kumquat-buildroot/package/runc/runc.mk
Christian Stewart c39750f52d package/runc: security bump to version v1.1.12
Fixes the following vulnerabilities:

- CVE-2024-21626: runc vulnerable to container breakout through process.cwd
  trickery and leaked fds
  https://github.com/advisories/GHSA-xr7r-f8xq-vfvv

https://github.com/opencontainers/runc/releases/tag/v1.1.12

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c0b5beea44)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-01 09:29:10 +01:00

31 lines
787 B
Makefile

################################################################################
#
# runc
#
################################################################################
RUNC_VERSION = 1.1.12
RUNC_SITE = $(call github,opencontainers,runc,v$(RUNC_VERSION))
RUNC_LICENSE = Apache-2.0, LGPL-2.1 (libseccomp)
RUNC_LICENSE_FILES = LICENSE
RUNC_CPE_ID_VENDOR = linuxfoundation
RUNC_LDFLAGS = -X main.version=$(RUNC_VERSION)
RUNC_TAGS = cgo static_build
ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
RUNC_DEPENDENCIES += libapparmor
RUNC_TAGS += apparmor
endif
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
RUNC_TAGS += seccomp
RUNC_DEPENDENCIES += libseccomp host-pkgconf
endif
HOST_RUNC_LDFLAGS = $(RUNC_LDFLAGS)
HOST_RUNC_TAGS = cgo static_build
$(eval $(golang-package))
$(eval $(host-golang-package))