Merge runc (1.0.0~rc9+dfsg1-1+rpi1) import into refs/heads/workingbranch

disable test (requires root)

Last-Update: 2018-06-15
Forwarded: not-needed

Gbp-Pq: Name test--skip_TestFactoryNewTmpfs.patch

disabled unreliable tests due to random failures on [ppc64el, s390x].

Last-Update: 2018-09-27
Forwarded: not-needed
Bug-Upstream: https://github.com/opencontainers/runc/issues/1822

Gbp-Pq: Name test--skip-Hugetlb.patch

fix FTBFS on i686

Last-Update: 2018-06-16
Forwarded: https://github.com/opencontainers/runc/pull/1821
Bug-Upstream: https://github.com/opencontainers/runc/issues/941

src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int

Gbp-Pq: Name test--fix_TestGetAdditionalGroups.patch

runc (1.0.0~rc9+dfsg1-1+rpi1) bullseye-staging; urgency=medium

  * Disable testsuite.

[dgit import unpatched runc 1.0.0~rc9+dfsg1-1+rpi1]

Import runc_1.0.0~rc9+dfsg1-1+rpi1.debian.tar.xz

[dgit import tarball runc 1.0.0~rc9+dfsg1-1+rpi1 runc_1.0.0~rc9+dfsg1-1+rpi1.debian.tar.xz]

Merge runc (1.0.0~rc9+dfsg1-1) import into refs/heads/workingbranch

Import runc_1.0.0~rc9+dfsg1.orig.tar.xz

[dgit import orig runc_1.0.0~rc9+dfsg1.orig.tar.xz]

disable test (requires root)

Last-Update: 2018-06-15
Forwarded: not-needed

Gbp-Pq: Name test--skip_TestFactoryNewTmpfs.patch

disabled unreliable tests due to random failures on [ppc64el, s390x].

Last-Update: 2018-09-27
Forwarded: not-needed
Bug-Upstream: https://github.com/opencontainers/runc/issues/1822

Gbp-Pq: Name test--skip-Hugetlb.patch

fix FTBFS on i686

Last-Update: 2018-06-16
Forwarded: https://github.com/opencontainers/runc/pull/1821
Bug-Upstream: https://github.com/opencontainers/runc/issues/941

src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int

Gbp-Pq: Name test--fix_TestGetAdditionalGroups.patch

runc (1.0.0~rc9+dfsg1-1) unstable; urgency=medium

  * New upstream release.
    + fixed CVE-2019-16884.
  * Recommends += "criu" (Closes: #912821).
    Thanks, Qian Cai.
  * (Build-)Depends:
    = golang-github-docker-go-units-dev (>= 0.4.0~)
    = golang-github-opencontainers-selinux-dev (>= 1.3.0~)
    = golang-github-seccomp-libseccomp-golang-dev (>= 0.9.1~)
    = golang-gocapability-dev (>= 0.0+git20180916~)

[dgit import unpatched runc 1.0.0~rc9+dfsg1-1]

Import runc_1.0.0~rc9+dfsg1-1.debian.tar.xz

[dgit import tarball runc 1.0.0~rc9+dfsg1-1 runc_1.0.0~rc9+dfsg1-1.debian.tar.xz]

CVE-2019-5736

Backport upstream patches for CVE-2019-5736

Include commits:
2d4a37b427167907ef2402586a8e8e2931a22490 nsenter: cloned_binary: userspace copy fallback if sendfile fails
16612d74de5f84977e50a9c8ead7f0e9e13b8628 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying
af9da0a45082783f6005b252488943b5ee2e2138 nsenter: cloned_binary: use the runc statedir for O_TMPFILE
2429d59352b81f6b9cc79b5ed26780c5fe6ba4ec nsenter: cloned_binary: expand and add pre-3.11 fallbacks
5b775bf297c47a6bc50e36da89d1ec74a6fa01dc nsenter: cloned_binary: detect and handle short copies
bb7d8b1f41f7bf0399204d54009d6da57c3cc775 nsexec (CVE-2019-5736): avoid parsing environ
0a8e4117e7f715d5fbeef398405813ce8e88558b nsenter: clone /proc/self/exe to avoid exposing host binary to container

Debian-Bug: https://bugs.debian.org/922050

Gbp-Pq: Name CVE-2019-5736.patch

disable test (requires root)

Last-Update: 2018-06-15
Forwarded: not-needed

Gbp-Pq: Name test--skip_TestFactoryNewTmpfs.patch

disabled unreliable tests due to random failures on [ppc64el, s390x].

Last-Update: 2018-09-27
Forwarded: not-needed
Bug-Upstream: https://github.com/opencontainers/runc/issues/1822

Gbp-Pq: Name test--skip-Hugetlb.patch

fix FTBFS on i686

Last-Update: 2018-06-16
Forwarded: https://github.com/opencontainers/runc/pull/1821
Bug-Upstream: https://github.com/opencontainers/runc/issues/941

src/github.com/opencontainers/runc/libcontainer/user/user_test.go:448:36: constant 2147483648 overflows int

Gbp-Pq: Name test--fix_TestGetAdditionalGroups.patch

runc (1.0.0~rc6+dfsg1-3) unstable; urgency=medium

  * Team upload.

  [ Shengjing Zhu ]
  * Improve patch for CVE-2019-5736 based on upstream commits.
    Now the patch includes following commits:
    + 2d4a37b nsenter: cloned_binary: userspace copy fallback if sendfile fails
    + 16612d7 nsenter: cloned_binary: try to ro-bind /proc/self/exe before
              copying
    + af9da0a nsenter: cloned_binary: use the runc statedir for O_TMPFILE
    + 2429d59 nsenter: cloned_binary: expand and add pre-3.11 fallbacks
    + 5b775bf nsenter: cloned_binary: detect and handle short copies
    + bb7d8b1 nsexec (CVE-2019-5736): avoid parsing environ
    + 0a8e411 nsenter: clone /proc/self/exe to avoid exposing host binary to
              container

  [ Arnaud Rebillout ]
  * Add version and gitcommit to the ldflags (Closes: #909644)
    Note that we fill the git commit with something that is NOT a git commit
    at all, instead we use it as a placeholder for the debian version. The
    debian version is a relevant information for the user, and it's nice to
    be able to show it, some way or another.

[dgit import unpatched runc 1.0.0~rc6+dfsg1-3]

Import runc_1.0.0~rc6+dfsg1-3.debian.tar.xz

[dgit import tarball runc 1.0.0~rc6+dfsg1-3 runc_1.0.0~rc6+dfsg1-3.debian.tar.xz]

Import runc_1.0.0~rc6+dfsg1.orig.tar.xz

[dgit import orig runc_1.0.0~rc6+dfsg1.orig.tar.xz]