Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package crun for openSUSE:Factory checked in at 2026-04-10 17:55:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/crun (Old) and /work/SRC/openSUSE:Factory/.crun.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crun" Fri Apr 10 17:55:53 2026 rev:34 rq:1345838 version:1.27 Changes: -------- --- /work/SRC/openSUSE:Factory/crun/crun.changes 2026-01-20 21:05:17.213864953 +0100 +++ /work/SRC/openSUSE:Factory/.crun.new.21863/crun.changes 2026-04-10 18:04:15.117676178 +0200 @@ -1,0 +2,35 @@ +Fri Apr 10 12:50:44 UTC 2026 - Dario Faggioli <[email protected]> + +- update to 1.27 + * CVE-2026-30892: fix parsing in crun exec -u that could lead to the process + running with the wrong user. (bsc#1260608) + * linux: use open_tree+mount_setattr and open_tree+move_mount for device + mounts, masked paths, and readonly paths. + * linux: use mount_setattr for readonly remounts in finalize_mounts. + * linux: skip redundant MS_PRIVATE propagation mounts. + * linux: validate run.oci.mount_context_type annotation value. + * container: skip sigaction reset in unblock_signals for the run path. + * container: delete the container on poststart hooks failures. + * container: fix createRuntime hooks not receiving bundle path. + * container: fix exit code return. + * cgroup: skip enable_controllers when joined via CLONE_INTO_CGROUP. + * cgroup: pass cgroup2 mount options to the kernel. + * cgroup: fix read_pids_cgroup skipping child cgroups. + * hooks: allow ignoring chdir permission errors for container hooks. + * hooks: exit immediately if poststart hooks fail. + * krun: parse annotations for krun.cpus, krun.ram_mib, and krun.variant. + * krun: propagate crun log level to libkrun. + * krun: rename nitro module to awsnitro. + * criu: show excerpt from log file on checkpoint/restore error. + * criu: fix missing umount() in error path. + * scheduler: add diagnostic messages for SCHED_DEADLINE. + * utils: fix memory leak and missing cache in libcrun_initialize_apparmor(). + * utils: use parent dir fd for bind on long socket paths. + * utils: retry fgetpwent_r() on EINTR. + * python: initialize error variable to NULL in Python bindings. + * container: fix CPU busy loop when output pipe is blocked. + * seccomp: fix n_plugins calculation. + * restore: fix memory leak. + * numerous fixes for error handling, errno usage, and resource leaks. + +------------------------------------------------------------------- Old: ---- crun-1.26.tar.gz crun-1.26.tar.gz.asc New: ---- crun-1.27.tar.gz crun-1.27.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ crun.spec ++++++ --- /var/tmp/diff_new_pack.4PaY1p/_old 2026-04-10 18:04:15.633697464 +0200 +++ /var/tmp/diff_new_pack.4PaY1p/_new 2026-04-10 18:04:15.633697464 +0200 @@ -27,7 +27,7 @@ %endif Name: crun -Version: 1.26 +Version: 1.27 Release: 0 Summary: OCI runtime written in C License: GPL-2.0-or-later ++++++ crun-1.26.tar.gz -> crun-1.27.tar.gz ++++++ ++++ 3738 lines of diff (skipped)
