From 2741d90c7576f563af370f507cb6e02a62dee0d8 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Thu, 12 Dec 2024 17:23:59 +0000
Subject: [PATCH 1/4] coredns/1.12.0-r1: fix GHSA-v778-237x-gjrc

---
 coredns.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/coredns.yaml b/coredns.yaml
index f2bb87bb525..fdd50eedd56 100644
--- a/coredns.yaml
+++ b/coredns.yaml
@@ -1,7 +1,7 @@
 package:
   name: coredns
   version: 1.12.0
-  epoch: 1
+  epoch: 2
   description: CoreDNS is a DNS server that chains plugins
   copyright:
     - license: Apache-2.0
@@ -25,7 +25,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: github.com/quic-go/quic-go@v0.48.2
+      deps: github.com/quic-go/quic-go@v0.48.2 golang.org/x/crypto@v0.31.0
 
   - uses: go/build
     with:

From 0e9a04f494142241352eb7c2a1da2fb0395f510e Mon Sep 17 00:00:00 2001
From: Ville Aikas <vaikas@chainguard.dev>
Date: Mon, 16 Dec 2024 17:53:54 -0800
Subject: [PATCH 2/4] Just force a rebuild by adding quotes around setcap.
 Seeing different error locally.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
---
 coredns.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coredns.yaml b/coredns.yaml
index fdd50eedd56..95df37547e7 100644
--- a/coredns.yaml
+++ b/coredns.yaml
@@ -33,7 +33,7 @@ pipeline:
       output: coredns
       packages: .
 
-  - runs: setcap cap_net_bind_service=+ep "${{targets.contextdir}}/usr/bin/coredns"
+  - runs: "setcap cap_net_bind_service=+ep" "${{targets.contextdir}}/usr/bin/coredns"
 
 subpackages:
   - name: kuma-coredns

From 0ebd174904c04ee16d8632eac0d8f7984e88c4d2 Mon Sep 17 00:00:00 2001
From: Ville Aikas <vaikas@chainguard.dev>
Date: Mon, 16 Dec 2024 17:57:33 -0800
Subject: [PATCH 3/4] undo force of rebuild.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
---
 coredns.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coredns.yaml b/coredns.yaml
index 95df37547e7..fdd50eedd56 100644
--- a/coredns.yaml
+++ b/coredns.yaml
@@ -33,7 +33,7 @@ pipeline:
       output: coredns
       packages: .
 
-  - runs: "setcap cap_net_bind_service=+ep" "${{targets.contextdir}}/usr/bin/coredns"
+  - runs: setcap cap_net_bind_service=+ep "${{targets.contextdir}}/usr/bin/coredns"
 
 subpackages:
   - name: kuma-coredns

From fa431514f228642a5dfb678e273b51645b9e8c6b Mon Sep 17 00:00:00 2001
From: Ville Aikas <vaikas@chainguard.dev>
Date: Mon, 16 Dec 2024 20:12:46 -0800
Subject: [PATCH 4/4] Set the GOLANG_VERSION to our toolchain since they set it
 based off the .go.version file and it breaks the subpackage builds.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
---
 coredns.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/coredns.yaml b/coredns.yaml
index fdd50eedd56..a626fb7d300 100644
--- a/coredns.yaml
+++ b/coredns.yaml
@@ -40,6 +40,11 @@ subpackages:
     description: CoreDNS with plugins used by Kuma
     pipeline:
       - runs: |
+          # We need to explicitly set the GOLANG_VERSION since it's used by
+          # the make file below and if there are mismatches, things go bad.
+          # For more details: https://github.com/wolfi-dev/os/pull/36612#issuecomment-2547453359
+          export GOLANG_VERSION=`go version | sed -n 's/.*go\([0-9.]*\).*/\1/p'`
+
           # Build with plugins used by Kuma
           # Plugin list: https://github.com/kumahq/coredns-builds/blob/main/plugin.cfg
           mv kuma-plugin.cfg plugin.cfg