Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package katacontainers for openSUSE:Factory checked in at 2021-01-19 16:01:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/katacontainers (Old) and /work/SRC/openSUSE:Factory/.katacontainers.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "katacontainers" Tue Jan 19 16:01:35 2021 rev:15 rq:861702 version:1.11.5 Changes: -------- --- /work/SRC/openSUSE:Factory/katacontainers/katacontainers.changes 2020-06-22 17:46:40.249990980 +0200 +++ /work/SRC/openSUSE:Factory/.katacontainers.new.28504/katacontainers.changes 2021-01-19 16:01:53.287352192 +0100 @@ -1,0 +2,18 @@ +Fri Jan 8 12:49:37 UTC 2021 - Richard Brown <[email protected]> + +- Update to 1.11.5: + runtime: Security fixes included: + - Readonly bind-mounts are now mounted read-only on the host. + With this fix, mounts are protected at VM boundary not just + the guest kernel. If a container escape were to occur, one + would be able to write to a directory or file that was + mounted read-only. + - Certain annotations in kata can be used to execute + pre-exiting binaries. This could be used to execute arbitrary + binaries with the onus of validating these paths left to the + stack about Kata. In this release, we added appropriate + validations so that an admin can configure a list of file + system paths that can be used to filter annotations that + represent valid file names. + +------------------------------------------------------------------- Old: ---- ksm-throttler-1.11.1.tar.xz proxy-1.11.1.tar.xz runtime-1.11.1.tar.xz shim-1.11.1.tar.xz New: ---- ksm-throttler-1.11.5.tar.xz proxy-1.11.5.tar.xz runtime-1.11.5.tar.xz shim-1.11.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ katacontainers.spec ++++++ --- /var/tmp/diff_new_pack.hsFAk1/_old 2021-01-19 16:01:55.519355565 +0100 +++ /var/tmp/diff_new_pack.hsFAk1/_new 2021-01-19 16:01:55.523355571 +0100 @@ -1,7 +1,7 @@ # # spec file for package katacontainers # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,7 +41,7 @@ %endif Name: katacontainers -Version: 1.11.1 +Version: 1.11.5 Release: 0 Summary: Kata Containers OCI container runtime License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.hsFAk1/_old 2021-01-19 16:01:55.555355619 +0100 +++ /var/tmp/diff_new_pack.hsFAk1/_new 2021-01-19 16:01:55.559355626 +0100 @@ -6,8 +6,8 @@ <param name="url">https://github.com/kata-containers/runtime.git</param> <param name="filename">runtime</param> <!--- versionformat defines the name of the tarball. --> - <param name="versionformat">1.11.1</param> - <param name="revision">1.11.1</param> + <param name="versionformat">1.11.5</param> + <param name="revision">1.11.5</param> </service> <service name="tar_scm" mode="disabled"> @@ -15,8 +15,8 @@ <param name="url">https://github.com/kata-containers/proxy.git</param> <param name="filename">proxy</param> <!--- versionformat defines the name of the tarball. --> - <param name="versionformat">1.11.1</param> - <param name="revision">1.11.1</param> + <param name="versionformat">1.11.5</param> + <param name="revision">1.11.5</param> </service> <service name="tar_scm" mode="disabled"> @@ -24,8 +24,8 @@ <param name="url">https://github.com/kata-containers/shim.git</param> <param name="filename">shim</param> <!--- versionformat defines the name of the tarball. --> - <param name="versionformat">1.11.1</param> - <param name="revision">1.11.1</param> + <param name="versionformat">1.11.5</param> + <param name="revision">1.11.5</param> </service> <service name="tar_scm" mode="disabled"> @@ -33,8 +33,8 @@ <param name="url">https://github.com/kata-containers/ksm-throttler.git</param> <param name="filename">ksm-throttler</param> <!--- versionformat defines the name of the tarball. --> - <param name="versionformat">1.11.1</param> - <param name="revision">1.11.1</param> + <param name="versionformat">1.11.5</param> + <param name="revision">1.11.5</param> </service> <service name="recompress" mode="disabled"> ++++++ ksm-throttler-1.11.1.tar.xz -> ksm-throttler-1.11.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ksm-throttler-1.11.1/VERSION new/ksm-throttler-1.11.5/VERSION --- old/ksm-throttler-1.11.1/VERSION 2020-06-06 00:53:41.000000000 +0200 +++ new/ksm-throttler-1.11.5/VERSION 2020-11-11 20:51:05.000000000 +0100 @@ -1 +1 @@ -1.11.1 +1.11.5 ++++++ proxy-1.11.1.tar.xz -> proxy-1.11.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxy-1.11.1/.github/workflows/PR-wip-checks.yaml new/proxy-1.11.5/.github/workflows/PR-wip-checks.yaml --- old/proxy-1.11.1/.github/workflows/PR-wip-checks.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/proxy-1.11.5/.github/workflows/PR-wip-checks.yaml 2020-11-11 22:50:09.000000000 +0100 @@ -0,0 +1,21 @@ +name: Pull request WIP checks +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + - labeled + - unlabeled + +jobs: + pr_wip_check: + runs-on: ubuntu-latest + name: WIP Check + steps: + - name: WIP Check + uses: tim-actions/wip-check@1c2a1ca6c110026b3e2297bb2ef39e1747b5a755 + with: + labels: '["do-not-merge", "wip", "rfc"]' + keywords: '["WIP", "wip", "RFC", "rfc", "dnm", "DNM", "do-not-merge"]' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxy-1.11.1/.github/workflows/dco-check.yaml new/proxy-1.11.5/.github/workflows/dco-check.yaml --- old/proxy-1.11.1/.github/workflows/dco-check.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/proxy-1.11.5/.github/workflows/dco-check.yaml 2020-11-11 22:50:09.000000000 +0100 @@ -0,0 +1,22 @@ +name: DCO check +on: + pull_request: + types: + - opened + - reopened + - synchronize + +jobs: + dco_check_job: + runs-on: ubuntu-latest + name: DCO Check + steps: + - name: Get PR Commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@ed97a21c3f83c3417e67a4733ea76887293a2c8f + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: DCO Check + uses: tim-actions/dco@2fd0504dc0d27b33f542867c300c60840c6dcb20 + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxy-1.11.1/VERSION new/proxy-1.11.5/VERSION --- old/proxy-1.11.1/VERSION 2020-06-06 00:48:47.000000000 +0200 +++ new/proxy-1.11.5/VERSION 2020-11-11 22:50:09.000000000 +0100 @@ -1 +1 @@ -1.11.1 +1.11.5 ++++++ runtime-1.11.1.tar.xz -> runtime-1.11.5.tar.xz ++++++ /work/SRC/openSUSE:Factory/katacontainers/runtime-1.11.1.tar.xz /work/SRC/openSUSE:Factory/.katacontainers.new.28504/runtime-1.11.5.tar.xz differ: char 13, line 1 ++++++ shim-1.11.1.tar.xz -> shim-1.11.5.tar.xz ++++++ /work/SRC/openSUSE:Factory/katacontainers/shim-1.11.1.tar.xz /work/SRC/openSUSE:Factory/.katacontainers.new.28504/shim-1.11.5.tar.xz differ: char 13, line 1
