runc: update to v1.3.4

- Update to runc v1.3.4. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

runc-1.3.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f2f799a1000e16cc37776fae1745f2a302633fad94dd52de9bece83df8dc4b4e
-size 1694312

runc-1.3.0.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJEBAABCAAuFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmgQWJAQHGFzYXJhaUBz
-dXNlLmNvbQAKCRCeGKomfduNtN1sEADEK5Jo+qKS8U5egGaM8jPxIRjn6U/R0iil
-wTWK6xyRSh3CENujOyOmTux9p2jF4pHOsOQWrp/PUZen4tSnVqyegQStZCcc2Ul5
-ErwjOUon6cM6WtiOsOhdHtYjTLa/0wvowpgxdFT3J/gkPIYBwuNLJrW0xndUNMeS
-EIMt0ij+Hwltd6WVM3GR8J5YFc1DWQB9j2yutzhT59e+/SKT5D95B/EGdJC8n+m0
-RuP5SPBQnK1KhKyX10YnzlC42Kzl55MhvB9UqhNg70U9dpgaddT/qR5iXI2EtWBY
-PZV+xYapzaZ8yXq7gSumlUKNE8JlFGKRWSMmsFdN9IkoE0QV9G1q1EALGpq55I0o
-tLhgsEsrlXYxJs9aqbVLI6ttGWe45DFfCpENRprReWwwA/3PrTug6ku0Dk0MYhtS
-Tj7MJ0P+Q1qreBmEXjnwArgwqeUi58Ab4i6iqHMuRyjXLBCXT4LJiTi8Z3zMNCzu
-kPpsIvCF9VmASbdq00aFo8m4cnh7cOjJ//bnJXtp4EwYD42eQgQR+8vzy46u46+l
-ONN+of/+oJtY5eCZmC3CDpEak4PANR1PWIzEEHDEGSTjz3xFMycW6laJngJvWfuk
-P+A0cL1o2EEhvPrDyTgD/Dh4JKnUNC7QulZcrmZ59i5MyyTXFupLdPoZT2wULCbW
-3hIgORPkcg==
-=rTcD
------END PGP SIGNATURE-----

runc-1.3.4.tar.xz.asc

@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+
+iJEEABYKADkWIQS2TklVsp+j1GPyqQYol/rSt+lEbwUCaSjevxsUgAAAAAAEAA5t
+YW51MiwyLjUrMS4xMSwyLDIACgkQKJf60rfpRG8DqgEAgQBUL0dOg31PIjBq03oW
+5dLKfrM4KQS4tDfj36Ol7y0A/jmlAoMzn32VfL2UnEh1DUBHFDxhiXvNEA3lNf0O
+G3gC
+=Q/Xl
+-----END PGP SIGNATURE-----

runc.changes

@@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Fri Nov 28 00:20:13 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.3.4. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
+
+-------------------------------------------------------------------
+Wed Nov  5 10:05:32 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.3.3. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
+  * CVE-2025-31133
+  * CVE-2025-52565
+  * CVE-2025-52881
+- Remove upstreamed patches for bsc#1252232:
+  - 2025-11-05-CVEs.patch
+
+-------------------------------------------------------------------
+Thu Oct 16 02:16:12 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+[ This update was only released for SLE 12 and 15. ]
+
+- Backport patches for three CVEs. All three vulnerabilities ultimately allow
+  (through different methods) for full container breakouts by bypassing runc's
+  restrictions for writing to arbitrary /proc files. bsc#1252232
+  * CVE-2025-31133
+  * CVE-2025-52565
+  * CVE-2025-52881
+  + 2025-11-05-CVEs.patch
+
+-------------------------------------------------------------------
+Fri Oct 10 14:10:23 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+[ This update was only released for SLE 12 and 15. ]
+
+- Update to runc v1.2.7. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.2.7>.
+
+-------------------------------------------------------------------
+Sat Oct  4 05:01:50 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.3.2. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
+  - Includes an important fix for the CPUSet translation for cgroupv2.
+
+-------------------------------------------------------------------
+Thu Sep  4 15:29:15 UTC 2025 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.3.1. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.3.1>
+- Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11.
+
 -------------------------------------------------------------------
 Tue Apr 29 15:23:32 UTC 2025 - Aleksa Sarai <asarai@suse.com>
 

runc.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package runc
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,13 +18,13 @@
 
 
 # MANUAL: Make sure you update this each time you update runc.
-%define git_version 4ca628d1d4c974f92d24daccb901aa078aad748e
-%define git_short   4ca628d1d4c9
+%define git_version d6d73eb8c60246978da649ffe75ce5c8bca8f856
+%define git_short   d6d73eb8c602
 
 %define project github.com/opencontainers/runc
 
 Name:           runc
-Version:        1.3.0
+Version:        1.3.4
 %define upstream_version %{version}
 Release:        0
 Summary:        Tool for spawning and running OCI containers
@@ -68,6 +68,10 @@ and has grown to become a separate project entirely.
 %autopatch -p1
 
 %build
+%if 0%{?sle_version} == 120000
+# Fix nsenter builds on SLE12.
+export CGO_CFLAGS="--std=gnu11"
+%endif
 # build runc
 make BUILDTAGS="seccomp" COMMIT="%{git_describe}" runc
 # build man pages