flatcar · krnowak · Feb 7, 2024 · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024
diff --git a/changelog/security/2024-02-06-docker.md b/changelog/security/2024-02-06-docker.md
@@ -0,0 +1,2 @@
+- docker ([CVE-2024-24557](https://nvd.nist.gov/vuln/detail/CVE-2024-24557))
+- runc ([CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626))
diff --git a/changelog/updates/2024-02-06-docker.md b/changelog/updates/2024-02-06-docker.md
@@ -0,0 +1,3 @@
+- docker ([24.0.9](https://github.com/moby/moby/releases/tag/v24.0.9))
+- runc ([1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12))
+- containerd ([1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13))
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
@@ -1,4 +1,4 @@
 DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945
-DIST containerd-1.7.10.tar.gz 10013345 BLAKE2B 9ba3dfa140f88eebca98b242cd08835dff8392a351f4232a538fbbb34cffdc9e3434322913ccec45801b6ed06d42a7bea787669d8e7156830dcdf76ccaa80ef9 SHA512 b3e9f13ad981b7a9226c23dda3f6bfdc2267c78d549d033d1cab8c4b94c2e6d62025259e80bad23cacbe1a06b39c098d6d4d48414180c85ef61bbb46b9b261d0
+DIST containerd-1.7.13.tar.gz 10047499 BLAKE2B 792eca378db4e1f7c57d68e00e2c77d11eab1ca60d280f662f1152a349d1c5ddc2a3a334484741e9a4a81f25cb800dce042eea94307c9f020d850ed81ef533aa SHA512 b2932387ea14b8fb76e2583b862ec6495b2e08a8fd7cdf169978d554e8b352b44bb27585c9de1e4e3bb3984d0050d0f3de9bc7a559205d3130c2fe40f961feb4
 DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5
 DIST containerd-1.7.6.tar.gz 9714550 BLAKE2B 863df1a8ab0f0fe6ec62893ed64824763c1b5230fe830fa268820ce0d6254c79e1ac62ab1261a74785b86b01dff83ea9109a899857fa47a48f2cf2eaf298fea8 SHA512 8b7e13c6ea544754ba7d53092d143f3fd2224b9bc874a33d8a00b781e719927f1b22ad5cd1e35b7b95e4890e630f4b92308549a970587ccdf9dbb8eb470e2703
diff --git a/...iners/containerd/containerd-1.7.10.ebuild → ...iners/containerd/containerd-1.7.13.ebuild b/...iners/containerd/containerd-1.7.10.ebuild → ...iners/containerd/containerd-1.7.13.ebuild
@@ -3,15 +3,15 @@
 
 EAPI=8
 inherit go-module systemd
-GIT_REVISION=1ef721890e131f77b3ed03e3d6a6ddfe53596b06
+GIT_REVISION=99b8088b873ba42b788f29ccd0dc26ebb6952f1e
 
 DESCRIPTION="A daemon to control runC"
 HOMEPAGE="https://containerd.io/"
 SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
 
 LICENSE="Apache-2.0"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+KEYWORDS="amd64 ~arm arm64 ~ppc64 ~riscv ~x86"
 IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
 
 DEPEND="
@@ -22,7 +22,7 @@ DEPEND="
 # recommended version of runc is found in script/setup/runc-version
 RDEPEND="
 	${DEPEND}
-	~app-containers/runc-1.1.9[apparmor?,seccomp?]
+	~app-containers/runc-1.1.12[apparmor?,seccomp?]
 "
 
 BDEPEND="

diff --git a/sdk_container/src/third_party/portage-stable/app-containers/docker-cli/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/docker-cli/Manifest
@@ -2,3 +2,8 @@ DIST docker-cli-24.0.5-man.tar.xz 82496 BLAKE2B f3295b684dbf8d251ba13a19b9bad9b8
 DIST docker-cli-24.0.5.tar.gz 6243993 BLAKE2B a7ce84ecf329bc74e48f3a6e1b12a9e310a8f27ac68918ffeb40ab9c4eab8b79e753265b48220fcd3ab40b4136de5ebd44607831f642664eaf732111bd8f41b1 SHA512 765c67634d91d248b156d3e407398b98b7a0a89507bbac0310d4a68b95aa1a05e3af43c8b90bc10166748749d8cc36670619fc9efca110beefbdcd4385dc96be
 DIST docker-cli-24.0.6-man.tar.xz 82600 BLAKE2B 9e39bf200d252a0d91b0b6f17680a4c1b34e55cc9f357a59f124138cef39c5ff10fb104c51efe3010bca9a4f72447764ced1c02e3bb3924051fa6f1f01a8f6fa SHA512 5e972647961899e438b765f53afff570b9f0c1742c7c72a3a424887719c3a6afbd467d15884d44ac64b752c984261967f304afa5c168466fe6f611967d18a578
 DIST docker-cli-24.0.6.tar.gz 6244014 BLAKE2B c5f2082e44a568d3f6ee2ff5df9e9b727808f0b70d7d0c6c18b9769c1c4d0f49d371cbd08c95e748d441dc0ef011b66446527b0eeb33368ee59b85496185ba12 SHA512 55c56ae08eb314cce5f4c93544c6748586eadb3abe502d39d4d297e14d274af37346b38695a20a91dcfe51d3d35a77ddd7aa69d170b525e5e6ba345161869cd8
+DIST docker-cli-24.0.7-man.tar.xz 82228 BLAKE2B 7fbf114a724157243c78de9ae03b5d0b1237c5b506cd44edd7a28ffc13609a36b7acf66a25e1eff9f60966e48346d97e70f946cca9301f27fd0355db53a1994d SHA512 af2075e3c731c7e0da4941f4baf35e798f87d1e1f3fa09e85b27a4bcadfd767074af2acaff1fd919d8af2a89ed6d49daefcc0811342d1757886db7a28d1252f2
+DIST docker-cli-24.0.7.tar.gz 6451010 BLAKE2B de047f55ce388c09ec33492f470daf87c6f2d1651b0cd839634183494fba4065506661d2d15aac0dc076d005426411f4099ba8e8d95ea2c7247bb114a00f4eef SHA512 b4811e4ecaf1f17e5a53ee4fb34affab79545d87a1662b0f915efb28108989128f8bbf165c4aed111fcb0c851f7ec7d9137eb0f31447d698b058ff4200dba18d
+DIST docker-cli-24.0.9.tar.gz 6455296 BLAKE2B f0afa96e8bab29caf1a06d3a1996c60d501b5d4b779fdcdf2f86387f231a9b0653bc23d277d4abdfa404829a2990b4d8a7efb9f81ff792beadf376468de17cb6 SHA512 7abfbf593783ffaadf84461b7e6dcbef7fbb857166721ba8004531212a231f4630a747c09ef8a3a5cf119861c51465ba3d5bc4b63f0e4d76936fd3b1baff530f
+DIST docker-cli-25.0.1-man.tar.xz 78920 BLAKE2B a4b483e7d3b5c5a70d834a49ca04cd94f76745a8666bbbbbb7aabe9bae887e84b7511e18c455aa213a68d116e3c9bd9652bc5a7afb032e102213d41cc3b7450f SHA512 7a5b676ee9618d0c8d0f3c5690d5d9999dc5a28ba0aa5c41c9da0d1c99da2878502d055e9e8dad71674a84deaffeb07c28a4ac89941c972909fa455447e3c2bc
+DIST docker-cli-25.0.1.tar.gz 6860093 BLAKE2B c0745afe7f009b692c91029e9a0a447a1179c2a865b6021f6d48aa2f44e3405084244ca6802c15eb389151fc46fa194efb535ca4c824bfcd92c1ad51371ff1fe SHA512 6443f3184313acf34292f44b60b0de48c4cb141c607be81988aaacca36a6e4b6c862b249a5fba1c7f22b11523b42f3d38939f695e12f64eca305218add92d65f
diff --git a/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-24.0.7.ebuild b/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-24.0.7.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+GIT_COMMIT=afdd53b4e3
+EGO_PN="github.com/docker/cli"
+MY_PV=${PV/_/-}
+inherit bash-completion-r1  golang-vcs-snapshot
+
+DESCRIPTION="the command line binary for docker"
+HOMEPAGE="https://www.docker.com/"
+SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="hardened selinux"
+
+RDEPEND="!<app-containers/docker-20.10.1
+	selinux? ( sec-policy/selinux-docker )"
+BDEPEND="
+	>=dev-lang/go-1.16.6"
+
+RESTRICT="installsources strip test"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+src_unpack() {
+	golang-vcs-snapshot_src_unpack
+	set -- ${A}
+	unpack ${2}
+}
+
+src_prepare() {
+	default
+	sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
+}
+
+src_compile() {
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+	export GOPATH="${WORKDIR}/${P}"
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)"
+		emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="${PV}" \
+		GITCOMMIT="${GIT_COMMIT}" \
+		dynbinary
+}
+
+src_install() {
+	dobin build/docker
+	doman "${WORKDIR}"/man/man?/*
+	dobashcomp contrib/completion/bash/*
+	bashcomp_alias docker dockerd
+	insinto /usr/share/fish/vendor_completions.d/
+	doins contrib/completion/fish/docker.fish
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+}
+
+pkg_postinst() {
+	has_version "app-containers/docker-buildx" && return
+	ewarn "the 'docker build' command is deprecated and will be removed in a"
+	ewarn "future release. If you need this functionality, install"
+	ewarn "app-containers/docker-buildx."
+}
diff --git a/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-24.0.9.ebuild b/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-24.0.9.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+GIT_COMMIT=2936816130
+EGO_PN="github.com/docker/cli"
+MY_PV=${PV/_/-}
+inherit bash-completion-r1  golang-vcs-snapshot
+
+DESCRIPTION="the command line binary for docker"
+HOMEPAGE="https://www.docker.com/"
+SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
+#SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 ~arm arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="hardened selinux"
+
+RDEPEND="!<app-containers/docker-20.10.1
+	selinux? ( sec-policy/selinux-docker )"
+BDEPEND="
+	>=dev-lang/go-1.16.6"
+
+RESTRICT="installsources strip test"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+src_unpack() {
+	golang-vcs-snapshot_src_unpack
+	set -- ${A}
+	#unpack ${2}
+}
+
+src_prepare() {
+	default
+	sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
+}
+
+src_compile() {
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+	export GOPATH="${WORKDIR}/${P}"
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)"
+		emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="${PV}" \
+		GITCOMMIT="${GIT_COMMIT}" \
+		dynbinary
+}
+
+src_install() {
+	dobin build/docker
+	#doman "${WORKDIR}"/man/man?/*
+	dobashcomp contrib/completion/bash/*
+	bashcomp_alias docker dockerd
+	insinto /usr/share/fish/vendor_completions.d/
+	doins contrib/completion/fish/docker.fish
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+}
+
+pkg_postinst() {
+	has_version "app-containers/docker-buildx" && return
+	ewarn "the 'docker build' command is deprecated and will be removed in a"
+	ewarn "future release. If you need this functionality, install"
+	ewarn "app-containers/docker-buildx."
+}
diff --git a/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-25.0.1.ebuild b/...ntainer/src/third_party/portage-stable/app-containers/docker-cli/docker-cli-25.0.1.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+GIT_COMMIT=29cf629222
+EGO_PN="github.com/docker/cli"
+MY_PV=${PV/_/-}
+inherit bash-completion-r1  golang-vcs-snapshot
+
+DESCRIPTION="the command line binary for docker"
+HOMEPAGE="https://www.docker.com/"
+SRC_URI="https://github.com/docker/cli/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI+=" https://dev.gentoo.org/~williamh/dist/${P}-man.tar.xz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
+IUSE="hardened selinux"
+
+RDEPEND="!<app-containers/docker-20.10.1
+	selinux? ( sec-policy/selinux-docker )"
+BDEPEND="
+	>=dev-lang/go-1.16.6"
+
+RESTRICT="installsources strip test"
+
+S="${WORKDIR}/${P}/src/${EGO_PN}"
+
+src_unpack() {
+	golang-vcs-snapshot_src_unpack
+	set -- ${A}
+	unpack ${2}
+}
+
+src_prepare() {
+	default
+	sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die
+}
+
+src_compile() {
+	export DISABLE_WARN_OUTSIDE_CONTAINER=1
+	export GOPATH="${WORKDIR}/${P}"
+	# setup CFLAGS and LDFLAGS for separate build target
+	# see https://github.com/tianon/docker-overlay/pull/10
+	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
+	export CGO_LDFLAGS="-L${ESYSROOT}/usr/$(get_libdir)"
+		emake \
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')" \
+		VERSION="${PV}" \
+		GITCOMMIT="${GIT_COMMIT}" \
+		dynbinary
+}
+
+src_install() {
+	dobin build/docker
+	doman "${WORKDIR}"/man/man?/*
+	dobashcomp contrib/completion/bash/*
+	bashcomp_alias docker dockerd
+	insinto /usr/share/fish/vendor_completions.d/
+	doins contrib/completion/fish/docker.fish
+	insinto /usr/share/zsh/site-functions
+	doins contrib/completion/zsh/_*
+}
+
+pkg_postinst() {
+	has_version "app-containers/docker-buildx" && return
+	ewarn "the 'docker build' command is deprecated and will be removed in a"
+	ewarn "future release. If you need this functionality, install"
+	ewarn "app-containers/docker-buildx."
+}
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/docker-cli/metadata.xml b/sdk_container/src/third_party/portage-stable/app-containers/docker-cli/metadata.xml
@@ -11,5 +11,6 @@
 	</maintainer> 
 	<upstream>
 		<remote-id type="github">docker/cli</remote-id>
+		<remote-id type="cpe">cpe:/a:docker:command_line_interface</remote-id>
 	</upstream>
 </pkgmetadata>
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/docker/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/docker/Manifest
@@ -1,2 +1,5 @@
 DIST docker-24.0.5.tar.gz 14456089 BLAKE2B be13a4256787152cb35ddb96d80e97a5e5b587094f1c61d18158737a037c4e81b88c186098ba7416eb7778022ece07bc31ee55af13d3e3da8e0bbd5452ad027f SHA512 cde2e47e7658b153399ee29154ec21eebf54b292185e07d43b968895dcfdfead95e4507fefb713859a4540f21d8007116d3ebeaa1fb7ba305fb2a0449ba1bee6
 DIST docker-24.0.6.tar.gz 14462378 BLAKE2B bced8e687abac59254a9969df46f323a835627a724889e5966bea08df8766b4291914442001d1b573280c45ac4d357a673e98e8fba2b8d116a1dbd65424ccf78 SHA512 d9bf0ba756b1ebe69a44819d7c6aa5d66dad8db5bcc41233e2bfce8131334a2fe1af3972de7f602b7911231288d29aaea797b7a05b335c2d7214a613b27c4b63
+DIST docker-24.0.7.tar.gz 14658649 BLAKE2B 73bad494640ef8cad2b9b991f94414d8bec4dd88b120b0f8238f74d01269c445270f45410ac2c78af074356c3ba60a7c550ab28f5da5924bdc6d8b99e85a1360 SHA512 08f22fcbce163c3ba8eb21302fd38ff04fd3f27067f5715a3c527ba2efe67f694fac80bfe6d6b5e22d06d98917e1685a9d3d9b58991f221354f637f4a8bdc526
+DIST docker-24.0.9.tar.gz 14667617 BLAKE2B 4f72c08e21e7c0eacbae5f31bcab0aac64f12b70e5e7c54f49e4e9f3837194144ea46246b5ed53c25ecdb5edf9b710654221f6da10dec48de49a5481f9fb85ac SHA512 b71a058f32fb80676bb4c83f5d2236c9496ffc5c7f216ebff5bcac6f5959e121be3b2bfd2ff9aa5cccee27f71947dfe5b76090e82020806cc9ee452cd1f21084
+DIST docker-25.0.1.tar.gz 15936052 BLAKE2B 32b24893c9b098b218b16548be074588ad98ed31c8b87ab3fa467f79e33e96ce94f694b86f2920b1166e64c153b1c2482cb602117f673d23f0fc5ccc9b28ae92 SHA512 816c888925cf609e7caa6e491b45614f69fdd7df5ed4f783d8a77cf86d9f46f4f457a95a943aa75ecddf99d080daf78bc0dba55e9648960dc539b1ae62052361