From 81cdf4b4061c43fa172da9ed2bdaf2c21225344c328c15f9bfa9a04c2af54486 Mon Sep 17 00:00:00 2001 From: Dario Faggioli Date: Wed, 6 Mar 2024 15:40:45 +0000 Subject: [PATCH] Accepting request 1155507 from home:dancermak:branches:Virtualization:containers New upstream release 1.14.4 OBS-URL: https://build.opensuse.org/request/show/1155507 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/crun?expand=0&rev=43 --- crun-1.14.4.tar.xz | 3 +++ crun-1.14.4.tar.xz.asc | 11 +++++++++++ crun-1.14.tar.xz | 3 --- crun-1.14.tar.xz.asc | 11 ----------- crun.changes | 34 ++++++++++++++++++++++++++++++++++ crun.spec | 2 +- 6 files changed, 49 insertions(+), 15 deletions(-) create mode 100644 crun-1.14.4.tar.xz create mode 100644 crun-1.14.4.tar.xz.asc delete mode 100644 crun-1.14.tar.xz delete mode 100644 crun-1.14.tar.xz.asc diff --git a/crun-1.14.4.tar.xz b/crun-1.14.4.tar.xz new file mode 100644 index 0000000..6e28893 --- /dev/null +++ b/crun-1.14.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd6af195a73ae9bf3aea1a6c976a914492324c828542f35a7f1570a659f2e512 +size 750596 diff --git a/crun-1.14.4.tar.xz.asc b/crun-1.14.4.tar.xz.asc new file mode 100644 index 0000000..1fc54e0 --- /dev/null +++ b/crun-1.14.4.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmXgwjsACgkQZ+OPeoui +F3Id+Af+K6mOhnP9KMUu6z6wLGyJS2YFGzFQ/3CIWi66WKa7NrMs2NzLrabmUFQ6 +xW7+DlE76un8/W0PbDKYxFsH6Eahtu2RzkWLA8rJ98G4PVaJh66eP1hd6HMbKdYA +AD84RGtvH9oPe+9I8yRa+tMrjfusBdyyL7ybeOwCerin8JF1LJQElmu/zJHJatFw +HNxhS0TlVl05yNPnRpj0xQVww0EukFE9jkZs6sFjCWGtzfKv8u5naVcZi8Nn/yuN +KzodEDURQgN5ubx9wnLXblWvtOoAZ+Sifsm5pnxPcs7CPaBH5CZarmVkIrwd5GgP +spk24m6s2hm//b/diiaLwI3WkGCBog== +=gxi5 +-----END PGP SIGNATURE----- diff --git a/crun-1.14.tar.xz b/crun-1.14.tar.xz deleted file mode 100644 index 5449ee5..0000000 --- a/crun-1.14.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d05d53929a83b1f303545e358c89ed1c545916b64fb00ac99b385861f7a188e5 -size 749376 diff --git a/crun-1.14.tar.xz.asc b/crun-1.14.tar.xz.asc deleted file mode 100644 index 99cbdd5..0000000 --- a/crun-1.14.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEr2D8o82qberRV+o6Z+OPeouiF3IFAmWxP6sACgkQZ+OPeoui -F3KW9Af/Y7/+zpxWQ07p0TEVj4+ay61UDzALUMW76vI73+PV4EheBPMHnUAJtaxL -2CY10m2tlE55S3QZ9/66j+TCQ7DheXGv1fMCWVg99whqmrO9a0JH/XACyj64lqAc -igUvcnzH3sQvLaTVQWxX7aBGZKWFumSBzHJeFx6TxkYCJb5/o4O1Fcv0IBW5+T80 -6yHcYe07zNXOmdp7QflxxZ+B79wP+bKvGvSiBPZ5zysEap+e8UMxlDf5C+YaLIZq -LgHpVkN/TF8PJb8meX3qxbWgzOswz4+sa/4VOAkwfENLUWMM1TqHhf4rQAxrWmIY -hNVDEcKOwlwSChJqn6NBaKj1Rc3Jng== -=LYzP ------END PGP SIGNATURE----- diff --git a/crun.changes b/crun.changes index 8b50759..e50b252 100644 --- a/crun.changes +++ b/crun.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Wed Mar 6 10:06:50 UTC 2024 - Dan Čermák + +- New upstream release 1.14.4 + +* crun-1.14.4 + +- linux: fix mount of file with recursive flags. Do not assume it is + a directory, but check the source type. + +* crun-1.14.3 + +- follow up for 1.14.2. Drop the version check for each command. + +* crun-1.14.2 + +- crun: drop check for OCI version. A recent bump in the OCI runtime + specs caused crun to fail with every config file. Just drop the + check since it doesn't add any value. + +* crun-1.14.1 + +- there was recently a security vulnerability (CVE-2024-21626) in runc + that allowed a malicious user to chdir(2) to a /proc/*/fd entry that is + outside the container rootfs. While crun is not affected directly, + harden chdir by validating that we are still inside the container + rootfs. +- container: attempt to close all the files before execv(2). + if we leak any fd, it prevents execv to gain access to files outside + the container rootfs through /proc/self/fd/$fd. +- fix a regression caused by 1.14 when installing the ebpf filter on a + kernel older than 5.11. +- cgroup, systemd: fix segfault if the resources block is not specified. + ------------------------------------------------------------------- Sat Jan 27 16:21:04 UTC 2024 - Andrea Manzini diff --git a/crun.spec b/crun.spec index f1c2530..2f62c7e 100644 --- a/crun.spec +++ b/crun.spec @@ -23,7 +23,7 @@ %endif Name: crun -Version: 1.14 +Version: 1.14.4 Release: 0 Summary: OCI runtime written in C License: GPL-2.0-or-later