[ubuntu/focal-updates] runc 1.1.7-0ubuntu1~20.04.1 (Accepted)

Chris Halse Rogers raof at ubuntu.com
Wed Aug 2 04:03:33 UTC 2023 

runc (1.1.7-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version from Mantic to Focal (LP: #2023694).
    - Build with Go 1.18
      + d/control: b-d on golang-1.18-go intead of golang-any
      + d/rules: add Go 1.18 to $PATH

runc (1.1.7-0ubuntu1) mantic; urgency=medium

  * New upstream release (LP: #2018107).
    - Update patches in d/patches:
      + test--skip_TestFactoryNewTmpfs.patch: rename to
        test--skip-privileged-test-factory_linux_test.go.patch to follow the
        Debian patch. Also updated it accordingly to Debian.
      + test--skip-fs-related-cgroups-tests.patch: remove one skipped test,
        now it is part of the patch above.
      + fix_cpuset_range_byte_order.patch: removed, applied by upstream.
        [Applied in upstream version 1.1.7]
      + lp2013318-fix-device-files-in-containers.patch: removed, fixed by
        upstream.
        [Fixed in upstream version 1.1.7]
      + CVE-2023-25809.patch: removed, applied by upstream.
        [Applied in upstream version 1.1.7]
      + CVE-2023-27561_2023-28642.patch: removed, applied by upstream.
        [Applied in upstream version 1.1.7]
  * Bump debhelper compatibility level to 12. Now, that Bionic reached EOSS we
    can update it to level 12.
    - d/control: build depend on debhelper-compat (= 12) instead of debhelper.
    - d/compat: removed, not needed anymore.
  * d/control: remove unneeded Breaks statement for docker.io.

runc (1.1.4-0ubuntu4) mantic; urgency=medium

  * SECURITY UPDATE: Incorrect access control through /sys/fs/cgroup
    - debian/patches/CVE-2023-25809.patch: apply MS_RDONLY if
      /sys/fs/cgroup is bind-mounted or mask if bind source is unavailable
      in libcontainer/rootfs_linux.go.
    - CVE-2023-25809
  * SECURITY UPDATE: Incorrect access control through /proc and /sys
    - debian/patches/CVE-2023-27561_2023-28642.patch: Prohibit /proc and
      /sys to be symlinks in libcontainer/rootfs_linux.go.
    - CVE-2023-27561
    - CVE-2023-28642

runc (1.1.4-0ubuntu3) lunar; urgency=medium

  * d/p/lp2013318-fix-device-files-in-containers.patch: Fix inability to use
    device files such as /dev/null in containers (LP: #2013318)

runc (1.1.4-0ubuntu2) lunar-proposed; urgency=medium

  * Import blockIODevice.patch from Debian (LP: #2009851)

runc (1.1.4-0ubuntu1) lunar; urgency=medium

  * New upstream release (LP: #1993442).
  * Refresh patches.

Date: 2023-07-07 21:12:09.445802+00:00
Changed-By: Lucas Kanashiro <kanashiro at ubuntu.com>
Signed-By: Chris Halse Rogers <raof at ubuntu.com>
https://launchpad.net/ubuntu/+source/runc/1.1.7-0ubuntu1~20.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list