Upstream update available: runc 1.3.0 → 1.3.5 #3

New issue

Closed

opened 2026-05-02 16:48:11 +03:00 by sbelikov · 1 comment

sbelikov commented

2026-05-02 16:48:11 +03:00

Owner

Upstream update available: `runc` `1.3.0` → `1.3.5`

Package

Package: runc
RPM name: runc
Branch: niceos-5.2
Current EVR: 1.3.0-1
Update class: patch
Compare method: python_rpm
Update policy: leaf
Risk tags: github-upstream

Upstream

Upstream type: github
Upstream project: opencontainers/runc
Upstream URL: https://github.com/opencontainers/runc
Detected version: 1.3.5
Tag/release: v1.3.5
Source: github_release
Published: 2026-03-17T16:59:30Z
Release URL: https://github.com/opencontainers/runc/releases/tag/v1.3.5
Source URL: https://api.github.com/repos/opencontainers/runc/tarball/v1.3.5
Pre-release: False

Signals

Security-relevant keywords detected: True
Policy blocked: False
Policy reason: -
Labels: bot, needs-build, needs-triage, priority/high, security-release, update/patch, upstream-update, upstream/github

Upstream release notes / description

This is the fifth patch release of the 1.3.z release series of runc,
and primarily contains a few fixes for issues found in 1.3.4.

Fixed

Recursive atime-related mount flags (rrelatime et al.) are now applied
properly. (#5115, #5098)
PR #4757 caused a regression that resulted in spurious
cannot start a container that has stopped errors when
running runc create and has thus been reverted. (#5158,
#5153, #5151, #4645, #4757)

Changed

Updated builds to Go 1.25, libseccomp v2.6.0. (#5111, #5053)
Minor signing keyring updates. (#5146, #5139, #5144, #5148)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

libseccomp

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following contributors for making this release possible:

Aleksa Sarai cyphar@cyphar.com
Kir Kolyshkin kolyshkin@gmail.com
Li Fu Bang lifubang@acmcoder.com
Ricardo Branco rbranco@suse.de

NiceOS maintainer checklist

Confirm that the detected version is a stable upstream release.
Check upstream changelog for security fixes, ABI/API changes and build-system changes.
Check ABI/API compatibility and reverse dependencies.
Download source into NiceOS lookaside storage.
Update Version and related fields in SPECS/*.spec only if policy allows it.
Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
Build SRPM/RPM in a clean NiceOS buildroot.
Run package smoke tests.
Link PR/build logs and close this issue after update or triage.

Bot metadata

Tool: niceos_upstream_monitor.py 1.5
Generated at: 2026-05-02T13:57:58Z

# Upstream update available: `runc` `1.3.0` → `1.3.5` ## Package - Package: `runc` - RPM name: `runc` - Branch: `niceos-5.2` - Current EVR: `1.3.0-1` - Update class: `patch` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream` ## Upstream - Upstream type: `github` - Upstream project: `opencontainers/runc` - Upstream URL: https://github.com/opencontainers/runc - Detected version: `1.3.5` - Tag/release: `v1.3.5` - Source: `github_release` - Published: `2026-03-17T16:59:30Z` - Release URL: https://github.com/opencontainers/runc/releases/tag/v1.3.5 - Source URL: https://api.github.com/repos/opencontainers/runc/tarball/v1.3.5 - Pre-release: `False` ## Signals - Security-relevant keywords detected: `True` - Policy blocked: `False` - Policy reason: `-` - Labels: `bot, needs-build, needs-triage, priority/high, security-release, update/patch, upstream-update, upstream/github` ## Upstream release notes / description This is the fifth patch release of the 1.3.z release series of runc, and primarily contains a few fixes for issues found in 1.3.4. ### Fixed * Recursive atime-related mount flags (rrelatime et al.) are now applied properly. (#5115, #5098) * PR #4757 caused a regression that resulted in spurious `cannot start a container that has stopped` errors when running `runc create` and has thus been reverted. (#5158, #5153, #5151, #4645, #4757) ### Changed * Updated builds to Go 1.25, libseccomp v2.6.0. (#5111, #5053) * Minor signing keyring updates. (#5146, #5139, #5144, #5148) ### Static Linking Notices ### The `runc` binary distributed with this release are *statically linked* with the following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting as a "work that uses the Library": [lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html - [libseccomp](https://github.com/seccomp/libseccomp) The versions of these libraries were not modified from their upstream versions, but in order to comply with the LGPL-2.1 (§6(a)), we have attached the complete source code for those libraries which (when combined with the attached runc source code) may be used to exercise your rights under the LGPL-2.1. However we strongly suggest that you make use of your distribution's packages or download them from the authoritative upstream sources, especially since these libraries are related to the security of your containers. ---- Thanks to the following contributors for making this release possible: * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> * Li Fu Bang <lifubang@acmcoder.com> * Ricardo Branco <rbranco@suse.de> ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 1.5` - Generated at: `2026-05-02T13:57:58Z`

sbelikov added the

labels

2026-05-02 16:48:11 +03:00

sbelikov commented

2026-05-02 17:00:33 +03:00

Author

Owner

Package version is now 1.3.5 and target version was 1.3.5. Closing as resolved.\n\n_Closed by niceos_upstream_monitor.py 1.5 at 2026-05-02T14:00:33Z._

Package version is now `1.3.5` and target version was `1.3.5`. Closing as resolved.\n\n_Closed by `niceos_upstream_monitor.py 1.5` at `2026-05-02T14:00:33Z`._

sbelikov closed this issue

2026-05-02 17:00:34 +03:00