runc (1.1.5+ds1-1+deb12u1) bookworm-security; urgency=high * Team upload. * CVE-2024-21626: several container breakouts due to internally leaked fds -- Shengjing Zhu Fri, 02 Feb 2024 21:53:05 +0800 runc (1.1.5+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.1.5+ds1 + CVE-2023-25809: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared + CVE-2023-27561: Incorrect Authorization vulnerability (re-introduced CVE-2019-19921) (Closes: #1033520) + CVE-2023-28642: AppArmor/SELinux bypass with symlinked /proc * Drop patches applied in new version - 0009-tests-replace-local-hello-world-bundle-with-busybox-.patch - 0010-tests-convert-arm32-arch-string-when-download-bundle.patch * Add patch to skip TestOpenat2 when cgroups is not available -- Shengjing Zhu Wed, 29 Mar 2023 17:24:36 +0800 runc (1.1.4+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.1.4+ds1 -- Shengjing Zhu Sat, 27 Aug 2022 18:27:50 +0800 runc (1.1.3+ds1-7) unstable; urgency=medium * Team upload. * Mark the integration autopkgtest flaky again, needs more investigation on arm -- Reinhard Tartler Wed, 17 Aug 2022 19:12:58 +0200 runc (1.1.3+ds1-6) unstable; urgency=medium * Team upload. * backport upstream commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81 required for podman 4.2 * Merge with upload to experimental -- Reinhard Tartler Wed, 17 Aug 2022 18:45:35 +0200 runc (1.1.3+ds1-5) experimental; urgency=medium * Team upload. * Fix integration test on i386 and armhf * Enable integration on armel -- Shengjing Zhu Tue, 05 Jul 2022 11:08:08 +0800 runc (1.1.3+ds1-4) experimental; urgency=medium * Fix seccomp integration tests again on arm * Build with urfave_cli_no_docs tag -- Shengjing Zhu Mon, 04 Jul 2022 16:16:53 +0800 runc (1.1.3+ds1-3) experimental; urgency=medium * Fix seccomp integration tests on arm * Enable integration on armhf and i386 and remove flaky flag -- Shengjing Zhu Mon, 20 Jun 2022 13:28:53 +0800 runc (1.1.3+ds1-2) unstable; urgency=medium * Team upload. * Revert "Vendor github.com/urfave/cli v1.22.1" Regression in github.com/urfave/cli is fixed in v1.22.9 -- Shengjing Zhu Thu, 16 Jun 2022 23:52:25 +0800 runc (1.1.3+ds1-1) unstable; urgency=medium * Team upload. [ Debian Janitor ] * Remove constraints unnecessary since buster * Build-Depends: Drop versioned constraint on golang-github-sirupsen-logrus-dev. * runc: Drop versioned constraint on docker.io in Breaks. * golang-github-opencontainers-runc-dev: Drop versioned constraint on golang-github-sirupsen-logrus-dev in Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse. [ Shengjing Zhu ] * New upstream version 1.1.3+ds1 * (1.1.2) CVE-2022-29162: Default inheritable capabilities for linux container should be empty * Bump golang-github-seccomp-libseccomp-golang-dev to 0.10.0 * Update Standards-Version to 4.6.1 (no changes) -- Shengjing Zhu Tue, 14 Jun 2022 03:46:31 +0800 runc (1.1.1+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.1.1+ds1 -- Shengjing Zhu Tue, 29 Mar 2022 12:00:14 +0800 runc (1.1.0+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.1.0+ds1 * Upload to unstable * Enable seccomp integration test -- Shengjing Zhu Mon, 07 Feb 2022 01:15:00 +0800 runc (1.1.0~rc.1+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.1.0~rc.1+ds1 * Disable seccomp notify to build with libseccomp-golang 0.9.1 -- Shengjing Zhu Wed, 15 Dec 2021 00:58:10 +0800 runc (1.0.3+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.0.3+ds1 + CVE-2021-43784: Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration * Remove unused lintian override spare-manual-page -- Shengjing Zhu Mon, 06 Dec 2021 15:59:43 +0800 runc (1.0.2+ds1-2) unstable; urgency=medium * Team upload. * Bump golang-github-checkpoint-restore-go-criu-dev to 5.1.0 * Drop golang-github-willf-bitset-dev from Depends * Remove compatible patch for podman -- Shengjing Zhu Mon, 11 Oct 2021 01:12:21 +0800 runc (1.0.2+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.0.2+ds1 * Bump golang-github-coreos-go-systemd-dev to 22.3.2 -- Shengjing Zhu Mon, 23 Aug 2021 19:02:58 +0800 runc (1.0.1+ds1-2) unstable; urgency=medium * Team upload. * Upload to unstable * Bump golang-github-opencontainers-specs-dev to 1.0.2.66 (Closes: #990820) * Update Standards-Version to 4.6.0 (no changes) -- Shengjing Zhu Fri, 20 Aug 2021 23:39:49 +0800 runc (1.0.1+ds1-1) experimental; urgency=medium * New upstream version 1.0.1+ds1 * Add patch to add back deprecated alias * Bump golang-github-cilium-ebpf-dev to 0.6.2 -- Shengjing Zhu Fri, 16 Jul 2021 23:15:56 +0800 runc (1.0.0+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0+ds1 * Bump golang-github-cilium-ebpf-dev to 0.6.1 -- Shengjing Zhu Tue, 22 Jun 2021 15:32:16 +0800 runc (1.0.0~rc95.86.g2f8e8e9d+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0~rc95.86.g2f8e8e9d+ds1 -- Shengjing Zhu Sun, 06 Jun 2021 00:56:37 +0800 runc (1.0.0~rc94+ds1-2) experimental; urgency=medium * Team upload. * Backport patch for CVE-2021-30465 (Closes: #988768) -- Shengjing Zhu Wed, 19 May 2021 19:48:48 +0800 runc (1.0.0~rc94+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0~rc94+ds1 * Add patch for go-systemd 22.1.0 compatibility -- Shengjing Zhu Wed, 12 May 2021 23:54:20 +0800 runc (1.0.0~rc93.144.g6538f9f2+ds1-1) experimental; urgency=medium * Team upload. * New upstream trunk version 1.0.0~rc93.144.g6538f9f2+ds1 Fix `runc init` stuck when system is under heavy load. * Revert bump of go-criu to v5 * No longer needs skopeo and umoci for autopkgtest -- Shengjing Zhu Sat, 03 Apr 2021 00:46:22 +0800 runc (1.0.0~rc93+ds1-2) unstable; urgency=medium * Team upload. * Drop compatibility patch. No longer used * Skip one integration test when no /dev/kmsg in testbed -- Shengjing Zhu Mon, 08 Feb 2021 19:00:36 +0800 runc (1.0.0~rc93+ds1-1) unstable; urgency=medium * Team upload. * New upstream version 1.0.0~rc93+ds1 -- Shengjing Zhu Thu, 04 Feb 2021 11:05:23 +0800 runc (1.0.0~rc92.425.g7e3c3e8c+ds1-1) experimental; urgency=medium * Team upload. * Add umoci to test control * New upstream version 1.0.0~rc92.425.g7e3c3e8c+ds1 * Add golang-golang-x-net-dev to Build-Depends -- Shengjing Zhu Wed, 03 Feb 2021 14:51:28 +0800 runc (1.0.0~rc92.372.gc69ae759+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0~rc92.372.gc69ae759+ds1 * Update Standards-Version to 4.5.1 (no changes) * Move section to admin * No need protobuf-compiler in Build-Depends * Mark integration test in autopkgtest as flaky. The testbed on debci.d.n currently is broken with cgroups, but may be fixed later. -- Shengjing Zhu Sat, 23 Jan 2021 23:21:11 +0800 runc (1.0.0~rc92.346.g49cc2a22+ds1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0~rc92.346.g49cc2a22+ds1 * Change repacksuffix to ds * Vendor github.com/urfave/cli v1.22.1. Regression https://github.com/urfave/cli/issues/1092 * Drop obsoleted build tags: apparmor and selinux * Bump golang-github-opencontainers-selinux-dev to 1.8.0 * Add golang-github-willf-bitset-dev to Depends * Wrap integration test with script command * Disable TestParseCgroups when schroot doesn't have cgroup -- Shengjing Zhu Sun, 17 Jan 2021 21:20:30 +0800 runc (1.0.0~rc92.249.g636f23dd+dfsg1-3) experimental; urgency=medium * Team upload. * Try to create /dev/tty in autopkgtest env. -- Shengjing Zhu Wed, 18 Nov 2020 01:56:47 +0800 runc (1.0.0~rc92.249.g636f23dd+dfsg1-2) experimental; urgency=medium * Team upload. * Fix intelRdtManager patch -- Shengjing Zhu Sun, 15 Nov 2020 22:54:54 +0800 runc (1.0.0~rc92.249.g636f23dd+dfsg1-1) experimental; urgency=medium * Team upload. [ Dmitry Smirnov ] * CI: customised CI * Tightened dependency on "golang-github-pkg-errors-dev" golang-github-pkg-errors-dev (>= 0.9.1~) [ Shengjing Zhu ] * New upstream snapshot For testing the upcoming 1.0.0~rc93 release * Bump golang-github-moby-sys-dev version * Drop libapparmor-dev from Build-Depends * Add integration test to autopkgtest * Add patch to export IntelRdtManager to keep compatibility -- Shengjing Zhu Sun, 15 Nov 2020 19:50:02 +0800 runc (1.0.0~rc92+dfsg1-5) unstable; urgency=medium * Team upload. * Fix Breaks, should be podman instead of libpod -- Shengjing Zhu Thu, 27 Aug 2020 09:10:35 +0800 runc (1.0.0~rc92+dfsg1-4) unstable; urgency=medium * Team upload. * Add Breaks libpod << 2.0.4+dfsg2-5. * Drop GetClockTicks patch. -- Shengjing Zhu Tue, 25 Aug 2020 23:58:32 +0800 runc (1.0.0~rc92+dfsg1-3) unstable; urgency=medium * Team upload. * Bump golang-gocapability-dev to git20200815. * Upload to unstable. -- Shengjing Zhu Sun, 23 Aug 2020 01:32:45 +0800 runc (1.0.0~rc92+dfsg1-2) experimental; urgency=medium * Team upload. * Add patch to fix build with gccgo. Buildd chooses gccgo in experimental chroot -- Shengjing Zhu Thu, 20 Aug 2020 02:44:25 +0800 runc (1.0.0~rc92+dfsg1-1) experimental; urgency=medium * Team upload. * New upstream version 1.0.0~rc92 * Excluded all vendor files * Update Build-Depends for new version * Remove ambient tag which is no longer used * Skip privileged cgroup test -- Shengjing Zhu Tue, 18 Aug 2020 00:46:22 +0800 runc (1.0.0~rc10+dfsg2-1) unstable; urgency=medium * Team upload. * Add golang-github-mrunalp-fileutils-dev to Depends * Unvendor github.com/cilium/ebpf * Remove vendor/github.com/coreos/pkg from Files-Excluded. No longer present in upstream tarball * Add golang-github-cilium-ebpf-dev to Build-Depends * Add /usr/bin/runc symlink (Closes: #958866) * Add missing Depends in -dev package. Also remove golang-golang-x-tools from Build-Depends Since it's only used in previous vendor library. * Update maintainer address to team+pkg-go@tracker.debian.org * Exclude contrib/cmd when building. The command recvtty has no real usage * Add runc bash-completion script * Add lintian overrides for manpage-without-executable * Add Rules-Requires-Root -- Shengjing Zhu Mon, 27 Apr 2020 00:57:29 +0800 runc (1.0.0~rc10+dfsg1-1) unstable; urgency=medium * New upstream release. + fixed CVE-2019-19921. * Un-vendored "golang-github-checkpoint-restore-go-criu-dev". * Build-Depends += "golang-golang-x-tools". * Standards-Version: 4.5.0. -- Dmitry Smirnov Sun, 26 Jan 2020 20:24:01 +1100 runc (1.0.0~rc9+dfsg1-1) unstable; urgency=medium * New upstream release. + fixed CVE-2019-16884. * Recommends += "criu" (Closes: #912821). Thanks, Qian Cai. * (Build-)Depends: = golang-github-docker-go-units-dev (>= 0.4.0~) = golang-github-opencontainers-selinux-dev (>= 1.3.0~) = golang-github-seccomp-libseccomp-golang-dev (>= 0.9.1~) = golang-gocapability-dev (>= 0.0+git20180916~) -- Dmitry Smirnov Wed, 09 Oct 2019 19:09:07 +1100 runc (1.0.0~rc8+dfsg1-1) unstable; urgency=medium * New upstream release. * Standards-Version: 4.4.0. * DH & compat to version 12. * (Build-)Depends: + golang-github-cyphar-filepath-securejoin-dev = golang-github-coreos-go-systemd-dev (>= 20~) -- Dmitry Smirnov Tue, 10 Sep 2019 00:22:06 +1000 runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium * Team upload. [ Shengjing Zhu ] * Improve patch for CVE-2019-5736 based on upstream commits. Now the patch includes following commits: + 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails + 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying + af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE + 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks + 5b775bf nsenter: cloned_binary: detect and handle short copies + bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ + 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to container [ Arnaud Rebillout ] * Add version and gitcommit to the ldflags (Closes: #909644) Note that we fill the git commit with something that is NOT a git commit at all, instead we use it as a placeholder for the debian version. The debian version is a relevant information for the user, and it's nice to be able to show it, some way or another. -- Shengjing Zhu Sun, 10 Mar 2019 17:51:44 +0800 runc (1.0.0~rc6+dfsg1-2) unstable; urgency=medium * Team upload. * Apply upstream patch addressing CVE-2019-5736 (Closes: #922050) Thanks Noah Meyerhans! -- Shengjing Zhu Tue, 12 Feb 2019 23:45:09 +0800 runc (1.0.0~rc6+dfsg1-1) unstable; urgency=medium * Standards-Version: 4.3.0. * New upstream release. -- Dmitry Smirnov Fri, 25 Jan 2019 07:55:34 +1100 runc (1.0.0~rc5+dfsg1-4) unstable; urgency=medium * New patch to disable Hugetlb tests. -- Dmitry Smirnov Thu, 27 Sep 2018 08:16:11 +1000 runc (1.0.0~rc5+dfsg1-3) unstable; urgency=medium * TAGS += ambient * New patch to fix FTBFS on mips* architectures. -- Dmitry Smirnov Mon, 18 Jun 2018 11:47:25 +1000 runc (1.0.0~rc5+dfsg1-2) unstable; urgency=medium * New patch to fix integer overflow on i686. * Build with "selinux" tag (Closes: #865993). Thanks, Laurent Bigonville. * Added myself to uploaders. -- Dmitry Smirnov Sat, 16 Jun 2018 22:12:23 +1000 runc (1.0.0~rc5+dfsg1-1) unstable; urgency=medium * Team upload. [ Arnaud Rebillout ] * Set minimum requirement for golang-gocapability-dev. And drop the alternative name golang-github-syndtr-gocapability-dev, this name never existed in the first place. [ Dmitry Smirnov ] * New upstream release * Testsuite: autopkgtest-pkg-go * Standards-Version: 4.1.4; Priority: optional * debhelper to version 11; compat to version 10. * Added "XS-Go-Import-Path". * (Build-)Depends: - golang-github-codegangsta-cli-dev - golang-github-coreos-pkg-dev - golang-golang-x-sys-dev - golang-logrus-dev + golang-github-containerd-console-dev + golang-github-pkg-errors-dev + golang-github-sirupsen-logrus-dev + golang-github-urfave-cli-dev -- Dmitry Smirnov Fri, 15 Jun 2018 21:48:18 +1000 runc (1.0.0~rc4+dfsg1-6) unstable; urgency=medium [ Michael Stapelberg ] * update debian/gitlab-ci.yml (using salsa.debian.org/go-team/ci/cmd/ci) [ Dmitry Smirnov ] * Removed myself from uploaders. [ Balint Reczey ] * Team upload * Stop using unix.SIGUNUSED which has been removed from golang.org/x/sys (Closes: #889704) -- Balint Reczey Tue, 10 Apr 2018 18:40:56 +0200 runc (1.0.0~rc4+dfsg1-5) unstable; urgency=medium * Vcs-* urls: pkg-go-team -> go-team. -- Alexandre Viau Mon, 05 Feb 2018 23:05:40 -0500 runc (1.0.0~rc4+dfsg1-4) unstable; urgency=medium * Point vcs-* urls to packages subgroup. -- Alexandre Viau Thu, 25 Jan 2018 15:23:12 -0500 runc (1.0.0~rc4+dfsg1-3) unstable; urgency=medium * Change my email to @debian.org. * Move to salsa.debian.org. -- Alexandre Viau Fri, 29 Dec 2017 00:34:59 -0500 runc (1.0.0~rc4+dfsg1-2) unstable; urgency=medium * Mark runc breaking docker.io (<= 1.13.1~ds1-2) (Closes: #877146) -- Balint Reczey Sat, 30 Sep 2017 11:50:52 -0400 runc (1.0.0~rc4+dfsg1-1) unstable; urgency=medium * Team Upload * Update watch file to match release candidates * Update Files-Excuded and d/control to match dependencies of rc4 * New upstream release candidate 1.0.0-rc4 * Drop obsoleted patches * Drop outdated README.source * Require at least final 1.0.0 release of golang-github-opencontainers-specs-dev (Closes: #858250) * Fix typo in golang-github-opencontainers-runc-dev package description (Closes: #873760) -- Balint Reczey Sat, 30 Sep 2017 11:50:50 -0400 runc (1.0.0~rc2+git20170201.133.9df8b30-3) unstable; urgency=medium * Replace golang-go with golang-any in Build-Depends -- Konstantinos Margaritis Wed, 09 Aug 2017 15:00:55 +0300 runc (1.0.0~rc2+git20170201.133.9df8b30-2) unstable; urgency=medium * Patch to make libcontainer ignore cgroup2 hierarchy. Patch pulled from https://github.com/opencontainers/runc/pull/1266. -- Vincent Bernat Fri, 30 Jun 2017 07:10:34 +0200 runc (1.0.0~rc2+git20170201.133.9df8b30-1) unstable; urgency=medium * New upstream snapshot for Docker 1.13.1. -- Tim Potter Wed, 24 May 2017 11:36:40 +1000 runc (1.0.0~rc2+git20161109.131.5137186-2) unstable; urgency=medium * Add Breaks line to binary package to avoid messing up previous Docker installs. -- Tim Potter Fri, 24 Feb 2017 09:49:06 +1100 runc (1.0.0~rc2+git20161109.131.5137186-1) unstable; urgency=medium * New upstream snapshot. * Refresh backported patch for CVE-2016-9962. -- Tim Potter Wed, 15 Feb 2017 09:08:52 +1100 runc (0.1.1+dfsg1-2) unstable; urgency=medium * Team upload. * Backport patch for CVE-2016-9962 (Closes: #850951) -- Tianon Gravi Wed, 01 Feb 2017 07:17:54 -0800 runc (0.1.1+dfsg1-1) unstable; urgency=medium * New upstream release [June 2016]. * testworks: disabled privileged and failing tests. * Build with "apparmor seccomp" tags (Closes: #830818); Build-Depends += "libapparmor-dev". -- Dmitry Smirnov Wed, 13 Jul 2016 23:00:43 +1000 runc (0.1.0+dfsg1-1) unstable; urgency=medium * Dropped dependency on "golang-docker-dev" in favour of bundled (or build time sub-vendored) "github.com/docker/docker" in order to avoid circular dependency with Docker. * Standards-Version: 3.9.8. * Corrected Vcs-Git URL. -- Dmitry Smirnov Sun, 12 Jun 2016 17:56:45 +1000 runc (0.1.0+dfsg-1) unstable; urgency=medium [ Tim Potter ] * Team upload * New upstream release [April 2016] = golang-github-opencontainers-specs-dev (>= 0.5.0~) * De-vendor new dependencies; pquerna/ffjson appears unused -- Dmitry Smirnov Sat, 23 Apr 2016 07:59:18 +1000 runc (0.0.9+dfsg-1) unstable; urgency=medium * New upstream release [March 2016]. * (Build-)Depends: = golang-github-opencontainers-specs-dev (>= 0.4.0~) = golang-github-codegangsta-cli-dev (>= 0.0~git20151221~) - help2man + go-md2man * Install upstream man pages. * Install "runc" binary to "/usr/sbin". -- Dmitry Smirnov Sat, 16 Apr 2016 17:23:48 +1000 runc (0.0.8+dfsg-2) unstable; urgency=medium * (Build-)Depends: + golang-github-docker-go-units-dev + golang-github-seccomp-libseccomp-golang-dev -- Dmitry Smirnov Wed, 23 Mar 2016 20:05:01 +1100 runc (0.0.8+dfsg-1) unstable; urgency=medium * New upstream release [February 2016]. * Build-Depends: + golang-github-vishvananda-netlink-dev * Updated Vcs URLs. * Standards-Version: 3.9.7. -- Dmitry Smirnov Fri, 26 Feb 2016 18:19:24 +1100 runc (0.0.4~dfsg-1) unstable; urgency=medium * New upstream release (Closes: #802507). * Dropped obsolete lintian-overrides. -- Dmitry Smirnov Wed, 21 Oct 2015 09:02:42 +1100 runc (0.0.3~dfsg2-1) unstable; urgency=low * Initial release (Closes: #796486). Thanks, Alexandre Viau. -- Dmitry Smirnov Sun, 06 Sep 2015 18:06:34 +1000