6 files changed, 69 insertions, 55 deletions
diff --git a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
index 94cbb4cb..9e5a8313 100644
--- a/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
+++ b/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch
@@ -1,35 +1,28 @@
-From d2c47a973f354ffd505bb4e809c59e57b543726d Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Tue, 6 Aug 2019 19:01:45 +0800
+From 0fe50d2ca4517f5e3070585040f35ace413acd44 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Tue, 24 Aug 2021 11:38:23 -0400
 Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty
  from static
 
+Upstream-Status: Inappropriate [embedded specific]
+
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+[bva: refreshed for release 1.0.2]
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
 ---
  Makefile | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)
 
-diff --git a/Makefile b/Makefile
-index 0f26a1c8..a0c6b40b 100644
---- a/src/import/Makefile
-+++ b/src/import/Makefile
-@@ -30,7 +30,7 @@ SHELL := $(shell command -v bash 2>/dev/null)
- .DEFAULT: runc
- 
- runc: $(SOURCES)
--	$(GO) build -buildmode=pie $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
-+	$(GO) build $(GOBUILDFLAGS) $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc .
- 
- all: runc recvtty
+Index: git/src/import/Makefile
+===================================================================
+--- git.orig/src/import/Makefile
++++ git/src/import/Makefile
+@@ -24,7 +24,7 @@
+ 		GO_BUILDMODE := "-buildmode=pie"
+ 	endif
+ endif
+-GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) \
++GO_BUILD := $(GO) build $(GOBUILDFLAGS) -trimpath $(GO_BUILDMODE) \
+ 	$(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \
+ 	-ldflags "$(LDFLAGS_COMMON) $(EXTRA_LDFLAGS)"
  
-@@ -41,7 +41,6 @@ contrib/cmd/recvtty/recvtty: $(SOURCES)
- 
- static: $(SOURCES)
- 	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc .
--	CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty
- 
- release:
- 	script/release.sh -r release/$(VERSION) -v $(VERSION)
--- 
-2.17.1
-
diff --git a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
index 48c1250d..cb0ddc37 100644
--- a/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
+++ b/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch
@@ -7,16 +7,18 @@ This allows for setting up a detached session where you do not want to
 set the terminal to false in the config.json.  More or less this is a
 runtime override.
 
+Upstream-Status: Inappropriate [embedded specific]
+
 Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
 ---
  utils_linux.go | 5 +++++
  1 file changed, 5 insertions(+)
 
-diff --git a/utils_linux.go b/utils_linux.go
-index 8085f7fe..e6d31b35 100644
---- a/src/import/utils_linux.go
-+++ b/src/import/utils_linux.go
-@@ -227,6 +227,11 @@ type runner struct {
+Index: git/src/import/utils_linux.go
+===================================================================
+--- git.orig/src/import/utils_linux.go
++++ git/src/import/utils_linux.go
+@@ -267,6 +267,11 @@
  }
  
  func (r *runner) run(config *specs.Process) (int, error) {
@@ -25,9 +27,6 @@ index 8085f7fe..e6d31b35 100644
 +		r.consoleSocket = ""
 +		config.Terminal = false
 +	}
- 	if err := r.checkTerminal(config); err != nil {
- 		r.destroy()
- 		return -1, err
--- 
-2.11.0
-
+ 	var err error
+ 	defer func() {
+ 		if err != nil {
diff --git a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
index 0af74952..d3d1134b 100644
--- a/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
+++ b/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch
@@ -23,6 +23,8 @@ is set.
    because it was blocking until runc performed everything it was
    required to perform.
 
+Upstream-Status: Inappropriate [embedded specific]
+
 Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
 ---
  signals.go     | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
@@ -33,15 +35,17 @@ Index: git/src/import/signals.go
 ===================================================================
 --- git.orig/src/import/signals.go
 +++ git/src/import/signals.go
-@@ -6,6 +6,7 @@
+@@ -5,7 +5,9 @@
+ import (
  	"os"
  	"os/signal"
- 	"syscall" // only for Signal
-+	"strconv"
++	"syscall" // only for Signal
  
++        "strconv"
  	"github.com/opencontainers/runc/libcontainer"
  	"github.com/opencontainers/runc/libcontainer/system"
-@@ -56,9 +57,6 @@
+ 	"github.com/opencontainers/runc/libcontainer/utils"
+@@ -55,9 +57,6 @@
  func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach bool) (int, error) {
  	// make sure we know the pid of our main process so that we can return
  	// after it dies.
@@ -51,13 +55,14 @@ Index: git/src/import/signals.go
  
  	pid1, err := process.Pid()
  	if err != nil {
-@@ -68,11 +66,60 @@
+@@ -67,12 +66,61 @@
  	if h.notifySocket != nil {
  		if detach {
- 			h.notifySocket.run(pid1)
+ 			_ = h.notifySocket.run(pid1)
 -			return 0, nil
  		}
- 		go h.notifySocket.run(0)
+ 		_ = h.notifySocket.run(os.Getpid())
+ 		go func() { _ = h.notifySocket.run(0) }()
  	}
  
 +	if (detach) {
@@ -117,7 +122,7 @@ Index: git/src/import/utils_linux.go
 ===================================================================
 --- git.orig/src/import/utils_linux.go
 +++ git/src/import/utils_linux.go
-@@ -347,7 +347,7 @@
+@@ -345,7 +345,7 @@
  	if err != nil {
  		r.terminate(process)
  	}
@@ -125,4 +130,4 @@ Index: git/src/import/utils_linux.go
 +	if (detach && os.Getenv("SIGUSR1_PARENT_PID") == "") {
  		return 0, nil
  	}
- 	r.destroy()
+ 	if err == nil {
diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index c9f460b2..793df145 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -2,11 +2,13 @@ include runc.inc
 
 # Note: this rev is before the required protocol field, update when all components
 #       have been updated to match.
-SRCREV_runc-docker = "425e105d5a03fabd737a126ad93d62a9eeede87f"
-SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
+SRCREV_runc-docker = "a9833ff391a71b30069a6c3f816db113379a4346"
+SRC_URI = "git://github.com/opencontainers/runc;branch=release-1.1;name=runc-docker;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \
            file://0001-runc-Add-console-socket-dev-null.patch \
            file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
            file://0001-runc-docker-SIGUSR1-daemonize.patch \
           "
 
-RUNC_VERSION = "1.0.0-rc8"
+RUNC_VERSION = "1.1.12"
+
+CVE_PRODUCT = "runc"
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 361bc94b..3b5a9259 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,8 +1,12 @@
 include runc.inc
 
-SRCREV = "652297c7c7e6c94e8d064ad5916c32891a6fd388"
+SRCREV = "e8bb71e147d6044f57dfb5d4da619cf27f830c48"
 SRC_URI = " \
-    git://github.com/opencontainers/runc;branch=master \
+    git://github.com/opencontainers/runc;branch=release-1.1;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX} \
     file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \
     "
-RUNC_VERSION = "1.0.0-rc8"
+RUNC_VERSION = "1.1.12"
+
+CVE_PRODUCT = "runc"
+
+LDFLAGS += "${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', ' -fuse-ld=bfd', '', d)}"
diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc
index 41ea41be..c8e74273 100644
--- a/recipes-containers/runc/runc.inc
+++ b/recipes-containers/runc/runc.inc
@@ -14,20 +14,31 @@ inherit go
 inherit goarch
 inherit pkgconfig
 
-PACKAGECONFIG ??= "static"
 PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
+PACKAGECONFIG[selinux] = "selinux,,libselinux"
 # This PACKAGECONFIG serves the purpose of whether building runc as static or not
 PACKAGECONFIG[static] = ""
 
+PACKAGECONFIG ??= "static \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
+	          "
+
+
 PROVIDES += "virtual/runc"
-RPROVIDES_${PN} = "virtual/runc"
+RPROVIDES:${PN} = "virtual-runc"
 
 GO_IMPORT = "import"
 
 LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer"
 
 do_configure[noexec] = "1"
-EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}"
+
+
+DISTRO_BUILDTAGS ?= "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+
+EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS} ${DISTRO_BUILDTAGS}' GO=${GO}"
 
 do_compile() {
 	# Set GOPATH. See 'PACKAGERS.md'. Don't rely on