From 9958f9f1ff5dd43c9cc4b266b32b876ebc1266c8 Mon Sep 17 00:00:00 2001
From: Rodrigo Campos <rodrigoca@microsoft.com>
Date: Fri, 4 Aug 2023 17:23:51 +0200
Subject: [PATCH] VERSION: release 1.2.0-rc.1

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
---
 CHANGELOG.md | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 VERSION      |  2 +-
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index adcf084d0b6..865a333ee61 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,36 @@ This file documents all notable changes made to this project since runc 1.0.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [unreleased]
+
+## [1.2.0-rc.1] - 2023-08-10
+
+> How, dear sir, did you cross the flood? By not stopping, friend, and by not
+> straining I crossed the flood
+
+This new runc release includes all the changes from the v1.1 patch releases.
+
+### Compatibility
+
+* This release requires Go 1.20.x or Go 1.19.x (#3718)
+
+### Added
+
+ * Support idmap mounts as specified in the OCI runtime-spec v1.1.0. Currently
+   the mount mappings need to be identical to the mappings used in the user
+   namespace section. (#3717)
+ * Support for `cgroup.kill` to kill all processes inside a container. (#3135,
+   #3825)
+ * Implement to set a domainname as specified in the OCI runtime-spec v1.1.0.
+   (#3600)
+ * Add support for umask when exec-ing into a container. (#3661)
+ * libct/cg: support SCHED_IDLE for runc cgroupfs. (#3377)
+ * checkpoint/restore: implement --manage-cgroups-mode ignore. (#3546)
+ * seccomp: refactor flags support; add flags to features, set SPEC_ALLOW by
+   default. (#3588)
+ * libct/cg/sd: use systemd v240+ new `MAJOR:*` syntax. (#3843)
+ * Use github.com/checkpoint-restore/go-criu v6.3.0, which reduces the compiled
+   binary file. (#3652)
 
 ### Deprecated
 
@@ -16,12 +45,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
    to kill a container (with SIGKILL) which does not have its own private PID
    namespace (so that runc would send SIGKILL to all processes). Now, this is
    done automatically. (#3864, #3825)
+ * `runc kill` option `-a` is now deprecated. Previously, it had to be specified
+   to kill a container (with SIGKILL) which does not have its own private PID
+   namespace (so that runc would send SIGKILL to all processes). Now, this is
+   done automatically. (#3864, #3825)
 
 ### Changed
 
  * When Intel RDT feature is not available, its initialization is skipped,
    resulting in slightly faster `runc exec` and `runc run`. (#3306)
  * Enforce absolute paths for mounts. (#3020, #3717)
+ * The `runc features` command is no longer experimental. (#3861)
  * libcontainer users that create and kill containers from a daemon process
    (so that the container init is a child of that process) must now implement
    a proper child reaper in case a container does not have its own private PID
@@ -31,6 +65,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
    This aligns cgroupv2 root usage more closely with cgroupv1 reporting.
    Additionally, report root swap usage as sum of swap and memory usage,
    aligned with v1 and existing non-root v2 reporting. (#3933)
+ * When running rootless or using a user namespace, a source filesystem mounted
+   with `nodev`, `nosuid` or `noexec` can now be used as source of a bind mount
+   without the same options being set for the mount. (#3805)
+ * libcontainer users that create and kill containers from a daemon process
+   (so that the container init is a child of that process) must now implement
+   a proper child reaper in case a container does not have its own private PID
+   namespace, as documented in `container.Signal`. (#3825)
+ * libcontainer: `container.Signal` no longer have the second `all bool`
+   argument; a need to kill all processes is now determined automatically.
+   (#3825, #3885)
+ * libct/cg: Remove function EnterPid with no users. (#3797)
+ * libct/seccomp: enable seccomp binary tree optimization. (#3405)
+ * runc run/exec: ignore SIGURG. (#3368)
+ * Remove tun/tap from the default device rules. (#3468)
+ * `runc --root non-existent-dir list` now reports an error for non-existent
+   root directory. (#3374)
+ * libct: Mount: Remove {Pre,Post}mountCmds, were never used and are obsoleted
+   by more generic container hooks. (#3350)
 
 ### Fixed
 
@@ -42,6 +94,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
    code (this was due to how s390x does syscall multiplexing). (#3474)
  * Remove tun/tap from the default device rules. (#3468)
  * specconv: avoid mapping "acl" to MS_POSIXACL. (#3739)
+ * libcontainer: fix private PID namespace detection when killing the container.
+   (#3866, #3825)
+ * Fix `READY` notification sometimes not accepted by systemd. (#3291, #3293)
+ * Reduce the number of mount/umount syscalls in the host mount namespace.
+   (#3599, #2532)
+
 
 ## [1.1.8] - 2023-07-20
 
diff --git a/VERSION b/VERSION
index 15863e3d98a..a94c1f6e270 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.1.0+dev
+1.2.0-rc.1