c39750f52d
Fixes the following vulnerabilities:
- CVE-2024-21626: runc vulnerable to container breakout through process.cwd
trickery and leaked fds
https://github.com/advisories/GHSA-xr7r-f8xq-vfvv
https://github.com/opencontainers/runc/releases/tag/v1.1.12
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0b5beea44
)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
31 lines
787 B
Makefile
31 lines
787 B
Makefile
################################################################################
|
|
#
|
|
# runc
|
|
#
|
|
################################################################################
|
|
|
|
RUNC_VERSION = 1.1.12
|
|
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
|
|
RUNC_LICENSE = Apache-2.0, LGPL-2.1 (libseccomp)
|
|
RUNC_LICENSE_FILES = LICENSE
|
|
RUNC_CPE_ID_VENDOR = linuxfoundation
|
|
|
|
RUNC_LDFLAGS = -X main.version=$(RUNC_VERSION)
|
|
RUNC_TAGS = cgo static_build
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
|
|
RUNC_DEPENDENCIES += libapparmor
|
|
RUNC_TAGS += apparmor
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
|
|
RUNC_TAGS += seccomp
|
|
RUNC_DEPENDENCIES += libseccomp host-pkgconf
|
|
endif
|
|
|
|
HOST_RUNC_LDFLAGS = $(RUNC_LDFLAGS)
|
|
HOST_RUNC_TAGS = cgo static_build
|
|
|
|
$(eval $(golang-package))
|
|
$(eval $(host-golang-package))
|