-
runc (1.1.7-0ubuntu1~20.04.3) focal; urgency=medium
* Do not provide the runc binary package anymore (LP: #2022390).
The runc binary package is now provided by src:runc-app.
- d/control: remove the containerd binary package paragraph.
- d/containerd.*: remove all files related to the containerd binary
package.
- d/p/test--skip-fs-related-cgroups-tests.patch: skip a new cgroups test
trying to write to /sys/fs/cgroup/memory.
- d/golang-github-opencontainers-runc-dev.install: fix path of library
files.
-- Lucas Kanashiro <email address hidden> Wed, 13 Mar 2024 18:07:43 -0300
-
runc (1.1.7-0ubuntu1~20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: container escape vulnerability
- d/p/0001-Fix-File-to-Close.patch: Fix File to Close
- d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
init: verify after chdir that cwd is inside the container
- d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
setns init: do explicit lookup of execve argument early
- d/p/0004-init-close-internal-fds-before-execve.patch: init: close
internal fds before execve
- d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
plug leaks of /sys/fs/cgroup handle
- d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
- CVE-2024-21626
-- Nishit Majithia <email address hidden> Wed, 24 Jan 2024 16:33:42 +0530
-
runc (1.1.7-0ubuntu1~20.04.1) focal; urgency=medium
* Backport version from Mantic to Focal (LP: #2023694).
- Build with Go 1.18
+ d/control: b-d on golang-1.18-go intead of golang-any
+ d/rules: add Go 1.18 to $PATH
-- Lucas Kanashiro <email address hidden> Fri, 30 Jun 2023 17:49:24 -0300
-
runc (1.1.4-0ubuntu1~20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
- debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
/sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
in libcontainer/rootfs_linux.go.
- CVE-2023-25809
* SECURITY UPDATE: Incorrect access control through /proc and /sys
- debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
/sys to be symlinks in libcontainer/rootfs_linux.go.
- CVE-2023-27561
- CVE-2023-28642
-- David Fernandez Gonzalez <email address hidden> Mon, 15 May 2023 12:15:47 +0200
-
runc (1.1.4-0ubuntu1~20.04.2) focal; urgency=medium
* d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
device files such as /dev/null in containers (LP: #2013318)
-- Lena Voytek <email address hidden> Wed, 12 Apr 2023 13:21:54 -0700
-
runc (1.1.4-0ubuntu1~20.04.1) focal; urgency=medium
* Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).
- d/control: b-d on golang-1.18-go instead of golang-any.
- d/rules: build with Golang 1.18.
-- Lucas Kanashiro <email address hidden> Thu, 17 Nov 2022 12:24:35 -0300
-
runc (1.1.0-0ubuntu1~20.04.2) focal; urgency=medium
* d/p/fix_cpuset_range_byte_order.patch: fix byte order while parsing cpuset
range to bits (LP: #1993221)
-- Chengen Du <email address hidden> Mon, 17 Oct 2022 08:59:54 +0000
-
runc (1.1.0-0ubuntu1~20.04.1) focal; urgency=medium
* Backport version 1.1.0-0ubuntu1 from Jammy (LP: #1960449).
- d/control: b-d on golang-1.16-go instead of golang-any.
- d/rules: build with Golang 1.16.
-- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 18:00:30 -0300
-
runc (1.0.1-0ubuntu2~20.04.1) focal; urgency=medium
* Backport version 1.0.1-0ubuntu2 from Impish (LP: #1938908).
runc (1.0.1-0ubuntu2) impish; urgency=medium
* d/p/test--skip-fs-related-cgroups-tests.patch: skip a new cgroups related
test. It requires permission to write in /sys/fs/cgroup/memory during its
execution.
-- Lucas Kanashiro <email address hidden> Tue, 21 Sep 2021 18:00:11 -0300
-
runc (1.0.0~rc95-0ubuntu1~20.04.2) focal-security; urgency=medium
* No change rebuild in -security pocket. (LP: #1937286)
-- Marc Deslauriers <email address hidden> Fri, 23 Jul 2021 14:45:39 -0400
-
runc (1.0.0~rc95-0ubuntu1~20.04.1) focal; urgency=medium
* New upstream release.
- Several regressions were found in 1.0.0-rc93 by upstream and fixed in
this new release.
+ Ensure the scratch pipe is read during ExportBPF (LP: #1927219).
- Drop patches applied by upstream:
+ d/patches/CVE-2021-30465/*.patch
+ d/patches/fix-patchpbf-test-on-32-bit.patch
* d/rules: set VERSION variable when building runc (LP: #1929106).
-- Lucas Kanashiro <email address hidden> Thu, 20 May 2021 11:06:57 -0300
-
runc (1.0.0~rc93-0ubuntu1~20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: symlink exchange attack
- debian/patches/CVE-2021-30465/*.patch: upstream patches to add mount
destination validation.
- CVE-2021-30465
-- Marc Deslauriers <email address hidden> Wed, 05 May 2021 14:27:26 -0400
-
runc (1.0.0~rc93-0ubuntu1~20.04.1) focal; urgency=medium
* Backport version 1.0.0~rc93-0ubuntu1 from Hirsute (LP: #1919322,
LP: #1916485).
-- Lucas Kanashiro <email address hidden> Tue, 16 Mar 2021 15:34:35 -0300
-
runc (1.0.0~rc10-0ubuntu1) focal; urgency=medium
[ Lucas Kanashiro ]
* Run dh_golang_autopkgtest with isolation-machine restriction (LP: #1856083)
- d/control: remove Testsuite field since we are now overwriting the
autodep8 test definition.
- d/t/control: overwrite autodep8 test definition to add isolation-machine
restriction.
* d/t/control: Use commas in Restrictions field of basic-smoke test
[ Tianon Gravi ]
* Update to 1.0.0-rc10 upstream release
-- Tianon Gravi <email address hidden> Tue, 18 Feb 2020 09:06:24 +1300
-
runc (1.0.0~rc8+git20190923.3e425f80-0ubuntu1) eoan; urgency=medium
* New upstream snapshot, fixing CVE-2019-16884.
-- Michael Hudson-Doyle <email address hidden> Mon, 30 Sep 2019 14:12:18 +1300
