Package: golang-github-opencontainers-runc-dev Version: 1.1.12+ds1-3 Severity: wishlist
Dear Maintainer, Please package https://github.com/opencontainers/runc/releases/tag/v1.1.13 This is the thirteenth patch release in the 1.1.z release branch of runc. It brings in Go 1.22.x compatibility and fixes a few issues, including an occasional wrong nofile rlimit in runc exec, and a race between runc list and runc delete. NOTE that if using Go 1.22.x to build runc, make sure to use 1.22.4 or a later version. For more details, see issue #4233. Support go 1.22.4+. (#4313) runc list: fix race with runc delete. (#4231) Fix set nofile rlimit error. (#4277, #4299) libct/cg/fs: fix setting rt_period vs rt_runtime. (#4284) Fix a debug msg for user ns in nsexec. (#4315) script/*: fix gpg usage wrt keyboxd. (#4316) CI fixes and misc backports. (#4241) Fix codespell warnings. (#4300) Silence security false positives from golang/net. (#4244) libcontainer: allow containers to make apps think fips is enabled/disabled for testing. (#4257) allow overriding VERSION value in Makefile. (#4270) Vagrantfile.fedora: bump Fedora to 39. (#4261) ci/cirrus: rm centos stream 8. (#4305, #4308) Security The runc binaries provided here were built with go1.21.11, which includes a security fix for os.RemoveAll to fix a bug that would allow an attacker to trick runc into deleting a directory on the host. We encourage users to update, and if they build runc themselves, make sure they build their binaries using go1.21.11 or later, or go1.22.4 or later. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.9.12-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
