| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: runc | Distribution: openSUSE:Factory:zSystems |
| Version: 1.2.5 | Vendor: openSUSE |
| Release: 1.1 | Build date: Fri Feb 14 02:31:56 2025 |
| Group: System/Management | Build host: reproducible |
| Size: 11927837 | Source RPM: runc-1.2.5-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/opencontainers/runc | |
| Summary: Tool for spawning and running OCI containers | |
runc is a CLI tool for spawning and running containers according to the OCI specification. It is designed to be as minimal as possible, and is the workhorse of Docker. It was originally designed to be a replacement for LXC within Docker, and has grown to become a separate project entirely.
Apache-2.0
* Fri Feb 14 2025 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.5>.
* Tue Jan 07 2025 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.4>.
- Update runc.keyring to match upstream.
* Wed Dec 11 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.3>.
* Sat Nov 16 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.2>.
* Fri Nov 01 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.1>.
* Mon Oct 21 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0>.
* Tue Sep 03 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310. bsc#1230092
* Tue Sep 03 2024 Aleksa Sarai <asarai@suse.com>
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
* Mon Jul 22 2024 Aleksa Sarai <asarai@suse.com>
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
* Fri Jul 12 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.0~rc2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.2>.
- Re-allow Go 1.22 builds for >= 1.22.4.
* Thu Apr 25 2024 Aleksa Sarai <asarai@suse.com>
- Build with Go 1.21 until the upstream Go 1.22 compatibility issue gets fixed.
<https://github.com/opencontainers/runc/issues/4233>
* Thu Apr 04 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.2.0~rc1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.1>.
- Remove upstreamed patches.
- 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
- 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
- 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* Thu Mar 21 2024 Aleksa Sarai <asarai@suse.com>
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
+ 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
+ 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
+ 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* Wed Jan 31 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.12. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
* This release fixes a container breakout vulnerability (CVE-2024-21626). For
more details, see the upstream security advisory:
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
* Remove upstreamed patches:
- CVE-2024-21626.patch
* Update runc.keyring to match upstream changes.
* Thu Jan 18 2024 Aleksa Sarai <asarai@suse.com>
[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+ CVE-2024-21626.patch
* Tue Jan 02 2024 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.11. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
* Wed Nov 01 2023 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.10. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.10>.
* Wed Sep 06 2023 Danish Prakash <danish.prakash@suse.com>
- Update to runc v1.1.9. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.9>.
* Wed Jul 19 2023 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.8. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
* Thu Apr 27 2023 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
* Wed Apr 12 2023 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
* Wed Mar 29 2023 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
Includes fixes for the following CVEs:
- CVE-2023-25809 bsc#1209884
- CVE-2023-27561 bsc#1208962
- CVE-2023-28642 bsc#1209888
* Fix the inability to use `/dev/null` when inside a container. bsc#1168481
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1). bsc#1207004
* Fix rare runc exec/enter unshare error on older kernels.
* nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
* Wed Aug 31 2022 Fabian Vogt <fvogt@suse.com>
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
bsc#1202021
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "permission denied" error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
* Thu Jun 09 2022 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.3. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.3.
(Includes a fix for bsc#1200088.)
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
code (this was due to how s390x does syscall multiplexing).
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
* Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang.
* When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths.
* Socket activation was failing when more than 3 sockets were used.
* Various CI fixes.
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
* runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
- bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
* Mon May 23 2022 Aleksa Sarai <asarai@suse.com>
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
+ bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
* Thu May 12 2022 Aleksa Sarai <asarai@suse.com>
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
* Wed May 11 2022 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.2.
CVE-2022-29162 bsc#1199460
* A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical Linux
environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
CVE-2022-29162. bsc#1199460
* `runc spec` no longer sets any inheritable capabilities in the created
example OCI spec (`config.json`) file.
* Tue Mar 29 2022 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.1.
* runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355)
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404)
* Loosen OCI spec validation to avoid bogus "Intel RDT is not supported"
error. (#3406)
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
* Mon Jan 17 2022 Aleksa Sarai <asarai@suse.com>
- Update to runc v1.1.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.0.
- libcontainer will now refuse to build without the nsenter package being
correctly compiled (specifically this requires CGO to be enabled). This
should avoid folks accidentally creating broken runc binaries (and
incorrectly importing our internal libraries into their projects). (#3331)
/usr/bin/runc /usr/sbin/runc /usr/share/doc/packages/runc /usr/share/doc/packages/runc/README.md /usr/share/licenses/runc /usr/share/licenses/runc/LICENSE /usr/share/man/man8/runc-checkpoint.8.gz /usr/share/man/man8/runc-create.8.gz /usr/share/man/man8/runc-delete.8.gz /usr/share/man/man8/runc-events.8.gz /usr/share/man/man8/runc-exec.8.gz /usr/share/man/man8/runc-kill.8.gz /usr/share/man/man8/runc-list.8.gz /usr/share/man/man8/runc-pause.8.gz /usr/share/man/man8/runc-ps.8.gz /usr/share/man/man8/runc-restore.8.gz /usr/share/man/man8/runc-resume.8.gz /usr/share/man/man8/runc-run.8.gz /usr/share/man/man8/runc-spec.8.gz /usr/share/man/man8/runc-start.8.gz /usr/share/man/man8/runc-state.8.gz /usr/share/man/man8/runc-update.8.gz /usr/share/man/man8/runc.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 23 00:47:08 2025