5dbfe9576f
- Backport https://github.com/opencontainers/runc/pull/2391 to help fix bsc#1168481. + bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch OBS-URL: https://build.opensuse.org/request/show/804873 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=94
415 lines
16 KiB
Plaintext
415 lines
16 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed May 13 06:49:44 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Backport https://github.com/opencontainers/runc/pull/2391 to help fix
|
|
bsc#1168481.
|
|
+ bsc1168481-0001-cgroup-devices-major-cleanups-and-minimal-transition.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 14 10:16:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Renamed patch:
|
|
0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
to
|
|
bsc1149954-0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 18 08:57:34 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
|
|
|
|
- Added fix for bsc#1149954
|
|
* 0001-sd-notify-do-not-hang-when-NOTIFY_SOCKET-is-used-wit.patch
|
|
(cherry pick of https://github.com/opencontainers/runc/pull/1807)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 23 17:18:05 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Upgrade to runc v1.0.0~rc10. Upstream changelog is available from
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc10
|
|
- Drop upstreamed patches:
|
|
- CVE-2019-19921.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 21 22:10:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
|
|
|
- Change packagewide go version to be greater or equal to 1.10.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 17 03:02:46 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Update CVE-2019-19921 patch to match upstream PR.
|
|
* CVE-2019-19921.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 14 04:44:36 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Add backported fix for CVE-2019-19921. bsc#1160452
|
|
+ CVE-2019-19921.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 5 11:40:13 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Upgrade to runc v1.0.0~rc9. Upstream changelog is available from
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc9
|
|
- Remove upstreamed patches:
|
|
- CVE-2019-16884.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 26 14:54:07 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Add backported fix for CVE-2019-16884. bsc#1152308
|
|
+ CVE-2019-16884.patch
|
|
- Add runc-rpmlintrc to drop runc-test rpmlint warnings.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 29 11:56:21 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Upgrade to runc v1.0.0~rc8. Upstream changelog is available from
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc8
|
|
- Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).
|
|
- Remove upstreamed patches:
|
|
- CVE-2019-5736.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 6 08:10:47 UTC 2019 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Add fix for CVE-2019-5736 (effectively copying /proc/self/exe during re-exec
|
|
to avoid write attacks to the host runc binary). bsc#1121967
|
|
+ CVE-2019-5736.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 19 19:55:11 UTC 2018 - clee@suse.com
|
|
|
|
- Update go requirements to >= go1.10 to fix
|
|
* bsc#1118897 CVE-2018-16873
|
|
go#29230 cmd/go: remote command execution during "go get -u"
|
|
* bsc#1118898 CVE-2018-16874
|
|
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
|
|
* bsc#1118899 CVE-2018-16875
|
|
go#29233 crypto/x509: CPU denial of service
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 13 04:34:25 UTC 2018 - dorf@suse.com
|
|
|
|
- Require golang = 1.10.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 29 09:10:09 UTC 2018 - Aleksa Sarai <asarai@suse.com>
|
|
|
|
- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 31 14:01:03 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 13 12:59:09 UTC 2018 - dcassany@suse.com
|
|
|
|
- Make use of %license macro
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 5 06:38:40 UTC 2018 - asarai@suse.com
|
|
|
|
- Remove 'go test' from %check section, as it has only ever caused us problems
|
|
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
|
|
testing has been far more useful. boo#1095817
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 27 17:18:32 UTC 2018 - asarai@suse.com
|
|
|
|
- Upgrade to runc v1.0.0~rc5. Upstream changelog is available from
|
|
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc5
|
|
- Remove patch now merged upstream.
|
|
- bsc1053532-0001-makefile-drop-usage-of-install.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 17 04:39:56 UTC 2017 - asarai@suse.com
|
|
|
|
- Use .tar.xz provided by upstream, as well as include the keyring to allow
|
|
full provenance of the source.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 13 14:25:32 UTC 2017 - asarai@suse.com
|
|
|
|
- Use the upstream Makefile, to ensure that we always include the version
|
|
information in runc. This was confusing users (and Docker). bsc#1053532
|
|
- Add a backported patch to fix a Makefile bug.
|
|
https://github.com/opencontainers/runc/pull/1555
|
|
+ bsc1053532-0001-makefile-drop-usage-of-install.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 10 17:14:02 UTC 2017 - asarai@suse.com
|
|
|
|
- Update to runc v1.0.0-rc4. Upstream changelog:
|
|
+ runc now supports v1.0.0 of the OCI runtime specification. #1527
|
|
+ Rootless containers support has been released. The current state of
|
|
this feature is that it only supports single-{uid,gid} mappings as an
|
|
unprivileged user, and cgroups are completely unsupported. Work is
|
|
being done to improve this. #774
|
|
+ Rather than relying on CRIU version nnumbers, actually check if the
|
|
system supports pre-dumping. #1371
|
|
+ Allow the PIDs cgroup limit to be updated. #1423
|
|
+ Add support for checkpoint/restore of containers with orphaned PTYs
|
|
(which is effectively all containers with terminal=true). #1355
|
|
+ Permit prestart hooks to modify the cgroup configuration of a
|
|
container. #1239
|
|
+ Add support for a wide variety of mount options. #1460
|
|
+ Expose memory.use_hierarchy in MemoryStats. #1378
|
|
* Fix incorrect handling of systems without the freezer cgroup. #1387
|
|
* Many, many changes to switch away from Go's "syscall" stdlib to
|
|
"golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
|
|
#1478 #1491 #1482 #1504 #1519 #1530
|
|
* Set cgroup resources when restoring a container. #1399
|
|
* Switch back to using /sbin as the installation directory. #1406
|
|
* Remove the arbitrary container ID length restriction. #1435
|
|
* Make container force deletion ignore non-existent containers. #1451
|
|
* Improve handling of arbitrary cgroup mount locations when populating
|
|
cpuset. #1372
|
|
* Make the SaneTerminal interface public. #1479
|
|
* Fix cases where runc would report a container to be in a "Running"
|
|
state if the init was a zombie or dead. #1489
|
|
* Do not set supplementary groups for numeric users. #1450
|
|
* Fix various issues with the "owner" field in runc-list. #1516
|
|
* Many other miscellaneous fixes, some of which were made by first-time
|
|
contributors. Thanks, and welcome to the project! #1406 #1400 #1365
|
|
#1396 #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
|
|
#1410 #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533
|
|
- Remove any semblance of non-Linux support. #1502
|
|
- We no longer use shfmt for testing. #1510
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 2 13:51:43 UTC 2017 - asarai@suse.com
|
|
|
|
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
|
|
- Cleanup seccomp builds similar to bsc#1028638
|
|
- Remove the usage of 'cp -r' to reduce noise in the build logs.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 6 17:14:17 UTC 2017 - thipp@suse.de
|
|
|
|
- switch to opencontainers/runc master branch
|
|
- remove CVE-2016-9962.patch
|
|
- stop providing docker-runc
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 4 19:04:49 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- fix the golang requirement to 1.7 to the subpackages
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 2 15:49:41 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- fix golang requirement to 1.7
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 28 16:16:00 UTC 2017 - jengelh@inai.de
|
|
|
|
- Substitute %__-type macro indirections
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 13 16:34:03 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- update version to the one required by docker-17.04.0-ce (bsc#1034053)
|
|
remove ignore_cgroup2_mountpoint.patch . This is already included in
|
|
the upstream source code.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 12 09:55:28 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- Make sure this is being built with go 1.7
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 11 15:37:36 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- remove the go_arches macro because we are using go1.7 which
|
|
is available in all archs
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 29 15:47:52 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- fix bsc#1028113 - runc: make sure to ignore cgroup v2 mountpoints
|
|
This is a backport of https://github.com/opencontainers/runc/pull/1266
|
|
+ ignore_cgroup2_mountpoint.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 24 18:08:10 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- update to docker-1.13.0 requirement
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 13 13:58:33 UTC 2017 - jmassaguerpla@suse.com
|
|
|
|
- fix CVE-2016-9962 bsc#1012568 and applying the patch
|
|
CVE-2016-9962.patch, because 1.12.6 partially fixes it (it contains
|
|
the first patch attached in bsc#1012568)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 19 12:49:38 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- update runc to the version used in docker 1.12.5 (bsc#1016307).
|
|
This fixes bsc#1015661
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 19 12:17:07 UTC 2016 - asarai@suse.com
|
|
|
|
- For the moment, we have to switch to using Docker's fork of runC. This *will*
|
|
be solved properly by creating a new package purely for Docker's runC fork,
|
|
because it's quite silly to tie OCI project releases to Docker's vendoring
|
|
scheme. Once this is fixed, this package will be switch to being purely-OCI.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 16 17:05:37 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- add the /usr/bin/docker-run symlink to partially fix bsc#1015661
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 24 11:05:41 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- fix version by adding a revision "counter" so that it will always
|
|
increase
|
|
|
|
fix bsc#1009961
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 11:04:27 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- update to 02f8fa7 because that is the needed version for docker 1.12.1 (bsc#1004490)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 05:13:26 UTC 2016 - jengelh@inai.de
|
|
|
|
- Run fdupes.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 19 11:57:45 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- fix go_arches definition: use global instead of define, otherwise
|
|
it fails to build
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 26 08:59:54 UTC 2016 - asarai@suse.com
|
|
|
|
- Remove docker-runc symlink because it's been fixed within the Docker
|
|
package. bsc#978260
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 25 17:02:33 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- Create a symlink /usr/sbin/docker-runc -> /usr/sbin/docker
|
|
Docker expects this symlink to exist bsc#978260
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 25 15:56:00 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- Remove GOPATH at the end of the GOPATH assignment
|
|
cause GOPATH is empty and if we do that, we get the path ""
|
|
appended, which causes gcc6-go to complain
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 24 12:27:57 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- add go_arches in project configuration: this way, we can use the
|
|
same spec file but decide in the project configuration if to
|
|
use gc-go or gcc-go for some archs.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 18 10:35:29 UTC 2016 - jmassaguerpla@suse.com
|
|
|
|
- use gcc6-go instead of gcc5-go (bsc#988408)
|
|
- build ppc64le with gc-go because this version builds with gc-go 1.6
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 18 10:34:29 UTC 2016 - cbrauner@suse.de
|
|
|
|
- bump git commit id to the one required by docker v1.12.0 (bsc#995058)
|
|
- run unit tests during package build
|
|
- remove seccomp-use-pkg-config.patch
|
|
The patch is now upstream.
|
|
- remove GO_BUILD_FLAGS macro and substitute with BUILDFLAGS env variable to
|
|
allow for easier string appending.
|
|
- only run unit test on architectures that provide the go list and go test tools
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 17 10:29:15 UTC 2016 - cbrauner@suse.de
|
|
|
|
- Add runc-test package which contains the source code and the test. This
|
|
package will be used to run the integration tests.
|
|
- Simplify package build and check sections: Instead of symlinking we default to
|
|
cp -avr. go list gets confused by symlinks hence, we need to copy the source
|
|
code anyway if we want to run unit tests during package build at some point.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 29 09:03:24 UTC 2016 - asarai@suse.de
|
|
|
|
* Update to runC 0.1.1. (bsc#989566 FATE#320763) Changelog from upstream:
|
|
|
|
This release includes a bug fix for adding the selinux mount label in the specification.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 19 09:59:05 UTC 2016 - asarai@suse.de
|
|
|
|
* Don't use gcc-go for aarch64, since gc has grown support for it and is more
|
|
stable.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 15 10:46:04 UTC 2016 - asarai@suse.de
|
|
|
|
* Disable seccomp entirely for aarch64 builds, since it is not provided on all
|
|
SUSE platforms.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 13 12:03:09 UTC 2016 - asarai@suse.de
|
|
|
|
* Update to runC 0.1.0. Changelog from upstream:
|
|
|
|
This release updates runc to the OCI runtime specification v0.5.0 and includes
|
|
various fixes and features.
|
|
|
|
Features:
|
|
+ cgroups: pid limits and stats
|
|
+ cgroups: kmem stats
|
|
+ systemd cgroup support
|
|
+ libcontainer specconv package
|
|
+ no pivot root option
|
|
+ numeric ids are treated as uid/gid
|
|
+ hook improvements
|
|
|
|
Bug Fixes:
|
|
* log flushing
|
|
* atomic pid file creation
|
|
* init error recovery
|
|
* seccomp logging removed
|
|
* delete container on aborted start
|
|
* /dev bind mount handling
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 30 14:18:18 UTC 2016 - asarai@suse.de
|
|
|
|
* Install to /usr/sbin. https://github.com/opencontainers/runc/pull/702
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 27 14:50:32 UTC 2016 - asarai@suse.de
|
|
|
|
* Added runC man pages.
|
|
* Recommended criu, since it's required for the checkpoint and restore
|
|
functionality.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 27 10:14:32 UTC 2016 - asarai@suse.de
|
|
|
|
* Small updates to method of compilation to better match Makefile.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 21 12:04:59 UTC 2016 - asarai@suse.de
|
|
|
|
* Make compilation work on gcc-go only systems (ppc and s390).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 21 08:24:02 UTC 2016 - asarai@suse.de
|
|
|
|
* initial import of runC 0.0.9
|
|
* add patch seccomp-use-pkg-config.patch which allows us to build runC, since
|
|
they assume that the seccomp.h file lives at /usr/include/seccomp.h.
|
|
|