User: release.debian....@packages.debian.org Usertags: pu Tags: bullseye Severity: normal stop
sorry for the abrupt ending of the previous mail. I'm attaching the debdiffs for the three uploads to this email. I'm happy to do the 3 uploads at any time. Please let me know what you think. On Mon, Sep 27, 2021 at 12:08 PM Reinhard Tartler <siret...@gmail.com> wrote: > > On Thu, Sep 16, 2021 at 4:18 AM Bastien Roucariès < > roucaries.bast...@gmail.com> wrote: > >> Package: golang-github-containers-common >> Version: 0.33.4+ds1-1 >> Severity: critical >> Tags: upstream >> Forwarded: >> https://github.com/containers/common/commit/42d1db16bfc0dbaee5781d230dc2bcbaa0849c6e >> Control: fixed -1 0.42.1+ds1-1 >> >> Dear Maintainer, >> >> golang-github-containers-common in stable does not include recent syscall >> used >> by stable kernel/glibc breaking in my case simple container that do >> unattended- >> upgrade on arm >> particularly syscall=436 that is timer_settime64 >> >> I believe this should be fixed in a point release. >> > > I agree. I realized that these syscall changes also affect amd64. I was > able to reproduce the issue > by running a distribution that ships with glibc 2.34, such as ubuntu > impish. The testcase would be: > > $ podman run --rm -it ubuntu:impish sh -c 'apt update -qq && apt -y > full-upgrade && apt install -y libc6 jq' > > The symptom is described in more detail at > https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1943049 > > The problem here is that the issue is not simply dealt with updating the > secomp.json file, but also some code changes are required > that allow setting the default return value for some syscalls. This means > that in order to fix this issue in stable, 3 uploads are needed: > > - golang-github-opencontainers-specs > - golang-github-containers-common > - libpod > > I'm cloning this bug appropriately so that these uploads can be tracked > separately. > For now,I've backported and verified the changes. For your convenience, > I've uploaded the packages I got so far to > https://people.debian.org/~siretart/bug.994451/ > > >> BTW I strongly believe that seccomp.json is a config file and should be >> shipped in /etc and 988443 should also be shipped in stable. >> > > I could get convinced if the issue was fixable by just upading the > seccomp.json policy file. > Sadly, that's not the case. > > Stable Release team, I think this bug should be cloned with those > instructions: > > > -- > regards, > Reinhard > -- regards, Reinhard
golang-github-opencontainers-specs.debdiff
Description: Binary data
golang-github-opencontainers-specs.debdiff
Description: Binary data
podman.debdiff
Description: Binary data