[meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15

[meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15

[Jonas Gorski]

runc has been stuck at 1.1.4 for long while in kirkstone, and the last
attempt at updating it had to be reverted.

In order to reduce the amount of open vulnerabilities, update it to the
latest 1.1 release, 1.1.15, by first updating it to 1.1.12, which was
the last 1.1 release in master, then updating it to 1.1.15.

To keep the amount of patches short, I squashed the cherry-picked
updates from master to a single patch each.

In case anyone wonders, runc-opencontainers and runc-docker were at
different commits before they were both bumped to 1.2.0-rc2, which is
why their diffs looks different.

I runtested runc-opencontainers, and compile-tested runc-docker.

Jonas Gorski (4):
  runc-opencontainers: update to 1.1.12
  runc-docker: update to 1.1.12
  runc-opencontainers: update to 1.1.15
  runc-docker: update to 1.1.15

 ...spect-GOBUILDFLAGS-for-runc-and-remove-re.patch | 14 +++++++-------
 recipes-containers/runc/runc-docker_git.bb         |  4 ++--
 recipes-containers/runc/runc-opencontainers_git.bb |  4 ++--
 3 files changed, 11 insertions(+), 11 deletions(-)

-- 
2.53.0


-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294

[meta-virtualization][kirkstone][PATCH 1/4] runc-opencontainers: update to 1.1.12

[Jonas Gorski]

Bump runc to version v1.1.12-14-ge8bb71e1 with the following squashed
cherry-picks from master:

    4cea448064d4 runc-opencontainers: update to 1.1.12
    9213f05f5591 runc-opencontainers: update to 1.1.12
    e4b6616a90e0 runc-opencontainers: update to 1.1.11
    62ac94c50dff runc-opencontainers: update to 1.1.10
    606fe98a9811 runc-opencontainers: update to 1.9.0
    ea3b6a83981a runc-opencontainers: update to 1.1.8
    5dda7078ba85 runc-opencontainers: update to 1.1.7-tip
    b3fd5097ab34 runc-opencontainers: update to 1.1.7
    ae91a8666a73 runc-opencontainers: update to 1.1.5
    969daee49f1d runc-opencontainers: update to 1.1.0-tip
    f281ad2d9650 runc-opencontainers: update to 1.4.0-tip

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
 ...spect-GOBUILDFLAGS-for-runc-and-remove-re.patch | 14 +++++++-------
 recipes-containers/runc/runc-opencontainers_git.bb |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
index 4d35e58e7f76..df9e1d8e2722 100644
--- a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
+++ b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
@@ -15,12 +15,12 @@ Index: git/src/import/Makefile
 ===================================================================
 --- git.orig/src/import/Makefile
 +++ git/src/import/Makefile
-@@ -20,7 +20,7 @@
- 		endif
+@@ -24,7 +24,7 @@
+ 		GO_BUILDMODE := "-buildmode=pie"
  	endif
  endif
--GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
-+GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
- 	-ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
- GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
- 	-ldflags "-extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
+-GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \
++GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) \
+ 	$(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
+ 	-ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
+ 
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 59ddca9bb59e..48a64f20d7cc 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,10 +1,10 @@
 include runc.inc
 
-SRCREV = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
+SRCREV = "e8bb71e147d6044f57dfb5d4da619cf27f830c48"
 SRC_URI = " \
     git://github.com/opencontainers/runc;branch=release-1.1;protocol=https \
     file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
     "
-RUNC_VERSION = "1.1.4"
+RUNC_VERSION = "1.1.12"
 
 CVE_PRODUCT = "runc"
-- 
2.53.0


-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294

[meta-virtualization][kirkstone][PATCH 2/4] runc-docker: update to 1.1.12

[Jonas Gorski]

Bump runc to version v1.1.12-2-ga9833ff3 with the following squashed
cherry-picks from master:

    da840d8845cb runc-docker: update to 1.1.12
    22877e9bd046 runc-docker: update to 1.1.11
    22989818f3af runc-docker: update to 1.9.0
    dddc423fa370 runc-docker: update to 1.1.8
    248be027d611 runc-docker: update to 1.1.7-tip
    4aa2aadb01e5 runc-docker: update to 1.1.7
    195db7f7c536 runc-docker: update to 1.1.5
    13ad8548dea1 runc-docker: update to 1.1.0-tip
    c25d16577d12 runc-docker: update to 1.4.0-tip

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
 recipes-containers/runc/runc-docker_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 97373a72895c..8d078e852642 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,13 +2,13 @@ include runc.inc
 
 # Note: this rev is before the required protocol field, update when all components
 #       have been updated to match.
-SRCREV_runc-docker = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
+SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
 SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
            file://0001-runc-Add-console-socket-dev-null.patch \
            file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
            file://0001-runc-docker-SIGUSR1-daemonize.patch \
           "
 
-RUNC_VERSION = "1.1.4"
+RUNC_VERSION = "1.1.12"
 
 CVE_PRODUCT = "runc"
-- 
2.53.0


-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294

[meta-virtualization][kirkstone][PATCH 3/4] runc-opencontainers: update to 1.1.15

[Jonas Gorski]

Bump runc to to v1.1.15-2-g068337925cd4:

    068337925cd4 Merge pull request #4422 from rata/release-1.1.15
    9f4baaac61d1 VERSION: back to development
    bc20cb4497af VERSION: release 1.1.15
    2790485e3eca CHANGELOG: Remove empty changed line
    ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
    65aa700fc371 [1.1] runc run: fix mount leak
    a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
    719e2bc2c376 increase memory.max in cgroups.bats
    3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
    bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
    614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
    618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
    d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
    6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
    2655e7c5a859 VERSION: back to development
    2c9f5602f0ba VERSION: release 1.1.14
    a86c3d88370a Merge commit from fork
    f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
    8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
    6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
    0514204d6fcc Makefile: Add EXTRA_VERSION
    18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
    f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
    7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
    931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
    1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
    ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
    3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
    81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
    2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
    19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
    88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
    615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
    a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
    b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
    5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
    ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
    ec1bc45d462c VERSION: back to development
    58aa9203c123 VERSION: release 1.1.13
    2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
    3507adac19ff Merge pull request #4315 from lifubang/backport-4311
    0f7150ade8ca script/*: fix gpg usage wrt keyboxd
    80186fec5cf4 fix a debug msg for user ns in nsexec
    8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
    7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
    c9beabc8d8d5 ci: switch to go 1.22 as main version
    4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
    c488d13a5331 use go mod instead of go get in spec.bats
    ae85f058ccff ci/gha: bump golangci-lint to v1.57
    327e07e96814 ci/gha: bump golangci-lint to v1.54
    65bdf604ddb9 libct/user: gofumpt -w
    4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
    fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
    8bfc75a25d2b CI: run apt with -y
    e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
    0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
    b36844518a36 build(deps): bump actions/checkout from 3 to 4
    cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
    25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
    2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
    7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
    096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
    14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
    fc7af59a6b1f ci/cirrus: rm centos stream 8
    a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
    9629fd9554a2 ci: workaround for centos stream 8 being EOLed
    20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
    3b7fcf76ef7e ci: pin codespell
    f8f7defa85f4 Fix codespell warnings
    a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
    860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
    9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
    51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
    c918058bb76c fix comments for ClearRlimitNofileCache
    2992049dc31c update/add some tests for rlimit
    d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
    42c2ab2b7cb9 use go 1.18 in go.mod
    83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
    fbddb715edbb libct: fix a comment
    debf52aa5b52 deprecate libct.system.Execv
    986edbe60ff9 list: use Info(), fix race with delete
    09214f21da8e list: getContainers: less indentation
    007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
    6f4d975c402d allow overriding VERSION value in Makefile

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
 recipes-containers/runc/runc-opencontainers_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 48a64f20d7cc..0007798593cb 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,10 +1,10 @@
 include runc.inc
 
-SRCREV = "e8bb71e147d6044f57dfb5d4da619cf27f830c48"
+SRCREV = "068337925cd4286782c1c576132590992cc8c728"
 SRC_URI = " \
     git://github.com/opencontainers/runc;branch=release-1.1;protocol=https \
     file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
     "
-RUNC_VERSION = "1.1.12"
+RUNC_VERSION = "1.1.15"
 
 CVE_PRODUCT = "runc"
-- 
2.53.0


-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294

[meta-virtualization][kirkstone][PATCH 4/4] runc-docker: update to 1.1.15

[Jonas Gorski]

Bump runc to to v1.1.15-2-g068337925cd4:

    068337925cd4 Merge pull request #4422 from rata/release-1.1.15
    9f4baaac61d1 VERSION: back to development
    bc20cb4497af VERSION: release 1.1.15
    2790485e3eca CHANGELOG: Remove empty changed line
    ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
    65aa700fc371 [1.1] runc run: fix mount leak
    a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
    719e2bc2c376 increase memory.max in cgroups.bats
    3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
    bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
    614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
    618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
    d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
    6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
    2655e7c5a859 VERSION: back to development
    2c9f5602f0ba VERSION: release 1.1.14
    a86c3d88370a Merge commit from fork
    f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
    8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
    6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
    0514204d6fcc Makefile: Add EXTRA_VERSION
    18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
    f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
    7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
    931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
    1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
    ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
    3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
    81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
    2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
    19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
    88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
    615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
    a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
    b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
    5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
    ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
    ec1bc45d462c VERSION: back to development
    58aa9203c123 VERSION: release 1.1.13
    2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
    3507adac19ff Merge pull request #4315 from lifubang/backport-4311
    0f7150ade8ca script/*: fix gpg usage wrt keyboxd
    80186fec5cf4 fix a debug msg for user ns in nsexec
    8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
    7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
    c9beabc8d8d5 ci: switch to go 1.22 as main version
    4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
    c488d13a5331 use go mod instead of go get in spec.bats
    ae85f058ccff ci/gha: bump golangci-lint to v1.57
    327e07e96814 ci/gha: bump golangci-lint to v1.54
    65bdf604ddb9 libct/user: gofumpt -w
    4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
    fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
    8bfc75a25d2b CI: run apt with -y
    e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
    0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
    b36844518a36 build(deps): bump actions/checkout from 3 to 4
    cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
    25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
    2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
    7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
    096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
    14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
    fc7af59a6b1f ci/cirrus: rm centos stream 8
    a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
    9629fd9554a2 ci: workaround for centos stream 8 being EOLed
    20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
    3b7fcf76ef7e ci: pin codespell
    f8f7defa85f4 Fix codespell warnings
    a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
    860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
    9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
    51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
    c918058bb76c fix comments for ClearRlimitNofileCache
    2992049dc31c update/add some tests for rlimit
    d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
    42c2ab2b7cb9 use go 1.18 in go.mod
    83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
    fbddb715edbb libct: fix a comment
    debf52aa5b52 deprecate libct.system.Execv
    986edbe60ff9 list: use Info(), fix race with delete
    09214f21da8e list: getContainers: less indentation
    007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
    6f4d975c402d allow overriding VERSION value in Makefile
    e8bb71e147d6 Merge pull request #4257 from sohankunkerkar/release-1.1
    6379b58d9701 libcontainer: force apps to think fips is enabled/disabled for testing
    5bfff6ae24d0 Merge pull request #4261 from kolyshkin/1.1-4256
    265e73718063 Vagrantfile.fedora: bump Fedora to 39
    b0691cafe392 Merge pull request #4244 from kycheng/chore/net-cve
    59056a0213e7 silence security false positives from golang/net
    148fdabd7053 Merge pull request #4241 from kolyshkin/1.1.13-ci-fixes
    452bf88ebf5b build: update libseccomp to v2.5.5
    3fada6eca4e6 tests/int: fix flaky "runc run with tmpfs perm"
    aae41a4b79d3 Fix integration tests failure when calling "ip"
    82a8b979ef1a update go version to 1.21 in cirrus ci
    03271050eb94 ci/gha/cross-i386: pin Go to 1.21

Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
 recipes-containers/runc/runc-docker_git.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 8d078e852642..16bc6639c452 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,13 +2,13 @@ include runc.inc
 
 # Note: this rev is before the required protocol field, update when all components
 #       have been updated to match.
-SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
+SRCREV_runc-docker = "068337925cd4286782c1c576132590992cc8c728"
 SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
            file://0001-runc-Add-console-socket-dev-null.patch \
            file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
            file://0001-runc-docker-SIGUSR1-daemonize.patch \
           "
 
-RUNC_VERSION = "1.1.12"
+RUNC_VERSION = "1.1.15"
 
 CVE_PRODUCT = "runc"
-- 
2.53.0


-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294

Re: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15

[Bruce Ashfield]

In message: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
on 27/03/2026 Jonas Gorski via lists.yoctoproject.org wrote:

> runc has been stuck at 1.1.4 for long while in kirkstone, and the last
> attempt at updating it had to be reverted.
> 
> In order to reduce the amount of open vulnerabilities, update it to the
> latest 1.1 release, 1.1.15, by first updating it to 1.1.12, which was
> the last 1.1 release in master, then updating it to 1.1.15.
> 
> To keep the amount of patches short, I squashed the cherry-picked
> updates from master to a single patch each.
> 
> In case anyone wonders, runc-opencontainers and runc-docker were at
> different commits before they were both bumped to 1.2.0-rc2, which is
> why their diffs looks different.
> 
> I runtested runc-opencontainers, and compile-tested runc-docker.

Thanks for the extra details, it made this much easier to
merge.

I confirmed bug/cve only in the 3rd digit bumps, so this is
now merged and pushed to the server.

Bruce

> 
> Jonas Gorski (4):
>   runc-opencontainers: update to 1.1.12
>   runc-docker: update to 1.1.12
>   runc-opencontainers: update to 1.1.15
>   runc-docker: update to 1.1.15
> 
>  ...spect-GOBUILDFLAGS-for-runc-and-remove-re.patch | 14 +++++++-------
>  recipes-containers/runc/runc-docker_git.bb         |  4 ++--
>  recipes-containers/runc/runc-opencontainers_git.bb |  4 ++--
>  3 files changed, 11 insertions(+), 11 deletions(-)
> 
> -- 
> 2.53.0
> 
> 
> -- 
> BISDN GmbH
> K�rnerstra�e 7-10
> 10785 Berlin
> Germany
> Phone: +49 30 610 816 100
> Managing Directors:�Dr.-Ing. Hagen Woesner, Andreas K�psel
> 
> 
> Commercial 
> register:�
> Amtsgericht Berlin-Charlottenburg HRB 141569 B
> VAT ID No:�
> DE283257294
> 
> 
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9677): https://lists.yoctoproject.org/g/meta-virtualization/message/9677
> Mute This Topic: https://lists.yoctoproject.org/mt/118535116/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15

[Jonas Gorski]

On Mon, 30 Mar 2026 at 21:48, Bruce Ashfield <bruce.ashfield@gmail.com> wrote:
>
>
>
> In message: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
> on 27/03/2026 Jonas Gorski via lists.yoctoproject.org wrote:
>
> > runc has been stuck at 1.1.4 for long while in kirkstone, and the last
> > attempt at updating it had to be reverted.
> >
> > In order to reduce the amount of open vulnerabilities, update it to the
> > latest 1.1 release, 1.1.15, by first updating it to 1.1.12, which was
> > the last 1.1 release in master, then updating it to 1.1.15.
> >
> > To keep the amount of patches short, I squashed the cherry-picked
> > updates from master to a single patch each.
> >
> > In case anyone wonders, runc-opencontainers and runc-docker were at
> > different commits before they were both bumped to 1.2.0-rc2, which is
> > why their diffs looks different.
> >
> > I runtested runc-opencontainers, and compile-tested runc-docker.
>
> Thanks for the extra details, it made this much easier to
> merge.
>
> I confirmed bug/cve only in the 3rd digit bumps, so this is
> now merged and pushed to the server.

And thank you for merging it so quickly :)

I just noticed that scarthgap is also still at 1.1 (.14), and now
lagging behind kirkstone. This is awkward.

I'll send a patch as soon as I can to make them even.

Best regards,
Jonas

-- 
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel


Commercial 
register: 
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No: 
DE283257294