Ubuntu
runc package

Change logs for runc source package in Noble

  1. Noble (24.04)
  2. Change log 
  • runc (1.1.12+ds1-2ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2060890). Remaining changes:
    - d/control: add non default pkg.runc.with-bin Build-Profiles to runc
      binary package.
    - d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to be
      compliant with the Apache 2 license
    - d/tests/control: remove integration and checkpoint autopkgtest.
      Since they depend on the runc binary package which is not provided by
      this source package by default.
   * Dropped changes (replaced by non default Build-Profiles):
    - d/control: remove the binary paragraph for runc.
    - d/golang-github-opencontainers-runc-dev.install: remove this file, it
      is causing a FTBFS, no need to have it in place, the library files are
      already installed correctly without it.
    - d/runc.*: remove all packaging related files associated to the
      runc binary package
    - d/rules: no need to generate manpages after build
    - d/rules: remove runc binary from the binary package

 -- Shengjing Zhu <email address hidden>  Tue, 02 Apr 2024 17:26:37 +0800
  • runc (1.1.12+ds1-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable.
  * Remaining changes:
    - d/control: remove the binary paragraph for runc.
    - d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to
      be compliant with the Apache 2 license.
    - d/golang-github-opencontainers-runc-dev.install: remove this file, it
      is causing a FTBFS, no need to have it in place, the library files are
      already installed correctly without it.
    - d/runc.*: remove all packaging related files associated to the
      runc binary package
    - d/rules: no need to generate manpages after build
    - d/rules: remove runc binary from the binary package
    - d/tests/{checkpoint,integration}: remove since they depend on the
      runc binary package which is not provided by this source package
      anymore
  * Dropped changes:
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
      init: verify after chdir that cwd is inside the container
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
      setns init: do explicit lookup of execve argument early
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close
      internal fds before execve
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
      plug leaks of /sys/fs/cgroup handle
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
    [ Incorporated by upstream. ]

runc (1.1.12+ds1-1) unstable; urgency=medium

  * Team upload
  * New upstream version 1.1.12+ds1
    + CVE-2024-21626: several container breakouts due to internally leaked fds

 -- Nishit Majithia <email address hidden>  Wed, 07 Feb 2024 13:26:27 +0530
  • runc (1.1.10+ds1-1ubuntu2) noble; urgency=medium

  * SECURITY UPDATE: container escape vulnerability
    - d/p/0001-Fix-File-to-Close.patch: Fix File to Close
    - d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
      init: verify after chdir that cwd is inside the container
    - d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
      setns init: do explicit lookup of execve argument early
    - d/p/0004-init-close-internal-fds-before-execve.patch: init: close
      internal fds before execve
    - d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
      plug leaks of /sys/fs/cgroup handle
    - d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
      ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
    - CVE-2024-21626

 -- Nishit Majithia <email address hidden>  Wed, 24 Jan 2024 16:41:53 +0530
  • runc (1.1.10+ds1-1ubuntu1) noble; urgency=medium

  * Merge from Debian unstable (LP: #2022390). Make src:runc follow Debian and
    src:runc-app is going to ship the application with vendorized dependencies
    so we can keep updating just the application across all supported releases.
  * Added changes:
    - d/control: remove the binary paragraph for runc.
    - d/runc.*: remove all packaging related files associated to the
      runc binary package
    - d/tests/{checkpoint,integration}: remove since they depend on the
      runc binary package which is not provided by this source package
      anymore.
    - d/golang-github-opencontainers-runc-dev.install: remove this file, it
      is causing a FTBFS, no need to have it in place, the library files are
      already installed correctly without it.
    - d/rules: no need to generate manpages after build.
    - d/rules: remove runc binary from the binary package
    - d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to
      be compliant with the Apache 2 license.

 -- Lucas Kanashiro <email address hidden>  Thu, 11 Jan 2024 19:43:18 -0300
  • runc (1.1.7-0ubuntu2) mantic; urgency=medium

  * No-change rebuild with Go 1.21.

 -- Michael Hudson-Doyle <email address hidden>  Thu, 24 Aug 2023 15:59:42 +1200