* [meta-virtualization][kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
@ 2025-01-20 2:25 dchellam
2025-01-30 18:56 ` Bruce Ashfield
0 siblings, 1 reply; 5+ messages in thread
From: dchellam @ 2025-01-20 2:25 UTC (permalink / raw)
To: meta-virtualization
From: Divya Chellam <divya.chellam@windriver.com>
This upgrade fixes a few CVEs:
- CVE-2023-27561
- CVE-2023-25809
- CVE-2023-28642
- CVE-2024-21626 and other bug fixes
Changelog:
==========
https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md
Adjusted existing patches to align with v1.1.12
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
...-GOBUILDFLAGS-for-runc-and-remove-re.patch | 26 +++++++++-------
...001-runc-Add-console-socket-dev-null.patch | 13 +++++---
.../0001-runc-docker-SIGUSR1-daemonize.patch | 31 ++++++++++---------
recipes-containers/runc/runc-docker_git.bb | 10 +++---
4 files changed, 45 insertions(+), 35 deletions(-)
diff --git a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
index 4d35e58e..79e63322 100644
--- a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
+++ b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
@@ -1,7 +1,7 @@
From 0fe50d2ca4517f5e3070585040f35ace413acd44 Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Tue, 24 Aug 2021 11:38:23 -0400
-Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
+Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
from static
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
@@ -11,16 +11,20 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Makefile | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
-Index: git/src/import/Makefile
-===================================================================
---- git.orig/src/import/Makefile
-+++ git/src/import/Makefile
-@@ -20,7 +20,7 @@
- endif
+diff --git a/Makefile b/Makefile
+index e3af9bc1..f9d6de96 100644
+--- a/Makefile
++++ b/Makefile
+@@ -24,8 +24,7 @@ ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x))
+ GO_BUILDMODE := "-buildmode=pie"
endif
endif
--GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
+-GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \
+- $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
+GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
- -ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
- GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
- -ldflags "-extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
+ -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
+
+ GO_BUILDMODE_STATIC :=
+--
+2.40.0
+
diff --git a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
index bcf4c103..2a24df90 100644
--- a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
+++ b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
@@ -12,11 +12,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
utils_linux.go | 5 +++++
1 file changed, 5 insertions(+)
-Index: git/src/import/utils_linux.go
-===================================================================
---- git.orig/src/import/utils_linux.go
-+++ git/src/import/utils_linux.go
-@@ -267,6 +267,11 @@
+diff --git a/utils_linux.go b/utils_linux.go
+index 60d534e8..ddcab62f 100644
+--- a/utils_linux.go
++++ b/utils_linux.go
+@@ -234,6 +234,11 @@ type runner struct {
}
func (r *runner) run(config *specs.Process) (int, error) {
@@ -28,3 +28,6 @@ Index: git/src/import/utils_linux.go
var err error
defer func() {
if err != nil {
+--
+2.40.0
+
diff --git a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
index 4350c40f..1065f23e 100644
--- a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
+++ b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
@@ -25,15 +25,15 @@ is set.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
---
- signals.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
+ signals.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++----
utils_linux.go | 2 +-
- 2 files changed, 51 insertions(+), 5 deletions(-)
+ 2 files changed, 53 insertions(+), 5 deletions(-)
-Index: git/src/import/signals.go
-===================================================================
---- git.orig/src/import/signals.go
-+++ git/src/import/signals.go
-@@ -5,7 +5,9 @@
+diff --git a/signals.go b/signals.go
+index 2555b765..1266ee66 100644
+--- a/signals.go
++++ b/signals.go
+@@ -3,7 +3,9 @@ package main
import (
"os"
"os/signal"
@@ -43,7 +43,7 @@ Index: git/src/import/signals.go
"github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/system"
"github.com/opencontainers/runc/libcontainer/utils"
-@@ -55,9 +57,6 @@
+@@ -53,9 +55,6 @@ type signalHandler struct {
func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach bool) (int, error) {
// make sure we know the pid of our main process so that we can return
// after it dies.
@@ -53,7 +53,7 @@ Index: git/src/import/signals.go
pid1, err := process.Pid()
if err != nil {
-@@ -67,12 +66,61 @@
+@@ -65,12 +64,61 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
if h.notifySocket != nil {
if detach {
_ = h.notifySocket.run(pid1)
@@ -116,11 +116,11 @@ Index: git/src/import/signals.go
// Perform the initial tty resize. Always ignore errors resizing because
// stdout might have disappeared (due to races with when SIGHUP is sent).
_ = tty.resize()
-Index: git/src/import/utils_linux.go
-===================================================================
---- git.orig/src/import/utils_linux.go
-+++ git/src/import/utils_linux.go
-@@ -345,7 +345,7 @@
+diff --git a/utils_linux.go b/utils_linux.go
+index ddcab62f..280051ea 100644
+--- a/utils_linux.go
++++ b/utils_linux.go
+@@ -315,7 +315,7 @@ func (r *runner) run(config *specs.Process) (int, error) {
if err != nil {
r.terminate(process)
}
@@ -129,3 +129,6 @@ Index: git/src/import/utils_linux.go
return 0, nil
}
if err == nil {
+--
+2.40.0
+
diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 97373a72..afecac67 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,13 +2,13 @@ include runc.inc
# Note: this rev is before the required protocol field, update when all components
# have been updated to match.
-SRCREV_runc-docker = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
+SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
- file://0001-runc-Add-console-socket-dev-null.patch \
- file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
- file://0001-runc-docker-SIGUSR1-daemonize.patch \
+ file://0001-runc-Add-console-socket-dev-null.patch;patchdir=src/import \
+ file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch;patchdir=src/import \
+ file://0001-runc-docker-SIGUSR1-daemonize.patch;patchdir=src/import \
"
-RUNC_VERSION = "1.1.4"
+RUNC_VERSION = "1.1.12"
CVE_PRODUCT = "runc"
--
2.40.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [meta-virtualization][kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
2025-01-20 2:25 [meta-virtualization][kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12 dchellam
@ 2025-01-30 18:56 ` Bruce Ashfield
2025-02-05 5:09 ` [kirkstone][PATCH " Ranjitsinh Rathod
0 siblings, 1 reply; 5+ messages in thread
From: Bruce Ashfield @ 2025-01-30 18:56 UTC (permalink / raw)
To: Divya.Chellam; +Cc: meta-virtualization
merged.
Bruce
In message: [meta-virtualization][kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
on 20/01/2025 dchellam via lists.yoctoproject.org wrote:
> From: Divya Chellam <divya.chellam@windriver.com>
>
> This upgrade fixes a few CVEs:
> - CVE-2023-27561
> - CVE-2023-25809
> - CVE-2023-28642
> - CVE-2024-21626 and other bug fixes
>
> Changelog:
> ==========
> https://github.com/opencontainers/runc/blob/v1.1.12/CHANGELOG.md
>
> Adjusted existing patches to align with v1.1.12
>
> Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
> ---
> ...-GOBUILDFLAGS-for-runc-and-remove-re.patch | 26 +++++++++-------
> ...001-runc-Add-console-socket-dev-null.patch | 13 +++++---
> .../0001-runc-docker-SIGUSR1-daemonize.patch | 31 ++++++++++---------
> recipes-containers/runc/runc-docker_git.bb | 10 +++---
> 4 files changed, 45 insertions(+), 35 deletions(-)
>
> diff --git a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> index 4d35e58e..79e63322 100644
> --- a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> +++ b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
> @@ -1,7 +1,7 @@
> From 0fe50d2ca4517f5e3070585040f35ace413acd44 Mon Sep 17 00:00:00 2001
> From: Bruce Ashfield <bruce.ashfield@gmail.com>
> Date: Tue, 24 Aug 2021 11:38:23 -0400
> -Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
> +Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
> from static
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> @@ -11,16 +11,20 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
> Makefile | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> -Index: git/src/import/Makefile
> -===================================================================
> ---- git.orig/src/import/Makefile
> -+++ git/src/import/Makefile
> -@@ -20,7 +20,7 @@
> - endif
> +diff --git a/Makefile b/Makefile
> +index e3af9bc1..f9d6de96 100644
> +--- a/Makefile
> ++++ b/Makefile
> +@@ -24,8 +24,7 @@ ifneq (,$(filter $(GOARCH),386 amd64 arm arm64 ppc64le riscv64 s390x))
> + GO_BUILDMODE := "-buildmode=pie"
> endif
> endif
> --GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
> +-GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \
> +- $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
> +GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
> - -ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
> - GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
> - -ldflags "-extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
> + -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
> +
> + GO_BUILDMODE_STATIC :=
> +--
> +2.40.0
> +
> diff --git a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
> index bcf4c103..2a24df90 100644
> --- a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
> +++ b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
> @@ -12,11 +12,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
> utils_linux.go | 5 +++++
> 1 file changed, 5 insertions(+)
>
> -Index: git/src/import/utils_linux.go
> -===================================================================
> ---- git.orig/src/import/utils_linux.go
> -+++ git/src/import/utils_linux.go
> -@@ -267,6 +267,11 @@
> +diff --git a/utils_linux.go b/utils_linux.go
> +index 60d534e8..ddcab62f 100644
> +--- a/utils_linux.go
> ++++ b/utils_linux.go
> +@@ -234,6 +234,11 @@ type runner struct {
> }
>
> func (r *runner) run(config *specs.Process) (int, error) {
> @@ -28,3 +28,6 @@ Index: git/src/import/utils_linux.go
> var err error
> defer func() {
> if err != nil {
> +--
> +2.40.0
> +
> diff --git a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
> index 4350c40f..1065f23e 100644
> --- a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
> +++ b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
> @@ -25,15 +25,15 @@ is set.
>
> Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
> ---
> - signals.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
> + signals.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++----
> utils_linux.go | 2 +-
> - 2 files changed, 51 insertions(+), 5 deletions(-)
> + 2 files changed, 53 insertions(+), 5 deletions(-)
>
> -Index: git/src/import/signals.go
> -===================================================================
> ---- git.orig/src/import/signals.go
> -+++ git/src/import/signals.go
> -@@ -5,7 +5,9 @@
> +diff --git a/signals.go b/signals.go
> +index 2555b765..1266ee66 100644
> +--- a/signals.go
> ++++ b/signals.go
> +@@ -3,7 +3,9 @@ package main
> import (
> "os"
> "os/signal"
> @@ -43,7 +43,7 @@ Index: git/src/import/signals.go
> "github.com/opencontainers/runc/libcontainer"
> "github.com/opencontainers/runc/libcontainer/system"
> "github.com/opencontainers/runc/libcontainer/utils"
> -@@ -55,9 +57,6 @@
> +@@ -53,9 +55,6 @@ type signalHandler struct {
> func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach bool) (int, error) {
> // make sure we know the pid of our main process so that we can return
> // after it dies.
> @@ -53,7 +53,7 @@ Index: git/src/import/signals.go
>
> pid1, err := process.Pid()
> if err != nil {
> -@@ -67,12 +66,61 @@
> +@@ -65,12 +64,61 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
> if h.notifySocket != nil {
> if detach {
> _ = h.notifySocket.run(pid1)
> @@ -116,11 +116,11 @@ Index: git/src/import/signals.go
> // Perform the initial tty resize. Always ignore errors resizing because
> // stdout might have disappeared (due to races with when SIGHUP is sent).
> _ = tty.resize()
> -Index: git/src/import/utils_linux.go
> -===================================================================
> ---- git.orig/src/import/utils_linux.go
> -+++ git/src/import/utils_linux.go
> -@@ -345,7 +345,7 @@
> +diff --git a/utils_linux.go b/utils_linux.go
> +index ddcab62f..280051ea 100644
> +--- a/utils_linux.go
> ++++ b/utils_linux.go
> +@@ -315,7 +315,7 @@ func (r *runner) run(config *specs.Process) (int, error) {
> if err != nil {
> r.terminate(process)
> }
> @@ -129,3 +129,6 @@ Index: git/src/import/utils_linux.go
> return 0, nil
> }
> if err == nil {
> +--
> +2.40.0
> +
> diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
> index 97373a72..afecac67 100644
> --- a/recipes-containers/runc/runc-docker_git.bb
> +++ b/recipes-containers/runc/runc-docker_git.bb
> @@ -2,13 +2,13 @@ include runc.inc
>
> # Note: this rev is before the required protocol field, update when all components
> # have been updated to match.
> -SRCREV_runc-docker = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
> +SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
> SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
> - file://0001-runc-Add-console-socket-dev-null.patch \
> - file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
> - file://0001-runc-docker-SIGUSR1-daemonize.patch \
> + file://0001-runc-Add-console-socket-dev-null.patch;patchdir=src/import \
> + file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch;patchdir=src/import \
> + file://0001-runc-docker-SIGUSR1-daemonize.patch;patchdir=src/import \
> "
>
> -RUNC_VERSION = "1.1.4"
> +RUNC_VERSION = "1.1.12"
>
> CVE_PRODUCT = "runc"
> --
> 2.40.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9100): https://lists.yoctoproject.org/g/meta-virtualization/message/9100
> Mute This Topic: https://lists.yoctoproject.org/mt/110709071/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
2025-01-30 18:56 ` Bruce Ashfield
@ 2025-02-05 5:09 ` Ranjitsinh Rathod
2025-02-05 9:36 ` Jonas Gorski
0 siblings, 1 reply; 5+ messages in thread
From: Ranjitsinh Rathod @ 2025-02-05 5:09 UTC (permalink / raw)
To: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 438 bytes --]
Hello Bruce,
After this merge, 0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch is getting failed for runc-opencontainers as this recipe also uses this patch and not upgraded to 1.1.12 and still uses 1.1.4.
Is it possible to also upgrade runc-opencontainers to 1.1.12 to fix same CVEs which we fixed for runc-docker, else we may need to maintain two patches for two different versions.
Thanks,
Ranjitsinh Rathod
[-- Attachment #2: Type: text/html, Size: 10894 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
2025-02-05 5:09 ` [kirkstone][PATCH " Ranjitsinh Rathod
@ 2025-02-05 9:36 ` Jonas Gorski
2025-02-05 12:24 ` [meta-virtualization] " Bruce Ashfield
0 siblings, 1 reply; 5+ messages in thread
From: Jonas Gorski @ 2025-02-05 9:36 UTC (permalink / raw)
To: meta-virtualization
Hi,
On Wed, Feb 5, 2025 at 06:09 AM, Ranjitsinh Rathod wrote:
> Hello Bruce,
>
> After this merge,
> 0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch is getting
> failed for runc-opencontainers as this recipe also uses this patch and not
> upgraded to 1.1.12 and still uses 1.1.4.
>
> Is it possible to also upgrade runc-opencontainers to 1.1.12 to fix same CVEs
> which we fixed for runc-docker, else we may need to maintain two patches for
> two different versions.
I want to second that, especially since runc-opencontainers is the default provider for virtual/runc in kirkstone, so this broke it for everyone not explicitly using runc-docker.
Also the change of patch targets via patchdir isn't done in master; they still target git/src/import. I'm not sure it's a good idea to deviate how master is doing things. Makes backporting things harder.
Best regards,
Jonas
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [meta-virtualization] [kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12
2025-02-05 9:36 ` Jonas Gorski
@ 2025-02-05 12:24 ` Bruce Ashfield
0 siblings, 0 replies; 5+ messages in thread
From: Bruce Ashfield @ 2025-02-05 12:24 UTC (permalink / raw)
To: jonas.gorski; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]
On Wed, Feb 5, 2025 at 4:36 AM Jonas Gorski via lists.yoctoproject.org
<jonas.gorski=bisdn.de@lists.yoctoproject.org> wrote:
> Hi,
>
> On Wed, Feb 5, 2025 at 06:09 AM, Ranjitsinh Rathod wrote:
> > Hello Bruce,
> >
> > After this merge,
> > 0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch is
> getting
> > failed for runc-opencontainers as this recipe also uses this patch and
> not
> > upgraded to 1.1.12 and still uses 1.1.4.
> >
> > Is it possible to also upgrade runc-opencontainers to 1.1.12 to fix same
> CVEs
> > which we fixed for runc-docker, else we may need to maintain two patches
> for
> > two different versions.
>
> I want to second that, especially since runc-opencontainers is the default
> provider for virtual/runc in kirkstone, so this broke it for everyone not
> explicitly using runc-docker.
>
> Also the change of patch targets via patchdir isn't done in master; they
> still target git/src/import. I'm not sure it's a good idea to deviate how
> master is doing things. Makes backporting things harder.
>
>
Indeed, and I keep rejecting patches that unnecessarily use/change
patchdir, I missed this one in my haste.
I also always insist on upgrading both at the same time, and again, somehow
missed it.
My solution is simpler, I'm reverting the change in kirstone and will wait
for a resubmission that upgrades (and tests) both.
Bruce
> Best regards,
> Jonas
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9119):
> https://lists.yoctoproject.org/g/meta-virtualization/message/9119
> Mute This Topic: https://lists.yoctoproject.org/mt/110709071/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [
> bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
[-- Attachment #2: Type: text/html, Size: 3751 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-02-05 12:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-20 2:25 [meta-virtualization][kirkstone][PATCH 1/1] runc-docker: upgrade 1.1.4 -> 1.1.12 dchellam
2025-01-30 18:56 ` Bruce Ashfield
2025-02-05 5:09 ` [kirkstone][PATCH " Ranjitsinh Rathod
2025-02-05 9:36 ` Jonas Gorski
2025-02-05 12:24 ` [meta-virtualization] " Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.