From c123e1fb6fb10cec0c16f4d45892a3019a07d8c8c088d3aa34bde6a4bb232a37 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Wed, 29 Mar 2023 07:12:21 +0000
Subject: [PATCH] Accepting request 1075135 from home:cyphar:docker

- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
  CVE-2023-25809 CVE-2023-27561 CVE-2023-28642

  * Fix the inability to use `/dev/null` when inside a container.
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1168481
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.

OBS-URL: https://build.opensuse.org/request/show/1075135
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=136
---
 runc-1.1.4.tar.xz     |  3 ---
 runc-1.1.4.tar.xz.asc | 17 -----------------
 runc-1.1.5.tar.xz     |  3 +++
 runc-1.1.5.tar.xz.asc | 17 +++++++++++++++++
 runc.changes          | 13 +++++++++++++
 runc.spec             | 23 +++++++++--------------
 6 files changed, 42 insertions(+), 34 deletions(-)
 delete mode 100644 runc-1.1.4.tar.xz
 delete mode 100644 runc-1.1.4.tar.xz.asc
 create mode 100644 runc-1.1.5.tar.xz
 create mode 100644 runc-1.1.5.tar.xz.asc

diff --git a/runc-1.1.4.tar.xz b/runc-1.1.4.tar.xz
deleted file mode 100644
index 82dad57..0000000
--- a/runc-1.1.4.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f5972715dffb0b2371e4d678c1206cc8c4ec5eb80f2d48755d150bac49be35b
-size 1414096
diff --git a/runc-1.1.4.tar.xz.asc b/runc-1.1.4.tar.xz.asc
deleted file mode 100644
index c7ee010..0000000
--- a/runc-1.1.4.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmMH5k4PHGFzYXJhaUBz
-dXNlLmRlAAoJEJ4YqiZ92420PE4P/RraZC2MNVLV6Tbyj9bLgEK7rFYLbYH0/NJ3
-Vg8cfS6G2QzVcQCxbV2onq7y5LHA/1NkWADQg4NRbjVFgUu8+8HY4Yz1M/bIzkYS
-ic827WBqmvHV7ov1IMcM/YPJCzOUfwm1PW1cWI5w9jLINgoqORYRF/Cm0Qkn2ReE
-2pRl4kjdVUALmelQ5H1/p0FN8i0j+yC3Wpzv4akhFb/BigxgQx1zWqhrCRSmcsMJ
-C4ta0ty7wAIOXLoPNCUgcq2HPnHrj8IjtnjKtprur59JpzFdJ1th1hBcJjO9EEos
-SP6WGBbFQgX+5jiTCbUlEhSEp7gWeDYO8R8uIA+itXGYO9iwbMC8QBk6kVPIUiYW
-9RpniJzDonglcuSpTcvfogoTq0vRFhQYk82fbBI4k2YIDVCfho+w45KCqaSjsSTr
-v0qrlb320STds4CmzI8vTIB7IFTKMnGdpLe/aVly3bOhHHD2gutW5PG3mo4uzCLZ
-E30hYQ9fgE7wSjLmvK6FCm6axwCistDp3Xy2giLTeIXZwDbVagaR/YcYr6CRg7HH
-gVFoG7P0FsrWI1Xpj5+2D/KFZXnvpTig4inC7SzwITdyxx/mX3uCm12Ya5YcAv/Q
-rjgFgznrS3kpcxkuonKXszwn7JjT7fi3Cd4ZiwPoqGSGwQNhp7lxBss8CzQXFSdj
-Soq9Y1FN
-=xkJd
------END PGP SIGNATURE-----
diff --git a/runc-1.1.5.tar.xz b/runc-1.1.5.tar.xz
new file mode 100644
index 0000000..5394f05
--- /dev/null
+++ b/runc-1.1.5.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bed3a10df91a161dea38115a955b9b68f9130d8ea24071b12cdf657929d9cfb4
+size 1415672
diff --git a/runc-1.1.5.tar.xz.asc b/runc-1.1.5.tar.xz.asc
new file mode 100644
index 0000000..e222547
--- /dev/null
+++ b/runc-1.1.5.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmQj4koPHGFzYXJhaUBz
+dXNlLmRlAAoJEJ4YqiZ92420/6kQAMTAUnJAO4EdVC7i+h7Il8xa799D7qFtRO/P
+z0JyurD5Gr05CuJuI9inXV2kr2GRkwPSnNO45x8ELE18pUBsDc49wm+2lpjUszFS
+hdWFfd04mpfbpejNICPrFpMAJT1AFnFA2Th4YRpKAs249GGiD6FsE1mRHt6HOowp
+WBuev2+73X4YnmJw2hX8n37Z1Al3dAtLf47eAtM7nnSAZtlHfSqqn/XZzRr6BqW2
+um5PDerdE1jx6mXNaNGo4JSs7o8lV6QDsc9X6HxPrkg3WAVdEtH5xJe2coiNpFho
+vH40tIfNZxKypZy+BURzFiHHxv/lFksrbm56AuwATyttFa8ZU/x9E4sYELqH82UN
+o7scHsk+soqMC2yDRBXX0ScDFqoC+R0OM6KjzB+5lqvy0j9lyas1RXcTdnzW9tFE
+gVCtUzxhN/BV06dBIuda90DiyjmL1J4jvLDLi22woq4wLMT/4JjLLj6rxwe8K+t+
+TG309DicdWRUBPEbE25uJcQwDPzpCJPWgeSkyjKZqbK3Dwz2GRyr8i9ZJx/PkG3Q
+8AJcpzQzIWA2hTjOKh2xCrnzcN9SdjT7y6EKHJ0whkSpRIdYKuqPPXVKLPt+O1mY
+EjLH6vQjLblfg6uXqyl/0T2E2t2Bkb83MEB8yEmCz6k1ADN+iCDO0Gp4Qf/+S6I7
+S12GsOgr
+=8sKw
+-----END PGP SIGNATURE-----
diff --git a/runc.changes b/runc.changes
index b9340e5..56ca610 100644
--- a/runc.changes
+++ b/runc.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Mar 29 07:05:52 UTC 2023 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.1.5. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
+  CVE-2023-25809 CVE-2023-27561 CVE-2023-28642
+
+  * Fix the inability to use `/dev/null` when inside a container.
+  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
+    (a regression in 1.1.1). bsc#1168481
+  * Fix rare runc exec/enter unshare error on older kernels.
+  * nsexec: Check for errors in `write_log()`.
+
 -------------------------------------------------------------------
 Wed Aug 31 13:00:31 UTC 2022 - Fabian Vogt <fvogt@suse.com>
 
diff --git a/runc.spec b/runc.spec
index 615c3cc..7afe968 100644
--- a/runc.spec
+++ b/runc.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package runc
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,29 +18,24 @@
 
 
 # MANUAL: Make sure you update this each time you update runc.
-%define git_version a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-%define git_short   a916309fff0f
+%define git_version f19387a6bec4944c770f7668ab51c4348d9c2f38
+%define git_short   f19387a6bec4
 
-# Package-wide golang version
-%define go_version 1.18
 %define project github.com/opencontainers/runc
 
 Name:           runc
-Version:        1.1.4
-%define _version 1.1.4
+Version:        1.1.5
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/opencontainers/runc
-Source0:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{version}.tar.xz
-Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc
+Source0:        https://github.com/opencontainers/runc/releases/download/v%{version}/runc.tar.xz#/runc-%{version}.tar.xz
+Source1:        https://github.com/opencontainers/runc/releases/download/v%{version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc
 Source2:        runc.keyring
 BuildRequires:  fdupes
+BuildRequires:  go
 BuildRequires:  go-go-md2man
-# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
-# for 'golang(API) >= 1.x' here, so just require 1.x exactly. bsc#1172608
-BuildRequires:  go%{go_version}
 BuildRequires:  libseccomp-devel
 BuildRequires:  libselinux-devel
 Recommends:     criu
@@ -58,7 +53,7 @@ Obsoletes:      docker-runc_50a19c6
 ExcludeArch:    s390
 
 # Construct "git describe --dirty --long --always".
-%define git_describe v%{_version}-0-g%{git_short}
+%define git_describe v%{version}-0-g%{git_short}
 
 %description
 runc is a CLI tool for spawning and running containers according to the OCI
@@ -67,7 +62,7 @@ of Docker. It was originally designed to be a replacement for LXC within Docker,
 and has grown to become a separate project entirely.
 
 %prep
-%setup -q -n %{name}-%{_version}
+%setup -q -n %{name}-%{version}
 
 %build
 # build runc