Hello community, here is the log from the commit of package runc for openSUSE:Factory checked in at 2018-12-27 00:25:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/runc (Old) and /work/SRC/openSUSE:Factory/.runc.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc" Thu Dec 27 00:25:07 2018 rev:21 rq:660263 version:1.0.0~rc6 Changes: -------- --- /work/SRC/openSUSE:Factory/runc/runc.changes 2018-12-05 09:37:10.401113581 +0100 +++ /work/SRC/openSUSE:Factory/.runc.new.28833/runc.changes 2018-12-27 00:25:20.139862053 +0100 @@ -1,0 +2,15 @@ +Wed Dec 19 19:55:11 UTC 2018 - [email protected] + +- Update go requirements to >= go1.10 to fix + * bsc#1118897 CVE-2018-16873 + go#29230 cmd/go: remote command execution during "go get -u" + * bsc#1118898 CVE-2018-16874 + go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths + * bsc#1118899 CVE-2018-16875 + go#29233 crypto/x509: CPU denial of service +------------------------------------------------------------------- +Thu Dec 13 04:34:25 UTC 2018 - [email protected] + +- Require golang = 1.10. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ runc.spec ++++++ --- /var/tmp/diff_new_pack.5NCDL8/_old 2018-12-27 00:25:20.623861658 +0100 +++ /var/tmp/diff_new_pack.5NCDL8/_new 2018-12-27 00:25:20.623861658 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # nodebuginfo @@ -21,6 +21,8 @@ # only package released versions (unlike docker-runc). %define git_version %{nil} +# Package-wide golang version +%define go_version 1.10 %define go_tool go %define _version 1.0.0-rc6 %define project github.com/opencontainers/runc @@ -50,7 +52,7 @@ Source2: runc.keyring BuildRequires: fdupes BuildRequires: go-go-md2man -BuildRequires: golang(API) = 1.10 +BuildRequires: golang(API) = %{go_version} %if 0%{?with_libseccomp} BuildRequires: libseccomp-devel %endif @@ -68,7 +70,7 @@ Summary: Test package for runc # Make sure we require go 1.7 Group: System/Management -BuildRequires: golang(API) = 1.7 +BuildRequires: golang(API) = %{go_version} Requires: go-go-md2man Requires: libapparmor-devel %if 0%{?with_libseccomp}
