From a7b31cf720e4086d98bc46a418cd8e797cd9a5f2 Mon Sep 17 00:00:00 2001
From: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
Date: Wed, 18 Dec 2024 10:23:59 -0800
Subject: [PATCH] Upgrade runc version to 1.2.2 and libseccomp to 2.5.5
 (#11029)

As containerd 2.0 GA recently, we want to provide containerd 2.0 in azure linux 3.0 to enhance our distro. containerd 2.0 requires runc 1.2 as a dependency. The latest runc version 1.2.2 introduces security enhancement and supports new features, such as user namespace, so we want to upgrade runc to the latest version and align with the Fedora offerings. This PR is to upgrade runc version to 1.2.2 and libseccomp to 2.5.5. As a follow-up, containerd 2.0 will be added as a standalone package in a separate PR.
---
 SPECS/libseccomp/libseccomp.signatures.json |  2 +-
 SPECS/libseccomp/libseccomp.spec            |  5 ++++-
 SPECS/runc/runc.signatures.json             |  2 +-
 SPECS/runc/runc.spec                        | 12 ++++++++----
 cgmanifest.json                             |  8 ++++----
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/SPECS/libseccomp/libseccomp.signatures.json b/SPECS/libseccomp/libseccomp.signatures.json
index 810e1646b60..e07a10271da 100644
--- a/SPECS/libseccomp/libseccomp.signatures.json
+++ b/SPECS/libseccomp/libseccomp.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "libseccomp-2.5.4.tar.gz": "d82902400405cf0068574ef3dc1fe5f5926207543ba1ae6f8e7a1576351dcbdb"
+    "libseccomp-2.5.5.tar.gz": "248a2c8a4d9b9858aa6baf52712c34afefcf9c9e94b76dce02c1c9aa25fb3375"
   }
 }
diff --git a/SPECS/libseccomp/libseccomp.spec b/SPECS/libseccomp/libseccomp.spec
index 61b68835420..3916f24b162 100644
--- a/SPECS/libseccomp/libseccomp.spec
+++ b/SPECS/libseccomp/libseccomp.spec
@@ -1,6 +1,6 @@
 Summary:        Enhanced seccomp library
 Name:           libseccomp
-Version:        2.5.4
+Version:        2.5.5
 Release:        1%{?dist}
 License:        LGPLv2
 Vendor:         Microsoft Corporation
@@ -62,6 +62,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man3/*
 
 %changelog
+* Tue Nov 05 2024 Nan Liu <liunan@microsoft.com> - 2.5.5-1
+- Upgrade to 2.5.5 as other older version is no longer supported upstream
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.5.4-1
 - Auto-upgrade to 2.5.4 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/runc/runc.signatures.json b/SPECS/runc/runc.signatures.json
index 4cdcc7d971a..18a8b03544d 100644
--- a/SPECS/runc/runc.signatures.json
+++ b/SPECS/runc/runc.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "runc-1.1.12.tar.gz": "be31b07d6a54a8f234016501c300ad04b6c428c56588e7eca8c3b663308db208"
+  "runc-1.2.2.tar.gz": "0eabc936d481d123be92c429588f9d1de7cafd36b37a8a5085b1412e758796a1"
  }
 }
diff --git a/SPECS/runc/runc.spec b/SPECS/runc/runc.spec
index 332add7b584..8523a32c790 100644
--- a/SPECS/runc/runc.spec
+++ b/SPECS/runc/runc.spec
@@ -1,9 +1,9 @@
-%define         commit_hash 51d5e94601ceffbbd85688df1c928ecccbfa4685
+%define         commit_hash 7cb363254b69e10320360b63fb73e0ffb5da7bf2
 Summary:        CLI tool for spawning and running containers per OCI spec.
 Name:           runc
 # update "commit_hash" above when upgrading version
-Version:        1.1.12
-Release:        2%{?dist}
+Version:        1.2.2
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -12,7 +12,7 @@ URL:            https://github.com/opencontainers/runc
 Source0:        https://github.com/opencontainers/runc/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRequires:  git
 BuildRequires:  go-md2man
-BuildRequires:  golang < 1.23
+BuildRequires:  golang
 BuildRequires:  libseccomp-devel
 BuildRequires:  make
 Requires:       glibc
@@ -43,6 +43,10 @@ make install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
 %{_mandir}/*
 
 %changelog
+* Mon Nov 25 2024 Nan Liu <liunan@microsoft.com> - 1.2.2-1
+- Bump version to 1.2.2
+- Remove the golang version constraint
+
 * Tue Oct 15 2024 Muhammad Falak <mwani@microsoft.com> - 1.1.12-2
 - Pin golang version to <= 1.22
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 1c0e0a4dd3d..60d26ab981a 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -10841,8 +10841,8 @@
         "type": "other",
         "other": {
           "name": "libseccomp",
-          "version": "2.5.4",
-          "downloadUrl": "https://github.com/seccomp/libseccomp/releases/download/v2.5.4/libseccomp-2.5.4.tar.gz"
+          "version": "2.5.5",
+          "downloadUrl": "https://github.com/seccomp/libseccomp/releases/download/v2.5.5/libseccomp-2.5.5.tar.gz"
         }
       }
     },
@@ -27064,8 +27064,8 @@
         "type": "other",
         "other": {
           "name": "runc",
-          "version": "1.1.12",
-          "downloadUrl": "https://github.com/opencontainers/runc/archive/v1.1.12.tar.gz"
+          "version": "1.2.2",
+          "downloadUrl": "https://github.com/opencontainers/runc/archive/v1.2.2.tar.gz"
         }
       }
     },