From 91fa032da406f16abcb36c50ac53587189d6972f Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Thu, 2 Jun 2022 10:52:12 -0700
Subject: [PATCH 1/3] ci: add basic checks for CHANGELOG.md

Perform some basic checks for CHANGELOG.md.

In particular, check for
 - missing periods;
 - extra spaces at EOL;
 - non-ASCII characters.

Fix the issues found.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 .github/workflows/validate.yml |  5 ++++-
 CHANGELOG.md                   | 12 ++++++------
 Makefile                       | 10 +++++++++-
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index fb7abde854a..302708fcb0d 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -157,7 +157,6 @@ jobs:
           pattern: '^.{0,72}(\n.*)*$'
           error: 'Subject too long (max 72)'
 
-
   cfmt:
     runs-on: ubuntu-20.04
     steps:
@@ -182,6 +181,10 @@ jobs:
       uses: actions/checkout@v3
       with:
         fetch-depth: 0
+
+    - name: check CHANGELOG.md
+      run: make verify-changelog
+
       # We have to run this under Docker as Ubuntu (host) does not support all
       # the architectures we want to compile test against, and Dockerfile uses
       # Debian (which does).
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 93a69170fea..f0f2e890391 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [1.1.2] - 2022-05-06
 
-> I should think I’m going to be a perpetual student.
+> I should think I'm going to be a perpetual student.
 
 ### Security
  * A bug was found in runc where runc exec --cap executed processes with
@@ -80,7 +80,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
    binary etc.) and failures of the command being executed. (#3073)
  * runc run: new `--keep` option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
-   the container hasexited. (#2817, #2825)
+   the container has exited. (#2817, #2825)
  * seccomp: add support for `SCMP_ACT_KILL_PROCESS` and `SCMP_ACT_KILL_THREAD`
    (the latter is just an alias for `SCMP_ACT_KILL`). (#3204)
  * seccomp: add support for `SCMP_ACT_NOTIFY` (seccomp actions). This allows
@@ -169,13 +169,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
  * Fixed inability to start a container with read-write bind mount of a
    read-only fuse host mount. (#3283, #3292)
- * Fixed inability to start when read-only /dev in set in spec (#3276, #3277)
+ * Fixed inability to start when read-only /dev in set in spec. (#3276, #3277)
  * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2
    is used with older systemd. (#3226, #3297)
  * Fixed returning error from GetStats when hugetlb is unsupported (which causes
    excessive logging for Kubernetes). (#3233, #3295)
  * Improved an error message when dbus-user-session is not installed and
-   rootless + cgroup2 + systemd are used (#3212)
+   rootless + cgroup2 + systemd are used. (#3212)
 
 [GHSA-v95c-p5hm-xq8f]: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
 
@@ -255,7 +255,7 @@ implementation (libcontainer) is *not* covered by this policy.
    code, optimize the method for checking whether a cgroup is frozen. (#2955)
  * cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
  * cgroups/systemd: fixed returning "unit already exists" error from a systemd
-   cgroup manager (regression in rc94) (#2997, #2996)
+   cgroup manager (regression in rc94). (#2997, #2996)
 
 ### Added
  * cgroupv2: support SkipDevices with systemd driver. (#2958, #3019)
@@ -264,7 +264,7 @@ implementation (libcontainer) is *not* covered by this policy.
    (#3022)
 
 ### Changed
- * cgroup/systemd: return, not ignore, stop unit error from Destroy (#2946)
+ * cgroup/systemd: return, not ignore, stop unit error from Destroy. (#2946)
  * Fix all golangci-lint failures. (#2781, #2962)
  * Make `runc --version` output sane even when built with `go get` or
    otherwise outside of our build scripts. (#2962)
diff --git a/Makefile b/Makefile
index f9045df615a..cf82c0cae89 100644
--- a/Makefile
+++ b/Makefile
@@ -145,6 +145,14 @@ vendor:
 	$(GO) mod vendor
 	$(GO) mod verify
 
+verify-changelog:
+	# No non-ASCII characters.
+	! LC_ALL=C grep -n -P '[\x80-\xFF]' CHANGELOG.md
+	# No space at EOL.
+	! grep -n '\s$$' CHANGELOG.md
+	# Period before issue/PR references.
+	! grep -n '[0-9a-zA-Z][^.] (#[1-9][0-9, #]*)$$' CHANGELOG.md
+
 verify-dependencies: vendor
 	@test -z "$$(git status --porcelain -- go.mod go.sum vendor/)" \
 		|| (echo -e "git status:\n $$(git status -- go.mod go.sum vendor/)\nerror: vendor/, go.mod and/or go.sum not up to date. Run \"make vendor\" to update"; exit 1) \
@@ -155,4 +163,4 @@ verify-dependencies: vendor
 	test localtest unittest localunittest integration localintegration \
 	rootlessintegration localrootlessintegration shell install install-bash \
 	install-man clean cfmt shfmt shellcheck \
-	vendor verify-dependencies
+	vendor verify-changelog verify-dependencies

From 6724737f999df9ee0d8ca5c6d7b81f97adc34374 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Thu, 26 May 2022 13:24:52 -0700
Subject: [PATCH 2/3] VERSION: release 1.1.3

* Changelog for v1.1.3.
* Fixed 1.1.2 release date.
* Fixed the order of footnotes.

Note that backport (rather than original) PRs are listed as references,
since this makes it easier to cross-check against the git log.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 CHANGELOG.md | 37 ++++++++++++++++++++++++++++++++-----
 VERSION      |  2 +-
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f0f2e890391..3b2638b224b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 
-## [1.1.2] - 2022-05-06
+## [1.1.3] - 2022-06-09
+
+> In the beginning there was nothing, which exploded.
+
+### Fixed
+ * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
+   s390 and s390x. This solves the issue where syscalls the host kernel did not
+   support would return `-EPERM` despite the existence of the `-ENOSYS` stub
+   code (this was due to how s390x does syscall multiplexing). (#3478)
+ * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
+   intended; this fix does not affect runc binary itself but is important for
+   libcontainer users such as Kubernetes. (#3476)
+ * Inability to compile with recent clang due to an issue with duplicate
+   constants in libseccomp-golang. (#3477)
+ * When using systemd cgroup driver, skip adding device paths that don't exist,
+   to stop systemd from emitting warnings about those paths. (#3504)
+ * Socket activation was failing when more than 3 sockets were used. (#3494)
+ * Various CI fixes. (#3472, #3479)
+
+### Added
+ * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. (#3493)
+
+### Changed
+ * runc static binaries are now linked against libseccomp v2.5.4. (#3481)
+
+
+## [1.1.2] - 2022-05-11
 
 > I should think I'm going to be a perpetual student.
 
@@ -272,9 +298,7 @@ implementation (libcontainer) is *not* covered by this policy.
    cgroups at all during `runc update`). (#2994)
 
 <!-- minor releases -->
-[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.2...HEAD
-[1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2
-[1.1.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.1.1
+[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.3...HEAD
 [1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0
 [1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0
 
@@ -285,5 +309,8 @@ implementation (libcontainer) is *not* covered by this policy.
 [1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
 
 <!-- 1.1.z patch releases -->
-[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.0...release-1.1
+[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.3...release-1.1
+[1.1.3]: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3
+[1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2
+[1.1.1]: https://github.com/opencontainers/runc/compare/v1.1.0...v1.1.1
 [1.1.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.1.0-rc.1
diff --git a/VERSION b/VERSION
index 21459f8de5b..781dcb07cd8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.1.2+dev
+1.1.3

From eb1552a0b92b89a3d6309248384f31fc5a0840a6 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Thu, 26 May 2022 13:27:43 -0700
Subject: [PATCH 3/3] VERSION: back to development

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 781dcb07cd8..37c4300e004 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.1.3
+1.1.3+dev