packages: update runc

[etungsten]

Issue number:

N/A

Description of changes:

    packages: update runc
    
    Updates runc to v1.1.5

The update fixes three CVEs

CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
hierarchies on the host were affected. This vulnerability was
discovered by Akihiro Suda.
GHSA-m8cg-xc2p-r3fc

GHSA-vpvm-3wq2-2wvm was a regression which effectively re-introduced
GHSA-fh74-hm69-rqjw. This bug was present from v1.0.0-rc95 to v1.1.4. This
regression was discovered by @Beuc.
GHSA-vpvm-3wq2-2wvm

CVE-2023-28642 is a variant of GHSA-vpvm-3wq2-2wvm and was fixed by the same
patch. This variant of the above vulnerability was reported by Lei
Wang.
GHSA-g2j6-57v7-gm8c

Testing done:

aws-k8s-1.24 builds fine, node joins cluster fine, runs pods fine:

$ kubectl get nodes -o wide
NAME                                           STATUS   ROLES    AGE     VERSION                INTERNAL-IP      EXTERNAL-IP    OS-IMAGE                                KERNEL-VERSION   CONTAINER-RUNTIME
ip-192-168-19-132.us-west-2.compute.internal   Ready    <none>   10m     v1.24.10-eks-08ad9cc   192.168.19.132   54.188.80.82   Bottlerocket OS 1.14.0 (aws-k8s-1.24)   5.15.90          containerd://1.6.19+bottlerocket
ip-192-168-2-19.us-west-2.compute.internal     Ready    <none>   3m52s   v1.24.10-eks-08ad9cc   192.168.2.19     35.85.49.171   Bottlerocket OS 1.14.0 (aws-k8s-1.24)   5.15.90          containerd://1.6.19+bottlerocket

aws-ecs-1 builds fine, can run a sample nginx task fine:

[ssm-user@control]$ apiclient get os
{
  "os": {
    "arch": "x86_64",
    "build_id": "745f472e",
    "pretty_name": "Bottlerocket OS 1.14.0 (aws-ecs-1)",
    "variant_id": "aws-ecs-1",
    "version_id": "1.14.0"
  }
}
[ssm-user@control]$ curl localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[stmcginnis]

Looks good!

Built and deployed, deployed a test pod:

NAME        READY   STATUS    RESTARTS   AGE
webserver   1/1     Running   0          7s

Everything appears to be functional with the updated runc.