Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package crun for openSUSE:Factory checked in at 2022-04-13 21:04:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/crun (Old) and /work/SRC/openSUSE:Factory/.crun.new.1900 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crun" Wed Apr 13 21:04:55 2022 rev:6 rq:969579 version:1.4.4 Changes: -------- --- /work/SRC/openSUSE:Factory/crun/crun.changes 2021-11-09 23:55:08.775969006 +0100 +++ /work/SRC/openSUSE:Factory/.crun.new.1900/crun.changes 2022-04-13 21:05:45.616603655 +0200 @@ -1,0 +2,65 @@ +Tue Apr 12 08:59:23 UTC 2022 - Dario Faggioli <[email protected]> + +- It'd be nice to run the test suite with %check. It however, still + does not work properly inside OBS workers. Add it commented and + explain it + +------------------------------------------------------------------- +Tue Apr 12 08:36:54 UTC 2022 - Dario Faggioli <[email protected]> + +- switch to latest upstream version (1.4.4) +- big jump from 0.21! Here's a short summary, for details, + see: https://github.com/containers/crun/releases + * 1.4.4 + wasm, kubernetes: support wasm for kubernetes infrastructure with side-cars + Resolve symlinks in bind mounts when creating a user namespace. + Fix CVE-2022-27650: exec does not set inheritable capabilities. + * 1.4.3 + cgroup: avoid potential infinite loop when deleting a cgroup. + support additional options for idmap mounts. + open the source for a bind mount in the host. + * 1.4.2 + CRIU: add pre-dump support. + Fix running with a read-only /dev. + Ignore EROFS when chowning standard stream files. + Add validation for sysctls before applying them. + * 1.4.1 + Fix check for an invalid path. + Allow deleting a container while in created state. + cgroup: do not set cpu limits if number of shares is set to 0. + * 1.4 + wasm: support for running on kubernetes with containerd. + linux: add support for recursive mount options. + add support for idmapped mounts through a new mount option "idmap". + linux: improve detection of /dev target. + now crun exec uses CLONE_INTO_CGROUP on supported kernels when using cgroup v2. + retry the openat2 syscall if it fails with EAGAIN. + cgroup: set the CPUWeight/CPUShares on the systemd scope cgroup. + on new kernels, use setns with pidfd. + attempt the chdir again with the specified user if it failed before changing credentials. + * 1.3 + add support to natively build and run WebAssembly workload and WebAssembly containers. + allow to specify sub-cgroup for exec. + chown std streams if they are not a TTY. + attach the correct streams if the container is suspended and restored multiple times. + fix race condition when enabling controllers on cgroup v2. + * 1.2 + exec: fix regression in 1.1 where containers are being wrongly reported as paused. + criu: add support for external ipc, uts and time namespaces. + * 1.1 + cgroup: use cgroup.kill when available. + exec: refuse to exec in a paused container/cgroup. + container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing. + criu: Add support for external PID namespace. + criu: fix save of external descriptors. + utils: retry openat2 on EAGAIN. + * 1.0 + cgroup: chown the current container cgroup to root in the container. + linux: treat pidfd_open failures EINVAL as ESRCH. + cgroup: add support for setting memory.use_hierarchy on cgroup v1. + Makefile.am: fix link error when using directly libcrun. + Fix symlink target mangling for tmpcopyup targets. +- fix bsc#1197871, CVE-2022-27650 (as 1.4.4 contains the fixes itself) +- update and fixup dependencies + +------------------------------------------------------------------- Old: ---- crun-0.21.tar.gz New: ---- crun-1.4.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ crun.spec ++++++ --- /var/tmp/diff_new_pack.qtLGkV/_old 2022-04-13 21:05:46.272604317 +0200 +++ /var/tmp/diff_new_pack.qtLGkV/_new 2022-04-13 21:05:46.276604320 +0200 @@ -1,7 +1,7 @@ # # spec file for package crun # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ Summary: OCI runtime written in C License: GPL-2.0-or-later Name: crun -Version: 0.21 +Version: 1.4.4 Release: 0 Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz URL: https://github.com/containers/crun @@ -27,16 +27,16 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc -BuildRequires: git-core +BuildRequires: gettext BuildRequires: glibc-devel-static BuildRequires: go-md2man BuildRequires: libcap-devel BuildRequires: libprotobuf-c-devel BuildRequires: libseccomp-devel -BuildRequires: libselinux-devel BuildRequires: libtool BuildRequires: libyajl-devel -BuildRequires: python +BuildRequires: make +BuildRequires: python3 BuildRequires: python3-libmount BuildRequires: systemd-devel %ifnarch %ix86 @@ -61,6 +61,13 @@ %configure --disable-silent-rules $LIBKRUN CFLAGS='-I /usr/include/libseccomp' %make_build +# TODO: +# - it would be nice to enable the test-suite, but seems to behave (and fail!) +# differently when run inside of an OBS worker, with respect to when it's +# run manually on the host... Need to investigate more. +#%check +#make test-suite.log + %install %make_install rm -rf %{buildroot}/%{_libdir}/lib* ++++++ crun-0.21.tar.gz -> crun-1.4.4.tar.gz ++++++ ++++ 23399 lines of diff (skipped)
