This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
Add support for Go 1.23.
Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION.
rootfs: consolidate mountpoint creation logic.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
This is the thirteenth patch release in the 1.1.z release branch of runc.
Itbrings in Go 1.22.x compatibility and fixes a few issues,
including anoccasional wrong nofile rlimit in runc exec,
and a race between runc list and runc delete.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Now that runc builds according to available kernel features and there
is no longer a sub-menu to select them manually, also drop the MENU:=1
statement from the package Makefile.
Fixes: 3a06ce559 ("runc: Updated to v1.0.0-rc92 for dockerd")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It's nice to have seccomp support which is enabled in OpenWrt on
supported platforms on targets which are not marked as SMALL_FLASH.
(and it's kinda obvious that you wouldn't want to install runc on a
SMALL_FLASH target to begin with)
So let's enable seccomp by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The variable is a list of shell variables; the new name is more in-line
with other parts the build system (CONFIGURE_VARS, MAKE_VARS, etc.).
GoPackage/Environment is kept (for now) in case other feeds are using
it.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Currently it only cleans up binaries when executing
Build/InstallDev without deleting .built stamp file.
This leads to wrong information about existence of
built runc binaries and causes error when executing
package/runc/install twice.
Signed-off-by: Texot Qi <tete1030@gmail.com>
* Move more environment variables into GoPackage/Environment
* Split GoPackage/Environment into target and build sections
* Do not set GOROOT_FINAL for Go packages (setting it should only affect
the Go compiler and not Go packages)
* Set CGO_LDFLAGS to $(TARGET_LDFLAGS)
* Move GO_TARGET_* variables from golang-values.mk, and GO_VERSION_*
variables from golang-version.mk, into golang/Makefile
This also updates runc, containerd, and docker-ce to reflect the changes
in GoPackage/Environment.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Gerard Ryan