Bump runc from v1.1.13 to v1.1.14

cache/runc.json

@@ -0,0 +1,7 @@
+{
+  "tagName": "v1.1.14",
+  "url": "https://github.com/opencontainers/runc/releases/tag/v1.1.14",
+  "description": "This is the fourteenth patch release in the 1.1.z release branch of\r\nrunc. It includes a fix for a low severity security issue\r\n(CVE-2024-45310) as well as some minor build-related fixes (including Go\r\n1.23 support).\r\n\r\n * Fix [CVE-2024-45310][cve-2024-45310], a low-severity attack that allowed\r\n   maliciously configured containers to create empty files and directories on\r\n   the host.\r\n * Add support for Go 1.23. (#4360, #4372)\r\n * Revert \"allow overriding VERSION value in Makefile\" and add EXTRA_VERSION.\r\n   (#4370, #4382)\r\n * rootfs: consolidate mountpoint creation logic. (#4359)\r\n\r\n[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\r\n\r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n  - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n * Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n\r\nSigned-off-by: Aleksa Sarai <cyphar@cyphar.com>",
+  "publishedAt": "2024-09-03T01:26:22Z",
+  "isLatest": true
+}

roles/kubespray-defaults/defaults/main/checksums.yml

@@ -750,27 +750,31 @@ cri_dockerd_archive_checksums:
     0.3.5: 0
 runc_checksums:
   arm:
+    v1.1.14: 0
     v1.1.13: 0
     v1.1.12: 0
     v1.1.11: 0
     v1.1.10: 0
     v1.1.9: 0
     v1.1.8: 0
   arm64:
+    v1.1.14: 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126
     v1.1.13: 4b93701752f5338ed51592b38e039aef8c1a59856d1225df21eba84c2830743c
     v1.1.12: 879f910a05c95c10c64ad8eb7d5e3aa8e4b30e65587b3d68e009a3565aed5bb8
     v1.1.11: 9f1ee53f06b78cc4a115ca6ae4eec10567999539ce828a22c5351edba043ed12
     v1.1.10: 4830afd426bdeacbdf9cb8729524aa2ed51790b8c4b28786995925593708f1c8
     v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0
     v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658
   amd64:
+    v1.1.14: a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8
     v1.1.13: bcfc299c1ab255e9d045ffaf2e324c0abaf58f599831a7c2c4a80b33f795de94
     v1.1.12: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
     v1.1.11: 77ae134de014613c44d25e6310a57a219a7a91155cd47d069a0f22a2cad5caea
     v1.1.10: 81f73a59be3d122ab484d7dfe9ddc81030f595cc59968f61c113a9a38a2c113a
     v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43
     v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b
   ppc64le:
+    v1.1.14: 31630474455c4208594623f1337a06556c7fe42d3983000ca800ad3bef6d8164
     v1.1.13: 4675d51dc0b08ad8e17d3065f2e4ce47760728945f33d3092385e792357e6519
     v1.1.12: 4069d1d57724126e116ad6dbd84409082d1b0afee1ee960b17558f146a742bb6
     v1.1.11: e3d1da41f97db1bb7e9a8d96c9092747c14ee53bc9f160048828e63f3a2d0896

roles/kubespray-defaults/defaults/main/download.yml

@@ -75,7 +75,7 @@ image_arch: "{{ host_architecture | default('amd64') }}"
 
 # Versions
 crun_version: 1.14.4
-runc_version: v1.1.13
+runc_version: v1.1.14
 kata_containers_version: 3.1.3
 youki_version: 0.1.0
 gvisor_version: 20240305

version_diff.json

@@ -0,0 +1,17 @@
+{
+  "runc": {
+    "current_version": "v1.1.13",
+    "latest_version": "v1.1.14",
+    "release": {
+      "tagName": "v1.1.14",
+      "url": "https://github.com/opencontainers/runc/releases/tag/v1.1.14",
+      "description": "This is the fourteenth patch release in the 1.1.z release branch of\r\nrunc. It includes a fix for a low severity security issue\r\n(CVE-2024-45310) as well as some minor build-related fixes (including Go\r\n1.23 support).\r\n\r\n * Fix [CVE-2024-45310][cve-2024-45310], a low-severity attack that allowed\r\n   maliciously configured containers to create empty files and directories on\r\n   the host.\r\n * Add support for Go 1.23. (#4360, #4372)\r\n * Revert \"allow overriding VERSION value in Makefile\" and add EXTRA_VERSION.\r\n   (#4370, #4382)\r\n * rootfs: consolidate mountpoint creation logic. (#4359)\r\n\r\n[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\r\n\r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n  - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n * Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n\r\nSigned-off-by: Aleksa Sarai <cyphar@cyphar.com>",
+      "publishedAt": "2024-09-03T01:26:22Z",
+      "isLatest": true,
+      "component": "runc",
+      "owner": "opencontainers",
+      "repo": "runc",
+      "release_type": "release"
+    }
+  }
+}