File: changelog

package info (click to toggle)
runc 1.0.0~rc93%2Bds1-5%2Bdeb11u5
links: PTS, VCS
area: main
in suites: bullseye
size: 3,760 kB
sloc: sh: 1,679; ansic: 1,050; makefile: 139
file content (523 lines) | stat: -rw-r--r-- 17,608 bytes
runc (1.0.0~rc93+ds1-5+deb11u5) bullseye; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * d/changelog: Cleaned up the last entry for 1.0.0~rc93+ds1-5+deb11u4
    removing some superflous entries.
  * d/patches/CVE-2023-27561-and-CVE-2023-28642: Added to fix CVE-2023-27561
    and CVE-2023-27561.
    - It was found that the fix for CVE-2021-30465 introduced a regression in
      regards to CVE-2019-19921 which results in an incorrect access control
      leading to privilege escalation and bypassing apparmor.

 -- Daniel Leidert <dleidert@debian.org>  Fri, 28 Jun 2024 00:56:20 +0200

runc (1.0.0~rc93+ds1-5+deb11u4) bullseye; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * d/patches/0025-Fix-busybox-tarball-url-in-integration-test.patch: Updated.
    - Fixed download URLs again.
  * d/patches/CVE-2021-43784.patch: Added to fix CVE-2021-43784.
    - When writing netlink messages, it is possible to have a byte array larger
      than UINT16_MAX which would result in the length field overflowing and
      allowing user-controlled data to be parsed as control characters (such as
      creating custom mount points, changing which set of namespaces to allow,
      and so on).
  * d/patches/0027-Fix-test-for-newer-kernels.patch: Added.
    - Fix test for newer kernels.
  * d/patches/CVE-2023-25809.patch: Added to fix CVE-2023-25809.
    - It was found that rootless runc makes `/sys/fs/cgroup` writable under
      specific conditions. A container may then gain the write access to
      user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host.

 -- Daniel Leidert <dleidert@debian.org>  Fri, 28 Jun 2024 00:16:20 +0200

runc (1.0.0~rc93+ds1-5+deb11u3) bullseye-security; urgency=high

  * Team upload.
  * CVE-2024-21626: several container breakouts due to internally leaked fds

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 02 Feb 2024 23:14:13 +0800

runc (1.0.0~rc93+ds1-5+deb11u2) bullseye; urgency=medium

  * Backport upstream patch:
    - do not set inheritable capabilities, Fixes: CVE-2022-29162

 -- Reinhard Tartler <siretart@tauware.de>  Mon, 13 Jun 2022 07:06:00 -0400

runc (1.0.0~rc93+ds1-5+deb11u1) bullseye; urgency=medium

  * Team upload.
  * backport upstream patch: Honor seccomp defaultErrnoRet, Closes: #1012030

 -- Reinhard Tartler <siretart@tauware.de>  Sun, 12 Jun 2022 14:49:36 -0400

runc (1.0.0~rc93+ds1-5) unstable; urgency=high

  * Team upload.
  * Replace CVE-2021-30465 patchset with the one on oss-security
    mailing list, which can be applied cleanly on 1.0.0~rc93.

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 May 2021 02:46:14 +0800

runc (1.0.0~rc93+ds1-4) unstable; urgency=high

  * Team upload.
  * Backport patches for CVE-2021-30465 (Closes: #988768)
    To apply CVE-2021-30465 patch clearly, following PR are backported as
    well:
    + https://github.com/opencontainers/runc/pull/2798
    + https://github.com/opencontainers/runc/pull/2818

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 May 2021 02:13:01 +0800

runc (1.0.0~rc93+ds1-3) unstable; urgency=medium

  * Team upload.
  * Backport patch to fix regression in rc93.
    Fix `runc init` stuck when system is under heavy load.

 -- Shengjing Zhu <zhsj@debian.org>  Sat, 10 Apr 2021 17:52:31 +0800

runc (1.0.0~rc93+ds1-2) unstable; urgency=medium

  * Team upload.
  * Drop compatibility patch.
    No longer used
  * Skip one integration test when no /dev/kmsg in testbed

 -- Shengjing Zhu <zhsj@debian.org>  Mon, 08 Feb 2021 19:00:36 +0800

runc (1.0.0~rc93+ds1-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.0.0~rc93+ds1

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 04 Feb 2021 11:05:23 +0800

runc (1.0.0~rc92.425.g7e3c3e8c+ds1-1) experimental; urgency=medium

  * Team upload.
  * Add umoci to test control
  * New upstream version 1.0.0~rc92.425.g7e3c3e8c+ds1
  * Add golang-golang-x-net-dev to Build-Depends

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 03 Feb 2021 14:51:28 +0800

runc (1.0.0~rc92.372.gc69ae759+ds1-1) experimental; urgency=medium

  * Team upload.
  * New upstream version 1.0.0~rc92.372.gc69ae759+ds1
  * Update Standards-Version to 4.5.1 (no changes)
  * Move section to admin
  * No need protobuf-compiler in Build-Depends
  * Mark integration test in autopkgtest as flaky.
    The testbed on debci.d.n currently is broken with cgroups,
    but may be fixed later.

 -- Shengjing Zhu <zhsj@debian.org>  Sat, 23 Jan 2021 23:21:11 +0800

runc (1.0.0~rc92.346.g49cc2a22+ds1-1) experimental; urgency=medium

  * Team upload.
  * New upstream version 1.0.0~rc92.346.g49cc2a22+ds1
  * Change repacksuffix to ds
  * Vendor github.com/urfave/cli v1.22.1.
    Regression https://github.com/urfave/cli/issues/1092
  * Drop obsoleted build tags: apparmor and selinux
  * Bump golang-github-opencontainers-selinux-dev to 1.8.0
  * Add golang-github-willf-bitset-dev to Depends
  * Wrap integration test with script command
  * Disable TestParseCgroups when schroot doesn't have cgroup

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 17 Jan 2021 21:20:30 +0800

runc (1.0.0~rc92.249.g636f23dd+dfsg1-3) experimental; urgency=medium

  * Team upload.
  * Try to create /dev/tty in autopkgtest env.

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 18 Nov 2020 01:56:47 +0800

runc (1.0.0~rc92.249.g636f23dd+dfsg1-2) experimental; urgency=medium

  * Team upload.
  * Fix intelRdtManager patch

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 15 Nov 2020 22:54:54 +0800

runc (1.0.0~rc92.249.g636f23dd+dfsg1-1) experimental; urgency=medium

  * Team upload.

  [ Dmitry Smirnov ]
  * CI: customised CI
  * Tightened dependency on "golang-github-pkg-errors-dev"
      golang-github-pkg-errors-dev (>= 0.9.1~)

  [ Shengjing Zhu ]
  * New upstream snapshot
    For testing the upcoming 1.0.0~rc93 release
  * Bump golang-github-moby-sys-dev version
  * Drop libapparmor-dev from Build-Depends
  * Add integration test to autopkgtest
  * Add patch to export IntelRdtManager to keep compatibility

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 15 Nov 2020 19:50:02 +0800

runc (1.0.0~rc92+dfsg1-5) unstable; urgency=medium

  * Team upload.
  * Fix Breaks, should be podman instead of libpod

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 27 Aug 2020 09:10:35 +0800

runc (1.0.0~rc92+dfsg1-4) unstable; urgency=medium

  * Team upload.
  * Add Breaks libpod << 2.0.4+dfsg2-5.
  * Drop GetClockTicks patch.

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 25 Aug 2020 23:58:32 +0800

runc (1.0.0~rc92+dfsg1-3) unstable; urgency=medium

  * Team upload.
  * Bump golang-gocapability-dev to git20200815.
  * Upload to unstable.

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 23 Aug 2020 01:32:45 +0800

runc (1.0.0~rc92+dfsg1-2) experimental; urgency=medium

  * Team upload.
  * Add patch to fix build with gccgo.
    Buildd chooses gccgo in experimental chroot

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 Aug 2020 02:44:25 +0800

runc (1.0.0~rc92+dfsg1-1) experimental; urgency=medium

  * Team upload.
  * New upstream version 1.0.0~rc92
  * Excluded all vendor files
  * Update Build-Depends for new version
  * Remove ambient tag which is no longer used
  * Skip privileged cgroup test

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 18 Aug 2020 00:46:22 +0800

runc (1.0.0~rc10+dfsg2-1) unstable; urgency=medium

  * Team upload.
  * Add golang-github-mrunalp-fileutils-dev to Depends
  * Unvendor github.com/cilium/ebpf
  * Remove vendor/github.com/coreos/pkg from Files-Excluded.
    No longer present in upstream tarball
  * Add golang-github-cilium-ebpf-dev to Build-Depends
  * Add /usr/bin/runc symlink (Closes: #958866)
  * Add missing Depends in -dev package.
    Also remove golang-golang-x-tools from Build-Depends
    Since it's only used in previous vendor library.
  * Update maintainer address to team+pkg-go@tracker.debian.org
  * Exclude contrib/cmd when building.
    The command recvtty has no real usage
  * Add runc bash-completion script
  * Add lintian overrides for manpage-without-executable
  * Add Rules-Requires-Root

 -- Shengjing Zhu <zhsj@debian.org>  Mon, 27 Apr 2020 00:57:29 +0800

runc (1.0.0~rc10+dfsg1-1) unstable; urgency=medium

  * New upstream release.
    + fixed CVE-2019-19921.
  * Un-vendored "golang-github-checkpoint-restore-go-criu-dev".
  * Build-Depends += "golang-golang-x-tools".
  * Standards-Version: 4.5.0.

 -- Dmitry Smirnov <onlyjob@debian.org>  Sun, 26 Jan 2020 20:24:01 +1100

runc (1.0.0~rc9+dfsg1-1) unstable; urgency=medium

  * New upstream release.
    + fixed CVE-2019-16884.
  * Recommends += "criu" (Closes: #912821).
    Thanks, Qian Cai.
  * (Build-)Depends:
    = golang-github-docker-go-units-dev (>= 0.4.0~)
    = golang-github-opencontainers-selinux-dev (>= 1.3.0~)
    = golang-github-seccomp-libseccomp-golang-dev (>= 0.9.1~)
    = golang-gocapability-dev (>= 0.0+git20180916~)

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 09 Oct 2019 19:09:07 +1100

runc (1.0.0~rc8+dfsg1-1) unstable; urgency=medium

  * New upstream release.
  * Standards-Version: 4.4.0.
  * DH & compat to version 12.
  * (Build-)Depends:
    + golang-github-cyphar-filepath-securejoin-dev
    = golang-github-coreos-go-systemd-dev (>= 20~)

 -- Dmitry Smirnov <onlyjob@debian.org>  Tue, 10 Sep 2019 00:22:06 +1000

runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium

  * Team upload.

  [ Shengjing Zhu ]
  * Improve patch for CVE-2019-5736 based on upstream commits.
    Now the patch includes following commits:
    + 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails
    + 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before
              copying
    + af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE
    + 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks
    + 5b775bf nsenter: cloned_binary: detect and handle short copies
    + bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ
    + 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to
              container

  [ Arnaud Rebillout ]
  * Add version and gitcommit to the ldflags (Closes: #909644)
    Note that we fill the git commit with something that is NOT a git commit
    at all, instead we use it as a placeholder for the debian version. The
    debian version is a relevant information for the user, and it's nice to
    be able to show it, some way or another.

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 10 Mar 2019 17:51:44 +0800

runc (1.0.0~rc6+dfsg1-2) unstable; urgency=medium

  * Team upload.
  * Apply upstream patch addressing CVE-2019-5736 (Closes: #922050)
    Thanks Noah Meyerhans!

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 12 Feb 2019 23:45:09 +0800

runc (1.0.0~rc6+dfsg1-1) unstable; urgency=medium

  * Standards-Version: 4.3.0.
  * New upstream release.

 -- Dmitry Smirnov <onlyjob@debian.org>  Fri, 25 Jan 2019 07:55:34 +1100

runc (1.0.0~rc5+dfsg1-4) unstable; urgency=medium

  * New patch to disable Hugetlb tests.

 -- Dmitry Smirnov <onlyjob@debian.org>  Thu, 27 Sep 2018 08:16:11 +1000

runc (1.0.0~rc5+dfsg1-3) unstable; urgency=medium

  * TAGS += ambient
  * New patch to fix FTBFS on mips* architectures.

 -- Dmitry Smirnov <onlyjob@debian.org>  Mon, 18 Jun 2018 11:47:25 +1000

runc (1.0.0~rc5+dfsg1-2) unstable; urgency=medium

  * New patch to fix integer overflow on i686.
  * Build with "selinux" tag (Closes: #865993).
    Thanks, Laurent Bigonville.
  * Added myself to uploaders.

 -- Dmitry Smirnov <onlyjob@debian.org>  Sat, 16 Jun 2018 22:12:23 +1000

runc (1.0.0~rc5+dfsg1-1) unstable; urgency=medium

  * Team upload.

  [ Arnaud Rebillout ]
  * Set minimum requirement for golang-gocapability-dev.
    And drop the alternative name golang-github-syndtr-gocapability-dev,
    this name never existed in the first place.

  [ Dmitry Smirnov ]
  * New upstream release
  * Testsuite: autopkgtest-pkg-go
  * Standards-Version: 4.1.4; Priority: optional
  * debhelper to version 11; compat to version 10.
  * Added "XS-Go-Import-Path".
  * (Build-)Depends:
    - golang-github-codegangsta-cli-dev
    - golang-github-coreos-pkg-dev
    - golang-golang-x-sys-dev
    - golang-logrus-dev
    + golang-github-containerd-console-dev
    + golang-github-pkg-errors-dev
    + golang-github-sirupsen-logrus-dev
    + golang-github-urfave-cli-dev

 -- Dmitry Smirnov <onlyjob@debian.org>  Fri, 15 Jun 2018 21:48:18 +1000

runc (1.0.0~rc4+dfsg1-6) unstable; urgency=medium

  [ Michael Stapelberg ]
  * update debian/gitlab-ci.yml (using salsa.debian.org/go-team/ci/cmd/ci)

  [ Dmitry Smirnov ]
  * Removed myself from uploaders.

  [ Balint Reczey ]
  * Team upload
  * Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys
    (Closes: #889704)

 -- Balint Reczey <rbalint@ubuntu.com>  Tue, 10 Apr 2018 18:40:56 +0200

runc (1.0.0~rc4+dfsg1-5) unstable; urgency=medium

  * Vcs-* urls: pkg-go-team -> go-team.

 -- Alexandre Viau <aviau@debian.org>  Mon, 05 Feb 2018 23:05:40 -0500

runc (1.0.0~rc4+dfsg1-4) unstable; urgency=medium

  * Point vcs-* urls to packages subgroup.

 -- Alexandre Viau <aviau@debian.org>  Thu, 25 Jan 2018 15:23:12 -0500

runc (1.0.0~rc4+dfsg1-3) unstable; urgency=medium

  * Change my email to @debian.org.
  * Move to salsa.debian.org.

 -- Alexandre Viau <aviau@debian.org>  Fri, 29 Dec 2017 00:34:59 -0500

runc (1.0.0~rc4+dfsg1-2) unstable; urgency=medium

  * Mark runc breaking docker.io (<= 1.13.1~ds1-2) (Closes: #877146)

 -- Balint Reczey <rbalint@ubuntu.com>  Sat, 30 Sep 2017 11:50:52 -0400

runc (1.0.0~rc4+dfsg1-1) unstable; urgency=medium

  * Team Upload
  * Update watch file to match release candidates
  * Update Files-Excuded and d/control to match dependencies of rc4
  * New upstream release candidate 1.0.0-rc4
  * Drop obsoleted patches
  * Drop outdated README.source
  * Require at least final 1.0.0 release of
    golang-github-opencontainers-specs-dev (Closes: #858250)
  * Fix typo in golang-github-opencontainers-runc-dev package description
    (Closes: #873760)

 -- Balint Reczey <rbalint@ubuntu.com>  Sat, 30 Sep 2017 11:50:50 -0400

runc (1.0.0~rc2+git20170201.133.9df8b30-3) unstable; urgency=medium

  * Replace golang-go with golang-any in Build-Depends

 -- Konstantinos Margaritis <markos@debian.org>  Wed, 09 Aug 2017 15:00:55 +0300

runc (1.0.0~rc2+git20170201.133.9df8b30-2) unstable; urgency=medium

  * Patch to make libcontainer ignore cgroup2 hierarchy. Patch pulled from
    https://github.com/opencontainers/runc/pull/1266.

 -- Vincent Bernat <bernat@debian.org>  Fri, 30 Jun 2017 07:10:34 +0200

runc (1.0.0~rc2+git20170201.133.9df8b30-1) unstable; urgency=medium

  * New upstream snapshot for Docker 1.13.1.

 -- Tim Potter <tpot@hpe.com>  Wed, 24 May 2017 11:36:40 +1000

runc (1.0.0~rc2+git20161109.131.5137186-2) unstable; urgency=medium

  * Add Breaks line to binary package to avoid messing up previous
    Docker installs.

 -- Tim Potter <tpot@hpe.com>  Fri, 24 Feb 2017 09:49:06 +1100

runc (1.0.0~rc2+git20161109.131.5137186-1) unstable; urgency=medium

  * New upstream snapshot.
  * Refresh backported patch for CVE-2016-9962.

 -- Tim Potter <tpot@hpe.com>  Wed, 15 Feb 2017 09:08:52 +1100

runc (0.1.1+dfsg1-2) unstable; urgency=medium

  * Team upload.
  * Backport patch for CVE-2016-9962 (Closes: #850951)

 -- Tianon Gravi <tianon@debian.org>  Wed, 01 Feb 2017 07:17:54 -0800

runc (0.1.1+dfsg1-1) unstable; urgency=medium

  * New upstream release [June 2016].
  * testworks: disabled privileged and failing tests.
  * Build with "apparmor seccomp" tags (Closes: #830818);
    Build-Depends += "libapparmor-dev".

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 13 Jul 2016 23:00:43 +1000

runc (0.1.0+dfsg1-1) unstable; urgency=medium

  * Dropped dependency on "golang-docker-dev" in favour of bundled
    (or build time sub-vendored) "github.com/docker/docker" in order
    to avoid circular dependency with Docker.
  * Standards-Version: 3.9.8.
  * Corrected Vcs-Git URL.

 -- Dmitry Smirnov <onlyjob@debian.org>  Sun, 12 Jun 2016 17:56:45 +1000

runc (0.1.0+dfsg-1) unstable; urgency=medium

  [ Tim Potter ]
  * Team upload
  * New upstream release [April 2016]
    = golang-github-opencontainers-specs-dev (>= 0.5.0~)
  * De-vendor new dependencies; pquerna/ffjson appears unused

 -- Dmitry Smirnov <onlyjob@debian.org>  Sat, 23 Apr 2016 07:59:18 +1000

runc (0.0.9+dfsg-1) unstable; urgency=medium

  * New upstream release [March 2016].
  * (Build-)Depends:
    = golang-github-opencontainers-specs-dev (>= 0.4.0~)
    = golang-github-codegangsta-cli-dev (>= 0.0~git20151221~)
    - help2man
    + go-md2man
  * Install upstream man pages.
  * Install "runc" binary to "/usr/sbin".

 -- Dmitry Smirnov <onlyjob@debian.org>  Sat, 16 Apr 2016 17:23:48 +1000

runc (0.0.8+dfsg-2) unstable; urgency=medium

  * (Build-)Depends:
    + golang-github-docker-go-units-dev
    + golang-github-seccomp-libseccomp-golang-dev

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 23 Mar 2016 20:05:01 +1100

runc (0.0.8+dfsg-1) unstable; urgency=medium

  * New upstream release [February 2016].
  * Build-Depends:
    + golang-github-vishvananda-netlink-dev
  * Updated Vcs URLs.
  * Standards-Version: 3.9.7.

 -- Dmitry Smirnov <onlyjob@debian.org>  Fri, 26 Feb 2016 18:19:24 +1100

runc (0.0.4~dfsg-1) unstable; urgency=medium

  * New upstream release (Closes: #802507).
  * Dropped obsolete lintian-overrides.

 -- Dmitry Smirnov <onlyjob@debian.org>  Wed, 21 Oct 2015 09:02:42 +1100

runc (0.0.3~dfsg2-1) unstable; urgency=low

  * Initial release (Closes: #796486).
    Thanks, Alexandre Viau.

 -- Dmitry Smirnov <onlyjob@debian.org>  Sun, 06 Sep 2015 18:06:34 +1000