Accepting request 976494 from home:cyphar:docker

- Update to runc v1.1.2. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2. CVE-2022-24769 * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. OBS-URL: https://build.opensuse.org/request/show/976494 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=123
2022-05-11 23:03:17 +00:00 · 2022-05-11 23:03:17 +00:00 · f194369665
commit f194369665
parent 27f738c3d6
6 changed files with 38 additions and 24 deletions
--- a/runc-1.1.1.tar.xz
+++ b/runc-1.1.1.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:75c1f0bb19b209412c52599e24b33ac306cf7caf772c97577b7ebe964837a54b
-size 1412548
--- a/runc-1.1.1.tar.xz.asc
+++ b/runc-1.1.1.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmJCe1sPHGFzYXJhaUBz
-dXNlLmRlAAoJEJ4YqiZ924203usP/Rygyv/0UE2r+Hq9QcLdUOOjnbH5ZcEOZBqy
-XGQXifl4ZU1iFzk/votcByqvq9zL97doJ/eYfGwW75hhpwO7Wk12/wIofk5uhukY
-etFUlFRSBsVAhsKWYHjtwy+r/sCoXLmLFSHqzIQNhdiYf0iwf1LkRx4C2rI1O4+N
-WAetT43uByhETdzDQpqK+5kYJyPGvZJ/rX+tvU5N6pDABOhCBmT/Ptx0cBFoLeey
-g+g+vOaRUZTkRPWSVNG2bjF1vuuIKZQoaz0t4UQyCHVe/BCuKKgfVJOzOWgGJb07
-Gt7zfDChItSBjRzunQ1+3ZjGzm8wJfSr69XEHCHeFRzZ7cEpu+piz8sbolahreA7
-RWfv+aWSn1Cz3r3arg82IxQOVkbENMTso0R6QtZDCafJf6GULtAZnnZY8TGXQqVF
-zSu0seDuJn0I/EHKjLHBsTBBAT1nK4FisVkbPwi7aRb1VF2I/tbA/msi6BJQDQDg
-+ynRm6U12hDmdU5wsSb+7ymiS0KI3iH67UFd4yx3Rg5tvsvLF5a5yI0+kcTHJ8Dx
-LhIeB8Ga1ePLHgHf406K14Fo+XH97T35V/FrlERKcAIA0SEhurYCHRXYDDBq1SSu
-San45hBo2b9KM3n4B+ezJ27mDYMQtsBRtXTptGQ+Upo71p1v460wRdHpIy2w8ZVq
-h4QWqXV8
-=TwFP
-----END PGP SIGNATURE-----
--- a/runc-1.1.2.tar.xz
+++ b/runc-1.1.2.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:78ad532465ce4c2802480644a8756c30ae99c1bf779f0243af4bca11c4d041de
+size 1412344
--- a/runc-1.1.2.tar.xz.asc
+++ b/runc-1.1.2.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmJ8O6wPHGFzYXJhaUBz
+dXNlLmRlAAoJEJ4YqiZ92420Ac4P/0yniL3YMVM72wB7Wsm73WY8iNsa9q2kRGuY
+DS+VR3C5GuKCxebCLqa1Dt2xQu9VqSMP/pk+0lE8kYJSHjnFPNUNLFgC8+SJ1OC0
+JgOCNqy+WyMm4VKA4/jjlyaFC+KHz4DqiStQANeK4QfV2TOc12Aqig2XIA+RLwfG
+N44KFPruGXn7MgnXZA1HhfbOxbuq1MJWvlALDc44xPZlWm4wf4i6F42VrkLvkfHn
+jHFLjnTqYv4VgPeJrrZQWd0BDVzIOkWlf3aM3UL6hNU0BGb5zgo6O+CxjjUFSPav
+i4yWKq1Zx6J2U/HqviDL+L4BX+EV12Vg+RKV7TPwexXkCGO5WIET3ef8Pp7CX8DT
+l+tzSZKchs5ql4LH8bykAiatmqmkOjJIR3q155rkKqsV/Wcvuent8dWx4koopE9m
+RKRJlqiQzD3kWOrp8U6A0VwH3Zm0sxwfQC6NegDyHuXMiV/o6g/6YoevYGZqg9Ub
+z6IV+R5R5q+6ziKzzWAJRzMCowVN5f3UOKWo7ij0UIChts0sBG5otG8HNRXzqpi8
+nr/dDLXRamv8FPQbAUiWTGDOw2rz66Tje8jRV6vBALB0iD8UlAwCFm4JTnZUKn24
+ELWbSzmTctK5zA4s5gSCt4+eCyTHKCcb5pZwlNiOQsSjR/+4CwiLK7TFdwjzb72V
+tih7PMje
+=XSst
+-----END PGP SIGNATURE-----
--- a/runc.changes
+++ b/runc.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed May 11 22:43:51 UTC 2022 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.1.2. Upstream changelog is available from
+  https://github.com/opencontainers/runc/releases/tag/v1.1.2.
+  CVE-2022-24769
+
+ * A bug was found in runc where runc exec --cap executed processes with
+   non-empty inheritable Linux process capabilities, creating an atypical Linux
+   environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
+   CVE-2022-29162.
+ * `runc spec` no longer sets any inheritable capabilities in the created
+   example OCI spec (`config.json`) file.
+
 -------------------------------------------------------------------
 Tue Mar 29 03:33:30 UTC 2022 - Aleksa Sarai <asarai@suse.com>

--- a/runc.spec
+++ b/runc.spec
@ -18,16 +18,16 @@


 # MANUAL: Make sure you update this each time you update runc.
-%define git_version 52de29d7e0f8c0899bd7efb8810dd07f0073fa87
-%define git_short   52de29d7e0f8
+%define git_version a916309fff0f838eb94e928713dbc3c0d0ac7aa4
+%define git_short   a916309fff0f

 # Package-wide golang version
 %define go_version 1.17
 %define project github.com/opencontainers/runc

 Name:           runc
-Version:        1.1.1
-%define _version 1.1.1
+Version:        1.1.2
+%define _version 1.1.2
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0