runc - Debian Package Tracker

general

source: runc (main)
version: 1.3.2+ds1-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Reinhard Tartler [DMD] – Dmitry Smirnov [DMD] – Alexandre Viau [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0.0~rc93+ds1-5+deb11u5
o-o-sec: 1.0.0~rc93+ds1-5+deb11u3
o-o-p-u: 1.0.0~rc93+ds1-5+deb11u5
oldstable: 1.1.5+ds1-1+deb12u1
old-sec: 1.1.5+ds1-1+deb12u1
stable: 1.1.15+ds1-2
testing: 1.3.2+ds1-1
unstable: 1.3.2+ds1-1

versioned links

1.0.0~rc93+ds1-5+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0.0~rc93+ds1-5+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.5+ds1-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.15+ds1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.2+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

golang-github-opencontainers-runc-dev
runc (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 1.3.3 high

A new upstream version 1.3.3 is available, you should consider packaging it.

Created: 2025-11-06 Last update: 2025-11-10 09:01

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Created: 2025-11-05 Last update: 2025-11-07 04:00

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Created: 2025-11-05 Last update: 2025-11-07 04:00

3 security issues in forky high

There are 3 open security issues in forky.

3 important issues:

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Created: 2025-11-05 Last update: 2025-11-07 04:00

4 security issues in bullseye high

There are 4 open security issues in bullseye.

3 important issues:

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

1 issue postponed or untriaged:

CVE-2024-45310: (postponed; to be fixed through a stable update) runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.

Created: 2025-11-05 Last update: 2025-11-07 04:00

4 security issues in bookworm high

There are 4 open security issues in bookworm.

3 important issues:

CVE-2025-31133: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52565: runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
CVE-2025-52881: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

1 issue left for the package maintainer to handle:

CVE-2024-45310: (needs triaging) runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-09-03 Last update: 2025-11-07 04:00

832 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 4e3ee706f4948d16c971f1123e08b8339cd76f42
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 19:14:41 2025 -0400

    debian/changelog: update

commit 0a82835b29a7f13936e76861fb2c5ad57de823c1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 18:01:00 2025 -0400

    gitlab-ci.yml: Use salsa pipeline

commit 7421cdc4db2e46b1c2e456c4483e6cac57ba848e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 17:59:01 2025 -0400

    debian/changelog: update

commit 276d9d4b99add52ae567eb3357a1a318af83124f
Merge: 82c8716 8086446
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 17:54:00 2025 -0400

    Update upstream source from tag 'upstream/1.3.2+ds1'
    
    Update to upstream version '1.3.2+ds1'
    with Debian dir 6517952185ece087a8e4a65663c006f1d5926aba

commit 8086446e4057a677dadcd433a9c46b99162f90a8
Merge: 8682ccb aeabe4e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 17:54:00 2025 -0400

    New upstream version 1.3.2+ds1

commit 82c8716122e5b202eebc58dfaed72f509d0a49f9
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 17:51:13 2025 -0400

    debian/watch: Update to format 5, track 1.3 releases

commit 8682ccbe532d9181f154c275d713eaf0b22fd1c2
Merge: 34e2709 aeabe4e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Nov 1 17:51:56 2025 -0400

    New upstream version 1.3.2

commit aeabe4e711d903ef0ea86a4155da0f9e00eabd29
Author: Kir Kolyshkin <kolyshkin@gmail.com>
Date:   Wed Oct 1 16:40:00 2025 -0700

    VERSION: release v1.3.2
    
    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

commit e0b5e1e242b3e1181739fe7d0642ffdb7e3e3161
Merge: df25d7c 2845c53
Author: Aleksa Sarai <cyphar@cyphar.com>
Date:   Thu Sep 25 17:13:51 2025 +1000

    merge #4897 into opencontainers/runc:release-1.3
    
    (Backported by Jared Ledvina.)
    
    dependabot[bot]:
      build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4
    
    Kir Kolyshkin (4):
      deps: bump cgroups to v0.0.3, fix tests
      libct: State: ensure Resources is not nil
      deps: bump opencontainers/cgroups to v0.0.2
      tests/int: simplify using check_cpu_quota
    
    LGTMs: kolyshkin cyphar

commit 2845c532f9f729fdd50621cb469a019779b18a1c
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Tue Jul 15 06:35:26 2025 +0000

    build(deps): bump github.com/opencontainers/cgroups from 0.0.3 to 0.0.4
    
    Bumps [github.com/opencontainers/cgroups](https://github.com/opencontainers/cgroups) from 0.0.3 to 0.0.4.
    - [Release notes](https://github.com/opencontainers/cgroups/releases)
    - [Changelog](https://github.com/opencontainers/cgroups/blob/main/RELEASES.md)
    - [Commits](https://github.com/opencontainers/cgroups/compare/v0.0.3...v0.0.4)
    
    ---
    updated-dependencies:
    - dependency-name: github.com/opencontainers/cgroups
      dependency-version: 0.0.4
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>

commit 3764d6e888b21b3f67855736e7605e3785a3d553
Author: Kir Kolyshkin <kolyshkin@gmail.com>
Date:   Wed Jun 18 15:00:34 2025 -0700

    deps: bump cgroups to v0.0.3, fix tests
    
    For changelog, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.3
    
    This fixes two runc issues:
    
    1. JSON incompatibility introduced in cgroups v0.0.2 (see
       https://github.com/opencontainers/cgroups/pull/22).
    
    2. Bad CPU shares to CPU weight conversion (see
       https://github.com/opencontainers/runc/issues/4772).
    
    Due to item 2, modify some tests accordingly.
    
    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

commit e34f6438e97c57f98d4598e86185bc5c9a4e3eed
Author: Kir Kolyshkin <kolyshkin@gmail.com>
Date:   Wed Jun 18 16:56:00 2025 -0700

    libct: State: ensure Resources is not nil
    
    Since opencontainers/cgroups v0.0.2 (commit b206a015), all stuct
    Resources fields are annotated with "omitempty" attribute.
    As a result, the loaded configuration may have Resources == nil.
    
    It is totally OK (rootless containers may have no resources configured)
    except since commit 6c5441e5, cgroup v1 fs manager requires Resources to
    be set in the call to NewManager (this is a cgroup v1 deficiency,
    or maybe our implementation deficiency, or both).
    
    To work around this, let's add code to ensure Resources is never nil
    after loading from state.json.
    
    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

commit f5e8c63fdc64690419ea6fcf6669f227f683b5ea
Author: Kir Kolyshkin <kolyshkin@gmail.com>
Date:   Mon Apr 28 15:21:40 2025 -0700

    deps: bump opencontainers/cgroups to v0.0.2
    
    For changes, see https://github.com/opencontainers/cgroups/releases/tag/v0.0.2
    
    Fix integration tests according to changes in [1] (now the CPU quota value set
    is rounded the same way systemd does it).
    
    [1]: https://github.com/opencontainers/cgroups/pull/4
    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

commit eb29c8ddeb51903cccee29d994ba5f74c8932bdb
Author: Kir Kolyshkin <kolyshkin@gmail.com>
Date:   Tue Apr 29 12:50:26 2025 -0700

    tests/int: simplify using check_cpu_quota
    
    Instead of providing systemd CPU quota value (CPUQuotaPerSec),
    calculate it based on how opencontainers/cgroups/systemd handles
    it (see addCPUQuota).
    
    Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

commit d8e7181efdfc217d9e0a710d9144436bb0f62905
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Sep 19 15:01:34 2025 -0400

    Update changelog for 1.3.0+ds1-4 release

commit 588509b0ceb80f106fdbf5ea2d5575b9856776c1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Sep 20 05:59:10 2025 -0400

    Unbreak when running in incus
    
    Expands https://github.com/opencontainers/runc/commit/9a7e5a94346df545be991330196ed4d65adcbb26

commit 7fcbbb17e730ceb6150e32ecbc6146a95e501a3d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Sep 19 15:01:09 2025 -0400

    Add breaks to containers/{common,buildah}
    
    Breaks compilation with:
    
     src/github.com/containers/common/pkg/cgroups/blkio_linux.go:14:2: cannot find package "github.com/opencontainers/runc/libcontainer/cgroups" in any of:
            /usr/lib/go-1.24/src/github.com/opencontainers/runc/libcontainer/cgroups (from $GOROOT)
            /tmp/autopkgtest-lxc.ufg0gx7g/downtmp/autopkgtest_tmp/_build/src/github.com/opencontainers/runc/libcontainer/cgroups (from $GOPATH)
     src/github.com/containers/common/pkg/cgroups/blkio_linux.go:15:2: cannot find package "github.com/opencontainers/runc/libcontainer/cgroups/fs" in any of:
            /usr/lib/go-1.24/src/github.com/opencontainers/runc/libcontainer/cgroups/fs (from $GOROOT)
            /tmp/autopkgtest-lxc.ufg0gx7g/downtmp/autopkgtest_tmp/_build/src/github.com/opencontainers/runc/libcontainer/cgroups/fs (from $GOPATH)
     src/github.com/containers/common/pkg/cgroups/blkio_linux.go:16:2: cannot find package "github.com/opencontainers/runc/libcontainer/cgroups/fs2" in any of:
            /usr/lib/go-1.24/src/github.com/opencontainers/runc/libcontainer/cgroups/fs2 (from $GOROOT)
            /tmp/autopkgtest-lxc.ufg0gx7g/downtmp/autopkgtest_tmp/_build/src/github.com/opencontainers/runc/libcontainer/cgroups/fs2 (from $GOPATH)
    
    This code has been moved out to containerd/cgroups

commit 085e6b86da2e9df040ba80adebdeb6cbce33f025
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Sep 18 06:20:51 2025 -0400

    debian/changelog: update

commit df25d7ccc6b1d41fa878c2ef4554a1881bfcad19
Merge: 799d52d 6fb8054
Author: Rodrigo Campos <rata@users.noreply.github.com>
Date:   Thu Sep 18 00:50:25 2025 -0300

    Merge pull request #4895 from rata/64k-alignment-v1.3
    
    [1.3] tests/int/cgroups: Use 64K aligned limits for memory.max

commit 4d300a5c3fe9ac24179f2a8bd70276f4e9ad480a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Sep 16 12:39:15 2025 -0400

    gitalb-ci.yml: restrict autopkgtest, reprotest and piuparts to unstable
    
    this can be reverted as soon as all required dependencies can be found in
    unstable

commit 6fb80542cbfd460b1969ca4b41e364725ec97e32
Author: donettom-1 <donettom@linux.ibm.com>
Date:   Tue Sep 16 17:17:40 2025 +0530

    tests/int/cgroups: Use 64K aligned limits for memory.max
    
    When a non–page-aligned value is written to memory.max, the kernel aligns it
    down to the nearest page boundary. On systems with a page size greater
    than 4K (e.g., 64K), this caused failures because the configured
    memory.max value was not 64K aligned.
    
    This patch fixes the issue by explicitly aligning the memory.max value
    to 64K. Since 64K is also a multiple of 4K, the value is correctly
    aligned on both 4K and 64K page size systems.
    
    However, this approach will still fail on systems where the hardcoded
    memory.max value is not aligned to the system page size.
    
    Fixes: https://github.com/opencontainers/runc/issues/4841
    
    Signed-off-by: Vishal Chourasia <vishalc@linux.ibm.com>
    Signed-off-by: Donet Tom <donettom@linux.ibm.com>
    (cherry picked from commit 830c479ae2a027ce671816a8f353a1264973dd25)
    Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>

commit e5b6f11208fa34444c50de560f3e57417eb2aa77
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Sep 16 09:15:56 2025 -0400

    Temporarily revert to standard salsa-ci pipeline
    
    This is to allow setting non-standard build flags, such as enabling aptly and
    triggering building reverse dependencies

commit 4163a84b420e152ad0a01228d29e5e2163e8215d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 15:04:50 2025 -0400

    Replace Tim from uploaders with myself, his email bounces

commit a78fe4b00787d502167ee40c90cb43e100a52110
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 13:32:00 2025 -0400

    update debian/changelog

commit 10705fb7197bdaad0bdda2cab7141714598ead83
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 14:09:51 2025 -0400

    Use Static-Built-Using, as per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069256#95

commit 037401beab3635d862f826b118017326c5240103
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 13:45:32 2025 -0400

    Bump Standards-Version

commit 8aa199ec1230aaabbe8e8303ae06a8a1865a0526
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 13:45:06 2025 -0400

    Add overrides for lintian issues

commit 214c21d8001419747325eeddec8b5ed14e284dac
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 15 13:31:36 2025 -0400

    Fix ftbfs on mips64el in remap-rootfs.go
    
    Forwarded: no

commit a85afc4674996d21933fa22cbba468ecc02a8af8
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 17:00:20 2025 -0400

    update debian/changelog

commit a2ac01961afa1c2ee0d807132795d8b3e3cd6ff6
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:48:32 2025 -0400

    debpend on golang-github-opencontainers-cgroups-dev

commit 5d9956eef4c36b5c0a2bfd0c83a974f0b58b1eb4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:50:06 2025 -0400

    Install the VERSION file

commit fc90f5e35a6c135afaa86fc2ec7fc4237630eac8
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:42:44 2025 -0400

    refresh patches

commit e3ffd01340b75edfa12e1ca14363f08cbf7e647e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:31:12 2025 -0400

    debian/changelog: update

commit dd54ffe0dcbf6853203775311d7cca28d17ab338
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:30:30 2025 -0400

    Build against cilium-ebpf in experimental

commit 601fdcdb8c4208c1a54d417b254df4c916fdae3c
Merge: 05e9d06 34e2709
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:29:51 2025 -0400

    Update upstream source from tag 'upstream/1.3.0+ds1'
    
    Update to upstream version '1.3.0+ds1'
    with Debian dir 68c07fbbb326e3659c6fc48344bbc86fdf12a8e2

commit 34e2709ed5c748c2801ed88ac57dd92a2e4315b5
Merge: ae373d7 4ca628d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 14 16:29:50 2025 -0400

    New upstream version 1.3.0+ds1

commit 799d52dab5c2d2b785899ee7b658b0b17f7e9183
Merge: 21fbc47 a0dfeeb
Author: Aleksa Sarai <cyphar@cyphar.com>
Date:   Fri Sep 5 01:24:37 2025 +1000

    merge #4880 into opencontainers/runc:release-1.3
    
    Aleksa Sarai (2):
      VERSION: back to development
      VERSION: release v1.3.1
    
    LGTMs: rata kolyshkin AkihiroSuda

commit a0dfeebeb0e6c1138db9f6d749973d8f3677512e
Author: Aleksa Sarai <cyphar@cyphar.com>
Date:   Wed Sep 3 16:18:27 2025 +1000

    VERSION: back to development
    
    Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

commit 05e9d068ec7697b5102c90a2a7938596f3828c50
Author: Gianfranco Costamagna <locutusofborg@debian.org>
Date:   Sat Feb 8 17:16:04 2025 +0100

    Update changelog, upload to sid

commit 2151a738d016377800c8d8c44c54f94e4cbdf149
Author: Gianfranco Costamagna <locutusofborg@debian.org>
Date:   Sat Feb 8 17:15:00 2025 +0100

    From:  zhangdandan <zhangdandan@loongson.cn> Fix loongarch64 support (Closes: #1095452)

commit 4fe73a4a8390da812ced05ccbb42f960035d91c2
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Mon Nov 4 10:45:34 2024 +0100

    Update changelog for 1.1.15+ds1-1 release

commit b60c01045efed4573429010186000d741c2a3dac
Merge: d208b2c ae373d7
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Mon Nov 4 10:44:26 2024 +0100

    Update upstream source from tag 'upstream/1.1.15'
    
    Update to upstream version '1.1.15'
    with Debian dir 0a1e5538bda6ec9dbaf201eb7e32e0178d122849

commit ae373d753c91bbdd52c3b8501133771502fea92a
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Mon Nov 4 10:44:24 2024 +0100

    New upstream version 1.1.15

commit d208b2c98ba1035a8d1049b7a1992d088f1c8577
Author: Gianfranco Costamagna <locutusofborg@debian.org>
Date:   Tue Oct 8 11:08:22 2024 +0200

    Import Debian changes 1.1.12+ds1-5.1
    
    runc (1.1.12+ds1-5.1) unstable; urgency=medium
    .
      * Non-maintainer upload.
    .
      [ chenguoqi <chenguoqi@loongson.cn> ]
      * d/p/0013-loong64-support.patch
        - add patch to support loongarch64 (Closes: #1069166)

commit be661f8751fc42284dc0dc6c533f4dbc6fb4a6b1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Aug 17 07:19:46 2024 -0400

    debian/changelog: update

commit 8646cebb3f2d12bf9080f7b11aa07abbd2f27cd6
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Aug 12 07:56:50 2024 -0400

    document patch, update debian/changelog with Closes: #1070415

commit ab4b18aa81d1363a5ce9ac636333eedba566f3ca
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 8 11:01:19 2024 -0400

    Update changelog for 1.1.12+ds1-4 release

commit 61f09d131116b433c87bce78c05075827f179e7d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 8 11:00:12 2024 -0400

    Fix FTBFS on arm64, armel

commit 2e4f496104fdd22274c61dd1b496bec0a8d201a4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 8 08:18:21 2024 -0400

    Update changelog for 1.1.12+ds1-3 release

commit 8480696c84ccc3e005633376ee20afbee0c6874a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 8 08:17:52 2024 -0400

    Compile against go-criu v7

commit 5175ecb55f03d4d9ec2f19e0e3eb944cf28c1365
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Feb 27 18:01:37 2024 +0800

    Update changelog for 1.1.12+ds1-2 release

commit d9e5dca01c022123a5aa482ebcd5c8cf3efe5bc7
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Feb 27 18:01:22 2024 +0800

    Add pkgconf to Build-Depends

commit 655bc754bc99d064a7771ff930638bfff6b76a2f
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Fri Feb 2 21:21:08 2024 +0800

    Update changelog for 1.1.12+ds1-1 release

commit f407ac64b93b025de52fc04d7c07b86e3bc1cad8
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Fri Feb 2 21:23:04 2024 +0800

    Refresh patches
    
    Gbp-Dch: Ignore

commit 95a8c3587de6e72c5075a905640e482ea278b2ac
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Fri Feb 2 21:19:08 2024 +0800

    New upstream version 1.1.12+ds1

commit cb86cf2b4fa6f101c2627b268accb68bd2abc809
Merge: 4e60207 95a8c35
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Fri Feb 2 21:19:08 2024 +0800

    Update upstream source from tag 'upstream/1.1.12+ds1'
    
    Update to upstream version '1.1.12+ds1'
    with Debian dir eb2285ef89452b7a7f38dc0527c54157824bd323

commit 4e602075e23e55786ab7f27b106e0743720ba046
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sun Nov 5 15:26:28 2023 +0800

    Update changelog for 1.1.10+ds1-1 release

commit 962ea5a9369d5edf1018306685fb448d6d1c6762
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sun Nov 5 15:34:06 2023 +0800

    Refresh patches
    
    Gbp-Dch: Ignore

commit 1b7fcc6b30e3a2ea5ccbf526c950aa69412f13bc
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sun Nov 5 15:25:46 2023 +0800

    Move criu test to isolation-machine

commit db67a8159f23eb1dbf1ed6102c3ca165c95e4bb7
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Nov 4 18:20:09 2023 +0800

    Bump golang-github-mrunalp-fileutils-dev to 0.5.1

commit b833f4090645a04e8592df1950567f69524202d1
Merge: 51c4e3a e163b45
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Nov 4 16:51:00 2023 +0800

    Update upstream source from tag 'upstream/1.1.10+ds1'
    
    Update to upstream version '1.1.10+ds1'
    with Debian dir af89bdcbd9bcef18e5666c8dcf264aefa76ec2e4

commit e163b45a68d6317e0ead1f29a1b24a04ae6f790d
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Nov 4 16:50:58 2023 +0800

    New upstream version 1.1.10+ds1

commit 51c4e3a49a086e1fb54ab0477a8703560cd99ed7
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Oct 31 08:32:10 2023 -0400

    Import Debian changes 1.1.5+ds1-5
    
    runc (1.1.5+ds1-5) unstable; urgency=medium
    .
      * Team Upload
      * Rebuild against golang-github-urfave-cli_1.22.14-1, Closes: #1055059
      * Bug fix: "Fails to build source after successful build", thanks to
        Lucas Nussbaum, Closes: #1046528

commit fdaf4885a8169a24fcc133b239aa900e69c2a46e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 25 18:09:14 2023 -0400

    debian/changelog: update

commit 15029cc48045b8215542abd0ca431fae82462397
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 25 18:08:53 2023 -0400

    restrict criu dependency to amd64, arm64, armhf
    
    it doesn't exist on other platforms at this point

commit 56ff50a7b51cdf6bcf018be8bd960e99939ce34c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Oct 24 18:14:03 2023 -0400

    debian/changelog: update

commit 66645d7513902752125312c3f9a43e772ce515b0
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Oct 24 18:13:45 2023 -0400

    Bump standards version

commit 2d899ed760cc5ef463e7653005715f8efb267145
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 22 19:29:29 2023 -0400

    debian/changelog: upload to experimental

commit 7236e32a792eb0d8a923cfae688bbd059447f8b1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 22 19:28:35 2023 -0400

    debian/tests/integration: run criu tests

commit 90c74c6051fbe82151eb94188aaf75a382c1bd06
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 22 08:46:11 2023 -0400

    debian/changelog: update

commit 9f024988ae58aded6ff0b645ab91d89e1a226084
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 22 08:45:38 2023 -0400

    compile against go-criu 6

commit ac860862026416af54f76ab5146db51518762e12
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Wed Mar 29 17:24:41 2023 +0800

    Update changelog for 1.1.5+ds1-1 release

commit ce388a3127acbcd57adc3b295afacc3327c1dfb7
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Wed Mar 29 17:31:37 2023 +0800

    Add patch to skip TestOpenat2 when cgroups is not available

commit 9efb09e6d0ac2dfab3214c046adc58eb0e3a5aea
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Wed Mar 29 17:23:52 2023 +0800

    Drop patches applied in new version
    
    - 0009-tests-replace-local-hello-world-bundle-with-busybox-.patch
    - 0010-tests-convert-arm32-arch-string-when-download-bundle.patch

commit d5554f3e01d89df95f121b1ec285e0b6a3a88281
Merge: 4552695 f531cad
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Wed Mar 29 17:17:38 2023 +0800

    Update upstream source from tag 'upstream/1.1.5+ds1'
    
    Update to upstream version '1.1.5+ds1'
    with Debian dir ab889e782253b80054e8618900bae90123a4d466

commit f531caddb923e2a1a357bad8b985b3fb49d3c171
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Wed Mar 29 17:17:37 2023 +0800

    New upstream version 1.1.5+ds1

commit 4552695d459fc7c39bd92688644514beedbd1635
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Aug 27 18:27:57 2022 +0800

    Update changelog for 1.1.4+ds1-1 release

commit 6d15119c95308b6835838f62a5894ccfd8112b60
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Aug 27 18:25:11 2022 +0800

    Refresh patches
    
    Gbp-Dch: Ignore

commit 2f3fafe4d66d56ca890081a5762aab3c3b42d246
Merge: 43180d6 2026320
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Aug 27 18:23:29 2022 +0800

    Update upstream source from tag 'upstream/1.1.4+ds1'
    
    Update to upstream version '1.1.4+ds1'
    with Debian dir d775b925985dcef9aa3d19fe0628c20512920375

commit 2026320b8fbbcd80b992a68eed945fd7e09a2ec1
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sat Aug 27 18:23:28 2022 +0800

    New upstream version 1.1.4+ds1

commit 43180d69ac0dae4510a4009ac2ce2bcfa1f44758
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 19:13:04 2022 +0200

    debian/changelog: update

commit d351c8c335d83dc520f0e8aac119b15ad343aa84
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 19:12:33 2022 +0200

    mark the integration test as flaky again

commit d2e79f6f98a2da15555cd9e5d75f7c6e2efe7620
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 18:45:46 2022 +0200

    upload to unstable

commit c1bfeba8fa1d3ad76ef01521e705a651c1726672
Merge: 40c9eae 751a2b4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 18:39:45 2022 +0200

    Merge remote-tracking branch 'salsa/experimental'

commit 40c9eae50262154897e45eea51bf0fa807312dc5
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 15:18:08 2022 +0200

    debian/changelog: update

commit c6e4567db84b503281b11e83ad6b87853a83c9e4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 17 15:17:14 2022 +0200

    backport patch export blockIODevice
    
    commit c0be1aa2d101dcd3074b5a0e486d58d3f9568d81
    required for podman 4.2

commit 751a2b4b81eaffa382a5d239fed4c76e0afb97b9
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jul 5 11:08:12 2022 +0800

    Update changelog for 1.1.3+ds1-5 release

commit 1531e8bddeff2569663aa38dca5219a1f7fab307
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jul 5 11:07:56 2022 +0800

    Enable integration on armel

commit 54a06388c12e8e744a609628209892e079aa97d7
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jul 5 10:55:38 2022 +0800

    Fix integration test on i386 and armhf

commit 2d29a60420074e7c5d037ca67d356d0e8745a776
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Mon Jul 4 16:16:58 2022 +0800

    Update changelog for 1.1.3+ds1-4 release

commit d1022587ae0468cce360762d36de02f23e87bb06
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Sun Jun 26 05:26:28 2022 +0800

    Build with urfave_cli_no_docs tag

commit a9f19f34d8e36d3c8365fbf61744ade5f3f3b06a
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Mon Jul 4 16:12:55 2022 +0800

    Fix seccomp integration tests again on arm

commit 001d1f3c80e77cb6615b34ec6b76600ca004486e
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Mon Jun 20 13:28:57 2022 +0800

    Update changelog for 1.1.3+ds1-3 release

commit 38b8570c160fe157928b2727d48d15e52451d632
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Mon Jun 20 13:23:28 2022 +0800

    Enable integration on armhf and i386 and remove flaky flag

commit 0cf77ef5ae68049547ed5e6982d743fbf432b92d
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Mon Jun 20 13:22:14 2022 +0800

    Fix seccomp integration tests on arm

commit 875727a1009b35df7c9ed5b0f5dd2b50c2a75993
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Thu Jun 16 23:53:00 2022 +0800

    Update changelog for 1.1.3+ds1-2 release

commit fefe20b4ed3a0a95dfb8e2ebd572bd3f55a5b08e
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Thu Jun 16 23:51:54 2022 +0800

    Revert "Vendor github.com/urfave/cli v1.22.1"
    
    This reverts commit e924bd66b0e8f245f49a1a53d735a2f8057b576f.

commit ba8191ad6b297de7d682e0741e77d13c4bf06f57
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jun 14 03:48:41 2022 +0800

    Update changelog for 1.1.3+ds1-1 release

commit d84b36a64834af98afad7c898963df0aca22086e
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jun 14 03:46:11 2022 +0800

    Update Standards-Version to 4.6.1 (no changes)

commit 16cf93bbc3ff97c3b3e6f71b678f2c0f6cc2689b
Author: Shengjing Zhu <zhsj@debian.org>
Date:   Tue Jun 14 03:45:40 2022 +0800

    Bump golang-github-seccomp-libseccomp-golang-dev to 0.10.0

Created: 2025-11-01 Last update: 2025-11-07 20:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-11-02 Last update: 2025-11-02 11:14

debian/patches: 2 patches to forward upstream low

Among the 7 debian patches available in version 1.3.2+ds1-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-11-02 09:01

news

[rss feed]

[2025-11-04] runc 1.3.2+ds1-1 MIGRATED to testing (Debian testing watch)
[2025-11-02] Accepted runc 1.3.2+ds1-1 (source) into unstable (Reinhard Tartler)
[2025-09-25] runc 1.3.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2025-09-20] Accepted runc 1.3.0+ds1-4 (source) into unstable (Reinhard Tartler)
[2025-09-18] Accepted runc 1.3.0+ds1-3 (source) into unstable (Reinhard Tartler)
[2025-09-15] Accepted runc 1.3.0+ds1-2 (source) into experimental (Reinhard Tartler)
[2025-09-14] Accepted runc 1.3.0+ds1-1 (source) into experimental (Reinhard Tartler)
[2025-02-15] runc 1.1.15+ds1-2 MIGRATED to testing (Debian testing watch)
[2025-02-08] Accepted runc 1.1.15+ds1-2 (source) into unstable (Gianfranco Costamagna)
[2024-11-07] runc 1.1.15+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-11-04] Accepted runc 1.1.15+ds1-1 (source) into unstable (Jochen Sprickerhof)
[2024-10-20] runc 1.1.12+ds1-5.1 MIGRATED to testing (Debian testing watch)
[2024-10-18] Accepted runc 1.1.12+ds1-5.1 (source) into unstable (Gianfranco Costamagna)
[2024-08-20] runc 1.1.12+ds1-5 MIGRATED to testing (Debian testing watch)
[2024-08-20] runc 1.1.12+ds1-5 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted runc 1.1.12+ds1-5 (source) into unstable (Reinhard Tartler)
[2024-08-11] Accepted runc 1.0.0~rc93+ds1-5+deb11u5 (source all amd64) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Daniel Leidert)
[2024-08-08] Accepted runc 1.1.12+ds1-4 (source) into experimental (Reinhard Tartler)
[2024-08-08] Accepted runc 1.1.12+ds1-3 (source) into experimental (Reinhard Tartler)
[2024-06-29] Accepted runc 1.0.0~rc93+ds1-5+deb11u4 (source all amd64) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Daniel Leidert)
[2024-03-15] runc 1.1.12+ds1-2 MIGRATED to testing (Debian testing watch)
[2024-02-27] Accepted runc 1.1.12+ds1-2 (source) into unstable (Shengjing Zhu)
[2024-02-19] Accepted runc 1.0.0~rc6+dfsg1-3+deb10u3 (source all amd64) into oldoldstable (Daniel Leidert)
[2024-02-08] runc 1.1.12+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-02-04] Accepted runc 1.0.0~rc93+ds1-5+deb11u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Shengjing Zhu)
[2024-02-04] Accepted runc 1.1.5+ds1-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Shengjing Zhu)
[2024-02-04] Accepted runc 1.0.0~rc93+ds1-5+deb11u3 (source) into oldstable-security (Debian FTP Masters) (signed by: Shengjing Zhu)
[2024-02-04] Accepted runc 1.1.5+ds1-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Shengjing Zhu)
[2024-02-02] Accepted runc 1.1.12+ds1-1 (source) into unstable (Shengjing Zhu)
[2023-11-08] runc 1.1.10+ds1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 1
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.1.15+ds1-2ubuntu1
4 bugs
patches for 1.1.15+ds1-2ubuntu1