runc-1.0.0~rc6-bp150.2.3.1

- Add fix for CVE-2019-5736 (effectively copying /proc/self/exe during re-exec
  to avoid write attacks to the host runc binary). bsc#1121967
  + CVE-2019-5736.patch

- Update go requirements to >= go1.10 to fix
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "go get -u"
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service

- Require golang = 1.10.

- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6

- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.

- Make use of %license macro

- Remove 'go test' from %check section, as it has only ever caused us problems
  and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
  testing has been far more useful. boo#1095817

- Upgrade to runc v1.0.0~rc5. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc5
- Remove patch now merged upstream.
  - bsc1053532-0001-makefile-drop-usage-of-install.patch

- Use .tar.xz provided by upstream, as well as include the keyring to allow
  full provenance of the source.

- Use the upstream Makefile, to ensure that we always include the version
  information in runc. This was confusing users (and Docker). bsc#1053532
- Add a backported patch to fix a Makefile bug.
  https://github.com/opencontainers/runc/pull/1555
  + bsc1053532-0001-makefile-drop-usage-of-install.patch

- Update to runc v1.0.0-rc4. Upstream changelog:
  + runc now supports v1.0.0 of the OCI runtime specification. #1527
  + Rootless containers support has been released. The current state of
  this feature is that it only supports single-{uid,gid} mappings as an
  unprivileged user, and cgroups are completely unsupported. Work is
  being done to improve this. #774
  + Rather than relying on CRIU version nnumbers, actually check if the
  system supports pre-dumping. #1371
  + Allow the PIDs cgroup limit to be updated. #1423
  + Add support for checkpoint/restore of containers with orphaned PTYs
  (which is effectively all containers with terminal=true). #1355
  + Permit prestart hooks to modify the cgroup configuration of a
  container. #1239
  + Add support for a wide variety of mount options. #1460
  + Expose memory.use_hierarchy in MemoryStats. #1378
  * Fix incorrect handling of systems without the freezer cgroup. #1387
  * Many, many changes to switch away from Go's "syscall" stdlib to
  "golang.org/x/sys/unix". #1394 #1398 #1442 #1464 #1467 #1470 #1474
  [#1478] #1491 #1482 #1504 #1519 #1530
  * Set cgroup resources when restoring a container. #1399
  * Switch back to using /sbin as the installation directory. #1406
  * Remove the arbitrary container ID length restriction. #1435
  * Make container force deletion ignore non-existent containers. #1451
  * Improve handling of arbitrary cgroup mount locations when populating
  cpuset. #1372
  * Make the SaneTerminal interface public. #1479
  * Fix cases where runc would report a container to be in a "Running"
  state if the init was a zombie or dead. #1489
  * Do not set supplementary groups for numeric users. #1450
  * Fix various issues with the "owner" field in runc-list. #1516
  * Many other miscellaneous fixes, some of which were made by first-time
  contributors. Thanks, and welcome to the project! #1406 #1400 #1365
  [#1396] #1402 #1414 #1412 #1408 #1418 #1425 #1428 #1436 #1433 #1438
  [#1410] #1447 #1388 #1484 #1481 #1496 #1245 #1524 #1534 #1526 #1533
  - Remove any semblance of non-Linux support. #1502
  - We no longer use shfmt for testing. #1510

- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- Cleanup seccomp builds similar to bsc#1028638
- Remove the usage of 'cp -r' to reduce noise in the build logs.

- switch to opencontainers/runc master branch
- remove CVE-2016-9962.patch
- stop providing docker-runc

- fix the golang requirement to 1.7 to the subpackages

- fix golang requirement to 1.7

- Substitute %__-type macro indirections

- update version to the one required by docker-17.04.0-ce (bsc#1034053)
  remove ignore_cgroup2_mountpoint.patch . This is already included in
  the upstream source code.

- Make sure this is being built with go 1.7

- remove the go_arches macro because we are using go1.7 which
  is available in all archs

- fix bsc#1028113 - runc: make sure to ignore cgroup v2 mountpoints
  This is a backport of https://github.com/opencontainers/runc/pull/1266
  + ignore_cgroup2_mountpoint.patch

- update to docker-1.13.0 requirement

- fix CVE-2016-9962 bsc#1012568 and applying the patch
  CVE-2016-9962.patch, because 1.12.6 partially fixes it (it contains
  the first patch attached in bsc#1012568)

- update runc to the version used in docker 1.12.5 (bsc#1016307).
  This fixes bsc#1015661

- For the moment, we have to switch to using Docker's fork of runC. This *will*
  be solved properly by creating a new package purely for Docker's runC fork,
  because it's quite silly to tie OCI project releases to Docker's vendoring
  scheme. Once this is fixed, this package will be switch to being purely-OCI.

- add the /usr/bin/docker-run symlink to partially fix bsc#1015661

- fix version by adding a revision "counter" so that it will always
  increase
  fix bsc#1009961

- update to 02f8fa7 because that is the needed version for docker 1.12.1 (bsc#1004490)