Ubuntu
runc package

Change logs for runc source package in Jammy

  1. Jammy (22.04)
  2. Change log 
  • runc (1.1.7-0ubuntu1~22.04.4) jammy; urgency=medium

  * d/t/control: remove basic-smoke test since it depends on runc binary now
    provided by src:runc-app.

runc (1.1.7-0ubuntu1~22.04.3) jammy; urgency=medium

  * Do not provide the runc binary package anymore (LP: #2022390).
    The runc binary package is now provided by src:runc-app.
    - d/control: remove the containerd binary package paragraph.
    - d/containerd.*: remove all files related to the containerd binary
      package.
    - d/p/test--skip-fs-related-cgroups-tests.patch:
    - d/golang-github-opencontainers-runc-dev.install:

 -- Lucas Kanashiro <email address hidden>  Mon, 06 May 2024 16:50:52 -0300
  • runc (1.1.7-0ubuntu1~22.04.3) jammy; urgency=medium

  * Do not provide the runc binary package anymore (LP: #2022390).
    The runc binary package is now provided by src:runc-app.
    - d/control: remove the containerd binary package paragraph.
    - d/containerd.*: remove all files related to the containerd binary
      package.
    - d/p/test--skip-fs-related-cgroups-tests.patch:
    - d/golang-github-opencontainers-runc-dev.install:

 -- Lucas Kanashiro <email address hidden>  Wed, 13 Mar 2024 18:07:43 -0300
  • runc (1.1.7-0ubuntu1~22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: container escape vulnerability
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
      init: verify after chdir that cwd is inside the container
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
      setns init: do explicit lookup of execve argument early
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close
      internal fds before execve
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
      plug leaks of /sys/fs/cgroup handle
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
    - CVE-2024-21626

 -- Nishit Majithia <email address hidden>  Wed, 24 Jan 2024 16:40:36 +0530
  • runc (1.1.7-0ubuntu1~22.04.1) jammy; urgency=medium

  * Backport version from Mantic to Jammy (LP: #2023694).

 -- Lucas Kanashiro <email address hidden>  Fri, 30 Jun 2023 17:42:42 -0300
  • runc (1.1.4-0ubuntu1~22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

 -- David Fernandez Gonzalez <email address hidden>  Mon, 15 May 2023 12:31:53 +0200
  • runc (1.1.4-0ubuntu1~22.04.2) jammy; urgency=medium

  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
    device files such as /dev/null in containers (LP: #2013318)

 -- Lena Voytek <email address hidden>  Wed, 12 Apr 2023 13:18:53 -0700
  • runc (1.1.4-0ubuntu1~22.04.1) jammy; urgency=medium

  * Backport version 1.1.4-0ubuntu1 from Lunar (LP: #1996909).

 -- Lucas Kanashiro <email address hidden>  Thu, 17 Nov 2022 12:17:32 -0300
  • runc (1.1.0-0ubuntu1.1) jammy; urgency=medium

  * d/p/fix_cpuset_range_byte_order.patch: fix byte order while parsing cpuset
    range to bits (LP: #1993221)

 -- Chengen Du <email address hidden>  Mon, 17 Oct 2022 15:48:16 +0800
  • runc (1.1.0-0ubuntu1) jammy; urgency=medium

  * New upstream release.
  * Refresh patches:
    - d/p/test--skip_TestFactoryNewTmpfs.patch
    - d/p/test--skip-fs-related-cgroups-tests.patch
  * Remove patch not needed anymore:
    - d/p/test--skip-Hugetlb.patch

 -- Lucas Kanashiro <email address hidden>  Wed, 09 Feb 2022 11:46:31 -0300
  • runc (1.0.3-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1946899).
  * d/rules: remove DH_GOLANG_INSTALL_EXTRA, the directories listed there do
    not exist anymore.

 -- Lucas Kanashiro <email address hidden>  Mon, 10 Jan 2022 11:51:10 -0300
  • runc (1.0.1-0ubuntu3) jammy; urgency=medium

  * No-change rebuild against Go 1.17

 -- William 'jawn-smith' Wilson <email address hidden>  Tue, 30 Nov 2021 13:57:31 -0600
  • runc (1.0.1-0ubuntu2) impish; urgency=medium

  * d/p/test--skip-fs-related-cgroups-tests.patch: skip a new cgroups related
    test. It requires permission to write in /sys/fs/cgroup/memory during its
    execution.

 -- Lucas Kanashiro <email address hidden>  Mon, 09 Aug 2021 11:40:32 -0300