Package: runc / 1.0.0~rc6+dfsg1-3

Metadata

Package Version Patches format
runc 1.0.0~rc6+dfsg1-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
test fix_TestGetAdditionalGroups.patch | (download)

libcontainer/user/user.go | 2 1 + 1 - 0 !
libcontainer/user/user_test.go | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 fix ftbfs on i686
 src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int


test skip Hugetlb.patch | (download)

libcontainer/cgroups/fs/hugetlb_test.go | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 disabled unreliable tests due to random failures on [ppc64el, s390x].


test skip_TestFactoryNewTmpfs.patch | (download)

libcontainer/factory_linux_test.go | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 disable test (requires root)


CVE 2019 5736.patch | (download)

libcontainer/nsenter/cloned_binary.c | 516 516 + 0 - 0 !
libcontainer/nsenter/nsexec.c | 11 11 + 0 - 0 !
2 files changed, 527 insertions(+)

 cve-2019-5736

Backport upstream patches for CVE-2019-5736

Include commits:
2d4a37b427167907ef2402586a8e8e2931a22490 nsenter: cloned_binary: userspace copy fallback if sendfile fails
16612d74de5f84977e50a9c8ead7f0e9e13b8628 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying
af9da0a45082783f6005b252488943b5ee2e2138 nsenter: cloned_binary: use the runc statedir for O_TMPFILE
2429d59352b81f6b9cc79b5ed26780c5fe6ba4ec nsenter: cloned_binary: expand and add pre-3.11 fallbacks
5b775bf297c47a6bc50e36da89d1ec74a6fa01dc nsenter: cloned_binary: detect and handle short copies
bb7d8b1f41f7bf0399204d54009d6da57c3cc775 nsexec (CVE-2019-5736): avoid parsing environ
0a8e4117e7f715d5fbeef398405813ce8e88558b nsenter: clone /proc/self/exe to avoid exposing host binary to container

Debian-Bug: https://bugs.debian.org/922050