runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium

runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium

  * Team upload.

  [ Shengjing Zhu ]
  * Improve patch for CVE-2019-5736 based on upstream commits.
    Now the patch includes following commits:
    + 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails
    + 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before
              copying
    + af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE
    + 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks
    + 5b775bf nsenter: cloned_binary: detect and handle short copies
    + bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ
    + 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to
              container

  [ Arnaud Rebillout ]
  * Add version and gitcommit to the ldflags (Closes: #909644)
    Note that we fill the git commit with something that is NOT a git commit
    at all, instead we use it as a placeholder for the debian version. The
    debian version is a relevant information for the user, and it's nice to
    be able to show it, some way or another.

[dgit import unpatched runc 1.0.0~rc6+dfsg1-3]