From 2f40aa19ad55d0a78060cbfb6853a60cd31259fd55b3dd40d87ee760603c50fd Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asarai@suse.com> Date: Wed, 11 May 2022 23:03:17 +0000 Subject: [PATCH] Accepting request 976494 from home:cyphar:docker - Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-24769 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. OBS-URL: https://build.opensuse.org/request/show/976494 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=123 --- runc-1.1.1.tar.xz | 3 --- runc-1.1.1.tar.xz.asc | 17 ----------------- runc-1.1.2.tar.xz | 3 +++ runc-1.1.2.tar.xz.asc | 17 +++++++++++++++++ runc.changes | 14 ++++++++++++++ runc.spec | 8 ++++---- 6 files changed, 38 insertions(+), 24 deletions(-) delete mode 100644 runc-1.1.1.tar.xz delete mode 100644 runc-1.1.1.tar.xz.asc create mode 100644 runc-1.1.2.tar.xz create mode 100644 runc-1.1.2.tar.xz.asc diff --git a/runc-1.1.1.tar.xz b/runc-1.1.1.tar.xz deleted file mode 100644 index 8f1ab64..0000000 --- a/runc-1.1.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:75c1f0bb19b209412c52599e24b33ac306cf7caf772c97577b7ebe964837a54b -size 1412548 diff --git a/runc-1.1.1.tar.xz.asc b/runc-1.1.1.tar.xz.asc deleted file mode 100644 index e25de5c..0000000 --- a/runc-1.1.1.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmJCe1sPHGFzYXJhaUBz -dXNlLmRlAAoJEJ4YqiZ924203usP/Rygyv/0UE2r+Hq9QcLdUOOjnbH5ZcEOZBqy -XGQXifl4ZU1iFzk/votcByqvq9zL97doJ/eYfGwW75hhpwO7Wk12/wIofk5uhukY -etFUlFRSBsVAhsKWYHjtwy+r/sCoXLmLFSHqzIQNhdiYf0iwf1LkRx4C2rI1O4+N -WAetT43uByhETdzDQpqK+5kYJyPGvZJ/rX+tvU5N6pDABOhCBmT/Ptx0cBFoLeey -g+g+vOaRUZTkRPWSVNG2bjF1vuuIKZQoaz0t4UQyCHVe/BCuKKgfVJOzOWgGJb07 -Gt7zfDChItSBjRzunQ1+3ZjGzm8wJfSr69XEHCHeFRzZ7cEpu+piz8sbolahreA7 -RWfv+aWSn1Cz3r3arg82IxQOVkbENMTso0R6QtZDCafJf6GULtAZnnZY8TGXQqVF -zSu0seDuJn0I/EHKjLHBsTBBAT1nK4FisVkbPwi7aRb1VF2I/tbA/msi6BJQDQDg -+ynRm6U12hDmdU5wsSb+7ymiS0KI3iH67UFd4yx3Rg5tvsvLF5a5yI0+kcTHJ8Dx -LhIeB8Ga1ePLHgHf406K14Fo+XH97T35V/FrlERKcAIA0SEhurYCHRXYDDBq1SSu -San45hBo2b9KM3n4B+ezJ27mDYMQtsBRtXTptGQ+Upo71p1v460wRdHpIy2w8ZVq -h4QWqXV8 -=TwFP ------END PGP SIGNATURE----- diff --git a/runc-1.1.2.tar.xz b/runc-1.1.2.tar.xz new file mode 100644 index 0000000..b7e7f2e --- /dev/null +++ b/runc-1.1.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:78ad532465ce4c2802480644a8756c30ae99c1bf779f0243af4bca11c4d041de +size 1412344 diff --git a/runc-1.1.2.tar.xz.asc b/runc-1.1.2.tar.xz.asc new file mode 100644 index 0000000..6101e3e --- /dev/null +++ b/runc-1.1.2.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmJ8O6wPHGFzYXJhaUBz +dXNlLmRlAAoJEJ4YqiZ92420Ac4P/0yniL3YMVM72wB7Wsm73WY8iNsa9q2kRGuY +DS+VR3C5GuKCxebCLqa1Dt2xQu9VqSMP/pk+0lE8kYJSHjnFPNUNLFgC8+SJ1OC0 +JgOCNqy+WyMm4VKA4/jjlyaFC+KHz4DqiStQANeK4QfV2TOc12Aqig2XIA+RLwfG +N44KFPruGXn7MgnXZA1HhfbOxbuq1MJWvlALDc44xPZlWm4wf4i6F42VrkLvkfHn +jHFLjnTqYv4VgPeJrrZQWd0BDVzIOkWlf3aM3UL6hNU0BGb5zgo6O+CxjjUFSPav +i4yWKq1Zx6J2U/HqviDL+L4BX+EV12Vg+RKV7TPwexXkCGO5WIET3ef8Pp7CX8DT +l+tzSZKchs5ql4LH8bykAiatmqmkOjJIR3q155rkKqsV/Wcvuent8dWx4koopE9m +RKRJlqiQzD3kWOrp8U6A0VwH3Zm0sxwfQC6NegDyHuXMiV/o6g/6YoevYGZqg9Ub +z6IV+R5R5q+6ziKzzWAJRzMCowVN5f3UOKWo7ij0UIChts0sBG5otG8HNRXzqpi8 +nr/dDLXRamv8FPQbAUiWTGDOw2rz66Tje8jRV6vBALB0iD8UlAwCFm4JTnZUKn24 +ELWbSzmTctK5zA4s5gSCt4+eCyTHKCcb5pZwlNiOQsSjR/+4CwiLK7TFdwjzb72V +tih7PMje +=XSst +-----END PGP SIGNATURE----- diff --git a/runc.changes b/runc.changes index a9496d9..441f47d 100644 --- a/runc.changes +++ b/runc.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed May 11 22:43:51 UTC 2022 - Aleksa Sarai <asarai@suse.com> + +- Update to runc v1.1.2. Upstream changelog is available from + https://github.com/opencontainers/runc/releases/tag/v1.1.2. + CVE-2022-24769 + + * A bug was found in runc where runc exec --cap executed processes with + non-empty inheritable Linux process capabilities, creating an atypical Linux + environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and + CVE-2022-29162. + * `runc spec` no longer sets any inheritable capabilities in the created + example OCI spec (`config.json`) file. + ------------------------------------------------------------------- Tue Mar 29 03:33:30 UTC 2022 - Aleksa Sarai <asarai@suse.com> diff --git a/runc.spec b/runc.spec index b45525e..061f90c 100644 --- a/runc.spec +++ b/runc.spec @@ -18,16 +18,16 @@ # MANUAL: Make sure you update this each time you update runc. -%define git_version 52de29d7e0f8c0899bd7efb8810dd07f0073fa87 -%define git_short 52de29d7e0f8 +%define git_version a916309fff0f838eb94e928713dbc3c0d0ac7aa4 +%define git_short a916309fff0f # Package-wide golang version %define go_version 1.17 %define project github.com/opencontainers/runc Name: runc -Version: 1.1.1 -%define _version 1.1.1 +Version: 1.1.2 +%define _version 1.1.2 Release: 0 Summary: Tool for spawning and running OCI containers License: Apache-2.0