runc 1.0-rc10 -- "Procfs Strikes Back"
This is a hot-fix for v1.0.0~rc9, primarily fixing CVE-2019-19921. Given
that the relevant runtime-spec PR which was considered a blocker has
been merged the next rc release of runc should be the last one before
1.0.0.
Other notable changes include:
- Fixing an exec-fifo race that could be triggered under Kubernetes (#2185).
- Partial cgroupv2 support (#2209 for remaining issues).
NOTE: This release's artefacts were updated on 2020-07-30 to correct an
LGPL compliance issue (we previously did not include the source code of
libseccomp
with our releases) and thus we had to recompile ourrunc
binaries to be sure we were distributing the correct version oflibseccomp
.
All of the binaries are still signed by the same maintainer key, and thus can
still be easily validated.
NOTE: This release's artefacts were updated on 2021-04-07, to correct an
issue with the .tar.xz archive from 2020-07-30 (the archive had malformed
paths due to a bug in historical release scripts -- which caused the update
on 2020-07-30 to change the checksum of the source code archive). See #2895
for more details. All of the binaries are still signed by the same maintainer
key, and thus can still be easily validated.
Static Linking Notices
The runc
binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc
acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to the following people who made this release possible:
- Akihiro Suda akihiro.suda.cz@hco.ntt.co.jp
- Aleksa Sarai asarai@suse.de
- James Peach jpeach@apache.org
- Jordan Liggitt liggitt@google.com
- Julia Nedialkova julianedialkova@hotmail.com
- Julio Montes julio.montes@intel.com
- Kevin Kelani kkelani@gmail.com
- Kurnia D Win kurnia.d.win@gmail.com
- Manuel Rüger manuel@rueg.eu
- Michael Crosby crosbymichael@gmail.com
- Mrunal Patel mrunal@me.com
- Qiang Huang h.huangqiang@huawei.com
- Radostin Stoyanov rstoyanov1@gmail.com
- Sascha Grunert sgrunert@suse.com
- tianye15 tianye15@yq01-ps-www007cc6e83.yq01.baidu.com
Vote: +4 -0 #1
Signed-off-by: Aleksa Sarai asarai@suse.de