Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump runc from v1.1.13 to v1.1.15 #52

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added cache/runc-amd64
Binary file not shown.
Binary file added cache/runc-arm64
Binary file not shown.
Binary file added cache/runc-ppc64le
Binary file not shown.
7 changes: 7 additions & 0 deletions cache/runc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"tagName": "v1.1.15",
"url": "https://github.com/opencontainers/runc/releases/tag/v1.1.15",
"description": "This is the fifteenth patch release in the 1.1.z release branch of runc.\r\nIt fixes a few issues with seccomp, leaked mounts, and system performance.\r\n\r\n * The `-ENOSYS` seccomp stub is now always generated for the native\r\n architecture that `runc` is running on. This is needed to work around some\r\n arguably specification-incompliant behaviour from Docker on architectures\r\n such as ppc64le, where the allowed architecture list is set to `null`. This\r\n ensures that we always generate at least one `-ENOSYS` stub for the native\r\n architecture even with these weird configs. (#4391)\r\n * On a system with older kernel, reading `/proc/self/mountinfo` may skip some\r\n entries, as a consequence runc may not properly set mount propagation,\r\n causing container mounts leak onto the host mount namespace. (#2404, #4425)\r\n * In order to fix performance issues in the \"lightweight\" bindfd protection\r\n against [CVE-2019-5736], the temporary `ro` bind-mount of `/proc/self/exe`\r\n has been removed. runc now creates a binary copy in all cases. (#4392, #2532)\r\n \r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n",
"publishedAt": "2024-10-07T21:38:10Z",
"isLatest": true
}
4 changes: 4 additions & 0 deletions roles/kubespray-defaults/defaults/main/checksums.yml
Original file line number Diff line number Diff line change
Expand Up @@ -750,27 +750,31 @@ cri_dockerd_archive_checksums:
0.3.5: 0
runc_checksums:
arm:
v1.1.15: 0
v1.1.13: 0
v1.1.12: 0
v1.1.11: 0
v1.1.10: 0
v1.1.9: 0
v1.1.8: 0
arm64:
v1.1.15: c680f8c470ffb228944ca80e1a4dbb6768b3ad97057350852e128847f9dd10bc
v1.1.13: 4b93701752f5338ed51592b38e039aef8c1a59856d1225df21eba84c2830743c
v1.1.12: 879f910a05c95c10c64ad8eb7d5e3aa8e4b30e65587b3d68e009a3565aed5bb8
v1.1.11: 9f1ee53f06b78cc4a115ca6ae4eec10567999539ce828a22c5351edba043ed12
v1.1.10: 4830afd426bdeacbdf9cb8729524aa2ed51790b8c4b28786995925593708f1c8
v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0
v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658
amd64:
v1.1.15: d218e1f8be4dcb1f288dea754faee342375a36f695eac5ab37fc8b7270a78763
v1.1.13: bcfc299c1ab255e9d045ffaf2e324c0abaf58f599831a7c2c4a80b33f795de94
v1.1.12: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
v1.1.11: 77ae134de014613c44d25e6310a57a219a7a91155cd47d069a0f22a2cad5caea
v1.1.10: 81f73a59be3d122ab484d7dfe9ddc81030f595cc59968f61c113a9a38a2c113a
v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43
v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b
ppc64le:
v1.1.15: b4c8dbbd4973b1cc69fcade012db690e26e0b354d5fcdf04a12ffe972d5ab098
v1.1.13: 4675d51dc0b08ad8e17d3065f2e4ce47760728945f33d3092385e792357e6519
v1.1.12: 4069d1d57724126e116ad6dbd84409082d1b0afee1ee960b17558f146a742bb6
v1.1.11: e3d1da41f97db1bb7e9a8d96c9092747c14ee53bc9f160048828e63f3a2d0896
Expand Down
2 changes: 1 addition & 1 deletion roles/kubespray-defaults/defaults/main/download.yml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ image_arch: "{{ host_architecture | default('amd64') }}"

# Versions
crun_version: 1.14.4
runc_version: v1.1.13
runc_version: v1.1.15
kata_containers_version: 3.1.3
youki_version: 0.1.0
gvisor_version: 20240305
Expand Down
17 changes: 17 additions & 0 deletions version_diff.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"runc": {
"current_version": "v1.1.13",
"latest_version": "v1.1.15",
"release": {
"tagName": "v1.1.15",
"url": "https://github.com/opencontainers/runc/releases/tag/v1.1.15",
"description": "This is the fifteenth patch release in the 1.1.z release branch of runc.\r\nIt fixes a few issues with seccomp, leaked mounts, and system performance.\r\n\r\n * The `-ENOSYS` seccomp stub is now always generated for the native\r\n architecture that `runc` is running on. This is needed to work around some\r\n arguably specification-incompliant behaviour from Docker on architectures\r\n such as ppc64le, where the allowed architecture list is set to `null`. This\r\n ensures that we always generate at least one `-ENOSYS` stub for the native\r\n architecture even with these weird configs. (#4391)\r\n * On a system with older kernel, reading `/proc/self/mountinfo` may skip some\r\n entries, as a consequence runc may not properly set mount propagation,\r\n causing container mounts leak onto the host mount namespace. (#2404, #4425)\r\n * In order to fix performance issues in the \"lightweight\" bindfd protection\r\n against [CVE-2019-5736], the temporary `ro` bind-mount of `/proc/self/exe`\r\n has been removed. runc now creates a binary copy in all cases. (#4392, #2532)\r\n \r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n",
"publishedAt": "2024-10-07T21:38:10Z",
"isLatest": true,
"component": "runc",
"owner": "opencontainers",
"repo": "runc",
"release_type": "release"
}
}
}