projects / runc.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
runc.git
6 years agoCVE-2019-5736
commit | commitdiff | tree
Shengjing Zhu [Sun, 10 Mar 2019 09:47:46 +0000 (17:47 +0800)]
CVE-2019-5736

Backport upstream patches for CVE-2019-5736

Include commits:
2d4a37b427167907ef2402586a8e8e2931a22490 nsenter: cloned_binary: userspace copy fallback if sendfile fails
16612d74de5f84977e50a9c8ead7f0e9e13b8628 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying
af9da0a45082783f6005b252488943b5ee2e2138 nsenter: cloned_binary: use the runc statedir for O_TMPFILE
2429d59352b81f6b9cc79b5ed26780c5fe6ba4ec nsenter: cloned_binary: expand and add pre-3.11 fallbacks
5b775bf297c47a6bc50e36da89d1ec74a6fa01dc nsenter: cloned_binary: detect and handle short copies
bb7d8b1f41f7bf0399204d54009d6da57c3cc775 nsexec (CVE-2019-5736): avoid parsing environ
0a8e4117e7f715d5fbeef398405813ce8e88558b nsenter: clone /proc/self/exe to avoid exposing host binary to container

Debian-Bug: https://bugs.debian.org/922050

Gbp-Pq: Name CVE-2019-5736.patch

6 years agodisable test (requires root)
commit | commitdiff | tree
Dmitry Smirnov [Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)]
disable test (requires root)

Last-Update: 2018-06-15
Forwarded: not-needed

Gbp-Pq: Name test--skip_TestFactoryNewTmpfs.patch

6 years agodisabled unreliable tests due to random failures on [ppc64el, s390x].
commit | commitdiff | tree
Dmitry Smirnov [Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)]
disabled unreliable tests due to random failures on [ppc64el, s390x].

Last-Update: 2018-09-27
Forwarded: not-needed
Bug-Upstream: https://github.com/opencontainers/runc/issues/1822

Gbp-Pq: Name test--skip-Hugetlb.patch

6 years agofix FTBFS on i686
commit | commitdiff | tree
Dmitry Smirnov [Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)]
fix FTBFS on i686

Last-Update: 2018-06-16
Forwarded: https://github.com/opencontainers/runc/pull/1821
Bug-Upstream: https://github.com/opencontainers/runc/issues/941

src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int

Gbp-Pq: Name test--fix_TestGetAdditionalGroups.patch

6 years agorunc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium
commit | commitdiff | tree
Shengjing Zhu [Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)]
runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium

  * Team upload.

  [ Shengjing Zhu ]
  * Improve patch for CVE-2019-5736 based on upstream commits.
    Now the patch includes following commits:
    + 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails
    + 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before
              copying
    + af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE
    + 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks
    + 5b775bf nsenter: cloned_binary: detect and handle short copies
    + bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ
    + 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to
              container

  [ Arnaud Rebillout ]
  * Add version and gitcommit to the ldflags (Closes: #909644)
    Note that we fill the git commit with something that is NOT a git commit
    at all, instead we use it as a placeholder for the debian version. The
    debian version is a relevant information for the user, and it's nice to
    be able to show it, some way or another.

[dgit import unpatched runc 1.0.0~rc6+dfsg1-3]

6 years agoImport runc_1.0.0~rc6+dfsg1-3.debian.tar.xz
commit | commitdiff | tree
Shengjing Zhu [Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)]
Import runc_1.0.0~rc6+dfsg1-3.debian.tar.xz

[dgit import tarball runc 1.0.0~rc6+dfsg1-3 runc_1.0.0~rc6+dfsg1-3.debian.tar.xz]

6 years agoImport runc_1.0.0~rc6+dfsg1.orig.tar.xz
commit | commitdiff | tree
Dmitry Smirnov [Thu, 24 Jan 2019 20:55:34 +0000 (20:55 +0000)]
Import runc_1.0.0~rc6+dfsg1.orig.tar.xz

[dgit import orig runc_1.0.0~rc6+dfsg1.orig.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.