diff --git a/crun-1.14.tar.xz b/crun-1.14.tar.xz deleted file mode 100644 index 5449ee5..0000000 --- a/crun-1.14.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d05d53929a83b1f303545e358c89ed1c545916b64fb00ac99b385861f7a188e5 -size 749376 diff --git a/crun-1.14.tar.xz.asc b/crun-1.14.tar.xz.asc deleted file mode 100644 index 99cbdd5..0000000 --- a/crun-1.14.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmWxP6sACgkQZ+OPeoui -F3KW9Af/Y7/+zpxWQ07p0TEVj4+ay61UDzALUMW76vI73+PV4EheBPMHnUAJtaxL -2CY10m2tlE55S3QZ9/66j+TCQ7DheXGv1fMCWVg99whqmrO9a0JH/XACyj64lqAc -igUvcnzH3sQvLaTVQWxX7aBGZKWFumSBzHJeFx6TxkYCJb5/o4O1Fcv0IBW5+T80 -6yHcYe07zNXOmdp7QflxxZ+B79wP+bKvGvSiBPZ5zysEap+e8UMxlDf5C+YaLIZq -LgHpVkN/TF8PJb8meX3qxbWgzOswz4+sa/4VOAkwfENLUWMM1TqHhf4rQAxrWmIY -hNVDEcKOwlwSChJqn6NBaKj1Rc3Jng== -=LYzP ------END PGP SIGNATURE----- diff --git a/crun-1.15.tar.gz b/crun-1.15.tar.gz new file mode 100644 index 0000000..c2343ac --- /dev/null +++ b/crun-1.15.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a03ba1e58b8823ae77d010024b43bd94c5a99f7d652257b1b23abd2d2cdb087f +size 1756886 diff --git a/crun-1.15.tar.gz.asc b/crun-1.15.tar.gz.asc new file mode 100644 index 0000000..65bf7c8 --- /dev/null +++ b/crun-1.15.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmYzfXgACgkQZ+OPeoui +F3KNlAf+JPTyqSazEqx+TWdxHwXhzdfaWzgJ7O0mtM3KruCKIodvF+V/tsIDJrwc +gF5tGgLVBD9Tlt+wzCSaoWbxEbz2eZmDRNVtxZt6e/QfHSID8PzVm8jVZiBMmy8n +wPs3chVGM/T0Fh+8hBv2fmueYWPnSMnA4SSxp6eNjAYt5H59OXyVRw5hk0lQTzQQ +U+GeMRTRVkorNq8dZ+LdPHg8+u5ndPCD93wfdelK2wI2X4UlAcTA2qcuL1MowCCC +fqPigsOGiRNjzDCfptbCrG778nZu32AGn4ohBXmxoLDbfz2X3ZjgySzSZaVb/D7S +R4c3fkxsV7PNXt6sNx+J8UAGntztBA== +=pgGE +-----END PGP SIGNATURE----- diff --git a/crun.changes b/crun.changes index 8b50759..b85e5aa 100644 --- a/crun.changes +++ b/crun.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Thu May 30 12:30:26 UTC 2024 - Dario Faggioli + +- New upstream release 1.15 + * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. + * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. + * release: build s390x binaries using musl libc. + * features: add support for potentiallyUnsafeConfigAnnotations. + * handlers: add option to load wasi-nn plugin for wasmedge. + * linux: fix "harden chdir()" security measure. The previous check was not correct. + * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. + +------------------------------------------------------------------- +Wed Mar 6 10:06:50 UTC 2024 - Dan Čermák + +- New upstream release 1.14.4 + +* crun-1.14.4 + +- linux: fix mount of file with recursive flags. Do not assume it is + a directory, but check the source type. + +* crun-1.14.3 + +- follow up for 1.14.2. Drop the version check for each command. + +* crun-1.14.2 + +- crun: drop check for OCI version. A recent bump in the OCI runtime + specs caused crun to fail with every config file. Just drop the + check since it doesn't add any value. + +* crun-1.14.1 + +- there was recently a security vulnerability (CVE-2024-21626) in runc + that allowed a malicious user to chdir(2) to a /proc/*/fd entry that is + outside the container rootfs. While crun is not affected directly, + harden chdir by validating that we are still inside the container + rootfs. +- container: attempt to close all the files before execv(2). + if we leak any fd, it prevents execv to gain access to files outside + the container rootfs through /proc/self/fd/$fd. +- fix a regression caused by 1.14 when installing the ebpf filter on a + kernel older than 5.11. +- cgroup, systemd: fix segfault if the resources block is not specified. + ------------------------------------------------------------------- Sat Jan 27 16:21:04 UTC 2024 - Andrea Manzini diff --git a/crun.spec b/crun.spec index f1c2530..c85f8a2 100644 --- a/crun.spec +++ b/crun.spec @@ -23,13 +23,13 @@ %endif Name: crun -Version: 1.14 +Version: 1.15 Release: 0 Summary: OCI runtime written in C License: GPL-2.0-or-later URL: https://github.com/containers/crun -Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.xz -Source1: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc +Source0: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: %{URL}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc Source2: crun.keyring # We always run autogen.sh BuildRequires: autoconf