* [meta-virtualization][kirkstone][PATCH 1/4] runc-opencontainers: update to 1.1.12
2026-03-27 14:06 [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15 Jonas Gorski
@ 2026-03-27 14:06 ` Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 2/4] runc-docker: " Jonas Gorski
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Jonas Gorski @ 2026-03-27 14:06 UTC (permalink / raw)
To: meta-virtualization
Bump runc to version v1.1.12-14-ge8bb71e1 with the following squashed
cherry-picks from master:
4cea448064d4 runc-opencontainers: update to 1.1.12
9213f05f5591 runc-opencontainers: update to 1.1.12
e4b6616a90e0 runc-opencontainers: update to 1.1.11
62ac94c50dff runc-opencontainers: update to 1.1.10
606fe98a9811 runc-opencontainers: update to 1.9.0
ea3b6a83981a runc-opencontainers: update to 1.1.8
5dda7078ba85 runc-opencontainers: update to 1.1.7-tip
b3fd5097ab34 runc-opencontainers: update to 1.1.7
ae91a8666a73 runc-opencontainers: update to 1.1.5
969daee49f1d runc-opencontainers: update to 1.1.0-tip
f281ad2d9650 runc-opencontainers: update to 1.4.0-tip
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
...spect-GOBUILDFLAGS-for-runc-and-remove-re.patch | 14 +++++++-------
recipes-containers/runc/runc-opencontainers_git.bb | 4 ++--
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
index 4d35e58e7f76..df9e1d8e2722 100644
--- a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
+++ b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
@@ -15,12 +15,12 @@ Index: git/src/import/Makefile
===================================================================
--- git.orig/src/import/Makefile
+++ git/src/import/Makefile
-@@ -20,7 +20,7 @@
- endif
+@@ -24,7 +24,7 @@
+ GO_BUILDMODE := "-buildmode=pie"
endif
endif
--GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
-+GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
- -ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
- GO_BUILD_STATIC := CGO_ENABLED=1 $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
- -ldflags "-extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)"
+-GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \
++GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) \
+ $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
+ -ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
+
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 59ddca9bb59e..48a64f20d7cc 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,10 +1,10 @@
include runc.inc
-SRCREV = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
+SRCREV = "e8bb71e147d6044f57dfb5d4da619cf27f830c48"
SRC_URI = " \
git://github.com/opencontainers/runc;branch=release-1.1;protocol=https \
file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
"
-RUNC_VERSION = "1.1.4"
+RUNC_VERSION = "1.1.12"
CVE_PRODUCT = "runc"
--
2.53.0
--
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel
Commercial
register:
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No:
DE283257294
^ permalink raw reply related [flat|nested] 7+ messages in thread* [meta-virtualization][kirkstone][PATCH 2/4] runc-docker: update to 1.1.12
2026-03-27 14:06 [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15 Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 1/4] runc-opencontainers: update to 1.1.12 Jonas Gorski
@ 2026-03-27 14:06 ` Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 3/4] runc-opencontainers: update to 1.1.15 Jonas Gorski
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Jonas Gorski @ 2026-03-27 14:06 UTC (permalink / raw)
To: meta-virtualization
Bump runc to version v1.1.12-2-ga9833ff3 with the following squashed
cherry-picks from master:
da840d8845cb runc-docker: update to 1.1.12
22877e9bd046 runc-docker: update to 1.1.11
22989818f3af runc-docker: update to 1.9.0
dddc423fa370 runc-docker: update to 1.1.8
248be027d611 runc-docker: update to 1.1.7-tip
4aa2aadb01e5 runc-docker: update to 1.1.7
195db7f7c536 runc-docker: update to 1.1.5
13ad8548dea1 runc-docker: update to 1.1.0-tip
c25d16577d12 runc-docker: update to 1.4.0-tip
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
recipes-containers/runc/runc-docker_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 97373a72895c..8d078e852642 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,13 +2,13 @@ include runc.inc
# Note: this rev is before the required protocol field, update when all components
# have been updated to match.
-SRCREV_runc-docker = "974efd2dfca0abec041a3708a2b66bfac6bd2484"
+SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
file://0001-runc-Add-console-socket-dev-null.patch \
file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
file://0001-runc-docker-SIGUSR1-daemonize.patch \
"
-RUNC_VERSION = "1.1.4"
+RUNC_VERSION = "1.1.12"
CVE_PRODUCT = "runc"
--
2.53.0
--
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel
Commercial
register:
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No:
DE283257294
^ permalink raw reply related [flat|nested] 7+ messages in thread* [meta-virtualization][kirkstone][PATCH 3/4] runc-opencontainers: update to 1.1.15
2026-03-27 14:06 [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15 Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 1/4] runc-opencontainers: update to 1.1.12 Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 2/4] runc-docker: " Jonas Gorski
@ 2026-03-27 14:06 ` Jonas Gorski
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 4/4] runc-docker: " Jonas Gorski
2026-03-30 19:48 ` [meta-virtualization][kirkstone][PATCH 0/4] runc: " Bruce Ashfield
4 siblings, 0 replies; 7+ messages in thread
From: Jonas Gorski @ 2026-03-27 14:06 UTC (permalink / raw)
To: meta-virtualization
Bump runc to to v1.1.15-2-g068337925cd4:
068337925cd4 Merge pull request #4422 from rata/release-1.1.15
9f4baaac61d1 VERSION: back to development
bc20cb4497af VERSION: release 1.1.15
2790485e3eca CHANGELOG: Remove empty changed line
ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
65aa700fc371 [1.1] runc run: fix mount leak
a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
719e2bc2c376 increase memory.max in cgroups.bats
3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
2655e7c5a859 VERSION: back to development
2c9f5602f0ba VERSION: release 1.1.14
a86c3d88370a Merge commit from fork
f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
0514204d6fcc Makefile: Add EXTRA_VERSION
18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
ec1bc45d462c VERSION: back to development
58aa9203c123 VERSION: release 1.1.13
2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
3507adac19ff Merge pull request #4315 from lifubang/backport-4311
0f7150ade8ca script/*: fix gpg usage wrt keyboxd
80186fec5cf4 fix a debug msg for user ns in nsexec
8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
c9beabc8d8d5 ci: switch to go 1.22 as main version
4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
c488d13a5331 use go mod instead of go get in spec.bats
ae85f058ccff ci/gha: bump golangci-lint to v1.57
327e07e96814 ci/gha: bump golangci-lint to v1.54
65bdf604ddb9 libct/user: gofumpt -w
4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
8bfc75a25d2b CI: run apt with -y
e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
b36844518a36 build(deps): bump actions/checkout from 3 to 4
cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
fc7af59a6b1f ci/cirrus: rm centos stream 8
a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
9629fd9554a2 ci: workaround for centos stream 8 being EOLed
20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
3b7fcf76ef7e ci: pin codespell
f8f7defa85f4 Fix codespell warnings
a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
c918058bb76c fix comments for ClearRlimitNofileCache
2992049dc31c update/add some tests for rlimit
d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
42c2ab2b7cb9 use go 1.18 in go.mod
83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
fbddb715edbb libct: fix a comment
debf52aa5b52 deprecate libct.system.Execv
986edbe60ff9 list: use Info(), fix race with delete
09214f21da8e list: getContainers: less indentation
007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
6f4d975c402d allow overriding VERSION value in Makefile
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
recipes-containers/runc/runc-opencontainers_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 48a64f20d7cc..0007798593cb 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,10 +1,10 @@
include runc.inc
-SRCREV = "e8bb71e147d6044f57dfb5d4da619cf27f830c48"
+SRCREV = "068337925cd4286782c1c576132590992cc8c728"
SRC_URI = " \
git://github.com/opencontainers/runc;branch=release-1.1;protocol=https \
file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
"
-RUNC_VERSION = "1.1.12"
+RUNC_VERSION = "1.1.15"
CVE_PRODUCT = "runc"
--
2.53.0
--
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel
Commercial
register:
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No:
DE283257294
^ permalink raw reply related [flat|nested] 7+ messages in thread* [meta-virtualization][kirkstone][PATCH 4/4] runc-docker: update to 1.1.15
2026-03-27 14:06 [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15 Jonas Gorski
` (2 preceding siblings ...)
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 3/4] runc-opencontainers: update to 1.1.15 Jonas Gorski
@ 2026-03-27 14:06 ` Jonas Gorski
2026-03-30 19:48 ` [meta-virtualization][kirkstone][PATCH 0/4] runc: " Bruce Ashfield
4 siblings, 0 replies; 7+ messages in thread
From: Jonas Gorski @ 2026-03-27 14:06 UTC (permalink / raw)
To: meta-virtualization
Bump runc to to v1.1.15-2-g068337925cd4:
068337925cd4 Merge pull request #4422 from rata/release-1.1.15
9f4baaac61d1 VERSION: back to development
bc20cb4497af VERSION: release 1.1.15
2790485e3eca CHANGELOG: Remove empty changed line
ed38aea9dc58 Merge pull request #4425 from kolyshkin/1.1-fix-mount-leak
65aa700fc371 [1.1] runc run: fix mount leak
a4cebd3549ec Merge pull request #4423 from rata/1-1-fix-CI
719e2bc2c376 increase memory.max in cgroups.bats
3216d3b72e15 merge #4391 into opencontainers/runc:release-1.1
bd671b6a1361 Merge pull request #4392 from cyphar/1.1-remove-bindfd
614ce12f0e97 [1.1] nsenter: cloned_binary: remove bindfd logic entirely
618e149e4ae5 [1.1] seccomp: patchbpf: always include native architecture in stub
d85b58388f40 [1.1] seccomp: patchbpf: rename nativeArch -> linuxAuditArch
6223a65d5d6f [1.1] libct/seccomp/patchbpf: rm duplicated code
2655e7c5a859 VERSION: back to development
2c9f5602f0ba VERSION: release 1.1.14
a86c3d88370a Merge commit from fork
f0b652ea61ff [1.1] rootfs: try to scope MkdirAll to stay inside the rootfs
8781993968fd [1.1] rootfs: consolidate mountpoint creation logic
6419fbabfbd6 Merge pull request #4382 from rata/Makefile-override-fixes
0514204d6fcc Makefile: Add EXTRA_VERSION
18cdc3476f91 Revert "allow overriding VERSION value in Makefile"
f3f71a9347f0 Merge pull request #4372 from kolyshkin/1.1-go123
7f75aec407e8 [1.1] Add Go 1.23, drop 1.21
931f46304b3d Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1
1f587049fd85 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
31f29447d3fb build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
ac5fc48ad18c build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
3b5bf8f2a9fa build(deps): bump google.golang.org/protobuf from 1.29.1 to 1.30.0
81461edc125b build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1
2a9acb99b4a9 build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
19c47f652dd1 build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1
88f54b20fc46 build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0
615068f17a31 Merge pull request #4334 from cyphar/1.1-rootfs-mountfd
a0292ca6ffb3 [1.1] rootfs: fix 'can we mount on top of /proc' check
b36a0f453712 Merge pull request #4336 from cyphar/1.1-rm-c7
5b89027afc11 [1.1] ci/cirrus: switch from CentOS to Almalinux
ed406952fc28 Merge pull request #4318 from lifubang/release-1.1.13
ec1bc45d462c VERSION: back to development
58aa9203c123 VERSION: release 1.1.13
2b3a2472d189 Merge pull request #4316 from lifubang/backport-4189
3507adac19ff Merge pull request #4315 from lifubang/backport-4311
0f7150ade8ca script/*: fix gpg usage wrt keyboxd
80186fec5cf4 fix a debug msg for user ns in nsexec
8407d3c6021c Merge pull request #4313 from kolyshkin/1.1-backport-4292
7219e0afffcd Dockerfile: bump Debian to 12, Go to 1.21
c9beabc8d8d5 ci: switch to go 1.22 as main version
4578c6c5dbdb libct/nsenter: stop blacklisting go 1.22+
c488d13a5331 use go mod instead of go get in spec.bats
ae85f058ccff ci/gha: bump golangci-lint to v1.57
327e07e96814 ci/gha: bump golangci-lint to v1.54
65bdf604ddb9 libct/user: gofumpt -w
4d097af534a0 ci/gha: bump golangci-lint-action from 5 to 6
fb236084374b ci/gha: bump golangci/golangci-lint-action to v5
8bfc75a25d2b CI: run apt with -y
e546ddeec869 ci/gha: switch some jobs to ubuntu-22.04
0d19e78b847a build(deps): bump actions/setup-go from 4 to 5
b36844518a36 build(deps): bump actions/checkout from 3 to 4
cb2d85dcde5f build(deps): bump tim-actions/commit-message-checker-with-regex
25e27d7eef28 build(deps): bump actions/upload-artifact from 3 to 4
2ac8b11f48a0 build(deps): bump golangci/golangci-lint-action from 3 to 4
7d86e7d9eceb Merge pull request #4299 from kolyshkin/1.1-4290
096e6f88f0f0 [1.1] libct/system: ClearRlimitNofileCache for go 1.23
14181f438e35 Merge pull request #4308 from kolyshkin/1.1-rm-cs8
fc7af59a6b1f ci/cirrus: rm centos stream 8
a1610b56a4a3 Merge pull request #4305 from lifubang/backport-cs8eol
9629fd9554a2 ci: workaround for centos stream 8 being EOLed
20ef9762dae9 Merge pull request #4300 from lifubang/backport-codespell-2.3.0
3b7fcf76ef7e ci: pin codespell
f8f7defa85f4 Fix codespell warnings
a12f444afbb8 Merge pull request #4284 from kolyshkin/1.1-fix-4094
860f05f307f4 libct/cg/fs: fix setting rt_period vs rt_runtime
9244703011d5 Merge pull request #4277 from lifubang/backport-4265-nofilerlimit
51dc97286443 Merge pull request #4231 from kolyshkin/1.1-3349
c918058bb76c fix comments for ClearRlimitNofileCache
2992049dc31c update/add some tests for rlimit
d7a29a3b3367 libct: clean cached rlimit nofile in go runtime
42c2ab2b7cb9 use go 1.18 in go.mod
83ecd11c29ac runc exec: setupRlimits after syscall.rlimit.init() completed
fbddb715edbb libct: fix a comment
debf52aa5b52 deprecate libct.system.Execv
986edbe60ff9 list: use Info(), fix race with delete
09214f21da8e list: getContainers: less indentation
007abf31f87a Merge pull request #4270 from akhilerm/backport-1.1-4269
6f4d975c402d allow overriding VERSION value in Makefile
e8bb71e147d6 Merge pull request #4257 from sohankunkerkar/release-1.1
6379b58d9701 libcontainer: force apps to think fips is enabled/disabled for testing
5bfff6ae24d0 Merge pull request #4261 from kolyshkin/1.1-4256
265e73718063 Vagrantfile.fedora: bump Fedora to 39
b0691cafe392 Merge pull request #4244 from kycheng/chore/net-cve
59056a0213e7 silence security false positives from golang/net
148fdabd7053 Merge pull request #4241 from kolyshkin/1.1.13-ci-fixes
452bf88ebf5b build: update libseccomp to v2.5.5
3fada6eca4e6 tests/int: fix flaky "runc run with tmpfs perm"
aae41a4b79d3 Fix integration tests failure when calling "ip"
82a8b979ef1a update go version to 1.21 in cirrus ci
03271050eb94 ci/gha/cross-i386: pin Go to 1.21
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
---
recipes-containers/runc/runc-docker_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 8d078e852642..16bc6639c452 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,13 +2,13 @@ include runc.inc
# Note: this rev is before the required protocol field, update when all components
# have been updated to match.
-SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
+SRCREV_runc-docker = "068337925cd4286782c1c576132590992cc8c728"
SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https \
file://0001-runc-Add-console-socket-dev-null.patch \
file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
file://0001-runc-docker-SIGUSR1-daemonize.patch \
"
-RUNC_VERSION = "1.1.12"
+RUNC_VERSION = "1.1.15"
CVE_PRODUCT = "runc"
--
2.53.0
--
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel
Commercial
register:
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No:
DE283257294
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
2026-03-27 14:06 [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15 Jonas Gorski
` (3 preceding siblings ...)
2026-03-27 14:06 ` [meta-virtualization][kirkstone][PATCH 4/4] runc-docker: " Jonas Gorski
@ 2026-03-30 19:48 ` Bruce Ashfield
2026-03-31 8:13 ` Jonas Gorski
4 siblings, 1 reply; 7+ messages in thread
From: Bruce Ashfield @ 2026-03-30 19:48 UTC (permalink / raw)
To: jonas.gorski; +Cc: meta-virtualization
In message: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
on 27/03/2026 Jonas Gorski via lists.yoctoproject.org wrote:
> runc has been stuck at 1.1.4 for long while in kirkstone, and the last
> attempt at updating it had to be reverted.
>
> In order to reduce the amount of open vulnerabilities, update it to the
> latest 1.1 release, 1.1.15, by first updating it to 1.1.12, which was
> the last 1.1 release in master, then updating it to 1.1.15.
>
> To keep the amount of patches short, I squashed the cherry-picked
> updates from master to a single patch each.
>
> In case anyone wonders, runc-opencontainers and runc-docker were at
> different commits before they were both bumped to 1.2.0-rc2, which is
> why their diffs looks different.
>
> I runtested runc-opencontainers, and compile-tested runc-docker.
Thanks for the extra details, it made this much easier to
merge.
I confirmed bug/cve only in the 3rd digit bumps, so this is
now merged and pushed to the server.
Bruce
>
> Jonas Gorski (4):
> runc-opencontainers: update to 1.1.12
> runc-docker: update to 1.1.12
> runc-opencontainers: update to 1.1.15
> runc-docker: update to 1.1.15
>
> ...spect-GOBUILDFLAGS-for-runc-and-remove-re.patch | 14 +++++++-------
> recipes-containers/runc/runc-docker_git.bb | 4 ++--
> recipes-containers/runc/runc-opencontainers_git.bb | 4 ++--
> 3 files changed, 11 insertions(+), 11 deletions(-)
>
> --
> 2.53.0
>
>
> --
> BISDN GmbH
> K�rnerstra�e 7-10
> 10785 Berlin
> Germany
> Phone: +49 30 610 816 100
> Managing Directors:�Dr.-Ing. Hagen Woesner, Andreas K�psel
>
>
> Commercial
> register:�
> Amtsgericht Berlin-Charlottenburg HRB 141569 B
> VAT ID No:�
> DE283257294
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9677): https://lists.yoctoproject.org/g/meta-virtualization/message/9677
> Mute This Topic: https://lists.yoctoproject.org/mt/118535116/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
2026-03-30 19:48 ` [meta-virtualization][kirkstone][PATCH 0/4] runc: " Bruce Ashfield
@ 2026-03-31 8:13 ` Jonas Gorski
0 siblings, 0 replies; 7+ messages in thread
From: Jonas Gorski @ 2026-03-31 8:13 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: meta-virtualization
On Mon, 30 Mar 2026 at 21:48, Bruce Ashfield <bruce.ashfield@gmail.com> wrote:
>
>
>
> In message: [meta-virtualization][kirkstone][PATCH 0/4] runc: update to 1.1.15
> on 27/03/2026 Jonas Gorski via lists.yoctoproject.org wrote:
>
> > runc has been stuck at 1.1.4 for long while in kirkstone, and the last
> > attempt at updating it had to be reverted.
> >
> > In order to reduce the amount of open vulnerabilities, update it to the
> > latest 1.1 release, 1.1.15, by first updating it to 1.1.12, which was
> > the last 1.1 release in master, then updating it to 1.1.15.
> >
> > To keep the amount of patches short, I squashed the cherry-picked
> > updates from master to a single patch each.
> >
> > In case anyone wonders, runc-opencontainers and runc-docker were at
> > different commits before they were both bumped to 1.2.0-rc2, which is
> > why their diffs looks different.
> >
> > I runtested runc-opencontainers, and compile-tested runc-docker.
>
> Thanks for the extra details, it made this much easier to
> merge.
>
> I confirmed bug/cve only in the 3rd digit bumps, so this is
> now merged and pushed to the server.
And thank you for merging it so quickly :)
I just noticed that scarthgap is also still at 1.1 (.14), and now
lagging behind kirkstone. This is awkward.
I'll send a patch as soon as I can to make them even.
Best regards,
Jonas
--
BISDN GmbH
Körnerstraße 7-10
10785 Berlin
Germany
Phone: +49 30 610 816 100
Managing Directors: Dr.-Ing. Hagen Woesner, Andreas Köpsel
Commercial
register:
Amtsgericht Berlin-Charlottenburg HRB 141569 B
VAT ID No:
DE283257294
^ permalink raw reply [flat|nested] 7+ messages in thread