Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/opencontainers/runc from 1.0.3 to 1.1.3 #74

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 13, 2022

Bumps github.com/opencontainers/runc from 1.0.3 to 1.1.3.

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc 1.1 -- "A plan depends as much upon execution as it does upon concept."

This release only contains very minor changes from v1.1.0-rc.1 and is the first release of the 1.1.y release series of runc. We do not plan to make any new releases of the 1.0.y release series of runc, so users are strongly encouraged to update to 1.1.0.

Changed:

  • libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331)

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers.

Thanks to the following people who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

runc 1.1-rc1 -- "He who controls the spice controls the universe."

This release is the first release candidate for the next minor release following runc 1.0. It contains all of the bugfixes included in runc 1.0 patch releases (up to and including 1.0.3).

A fair few new features have been added, and several features have been deprecated (with plans for removal in runc 1.2). At the moment we only plan to do a single release candidate for runc 1.1, and once 1.1.0 is released we will not continue updating the 1.0.z runc branch.

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.1.3] - 2022-06-09

In the beginning there was nothing, which exploded.

Fixed

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return -EPERM despite the existence of the -ENOSYS stub code (this was due to how s390x does syscall multiplexing). (#3478)
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. (#3476)
  • Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. (#3477)
  • When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. (#3504)
  • Socket activation was failing when more than 3 sockets were used. (#3494)
  • Various CI fixes. (#3472, #3479)

Added

  • Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)

Changed

  • runc static binaries are now linked against libseccomp v2.5.4. (#3481)

[1.1.2] - 2022-05-11

I should think I'm going to be a perpetual student.

Security

  • A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.

Changed

  • runc spec no longer sets any inheritable capabilities in the created example OCI spec (config.json) file.

[1.1.1] - 2022-03-28

Violence is the last refuge of the incompetent.

Added

  • CI is now also run on centos-stream-9. (#3436)

... (truncated)

Commits
  • 6724737 VERSION: release 1.1.3
  • 91fa032 ci: add basic checks for CHANGELOG.md
  • 5d74e0f Merge pull request #3504 from cyphar/1.1-systemd-devices-nonexistent-files
  • 7219387 cgroups: systemd: skip adding device paths that don't exist
  • da9b9d9 Merge pull request #3494 from eriksjolund/1.1-backport-3489
  • 93d1807 libcontainer: relax getenv_int sanity check
  • ff14258 merge branch 'pr-3481' into release-1.1
  • 8242c05 script/seccomp.sh: check tarball sha256
  • 017cb29 Dockerfile,scripts/release: bump libseccomp to v2.5.4
  • 131222d Merge pull request #3493 from cyphar/1.1-ns_last_pid
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.0.3 to 1.1.3.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.3/CHANGELOG.md)
- [Commits](opencontainers/runc@v1.0.3...v1.1.3)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 13, 2022
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Aug 29, 2022

Superseded by #108.

@dependabot dependabot bot closed this Aug 29, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/opencontainers/runc-1.1.3 branch August 29, 2022 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants