-
runc (1.1.12+ds1-2ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2060890). Remaining changes:
- d/control: add non default pkg.runc.with-bin Build-Profiles to runc
binary package.
- d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to be
compliant with the Apache 2 license
- d/tests/control: remove integration and checkpoint autopkgtest.
Since they depend on the runc binary package which is not provided by
this source package by default.
* Dropped changes (replaced by non default Build-Profiles):
- d/control: remove the binary paragraph for runc.
- d/golang-github-opencontainers-runc-dev.install: remove this file, it
is causing a FTBFS, no need to have it in place, the library files are
already installed correctly without it.
- d/runc.*: remove all packaging related files associated to the
runc binary package
- d/rules: no need to generate manpages after build
- d/rules: remove runc binary from the binary package
-- Shengjing Zhu <email address hidden> Tue, 02 Apr 2024 17:26:37 +0800
-
runc (1.1.12+ds1-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable.
* Remaining changes:
- d/control: remove the binary paragraph for runc.
- d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to
be compliant with the Apache 2 license.
- d/golang-github-opencontainers-runc-dev.install: remove this file, it
is causing a FTBFS, no need to have it in place, the library files are
already installed correctly without it.
- d/runc.*: remove all packaging related files associated to the
runc binary package
- d/rules: no need to generate manpages after build
- d/rules: remove runc binary from the binary package
- d/tests/{checkpoint,integration}: remove since they depend on the
runc binary package which is not provided by this source package
anymore
* Dropped changes:
- d/p/0001-Fix-File-to-Close.patch: Fix File to Close
- d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
init: verify after chdir that cwd is inside the container
- d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
setns init: do explicit lookup of execve argument early
- d/p/0004-init-close-internal-fds-before-execve.patch: init: close
internal fds before execve
- d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
plug leaks of /sys/fs/cgroup handle
- d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
[ Incorporated by upstream. ]
runc (1.1.12+ds1-1) unstable; urgency=medium
* Team upload
* New upstream version 1.1.12+ds1
+ CVE-2024-21626: several container breakouts due to internally leaked fds
-- Nishit Majithia <email address hidden> Wed, 07 Feb 2024 13:26:27 +0530
-
runc (1.1.10+ds1-1ubuntu2) noble; urgency=medium
* SECURITY UPDATE: container escape vulnerability
- d/p/0001-Fix-File-to-Close.patch: Fix File to Close
- d/p/0002-init-verify-after-chdir-that-cwd-is-inside-the-conta.patch:
init: verify after chdir that cwd is inside the container
- d/p/0003-setns-init-do-explicit-lookup-of-execve-argument-ear.patch:
setns init: do explicit lookup of execve argument early
- d/p/0004-init-close-internal-fds-before-execve.patch: init: close
internal fds before execve
- d/p/0005-cgroup-plug-leaks-of-sys-fs-cgroup-handle.patch: cgroup:
plug leaks of /sys/fs/cgroup handle
- d/p/0006-libcontainer-mark-all-non-stdio-fds-O_CLOEXEC-before.patch:
ibcontainer: mark all non-stdio fds O_CLOEXEC before spawning init
- CVE-2024-21626
-- Nishit Majithia <email address hidden> Wed, 24 Jan 2024 16:41:53 +0530
-
runc (1.1.10+ds1-1ubuntu1) noble; urgency=medium
* Merge from Debian unstable (LP: #2022390). Make src:runc follow Debian and
src:runc-app is going to ship the application with vendorized dependencies
so we can keep updating just the application across all supported releases.
* Added changes:
- d/control: remove the binary paragraph for runc.
- d/runc.*: remove all packaging related files associated to the
runc binary package
- d/tests/{checkpoint,integration}: remove since they depend on the
runc binary package which is not provided by this source package
anymore.
- d/golang-github-opencontainers-runc-dev.install: remove this file, it
is causing a FTBFS, no need to have it in place, the library files are
already installed correctly without it.
- d/rules: no need to generate manpages after build.
- d/rules: remove runc binary from the binary package
- d/golang-github-opencontainers-runc-dev.docs: install NOTICE file to
be compliant with the Apache 2 license.
-- Lucas Kanashiro <email address hidden> Thu, 11 Jan 2024 19:43:18 -0300
-
runc (1.1.7-0ubuntu2) mantic; urgency=medium
* No-change rebuild with Go 1.21.
-- Michael Hudson-Doyle <email address hidden> Thu, 24 Aug 2023 15:59:42 +1200