diff --git a/.gitignore b/.gitignore index d183969..515f617 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,7 @@ crun-0.1.1.tar.gz /crun-0.12.1.tar.gz /crun-0.12.2.tar.gz /crun-0.12.2.1.tar.gz +/crun-0.13.tar.gz +/crun-0.14.tar.gz +/crun-0.14.1.tar.gz +/crun-0.15.tar.gz diff --git a/0001-exec-check-read-bytes-from-sync.patch b/0001-exec-check-read-bytes-from-sync.patch new file mode 100644 index 0000000..fc41655 --- /dev/null +++ b/0001-exec-check-read-bytes-from-sync.patch @@ -0,0 +1,35 @@ +From 20c56beb3307b0ac07af0edbbbe49ec65819f559 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 29 Sep 2020 16:52:02 +0200 +Subject: [PATCH] exec: check read bytes from sync + +when reading from the exec sync pipe, make sure it reads exactly one +byte otherwise return an error. + +Closes: https://github.com/containers/crun/issues/511 + +Signed-off-by: Giuseppe Scrivano +--- + src/libcrun/container.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index 927986a..0308992 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -2595,10 +2595,10 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec + } + } + +- TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); ++ ret = TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); + TEMP_FAILURE_RETRY (close (pipefd0)); + pipefd0 = -1; +- if (b != '0') ++ if (ret != 1 || b != '0') + ret = -1; + else + { +-- +2.26.2 + diff --git a/crun.spec b/crun.spec index 063c946..d745233 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun -Version: 0.12.2.1 -Release: 1%{?dist} +Version: 0.15 +Release: 5%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -22,11 +22,13 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 +Patch0: 0001-exec-check-read-bytes-from-sync.patch + %description crun is a runtime for running OCI containers %prep -%autosetup -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} %build ./autogen.sh @@ -44,6 +46,54 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 30 2020 Lokesh Mandvekar - 0.15-5 +- rebuild to bump release tag ahead of older fedoras + +* Wed Sep 30 2020 Giuseppe Scrivano - 0.15-3 +- backport "exec: check read bytes from sync" + +* Wed Sep 23 2020 RH Container Bot - 0.15-1 +- autobuilt 0.15 + +* Wed Sep 23 2020 Giuseppe Scrivano - 0.15-2 +- rebuild + +* Wed Sep 23 2020 RH Container Bot - 0.15-1 +- autobuilt 0.15 + +* Mon Sep 14 2020 RH Container Bot - 0.14.1-1 +- autobuilt 0.14.1 + +* Wed Sep 23 2020 Giuseppe Scrivano - 0.15-1 +- build version 0.15 + +* Mon Sep 14 2020 Giuseppe Scrivano - 0.14.1-5 +- backport 4453af4c060e380051552ee589af5cad37f2ae82 + +* Wed Sep 2 2020 RH Container Bot - 0.14.1-1 +- autobuilt 0.14.1 + +* Mon Aug 31 2020 Lokesh Mandvekar - 0.14.1-4 +- rebuild + +* Thu Aug 27 2020 Giuseppe Scrivano - 0.14.1-3 +- backport ed9c3e6f466dfb6d2e79802060fabd5f4b66f78e + +* Mon Jul 13 2020 RH Container Bot - 0.14.1-1 +- autobuilt 0.14.1 + +* Tue Jul 07 2020 RH Container Bot - 0.14-1 +- autobuilt 0.14 + +* Mon May 18 2020 RH Container Bot - 0.13-1 +- autobuilt 0.13 + +* Thu Apr 09 2020 Giuseppe Scrivano - 0.13-2 +- fix cgroup v1 mount on Linux 5.6 + +* Thu Mar 05 2020 Giuseppe Scrivano - 0.13-1 +- built version 0.13 + * Mon Feb 17 2020 Giuseppe Scrivano - 0.12.2.1-1 - built version 0.12.2.1 diff --git a/sources b/sources index b55823f..07332d6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (crun-0.12.2.1.tar.gz) = aaae4c9cc9bd4b51f22dbe519a3d208be775d96ca0bff9e6ac5e69e8e775e466bbef785423858515854f4e3bd23735e48e2c7ae709097a070fc52c46631fd6e6 +SHA512 (crun-0.15.tar.gz) = f9a9e94b6a9c5cff01fe93b1c3d5876a0794e6288b802cf579556e11411ca5d6e63cae3859aaa4df4bb600e2d27aa131872a93a92784b9b48f7885411d86f325