0400
-
runc (1.0.0~rc2+docker1.13.1-0ubuntu1) artful; urgency=medium
* Update to Docker 1.13.1's commit
- refresh patches
-- Tianon Gravi <email address hidden> Tue, 22 Aug 2017 09:38:26 -0700