Changelog for
cri-o-1.10.6-lp150.6.2.x86_64.rpm :
* Tue Dec 18 2018 jmassaguerplaAATTsuse.com- Update go requirements to >= go1.10.6 to fix
* bsc#1118897 CVE-2018-16873 go#29230 cmd/go: remote command execution during \"go get -u\"
* bsc#1118898 CVE-2018-16874 go#29231 cmd/go: directory traversal in \"go get\" via curly braces in import paths
* bsc#1118899 CVE-2018-16875 go#29233 crypto/x509: CPU denial of service
* Wed Nov 07 2018 Valentin Rothberg
- Set NOFILE and NPROC limit to 1048576 to align with Docker/containerd and the upstream unit file. Fix bsc#1112980
* Tue Jul 10 2018 vrothbergAATTsuse.com- Update cri-o to v1.10.6:
* mask /proc/{acpi,keys} bsc#1100838
* fix race between container create and cadvisor asking for info
* Mon Jul 02 2018 vrothbergAATTsuse.com- Update cri-o to v1.10.5:
* Reduce amount of logs being printed by default
* Update to latest ocicni
* Wed Jun 27 2018 vrothbergAATTsuse.com- Update cri-o to v1.10.4:
* network: Fix manage NetworkNS lifecycle
* sandbox_run: fix selinux relabel sharing
* container_create: more selinux relabel fixes
* container_create: correctly relabel mounts when asked
* Mon Jun 18 2018 vrothbergAATTsuse.com- Update cri-o to v1.10.3:
* container_portforward: add support for short pod IDs
* container_create: no privileged container if not privileged sandbox
* container_create: always mount sysfs as rw for privileged containers
* container_create: set rw for privileged containers
* conmon: on a flush error discard the iov buffer
* Fri Jun 15 2018 vrothbergAATTsuse.com- Update cri-o to v1.10.2:
* various improvements to conmon
* oci: avoid race on container stop
* image: Let size be calculated dynamically
* Add support for short IDs for exec and attach
* Make network namespace lifecycle management optional
* container_exec: Fix terminal setting for exec
* oci: Force kill the container process only if nothing else worked
* Add extra info to verbose requests to PodSandboxStatus
* Make conmon and crio share the same constants
* conmon: catch SIGTERM, SIGINT and SIQUIT
* Invalidate cache by building fresh one and replacing previous all at once
* Enable per pod PID namespace setting
* Make the /opt/cni mount rw
* conmon: add new option --version
* oci: Copy-edits for waitContainerStop chControl comment
* system container: add /var/tmp as RW
* container_status: expose LogPath as requested by the CRI
* container_create: only bind mount /etc/hosts if not provided by k8s
* kubernetes: Simplify and freshen the required-files table
* Report an warning when no stages are defined for a hook
* Mon Jun 11 2018 vrothbergAATTsuse.com- Use actual tag for v1.9.13. Upstream missed to set a tag and the last revision mistakenly set it to v1.9.14-dev instead of v1.9.13.
* Thu Jun 07 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.13:
* runtime_status: report correct network status
* container_status: expose LogPath as requested by the CRI bsc#1095154
* Tue Jun 05 2018 dcassanyAATTsuse.com- Refactor %license usage to a simpler form
* Mon Jun 04 2018 dcassanyAATTsuse.com- Make use of %license macro
* Fri May 04 2018 ndasAATTsuse.de- use correct path for runc
* Thu Apr 12 2018 fcastelliAATTsuse.com- Put cri-o deamon under the podruntime slice. This the recommended deployment to allow fine resource control on Kubernetes. bsc#1086185
* Wed Apr 11 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.11:
* oci: avoid race on container stop
* server/sandbox_stop: Pass context through StopAllPodSandboxes
* conmon: Add container ID to syslog
* Add logging support for base condition in debug
* Simplify filter block
* Specifying a filter with no filtering expressions is now idempotent
* Add methods for listing and fetching container stats
* Implement the stats for the image_fs_info command
* Return error for container exec
* Thu Mar 15 2018 vrothbergAATTsuse.com- Require cni and cni-plugins to enable container networking. feature#crio
* Thu Mar 15 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.10:
* conmon: Avoid strlen in logging path
* conmon: Remove info logs
* container_exec: Fix terminal setting for exec
* Mon Mar 12 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.9:
* sandbox_stop: Call CNI stop before stopping pod infra container
* Thu Mar 08 2018 vrothbergAATTsuse.com- Remove the crio-shutdown.service. It does not have any effect when shutting down crio and also isn\'t shipped on Fedora. - crio-shutdown.service
* Mon Mar 05 2018 vrothbergAATTsuse.com- crio.conf: update default socket to /var/run/crio/crio.sock as suggested by upstream.
* Mon Mar 05 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.8:
* system_containers: Update mounts
* execsync: Set terminal to true when we pass -t to conmon
* Make network namespace pinning optional
* Add context to net ns symlink removal errors
* Make the /opt/cni mount rw
* sandbox_stop: close/remove the netns _after_ stopping the containers
* sandbox net: set netns closed after actaully closing it
* Mon Mar 05 2018 vrothbergAATTsuse.com- Configuration files should generally be tagged as %config(noreplace) in order to keep the modified config files and to avoid losing data when the package is being updated.
* Sat Mar 03 2018 vrothbergAATTsuse.com- Remove empty filter rule from cri-o-rpmlintrc, which was mistakenly masking a few warnings, some of which have been fixed, others need to be filtered. conmon and pause are not compiled with -fpie anymore to align with what upstream does; linking fails when done properly.
* Fri Mar 02 2018 fcastelliAATTsuse.com- Update minimum version of the Go compiler required
* Fri Mar 02 2018 fcastelliAATTsuse.com- Add missing runtime dependencies: socat, iptables, iproute
* Wed Feb 28 2018 vrothbergAATTsuse.com- Change the installation path of conmon and pause from /usr/lib/crio to /usr/lib/crio/bin in order to align with upstream requirements.- Update crio.conf to the reflect the new path of conmon and set the correct path of CNI plugins (i.e., /usr/lib/cni).
* Tue Feb 20 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.6:
* vendor: update c/image to handle text/plain from registries Fixes cases where text/plain s1 schemes are mistakenly converted to MIME.
* Sun Feb 18 2018 jengelhAATTinai.de- Let description say what the package really does.
* Fri Feb 16 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.5:
* system container: add /var/tmp as RW
* container_create: correctly set user
* imageService: cache information about images
* image: Add lock around image cache access
* Fri Feb 16 2018 vrothbergAATTsuse.com- Cleanup version-update related changelogs to only keep log entries of changes that are visible and important to the user, and the project.
* Mon Feb 12 2018 vrothbergAATTsuse.com- Add requirements to libcontainers-{common,image,storage}.- Run spec-cleaner on cri-o.spec.
* Mon Feb 12 2018 vrothbergAATTsuse.com- Update cri-o to v1.9.3:
* Be more diligent about cleaning up failed-to-create containers
* Use crictl instead of crioctl in image integration tests
* Handle truncated IDs in imageService.ResolveNames()
* Switch to ImageServer.UntagImage in RemoveImage handler
* Return image references from the storage package
* storage: API fixups
* Fri Feb 09 2018 vrothbergAATTsuse.com- Use golang-packaging macro for binary stripping.- Use -buildmode=pie for compilation.- The update to 1.9.0+ removes the crioctl binary. The crictl binary from cri-tools should be used instead.- Update cri-o to v1.9.2:
* sandbox: fix sandbox logPath when crio restarts
* Adapt to recent containers/image API updates
* container_create: only bind mount /etc/hosts if not provided by k8s
* container_attach: Ensure ctl file is closed
* lib,oci: drop stateLock when possible
* container_exec: fix terminal true process json
* container_create: fix apparmor from container config
* container_create: correctly set image and kube envs
* oci: do not append conmon env to container process
* container_exec: use process file with runc exec
* drop crioctl source code
* conmon: Add support for partial/newline log tags
* image_pull: fix image resolver
* Add /proc/scsi to masked paths
* replace crioctl with crictl
* replace crioctl in e2e with crictl
* Move crio default sock to /var/run/crio/crio.sock
* container_create: set the seccomp profile in the container object
* Mon Feb 05 2018 vrothbergAATTsuse.com- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
* Thu Feb 01 2018 vrothbergAATTsuse.com- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowedv because you cannot make hardlinks between certain partitions.
* Wed Jan 31 2018 vrothbergAATTsuse.com- Source the cri-o-rpmlintrc the spec file.
* Tue Jan 30 2018 vrothbergAATTsuse.com- Add cri-o package: CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is tied to the scope of the CRI.