From 524383ceb96451884f1d9ebcf4da2e6ab8ef68ec Mon Sep 17 00:00:00 2001
From: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
Date: Tue, 19 Mar 2024 07:23:01 -0400
Subject: [PATCH] Up-rev runc package to 1.1.12

This change updates runc package from 1.1.7 to 1.1.12
and fixes the vulnerability issue - CVE-2024-21626.
https://nvd.nist.gov/vuln/detail/CVE-2024-21626

Test Plan:
  PASS: runc package builds successfully
  PASS: Build ISO successful with multiple kubernetes versions
  PASS: Verify correct runc vesion on deployed system,
        dpkg-query -f '${Version}' -W runc
  PASS: Performed the K8s version upgrade from 1.24.4 to 1.28.4
  PASS: Verify platform cpu occupancy is normal using
        collectd.log and occtop tool

Closes-bug: https://bugs.launchpad.net/starlingx/+bug/2052401

Change-Id: Ia34c4a1bcab777a9af80e2b045960895f2bed976
Signed-off-by: Ramesh Kumar Sivanandam <rameshkumar.sivanandam@windriver.com>
---
 kubernetes/runc/debian/deb_folder/changelog | 6 ++++++
 kubernetes/runc/debian/deb_folder/copyright | 2 +-
 kubernetes/runc/debian/meta_data.yaml       | 8 ++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/kubernetes/runc/debian/deb_folder/changelog b/kubernetes/runc/debian/deb_folder/changelog
index 8ce7e0330..3a2e69f88 100644
--- a/kubernetes/runc/debian/deb_folder/changelog
+++ b/kubernetes/runc/debian/deb_folder/changelog
@@ -1,3 +1,9 @@
+runc (1.1.12) STABLE; urgency=medium
+
+  * Up-rev runc package to fix CVE-2024-21626
+
+ -- Ramesh Kumar Sivanandam <rameshkumar.sivanandam@@windriver.com>  Mon, 19 Mar 2024 13:20:15 +0000
+
 runc (1.1.7) STABLE; urgency=medium
 
   * Initial release using binaries from upstream runc package
diff --git a/kubernetes/runc/debian/deb_folder/copyright b/kubernetes/runc/debian/deb_folder/copyright
index 737e4ed7a..a56ec79e5 100644
--- a/kubernetes/runc/debian/deb_folder/copyright
+++ b/kubernetes/runc/debian/deb_folder/copyright
@@ -7,7 +7,7 @@ License: Apache-2
 
 Other files are included from the upstream runc
 binary package at
-https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
+https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
 
 
 License: Apache-2.0
diff --git a/kubernetes/runc/debian/meta_data.yaml b/kubernetes/runc/debian/meta_data.yaml
index cc813a2f2..c7801a73f 100644
--- a/kubernetes/runc/debian/meta_data.yaml
+++ b/kubernetes/runc/debian/meta_data.yaml
@@ -1,14 +1,14 @@
 ---
 debname: runc
-debver: 1.1.7
+debver: 1.1.12
 src_path: null
 dl_files:
   runc.amd64:
     topdir: null
-    url: https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
-    sha256sum: c3aadb419e5872af49504b6de894055251d2e685fddddb981a79703e7f895cbd
+    url: https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
+    sha256sum: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
 revision:
   dist: $STX_DIST
   GITREVCOUNT:
-    BASE_SRCREV: fe5768d72e8ad2f1d780cfaab11294998d5ed377
+    BASE_SRCREV: 1bbcf7596b4e73481ebbad6ef0ae46aa9ceb9bbc
     SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/runc