From 2790485e3eca515d69e1d7151cb5d4720152809c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 2 Oct 2024 11:56:56 +0200 Subject: [PATCH 1/3] CHANGELOG: Remove empty changed line No entry lives under this line, let's just remove it. Signed-off-by: Rodrigo Campos --- CHANGELOG.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a68f349d591..f85053b1725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,8 +34,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 (#4370, #4382) * rootfs: consolidate mountpoint creation logic. (#4359) -### Changed - ## [1.1.13] - 2024-06-13 > There is no certainty in the world. This is the only certainty I have. From bc20cb4497af9af01bea4a8044f1678ffca2745c Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 2 Oct 2024 11:58:17 +0200 Subject: [PATCH 2/3] VERSION: release 1.1.15 [@kolyshkin: rebased; added a CVE link; added 1.1.15 link; changed date to 7 Oct] Signed-off-by: Rodrigo Campos Signed-off-by: Kir Kolyshkin --- CHANGELOG.md | 22 +++++++++++++++++++++- VERSION | 2 +- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f85053b1725..24296cfbafc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,12 +6,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased 1.1.z] +## [1.1.15] - 2024-10-07 + +> How, dear sir, did you cross the flood? By not stopping, friend, and by not +> straining I crossed the flood. + ### Fixed + * The `-ENOSYS` seccomp stub is now always generated for the native + architecture that `runc` is running on. This is needed to work around some + arguably specification-incompliant behaviour from Docker on architectures + such as ppc64le, where the allowed architecture list is set to `null`. This + ensures that we always generate at least one `-ENOSYS` stub for the native + architecture even with these weird configs. (#4391) * On a system with older kernel, reading `/proc/self/mountinfo` may skip some entries, as a consequence runc may not properly set mount propagation, causing container mounts leak onto the host mount namespace. (#2404, #4425) +### Removed + + * In order to fix performance issues in the "lightweight" bindfd protection + against [CVE-2019-5736], the temporary `ro` bind-mount of `/proc/self/exe` + has been removed. runc now creates a binary copy in all cases. (#4392, #2532) + +[CVE-2019-5736]: https://www.openwall.com/lists/oss-security/2019/02/11/2 + ## [1.1.14] - 2024-09-03 > 年を取っていいことは、驚かなくなることね。 @@ -566,7 +585,8 @@ implementation (libcontainer) is *not* covered by this policy. [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1 -[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.14...release-1.1 +[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.15...release-1.1 +[1.1.15]: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15 [1.1.14]: https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14 [1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13 [1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 diff --git a/VERSION b/VERSION index 0695580b60f..645377eea8d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.14+dev +1.1.15 From 9f4baaac61d1997dd2fcdd25e4c80a9ed5a16336 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 2 Oct 2024 11:59:15 +0200 Subject: [PATCH 3/3] VERSION: back to development Signed-off-by: Rodrigo Campos --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 645377eea8d..04b774a73f1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.1.15 +1.1.15+dev