Release 1.1.10

[cyphar]

Update of #4092 to include the #4103 fix.

---

[1.1.10] - 2023-10-30

Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na jawie.

Added

• Support for hugetlb.<pagesize>.rsvd limiting and accounting. Fixes the
  issue of postres failing when hugepage limits are set. (Support rsvd hugetlb cgroup #3859, [1.1] libct/cg: support hugetlb rsvd #4077)

Fixed

• Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation. (Wrong directory permissions when using tmpcopyup because of umask #3991, [1.1] Fix directory perms vs umask for tmpcopyup #4060)
• libcontainer: cgroup v1 GetStats now ignores missing kmem.limit_in_bytes
  (fixes the compatibility with Linux kernel 6.1+). ([1.1 backport] Handle kmem.limit_in_bytes removal #4028)
• Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model. (semi-arbitrary cgroup resource write with malicious hugetlb configuration #4103)
• Various CI fixes. ([1.1] ci/gha: fix downloading Release.key #4081, [1.1 backport] fix typos #4055)

[thaJeztah]

Do we still need to refer to the CVE, or should we remove that? (We can remove the CVE from the advisory, and still link to (and publish) the advisory, but we could decide not to attach a CVE to it.