Accepting request 1075228 from Virtualization:containers

- Update to runc v1.1.5. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.1.5>. Includes fixes for the following CVEs: - CVE-2023-25809 bsc#1209884 - CVE-2023-27561 bsc#1208962 - CVE-2023-28642 bsc#1209888 * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). bsc#1168481 * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. OBS-URL: https://build.opensuse.org/request/show/1075228 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/runc?expand=0&rev=52
2023-03-30 20:50:49 +00:00 · 2023-03-30 20:50:49 +00:00 · 6a71307c5e
commit 6a71307c5e
parent b005b543cf 7a1dc570e6
6 changed files with 48 additions and 34 deletions
--- a/runc-1.1.4.tar.xz
+++ b/runc-1.1.4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f5972715dffb0b2371e4d678c1206cc8c4ec5eb80f2d48755d150bac49be35b
-size 1414096
--- a/runc-1.1.4.tar.xz.asc
+++ b/runc-1.1.4.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmMH5k4PHGFzYXJhaUBz
-dXNlLmRlAAoJEJ4YqiZ92420PE4P/RraZC2MNVLV6Tbyj9bLgEK7rFYLbYH0/NJ3
-Vg8cfS6G2QzVcQCxbV2onq7y5LHA/1NkWADQg4NRbjVFgUu8+8HY4Yz1M/bIzkYS
-ic827WBqmvHV7ov1IMcM/YPJCzOUfwm1PW1cWI5w9jLINgoqORYRF/Cm0Qkn2ReE
-2pRl4kjdVUALmelQ5H1/p0FN8i0j+yC3Wpzv4akhFb/BigxgQx1zWqhrCRSmcsMJ
-C4ta0ty7wAIOXLoPNCUgcq2HPnHrj8IjtnjKtprur59JpzFdJ1th1hBcJjO9EEos
-SP6WGBbFQgX+5jiTCbUlEhSEp7gWeDYO8R8uIA+itXGYO9iwbMC8QBk6kVPIUiYW
-9RpniJzDonglcuSpTcvfogoTq0vRFhQYk82fbBI4k2YIDVCfho+w45KCqaSjsSTr
-v0qrlb320STds4CmzI8vTIB7IFTKMnGdpLe/aVly3bOhHHD2gutW5PG3mo4uzCLZ
-E30hYQ9fgE7wSjLmvK6FCm6axwCistDp3Xy2giLTeIXZwDbVagaR/YcYr6CRg7HH
-gVFoG7P0FsrWI1Xpj5+2D/KFZXnvpTig4inC7SzwITdyxx/mX3uCm12Ya5YcAv/Q
-rjgFgznrS3kpcxkuonKXszwn7JjT7fi3Cd4ZiwPoqGSGwQNhp7lxBss8CzQXFSdj
-Soq9Y1FN
-=xkJd
-----END PGP SIGNATURE-----
--- a/runc-1.1.5.tar.xz
+++ b/runc-1.1.5.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bed3a10df91a161dea38115a955b9b68f9130d8ea24071b12cdf657929d9cfb4
+size 1415672
--- a/runc-1.1.5.tar.xz.asc
+++ b/runc-1.1.5.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmQj4koPHGFzYXJhaUBz
+dXNlLmRlAAoJEJ4YqiZ92420/6kQAMTAUnJAO4EdVC7i+h7Il8xa799D7qFtRO/P
+z0JyurD5Gr05CuJuI9inXV2kr2GRkwPSnNO45x8ELE18pUBsDc49wm+2lpjUszFS
+hdWFfd04mpfbpejNICPrFpMAJT1AFnFA2Th4YRpKAs249GGiD6FsE1mRHt6HOowp
+WBuev2+73X4YnmJw2hX8n37Z1Al3dAtLf47eAtM7nnSAZtlHfSqqn/XZzRr6BqW2
+um5PDerdE1jx6mXNaNGo4JSs7o8lV6QDsc9X6HxPrkg3WAVdEtH5xJe2coiNpFho
+vH40tIfNZxKypZy+BURzFiHHxv/lFksrbm56AuwATyttFa8ZU/x9E4sYELqH82UN
+o7scHsk+soqMC2yDRBXX0ScDFqoC+R0OM6KjzB+5lqvy0j9lyas1RXcTdnzW9tFE
+gVCtUzxhN/BV06dBIuda90DiyjmL1J4jvLDLi22woq4wLMT/4JjLLj6rxwe8K+t+
+TG309DicdWRUBPEbE25uJcQwDPzpCJPWgeSkyjKZqbK3Dwz2GRyr8i9ZJx/PkG3Q
+8AJcpzQzIWA2hTjOKh2xCrnzcN9SdjT7y6EKHJ0whkSpRIdYKuqPPXVKLPt+O1mY
+EjLH6vQjLblfg6uXqyl/0T2E2t2Bkb83MEB8yEmCz6k1ADN+iCDO0Gp4Qf/+S6I7
+S12GsOgr
+=8sKw
+-----END PGP SIGNATURE-----
--- a/runc.changes
+++ b/runc.changes
@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Wed Mar 29 07:05:52 UTC 2023 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.1.5. Upstream changelog is available from
+  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
+
+  Includes fixes for the following CVEs:
+   - CVE-2023-25809 bsc#1209884
+   - CVE-2023-27561 bsc#1208962
+   - CVE-2023-28642 bsc#1209888
+
+  * Fix the inability to use `/dev/null` when inside a container.
+  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
+    (a regression in 1.1.1). bsc#1168481
+  * Fix rare runc exec/enter unshare error on older kernels.
+  * nsexec: Check for errors in `write_log()`.
+
+- Drop version-specific Go requirement.
+
 -------------------------------------------------------------------
 Wed Aug 31 13:00:31 UTC 2022 - Fabian Vogt <fvogt@suse.com>

--- a/runc.spec
+++ b/runc.spec
@ -1,7 +1,7 @@
 #
 # spec file for package runc
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,29 +18,24 @@


 # MANUAL: Make sure you update this each time you update runc.
-%define git_version a916309fff0f838eb94e928713dbc3c0d0ac7aa4
-%define git_short   a916309fff0f
+%define git_version f19387a6bec4944c770f7668ab51c4348d9c2f38
+%define git_short   f19387a6bec4

-# Package-wide golang version
-%define go_version 1.18
 %define project github.com/opencontainers/runc

 Name:           runc
-Version:        1.1.4
-%define _version 1.1.4
+Version:        1.1.5
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/opencontainers/runc
-Source0:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz#/runc-%{version}.tar.xz
-Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc
+Source0:        https://github.com/opencontainers/runc/releases/download/v%{version}/runc.tar.xz#/runc-%{version}.tar.xz
+Source1:        https://github.com/opencontainers/runc/releases/download/v%{version}/runc.tar.xz.asc#/runc-%{version}.tar.xz.asc
 Source2:        runc.keyring
 BuildRequires:  fdupes
+BuildRequires:  go
 BuildRequires:  go-go-md2man
-# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
-# for 'golang(API) >= 1.x' here, so just require 1.x exactly. bsc#1172608
-BuildRequires:  go%{go_version}
 BuildRequires:  libseccomp-devel
 BuildRequires:  libselinux-devel
 Recommends:     criu
@ -58,7 +53,7 @@ Obsoletes:      docker-runc_50a19c6
 ExcludeArch:    s390

 # Construct "git describe --dirty --long --always".
-%define git_describe v%{_version}-0-g%{git_short}
+%define git_describe v%{version}-0-g%{git_short}

 %description
 runc is a CLI tool for spawning and running containers according to the OCI
@ -67,7 +62,7 @@ of Docker. It was originally designed to be a replacement for LXC within Docker,
 and has grown to become a separate project entirely.

 %prep
-%setup -q -n %{name}-%{_version}
+%setup -q -n %{name}-%{version}

 %build
 # build runc