rpms/crun
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8-stream-3.0
Branches Tags
rpms:c8-stream-3.0
rpms:c9s
rpms:c10s
rpms:c10-beta
rpms:c9
rpms:c9-beta
rpms:c8-stream-rhel8
rpms:c8-beta-stream-rhel8
rpms:stream-container-tools-rhel8-rhel-8.10.0
rpms:c8-stream-4.0
rpms:c8-beta-stream-4.0
rpms:stream-container-tools-4.0-rhel-8.10.0
rpms:stream-container-tools-rhel8-rhel-8.9.0
rpms:stream-container-tools-4.0-rhel-8.9.0
rpms:c8-beta-stream-3.0
rpms:c8s-stream-rhel8
rpms:c8s-stream-4.0
rpms:c8s-stream-3.0
rpms:c9-beta-stream-latest
rpms:imports/c10s/crun-1.19-1.el10
rpms:imports/c10s/crun-1.18.2-1.el10
rpms:imports/c10-beta/crun-1.16.1-1.el10
rpms:imports/c9/crun-1.16.1-1.el9
rpms:imports/c10s/crun-1.17-2.el10
rpms:imports/c9-beta/crun-1.16.1-1.el9
rpms:imports/c10s/crun-1.17-1.el10
rpms:imports/c10s/crun-1.16.1-1.el10
rpms:imports/c10s/crun-1.15-4.el10
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22417+2fb00970
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22397+e3c95ba6
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22346+28c02849
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22283+6d6d094a
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22202+761b9a65
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+21962+8143777b
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+21340+c6c7475a
rpms:imports/c9/crun-1.14.3-1.el9
rpms:imports/c8-stream-4.0/crun-1.8.7-1.module+el8.9.0+20325+b2853e6e
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21697+6a5e98e7
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21525+acb5d821
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21243+a586538b
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+20326+387084d0
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+19731+94cfa27e
rpms:imports/c9/crun-1.8.7-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.8.7-1.module_el8+661+d1afb926
rpms:imports/c8-beta-stream-4.0/crun-1.8.3-1.module_el8+668+cc1a7ff1
rpms:imports/c9-beta/crun-1.8.7-1.el9
rpms:imports/c8-stream-rhel8/crun-1.8.4-2.module+el8.8.0+19993+47c8ef84
rpms:imports/c8-stream-rhel8/crun-1.8.4-2.module+el8.8.0+18669+fa5aca5a
rpms:imports/c8-stream-rhel8/crun-1.8.1-2.module+el8.8.0+18418+f0e540fe
rpms:imports/c8-stream-4.0/crun-1.6-1.module+el8.8.0+17821+de1b53f1
rpms:imports/c9/crun-1.8.4-1.el9_2
rpms:imports/c9/crun-1.8.1-1.el9
rpms:imports/c9-beta/crun-1.8.1-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.8-1.module+el8.8.0+18060+3f21f2cc
rpms:imports/c8-beta-stream-4.0/crun-1.6-1.module+el8.8.0+17821+de1b53f1
rpms:imports/c8-beta-stream-3.0/crun-0.18-3.module+el8.7.0+16533+44634e24
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17824+66a0202b
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.7.0+16533+44634e24
rpms:imports/c8s-stream-rhel8/crun-1.7.2-1.module+el8.8.0+17695+8a9c0c1b
rpms:imports/c8s-stream-4.0/crun-1.6-1.module+el8.8.0+17272+e09ebca6
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17498+a7f63b89
rpms:imports/c9/crun-1.5-1.el9
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17064+3b31f55c
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+16772+33343656
rpms:imports/c8-stream-4.0/crun-1.5-1.module+el8.7.0+16520+2db5507d
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.6.0+16771+28dfca77
rpms:imports/c9-beta/crun-1.5-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.5-1.module+el8.7.0+16493+89f82ab8
rpms:imports/c8-beta-stream-4.0/crun-1.5-1.module+el8.7.0+16431+bb67d067
rpms:imports/c8-beta-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8s-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8s-stream-4.0/crun-1.5-1.module+el8.7.0+16431+bb67d067
rpms:imports/c8s-stream-rhel8/crun-1.5-1.module+el8.7.0+16493+89f82ab8
rpms:imports/c9/crun-1.4.5-2.el9_0
rpms:imports/c8-stream-rhel8/crun-1.4.5-2.module+el8.6.0+15917+093ca6f8
rpms:imports/c9/crun-1.4.4-2.el9_0
rpms:imports/c8-stream-rhel8/crun-1.4.4-1.module+el8.6.0+14877+f643d2d6
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.6.0+14874+64436299
rpms:imports/c8-stream-rhel8/crun-1.4.4-1.module+el8.6.0+14673+621cb8be
rpms:imports/c8-stream-4.0/crun-1.4.4-1.module+el8.6.0+14672+b2f82327
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.6.0+14694+4f5132e0
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.5.0+14784+8c48f0fc
rpms:imports/c8-beta-stream-4.0/crun-1.4.2-1.module+el8.6.0+14130+31267433
rpms:imports/c8-beta-stream-rhel8/crun-1.4.2-1.module+el8.6.0+14131+b9baa4cc
rpms:imports/c8s-stream-rhel8/crun-1.4.3-1.module+el8.7.0+14421+e3b24aca
rpms:imports/c8s-stream-4.0/crun-1.4.2-1.module+el8.6.0+14130+31267433
rpms:imports/c9-beta/crun-1.4.2-1.el9
rpms:imports/c8-stream-rhel8/crun-1.4.1-1.module+el8.5.0+13882+8ad012a9
rpms:imports/c9-beta/crun-1.4.1-1.el9
rpms:imports/c9-beta/crun-1.4-1.el9
rpms:imports/c9-beta-stream-latest/crun-1.0-1.module+el9.0.0+12467+378c8264
rpms:imports/c9-beta/crun-1.3-1.el9
rpms:imports/c8-stream-rhel8/crun-1.0-1.module+el8.5.0+12582+56d94c81
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.5.0+10306+3f72d66d
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+11818+341460ad
rpms:imports/c8s-stream-rhel8/crun-1.2-1.module+el8.6.0+12939+aa33c90f
rpms:imports/c8-beta-stream-rhel8/crun-1.0-1.module+el8.5.0+12391+32580560
rpms:imports/c8-beta-stream-rhel8/crun-0.18-1.module+el8.4.0+10198+36d1d0e3
rpms:imports/c8-beta-stream-3.0/crun-0.18-2.module+el8.5.0+10306+3f72d66d
rpms:imports/c8-beta-stream-3.0/crun-0.18-2.module+el8.4.0+10197+7c295612
rpms:imports/c8s-stream-rhel8/crun-1.0-1.module+el8.6.0+12698+b6644727
rpms:imports/c8s-stream-rhel8/crun-1.0-1.module+el8.5.0+12391+32580560
rpms:imports/c8s-stream-rhel8/crun-0.21-3.module+el8.5.0+12157+04f1d6be
rpms:imports/c8s-stream-rhel8/crun-0.21-1.module+el8.5.0+12014+438a5746
rpms:imports/c8s-stream-rhel8/crun-0.20.1-1.module+el8.5.0+11957+18363336
rpms:imports/c8s-stream-rhel8/crun-0.18-1.module+el8.5.0+10478+2006037b
rpms:imports/c8s-stream-3.0/crun-0.18-2.module+el8.4.0+10399+da537d87
rpms:imports/c8-stream-rhel8/crun-0.20.1-1.module+el8.4.0+11822+6cc1e7d7
rpms:imports/c8-stream-rhel8/crun-0.18-2.module+el8.4.0+11311+9da8acfb
rpms:imports/c8-stream-rhel8/crun-0.18-1.module+el8.4.0+10607+f4da7515
rpms:imports/c8-stream-rhel8/crun-0.16-2.module+el8.3.1+9857+68fb1526
rpms:imports/c8-stream-rhel8/crun-0.14.1-2.module+el8.3.0+8221+97165c3f
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+11310+8c67a752
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+10614+dd38312c
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9s
rpms:c10s
rpms:c10-beta
rpms:c9
rpms:c9-beta
rpms:c8-stream-rhel8
rpms:c8-beta-stream-rhel8
rpms:stream-container-tools-rhel8-rhel-8.10.0
rpms:c8-stream-4.0
rpms:c8-beta-stream-4.0
rpms:stream-container-tools-4.0-rhel-8.10.0
rpms:stream-container-tools-rhel8-rhel-8.9.0
rpms:stream-container-tools-4.0-rhel-8.9.0
rpms:c8-beta-stream-3.0
rpms:c8-stream-3.0
rpms:c8s-stream-rhel8
rpms:c8s-stream-4.0
rpms:c8s-stream-3.0
rpms:c9-beta-stream-latest
rpms:imports/c10s/crun-1.19-1.el10
rpms:imports/c10s/crun-1.18.2-1.el10
rpms:imports/c10-beta/crun-1.16.1-1.el10
rpms:imports/c9/crun-1.16.1-1.el9
rpms:imports/c10s/crun-1.17-2.el10
rpms:imports/c9-beta/crun-1.16.1-1.el9
rpms:imports/c10s/crun-1.17-1.el10
rpms:imports/c10s/crun-1.16.1-1.el10
rpms:imports/c10s/crun-1.15-4.el10
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22417+2fb00970
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22397+e3c95ba6
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22346+28c02849
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22283+6d6d094a
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+22202+761b9a65
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+21962+8143777b
rpms:imports/c8-stream-rhel8/crun-1.14.3-2.module+el8.10.0+21340+c6c7475a
rpms:imports/c9/crun-1.14.3-1.el9
rpms:imports/c8-stream-4.0/crun-1.8.7-1.module+el8.9.0+20325+b2853e6e
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21697+6a5e98e7
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21525+acb5d821
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+21243+a586538b
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+20326+387084d0
rpms:imports/c8-stream-rhel8/crun-1.8.7-1.module+el8.9.0+19731+94cfa27e
rpms:imports/c9/crun-1.8.7-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.8.7-1.module_el8+661+d1afb926
rpms:imports/c8-beta-stream-4.0/crun-1.8.3-1.module_el8+668+cc1a7ff1
rpms:imports/c9-beta/crun-1.8.7-1.el9
rpms:imports/c8-stream-rhel8/crun-1.8.4-2.module+el8.8.0+19993+47c8ef84
rpms:imports/c8-stream-rhel8/crun-1.8.4-2.module+el8.8.0+18669+fa5aca5a
rpms:imports/c8-stream-rhel8/crun-1.8.1-2.module+el8.8.0+18418+f0e540fe
rpms:imports/c8-stream-4.0/crun-1.6-1.module+el8.8.0+17821+de1b53f1
rpms:imports/c9/crun-1.8.4-1.el9_2
rpms:imports/c9/crun-1.8.1-1.el9
rpms:imports/c9-beta/crun-1.8.1-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.8-1.module+el8.8.0+18060+3f21f2cc
rpms:imports/c8-beta-stream-4.0/crun-1.6-1.module+el8.8.0+17821+de1b53f1
rpms:imports/c8-beta-stream-3.0/crun-0.18-3.module+el8.7.0+16533+44634e24
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17824+66a0202b
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.7.0+16533+44634e24
rpms:imports/c8s-stream-rhel8/crun-1.7.2-1.module+el8.8.0+17695+8a9c0c1b
rpms:imports/c8s-stream-4.0/crun-1.6-1.module+el8.8.0+17272+e09ebca6
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17498+a7f63b89
rpms:imports/c9/crun-1.5-1.el9
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+17064+3b31f55c
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.7.0+16772+33343656
rpms:imports/c8-stream-4.0/crun-1.5-1.module+el8.7.0+16520+2db5507d
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8-stream-rhel8/crun-1.5-1.module+el8.6.0+16771+28dfca77
rpms:imports/c9-beta/crun-1.5-1.el9
rpms:imports/c8-beta-stream-rhel8/crun-1.5-1.module+el8.7.0+16493+89f82ab8
rpms:imports/c8-beta-stream-4.0/crun-1.5-1.module+el8.7.0+16431+bb67d067
rpms:imports/c8-beta-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8s-stream-3.0/crun-0.18-3.module+el8.7.0+16212+65e1b35f
rpms:imports/c8s-stream-4.0/crun-1.5-1.module+el8.7.0+16431+bb67d067
rpms:imports/c8s-stream-rhel8/crun-1.5-1.module+el8.7.0+16493+89f82ab8
rpms:imports/c9/crun-1.4.5-2.el9_0
rpms:imports/c8-stream-rhel8/crun-1.4.5-2.module+el8.6.0+15917+093ca6f8
rpms:imports/c9/crun-1.4.4-2.el9_0
rpms:imports/c8-stream-rhel8/crun-1.4.4-1.module+el8.6.0+14877+f643d2d6
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.6.0+14874+64436299
rpms:imports/c8-stream-rhel8/crun-1.4.4-1.module+el8.6.0+14673+621cb8be
rpms:imports/c8-stream-4.0/crun-1.4.4-1.module+el8.6.0+14672+b2f82327
rpms:imports/c8-stream-3.0/crun-0.18-3.module+el8.6.0+14694+4f5132e0
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.5.0+14784+8c48f0fc
rpms:imports/c8-beta-stream-4.0/crun-1.4.2-1.module+el8.6.0+14130+31267433
rpms:imports/c8-beta-stream-rhel8/crun-1.4.2-1.module+el8.6.0+14131+b9baa4cc
rpms:imports/c8s-stream-rhel8/crun-1.4.3-1.module+el8.7.0+14421+e3b24aca
rpms:imports/c8s-stream-4.0/crun-1.4.2-1.module+el8.6.0+14130+31267433
rpms:imports/c9-beta/crun-1.4.2-1.el9
rpms:imports/c8-stream-rhel8/crun-1.4.1-1.module+el8.5.0+13882+8ad012a9
rpms:imports/c9-beta/crun-1.4.1-1.el9
rpms:imports/c9-beta/crun-1.4-1.el9
rpms:imports/c9-beta-stream-latest/crun-1.0-1.module+el9.0.0+12467+378c8264
rpms:imports/c9-beta/crun-1.3-1.el9
rpms:imports/c8-stream-rhel8/crun-1.0-1.module+el8.5.0+12582+56d94c81
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.5.0+10306+3f72d66d
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+11818+341460ad
rpms:imports/c8s-stream-rhel8/crun-1.2-1.module+el8.6.0+12939+aa33c90f
rpms:imports/c8-beta-stream-rhel8/crun-1.0-1.module+el8.5.0+12391+32580560
rpms:imports/c8-beta-stream-rhel8/crun-0.18-1.module+el8.4.0+10198+36d1d0e3
rpms:imports/c8-beta-stream-3.0/crun-0.18-2.module+el8.5.0+10306+3f72d66d
rpms:imports/c8-beta-stream-3.0/crun-0.18-2.module+el8.4.0+10197+7c295612
rpms:imports/c8s-stream-rhel8/crun-1.0-1.module+el8.6.0+12698+b6644727
rpms:imports/c8s-stream-rhel8/crun-1.0-1.module+el8.5.0+12391+32580560
rpms:imports/c8s-stream-rhel8/crun-0.21-3.module+el8.5.0+12157+04f1d6be
rpms:imports/c8s-stream-rhel8/crun-0.21-1.module+el8.5.0+12014+438a5746
rpms:imports/c8s-stream-rhel8/crun-0.20.1-1.module+el8.5.0+11957+18363336
rpms:imports/c8s-stream-rhel8/crun-0.18-1.module+el8.5.0+10478+2006037b
rpms:imports/c8s-stream-3.0/crun-0.18-2.module+el8.4.0+10399+da537d87
rpms:imports/c8-stream-rhel8/crun-0.20.1-1.module+el8.4.0+11822+6cc1e7d7
rpms:imports/c8-stream-rhel8/crun-0.18-2.module+el8.4.0+11311+9da8acfb
rpms:imports/c8-stream-rhel8/crun-0.18-1.module+el8.4.0+10607+f4da7515
rpms:imports/c8-stream-rhel8/crun-0.16-2.module+el8.3.1+9857+68fb1526
rpms:imports/c8-stream-rhel8/crun-0.14.1-2.module+el8.3.0+8221+97165c3f
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+11310+8c67a752
rpms:imports/c8-stream-3.0/crun-0.18-2.module+el8.4.0+10614+dd38312c

No commits in common. "c8-stream-3.0" and "c9-beta" have entirely different histories.
c8-stream- ... c9-beta

6 changed files with 231 additions and 128 deletions
Show Stats Expand all files Collapse all files

2
.crun.metadata
View File

@ -1 +1 @@
c79a414d0b980611ba929a7526b7b4c30c2b3b1d SOURCES/crun-0.18.tar.gz
6447848fa63b86b97be8f3a6de9e596d1ae62969 SOURCES/crun-1.16.1.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/crun-0.18.tar.gz
SOURCES/crun-1.16.1.tar.gz

43
SOURCES/0001-revert-tests-build-init-always-statically.patch
View File

@ -1,43 +0,0 @@
From 320a7ec41342c95fd6bdc500cd207eb0ea5cda6a Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 19 Feb 2021 13:25:37 +0100
Subject: [PATCH] Revert "tests: build init always statically"
This reverts commit a0f322a49a10a014a447b505eda5923a8e6aff7c as it
causes issues on RHEL 8.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
Makefile.am | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e39dc3b..2b8e18b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,7 +14,7 @@ srpm: dist-gzip rpm/crun.spec
$(MAKE) -C $(WD) dist-gzip
rpmbuild -bs --define "_sourcedir $(WD)" --define "_specdir $(WD)" --define "_builddir $(WD)" --define "_srcrpmdir $(WD)" --define "_rpmdir $(WD)" --define "_buildrootdir $(WD)/.build" rpm/crun.spec
-CLEANFILES = crun.spec tests/init
+CLEANFILES = crun.spec
lib_LTLIBRARIES = libcrun.la
@@ -79,9 +79,9 @@ noinst_PROGRAMS = tests/init $(UNIT_TESTS)
TESTS_LDADD = libcrun_testing.a $(FOUND_LIBS)
-tests/init: tests/init.c
- $(CC) -static-libgcc --static -o $@ $<
-EXTRA_DIST += tests/init.c
+tests_init_LDADD =
+tests_init_LDFLAGS = -static-libgcc -all-static
+tests_init_SOURCES = tests/init.c $(UNIT_TESTS)
tests_tests_libcrun_utils_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
tests_tests_libcrun_utils_SOURCES = tests/tests_libcrun_utils.c
--
2.29.2

30
SOURCES/0001-spec-do-not-set-inheritable-capabilities.patch
View File

@ -1,30 +0,0 @@
From ed485db1465d67f0215c27529c57a76a1daf5135 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Feb 2022 11:05:18 +0100
Subject: [PATCH 1/2] spec: do not set inheritable capabilities
Closes: CVE-2022-27650
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit b847d146d496c9d7beba166fd595488e85488562)
---
src/libcrun/container.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/libcrun/container.c b/src/libcrun/container.c
index d3fb017..1e3f3e6 100644
--- a/src/libcrun/container.c
+++ b/src/libcrun/container.c
@@ -128,9 +128,6 @@ static char spec_file[] = "\
\"CAP_NET_BIND_SERVICE\"\n\
],\n\
\"inheritable\": [\n\
- \"CAP_AUDIT_WRITE\",\n\
- \"CAP_KILL\",\n\
- \"CAP_NET_BIND_SERVICE\"\n\
],\n\
\"permitted\": [\n\
\"CAP_AUDIT_WRITE\",\n\
--
2.35.1

31
SOURCES/0002-exec-cap-do-not-set-inheritable-capabilities.patch
View File

@ -1,31 +0,0 @@
From 21cb5a8c7bcc90c42743ffd15cd11a55bf66993d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Feb 2022 11:06:50 +0100
Subject: [PATCH 2/2] exec: --cap do not set inheritable capabilities
Closes: CVE-2022-27650
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 1aeeed2e4fdeffb4875c0d0b439915894594c8c6)
---
src/exec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/exec.c b/src/exec.c
index bf6c05f..8c9862d 100644
--- a/src/exec.c
+++ b/src/exec.c
@@ -250,8 +250,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
capabilities->effective = exec_options.cap;
capabilities->effective_len = exec_options.cap_size;
- capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
- capabilities->inheritable_len = exec_options.cap_size;
+ capabilities->inheritable = NULL;
+ capabilities->inheritable_len = 0;
capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
capabilities->bounding_len = exec_options.cap_size;
--
2.35.1

251
SPECS/crun.spec
View File

@ -1,11 +1,8 @@
Summary: OCI runtime written in C
Name: crun
Version: 0.18
Release: 3%{?dist}
Version: 1.16.1
Release: 1%{?dist}
Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: 0001-revert-tests-build-init-always-statically.patch
Patch1: 0001-spec-do-not-set-inheritable-capabilities.patch
Patch2: 0002-exec-cap-do-not-set-inheritable-capabilities.patch
License: GPLv2+
URL: https://github.com/containers/crun
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
@ -21,10 +18,13 @@ BuildRequires: systemd-devel
BuildRequires: yajl-devel
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
BuildRequires: criu-devel
BuildRequires: python3-libmount
BuildRequires: libtool
BuildRequires: go-md2man
Provides: oci-runtime = 2
BuildRequires: /usr/bin/go-md2man
Provides: oci-runtime
Recommends: criu >= 3.17.1
Recommends: criu-libs
%description
crun is a runtime for running OCI containers
@ -41,7 +41,7 @@ export CFLAGS="%{optflags} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFF
%install
%make_install
rm -rf $RPM_BUILD_ROOT/usr/lib*
rm -rf %{buildroot}%{_prefix}/lib*
%files
%license COPYING
@ -49,21 +49,231 @@ rm -rf $RPM_BUILD_ROOT/usr/lib*
%{_mandir}/man1/*
%changelog
* Tue Apr 05 2022 Jindrich Novy <jnovy@redhat.com> - 0.18-3
- fix CVE-2022-27650
- Related: #2061390
* Thu Aug 15 2024 Jindrich Novy <jnovy@redhat.com> - 1.16.1-1
- update to https://github.com/containers/crun/releases/tag/1.16.1
- Related: RHEL-27608
* Mon Aug 12 2024 Jindrich Novy <jnovy@redhat.com> - 1.16-1
- update to https://github.com/containers/crun/releases/tag/1.16
- Related: RHEL-27608
* Tue May 07 2024 Jindrich Novy <jnovy@redhat.com> - 1.15-1
- update to https://github.com/containers/crun/releases/tag/1.15
- Related: RHEL-27608
* Thu Mar 07 2024 Jindrich Novy <jnovy@redhat.com> - 1.14.4-1
- update to https://github.com/containers/crun/releases/tag/1.14.4
- Related: RHEL-27608
* Mon Feb 19 2024 Jindrich Novy <jnovy@redhat.com> - 1.14.3-2
- remove libgcrypt-devel BR - not needed any longer
- Related: Jira:RHEL-2112
* Mon Feb 19 2024 Jindrich Novy <jnovy@redhat.com> - 1.14.3-1
- update to https://github.com/containers/crun/releases/tag/1.14.3
- Related: RHEL-2112
* Fri Feb 16 2024 Jindrich Novy <jnovy@redhat.com> - 1.14.2-1
- update to https://github.com/containers/crun/releases/tag/1.14.2
- Related: RHEL-2112
* Fri Feb 09 2024 Jindrich Novy <jnovy@redhat.com> - 1.14.1-1
- update to https://github.com/containers/crun/releases/tag/1.14.1
- Related: RHEL-2112
* Wed Jan 24 2024 Jindrich Novy <jnovy@redhat.com> - 1.14-1
- update to https://github.com/containers/crun/releases/tag/1.14
- Related: RHEL-2112
* Wed Jan 17 2024 Jindrich Novy <jnovy@redhat.com> - 1.13-1
- update to https://github.com/containers/crun/releases/tag/1.13
- Related: RHEL-2112
* Tue Jan 02 2024 Jindrich Novy <jnovy@redhat.com> - 1.12-1
- update to https://github.com/containers/crun/releases/tag/1.12
- Related: RHEL-2112
* Tue Nov 07 2023 Jindrich Novy <jnovy@redhat.com> - 1.11.2-1
- update to https://github.com/containers/crun/releases/tag/1.11.2
- Related: RHEL-2112
* Tue Oct 31 2023 Jindrich Novy <jnovy@redhat.com> - 1.11.1-1
- update to https://github.com/containers/crun/releases/tag/1.11.1
- Related: RHEL-2112
* Mon Oct 30 2023 Jindrich Novy <jnovy@redhat.com> - 1.11-1
- update to https://github.com/containers/crun/releases/tag/1.11
- Related: RHEL-2112
* Fri Oct 20 2023 Jindrich Novy <jnovy@redhat.com> - 1.10-1
- update to https://github.com/containers/crun/releases/tag/1.10
- Related: RHEL-2112
* Fri Sep 29 2023 Jindrich Novy <jnovy@redhat.com> - 1.9.2-1
- update to https://github.com/containers/crun/releases/tag/1.9.2
- Related: Jira:RHEL-2112
* Tue Sep 26 2023 Jindrich Novy <jnovy@redhat.com> - 1.9.1-1
- update to https://github.com/containers/crun/releases/tag/1.9.1
- Related: Jira:RHEL-2112
* Fri Sep 15 2023 Jindrich Novy <jnovy@redhat.com> - 1.9-1
- update to https://github.com/containers/crun/releases/tag/1.9
- Related: Jira:RHEL-2112
* Tue Aug 22 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.7-1
- update to https://github.com/containers/crun/releases/tag/1.8.7
- Related: #2176063
* Thu Jul 27 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.6-1
- update to https://github.com/containers/crun/releases/tag/1.8.6
- Related: #2176063
* Mon May 22 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.5-1
- update to https://github.com/containers/crun/releases/tag/1.8.5
- Related: #2176063
* Fri Apr 14 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.4-1
- update to https://github.com/containers/crun/releases/tag/1.8.4
- Related: #2184220
* Tue Apr 04 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.3-2
- fix could not find symbol criu_set_lsm_mount_context in libcriu.so
- Resolves: #2184220
* Sun Mar 26 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.3-1
- update to https://github.com/containers/crun/releases/tag/1.8.3
- Related: #2176063
* Wed Mar 22 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.2-1
- update to https://github.com/containers/crun/releases/tag/1.8.2
- Related: #2176063
* Tue Feb 28 2023 Jindrich Novy <jnovy@redhat.com> - 1.8.1-1
- update to https://github.com/containers/crun/releases/tag/1.8.1
- Related: #2124478
* Wed Feb 01 2023 Jindrich Novy <jnovy@redhat.com> - 1.8-1
- update to https://github.com/containers/crun/releases/tag/1.8
- Related: #2124478
* Thu Jan 05 2023 Jindrich Novy <jnovy@redhat.com> - 1.7.2-2
- require libgcrypt-devel and add criu weak dep
- Resolves: #2158083
* Wed Nov 30 2022 Jindrich Novy <jnovy@redhat.com> - 1.7.2-1
- update to https://github.com/containers/crun/releases/tag/1.7.2
- Related: #2124478
* Mon Nov 28 2022 Jindrich Novy <jnovy@redhat.com> - 1.7.1-1
- update to https://github.com/containers/crun/releases/tag/1.7.1
- Related: #2124478
* Tue Nov 08 2022 Jindrich Novy <jnovy@redhat.com> - 1.7-1
- update to https://github.com/containers/crun/releases/tag/1.7
- Related: #2124478
* Tue Oct 18 2022 Jindrich Novy <jnovy@redhat.com> - 1.6-1
- update to https://github.com/containers/crun/releases/tag/1.6
- Related: #2124478
* Tue Aug 02 2022 Jindrich Novy <jnovy@redhat.com> - 1.5-1
- update to https://github.com/containers/crun/releases/tag/1.5
- Related: #2061316
* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.5-2
- BuildRequires: /usr/bin/go-md2man
- Related: #2061316
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.5-1
- update to https://github.com/containers/crun/releases/tag/1.4.5
- Related: #2061316
* Thu Mar 24 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.4-1
- update to https://github.com/containers/crun/releases/tag/1.4.4
- Related: #2061316
* Tue Mar 08 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.3-1
- update to https://github.com/containers/crun/releases/tag/1.4.3
- Related: #2061316
* Wed Jan 26 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.2-1
- update to https://github.com/containers/crun/releases/tag/1.4.2
- Related: #2000051
* Fri Jan 14 2022 Jindrich Novy <jnovy@redhat.com> - 1.4.1-1
- update to https://github.com/containers/crun/releases/tag/1.4.1
- Related: #2000051
* Wed Dec 22 2021 Jindrich Novy <jnovy@redhat.com> - 1.4-1
- update to https://github.com/containers/crun/releases/tag/1.4
- Related: #2000051
* Fri Nov 05 2021 Jindrich Novy <jnovy@redhat.com> - 1.3-1
- update to https://github.com/containers/crun/releases/tag/1.3
- Related: #2000051
* Mon Oct 11 2021 Jindrich Novy <jnovy@redhat.com> - 1.2-1
- update to https://github.com/containers/crun/releases/tag/1.2
- Related: #2000051
* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 1.1-3
- perform only sanity/installability tests for now
- Related: #2000051
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 1.1-2
- add gating.yaml
- Related: #2000051
* Wed Sep 29 2021 Jindrich Novy <jnovy@redhat.com> - 1.1-1
- update to https://github.com/containers/crun/releases/tag/1.1
- Related: #2000051
* Fri Sep 03 2021 Jindrich Novy <jnovy@redhat.com> - 1.0-1
- update to https://github.com/containers/crun/releases/tag/1.0
- Related: #2000051
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.21-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Aug 06 2021 Jindrich Novy <jnovy@redhat.com> - 0.21-3
- do not use versioned provide
- Resolves: #1974951
* Fri Jul 30 2021 Jindrich Novy <jnovy@redhat.com> - 0.21-2
- re-add versioned provide
- Related: #1970747
* Tue Jul 27 2021 Jindrich Novy <jnovy@redhat.com> - 0.21-1
- update to https://github.com/containers/crun/releases/tag/0.21
- Related: #1970747
* Tue Jun 22 2021 Lokesh Mandvekar <lsm5@redhat.com> - 0.20.1-4
- Resolves: #1974951 - Versionless oci-runtime
* Tue Jun 15 2021 Jindrich Novy <jnovy@redhat.com> - 0.20.1-3
- add BR: criu-devel
- Resolves: #1944964
* Mon Jun 14 2021 Jindrich Novy <jnovy@redhat.com> - 0.20.1-2
- update to https://github.com/containers/crun/releases/tag/0.20.1
- Related: #1970747
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.19-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Apr 06 2021 Jindrich Novy <jnovy@redhat.com> - 0.19-1
- update to https://github.com/containers/crun/releases/tag/0.19
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-2
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-1
- update to https://github.com/containers/crun/releases/tag/0.18
- Related: #1883490
* Fri Jan 22 2021 Jindrich Novy <jnovy@redhat.com> - 0.17-1
* Tue Jan 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.17-1
- update to https://github.com/containers/crun/releases/tag/0.17
- Related: #1883490
* Thu Dec 03 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-2
- exclude i686 because of build failures
@ -71,19 +281,16 @@ rm -rf $RPM_BUILD_ROOT/usr/lib*
* Wed Nov 25 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-1
- update to https://github.com/containers/crun/releases/tag/0.16
- Related: #1883490
* Wed Nov 04 2020 Jindrich Novy <jnovy@redhat.com> - 0.15.1-1
- update to https://github.com/containers/crun/releases/tag/0.15.1
- Related: #1883490
* Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-2
- synchronize with stream-container-tools-rhel8
- Related: #1883490
- backport "exec: check read bytes from sync" (gscrivan@redhat.com)
(https://github.com/containers/crun/issues/511)
* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-1
- synchronize with stream-container-tools-rhel8
- Related: #1883490
* Wed Sep 23 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-1
- update to https://github.com/containers/crun/releases/tag/0.15
* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-2
- use proper CFLAGS