Accepting request 892389 from home:cyphar:docker

- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "chdir to cwd: permission denied" for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch

OBS-URL: https://build.opensuse.org/request/show/892389
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/runc?expand=0&rev=109

0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch

@@ -1,38 +0,0 @@
-From dd7444d3bba4ae2e461b41026f5f37416d7ee158 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai <asarai@suse.de>
-Date: Mon, 26 Apr 2021 17:41:29 +1000
-Subject: [PATCH] cloned_binary: switch from #error to #warning for
- SYS_memfd_create hardcode
-
-We shouldn't refuse to build on architectures just because we don't know
-what the syscall number of memfd_create(2) is. In addition, use the
-correct defined(...) macros for ppc64 (these are the ones glibc uses).
-
-Fixes: 3aead32ea246 ("nsenter: hard-code memfd_create(2) syscall numbers")
-Signed-off-by: Aleksa Sarai <asarai@suse.de>
----
- libcontainer/nsenter/cloned_binary.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
-index 2667cd65c293..b78000fec317 100644
---- a/libcontainer/nsenter/cloned_binary.c
-+++ b/libcontainer/nsenter/cloned_binary.c
-@@ -75,12 +75,12 @@
- #      define SYS_memfd_create 385
- #    elif defined(__aarch64__) // arm64
- #      define SYS_memfd_create 279
--#    elif defined(__ppc__) || defined(__ppc64__) // ppc + ppc64
-+#    elif defined(__ppc__) || defined(__PPC64__) || defined(__powerpc64__) // ppc + ppc64
- #      define SYS_memfd_create 360
- #    elif defined(__s390__) || defined(__s390x__) // s390(x)
- #      define SYS_memfd_create 350
- #    else
--#      error "unknown architecture -- cannot hard-code SYS_memfd_create"
-+#      warning "unknown architecture -- cannot hard-code SYS_memfd_create"
- #    endif
- #  endif
- #endif
--- 
-2.31.1
-

runc-1.0.0-rc93.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:70ee0fcf45b17f0da93dd4c4d174046a3584080dcc07c5468914d33d57c8202d
-size 1261676

runc-1.0.0-rc93.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmAaAVwACgkQnhiqJn3b
-jbRLSw/8DQEIlXTrCGYtB6qu/Aog3gU2JrwYWLDIRHJNl5e5QEemdgsm7JjcKU02
-cOTKjH4StQdXA164pHUaq4CYvZxzDZoACyD9G8x9dW3CP4thT9ySDE8ElV2wo5R7
-7JYoG4I7A/rmejVvA1H48U0YZdolUMJDvqEUoyY+NnIFAU3WFx/cJw5GOZ7KeGLg
-LzZxVRUQQHJdth5E9uE+DyF/7IMiMwEFXC+FG+uEOkK8uVbSu6yJyN9N8ef5aZE2
-BWmr6U9K9rq6cfQi6zGd2k5m0vRMB8qwqSDLiiVLMJYpE13Y9pxxzBasq+R4+8QS
-FACtmpmBmhVFM1RdYtoB0uoMS3ZE2xlMEWtauLXYxRwEybXeu75ZEnNAewAozY2m
-8xllZQrpSFvlqjgEslBhztWJcu7Ds7veT4SRhby/RflF087teMPvxDErh0QAPXpF
-mUZX8UahjPTMu1hv0nwrdfNe5EBkLoyOYtWIy29qgW3e+DmiAfAuOE2XI9ttn4ZB
-+i7CQocy8hlyCeDHHVPgoyWTSAV7/jYizTDq1aj0FcvGC+WHI8ZrzYgfWKQZ+/ov
-b356RwhK1lZ9sZf107phf4gmPA/uvIGvERO0PdPvWQaJbIZ4TUTxx/IO8tO5PAHz
-7DJ/UGvyIMwiERuM1ul/4bgRsMXEoCYbirqQmqe0qBSiy2c+q1g=
-=+kc+
------END PGP SIGNATURE-----

runc-1.0.0-rc94.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87daf369dcac7f1895e72bc0ee22ba9e29d4678d6d0dd795f336e35c222a801a
+size 1364032

runc-1.0.0-rc94.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJDBAABCAAtFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAmCZRxgPHGFzYXJhaUBz
+dXNlLmRlAAoJEJ4YqiZ92420WWUP/08JwOzo18rLbVsFHKcsrEQdNjzzFSE+8QNA
+plajgGEyjb7iaqhHL/j2Cv0U+rM5IcDKwLGL1Oj0n9FD9f3mst9LZubDGYK7xBnc
+rJ8J3vkVZ5vxi4qzGs0csTefkt9OOqsK3emrV9Tpqxqi2mwoGLHMWOlqziZEhZ1b
+n5aktmd/Qrdc6E1Seb1Er0O57xWDenK0w7aTHWbr7ug20Lv6T4BBiSPWsk/m8Sgm
+hkKJq4bN8ZSzRjC3AuP7TSeuneMjCwdSsKdqPXqQB9iO+cwpEdA2IjzUlQkJxCub
+4NtwmIZ9Ik7x2oLxFwV5l3NFRo7YM2SYePHVfYLFJuSq/SMQ6SVESwDC8lnTpZPd
+6/ZQFuSYGxHee7lf2HHGFmLTB1kJ27jKxqEvSMzOz+CBAvkeiNLStNAAyq4AWuzo
+ia9cJY8fEEn4nY2+pbZAS8vxrAcUzs6vNMUIv9ECyQ/XzsrhRwtC3QXkm8J1eih9
+O6hlBpajHen/JjGaDhrWWPdRwC83kIVRIqeB1x/g1hGR21HAOlFltxGgmkyy/Cz6
+MxgHoJ/GMnhdW88SR/ToTQKCTedj4nCmMSsIFcNR/YRtaeMVvzWUyYDu4wnZXJua
+U11+iwsL3e3KgObzvSSNJ4eq6N6r5BxRnbKpC3xDQ5jautzQgUrEKjA6PBdF/Bsx
+e/zmslTf
+=Uunz
+-----END PGP SIGNATURE-----

runc.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Wed May 12 08:03:58 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Update to runc v1.0.0~rc94. Upstream changelog is available from
+  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
+  Breaking Changes:
+  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
+    been effectively deprecated by the kernel. Users should make use of regular
+    memory cgroup controls.
+  Regression Fixes:
+  * seccomp: fix 32-bit compilation errors
+  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
+  * runc start: fix "chdir to cwd: permission denied" for some setups
+- Remove upstreamed patches:
+  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
+
 -------------------------------------------------------------------
 Mon Apr 26 07:54:54 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 
@@ -14,7 +30,7 @@ Wed Feb  3 04:09:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
   * Cgroupv2 support is no longer considered experimental.
   * Mountinfo parsing code has been reworked significantly.
   * Special ENOSYS handling for seccomp profiles to avoid making new
-	syscalls unusable for glibc.
+    syscalls unusable for glibc.
   * Various rootless containers improvements.
   * The "selinux" and "apparmor" buildtags have been removed, and now all runc
     builds will have SELinux and AppArmor support enabled.

runc.spec

@@ -22,11 +22,11 @@
 
 # Package-wide golang version
 %define go_version 1.13
-%define _version 1.0.0-rc93
 %define project github.com/opencontainers/runc
 
 Name:           runc
-Version:        1.0.0~rc93
+Version:        1.0.0~rc94
+%define _version 1.0.0-rc94
 Release:        0
 Summary:        Tool for spawning and running OCI containers
 License:        Apache-2.0
@@ -36,10 +36,6 @@ Source0:        https://github.com/opencontainers/runc/releases/download/v%{_ver
 Source1:        https://github.com/opencontainers/runc/releases/download/v%{_version}/runc.tar.xz.asc#/runc-%{_version}.tar.xz.asc
 Source2:        runc.keyring
 Source3:        runc-rpmlintrc
-# SUSE-FIX: SLE-12 has too old a glibc for memfd_create(2) and __ppc64__
-#           doesn't appear to match ppc64le for some reason. This is a backport
-#           of <https://github.com/opencontainers/runc/pull/2919>.
-Patch1:         0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
 BuildRequires:  fdupes
 BuildRequires:  go-go-md2man
 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires
@@ -73,8 +69,6 @@ and has grown to become a separate project entirely.
 
 %prep
 %setup -q -n %{name}-%{_version}
-# fix build on SLE-12 ppc64le
-%patch1 -p1
 
 %build
 # build runc