crun: update to 1.24

Along with the updates, there seems to be an interaction with our
configuration that is causing generation issues for APIs. We do
some tweaks to the script to work in our environment.

Bumping crun to version 1.24-19-g64611d7a, which comprises the following commits:

    a9187097 Reset the inherited cpu affinity
    d41a45ce Add .editorconfig
    1188a679 configure.ac: check if error function is available
    a569c2e7 cgroup, systemd: improved "same bpf" check
    ccbf0d96 tests: Replace sprintf with snprintf for security
    fc084fdf chroot_realpath: Replace sprintf with snprintf
    b2032647 tests: fix compiler error
    7417ead6 Add tmt integration plan
    54693209 NEWS: tag 1.24
    676c2c12 linux: fix array bounds warning in libcrun_configure_network
    d8a88c06 criu: checkpoint correctly the shared empty directory path
    6ead5130 linux: add support for numa set_mempolicy(2)
    05b9f561 container: add missing crun_make_error
    7f9447ec Revert "cgroup: do not create a sub-cgroup by default"
    275305f8 intelrdt: honor default closID
    e9711231 intelrdt: factor common code in a new function
    dfdcf776 intelrdt: add support for EnableMonitoring
    6c10fb5b intelrdt: check that schemata is not empty before failing
    a9affe5d status: fix error check
    a1119953 cgroup, systemd: validate ebpf is loaded
    7160e31b libocispec: sync
    4004e5be linux: optimize masked paths with shared empty directory
    13d4770d contrib: format contrib files
    8aa7545e krun: avoid failing if sev/nitro are not available
    1556c13f src/libcrun: limit tmpfs memory usage for masked paths
    28d60d87 krun: ensure spec->linux->resources->devices exists
    e486eeab linux: fix regression mounting within userns
    146fdcfe tests: remove unused debug_on_error option
    37f702b7 tests: add ability to set debug=True
    2aac0f56 Fix BOF
    d417e0a4 Fixed BOF
    cfedf930 build(deps): bump actions/checkout from 4 to 5
    eb9912e0 build: add check for static builds
    262d6ac3 cgroup: do not create a sub-cgroup by default

Bumping libocispec to latest, which comprises the following commits:

    345279c runtime-spec: update from upstream
    c3e5101 image-spec: update from upstream
    92656e9 runtime-spec: update from upstream
    19d5aeb runtime-spec: update from upstream
    3c98525 image-spec: update from upstream
    9d1955f sources.py: fix unconditional return in map value clone

Bumping runtime-spec to version v1.2.1-39-g5610abd, which comprises the following commits:

    d7de8c0 ci: bump golangci-lint to v2.5
    9758011 ci: add codespell job, fix existing issues
    9efd9f2 schema/defs-linux.json: fix max for FileMode
    09ec668 config-linux,schema: fix FileMode description
    87f15fb schema: fix json
    869b2d5 linux: clarify pids cgroup settings
    a6c310a config-linux: clarify when the RDT sub-directory should be removed.
    b280c07 config-linux: clarify the "MB:"-line filtering in RDT.
    84b6c2c docs: fix and elaborate the nodes field in Linux memory policy
    0758679 features-linux: expose IntelRdt monitoring support
    e51a839 config-linux: define default clos for linux.intelRdt
    642344a specs-go/features: add linux.intelRdt.schemata field
    34a39b9 config-linux: add intelRdt.enableMonitoring (#1287)
    afd830f principles: fix typo
    57c9495 Add support for Linux memory policy
    c6b3b08 runtime: fail when a poststart hook fails
    af0d16d config: Add Hardware description object to the VM configuration

Bumping image-spec to version v1.1.1-22-g6519a62, which comprises the following commits:

    02ba6e2 Descriptor size cannot be negative
    cee899b Fix: Add entry to schema/go.sum
    558802d Docs: Update pandoc for rendering documentation
    693d8d7 Update to github.com/russross/blackfriday/v2
    cbb69e2 Update to github.com/santhosh-tekuri/jsonschema/v6
    d0e1005 Split github.com/opencontainers/image-spec/schema into a separate Go module
    84ee56d Fix: correct a broken link to "applying changesets"
    0bb67c2 Update GitHub Actions configuration
    ab50866 Chore: Remove GOPATH from GitHub Actions
    4fecf47 Add blake3 as a registered/supported hash algorithm

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

3 files changed, 81 insertions, 5 deletions

diff --git a/recipes-containers/crun/crun/0001-libocispec-correctly-parse-JSON-schema-references.patch b/recipes-containers/crun/crun/0001-libocispec-correctly-parse-JSON-schema-references.patch
new file mode 100644
index 00000000..9613ac5e
--- /dev/null
+++ b/recipes-containers/crun/crun/0001-libocispec-correctly-parse-JSON-schema-references.patch
@@ -0,0 +1,43 @@
+From 30ff5f092bc9799b7037f94fe415ae98f447013a Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Fri, 17 Oct 2025 11:03:41 -0400
+Subject: [PATCH] libocispec: correctly parse JSON schema references
+
+The `generate.py` script was failing to parse JSON schema references that
+use a `#` to separate the file path from the fragment. The script was
+incorrectly splitting the reference at `#/`, which caused `FileNotFoundError`
+for local references (e.g. `#definitions/uint32`) and for references
+to other files (e.g. `config-solaris.json#/solaris`).
+
+This commit fixes the `splite_ref_name` function to correctly split the
+reference at the `#` character, and handles both local and remote
+references properly.
+
+Upstream-Status: Inappropriate [configuration specific]
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ src/ocispec/generate.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/ocispec/generate.py b/src/ocispec/generate.py
+index 530d69d..75bed78 100755
+--- a/src/ocispec/generate.py
++++ b/src/ocispec/generate.py
+@@ -150,7 +150,12 @@ def splite_ref_name(ref):
+     Interface: None
+     History: 2019-06-17
+     """
+-    tmp_f, tmp_r = ref.split("#/") if '#/' in ref else (ref, "")
++    if '#' in ref:
++        parts = ref.split('#', 1)
++        tmp_f = parts[0]
++        tmp_r = parts[1].lstrip('/')
++    else:
++        tmp_f, tmp_r = ref, ""
+     return tmp_f, tmp_r
+ 
+ 
+-- 
+2.39.2
+
diff --git a/recipes-containers/crun/crun/0002-libocispec-fix-array-items-parsing.patch b/recipes-containers/crun/crun/0002-libocispec-fix-array-items-parsing.patch
new file mode 100644
index 00000000..4de26379
--- /dev/null
+++ b/recipes-containers/crun/crun/0002-libocispec-fix-array-items-parsing.patch
@@ -0,0 +1,31 @@
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Fri, 17 Oct 2025 12:00:00 -0400
+Subject: [PATCH] libocispec: fix array items parsing
+
+The `generate.py` script fails when an array's `items` property is an
+array of schemas, which is valid according to the JSON schema spec.
+This commit adds a check to handle this case by using the first schema
+in the array.
+
+Upstream-Status: Inappropriate [configuration specific]
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+
+---
+ src/ocispec/generate.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ocispec/generate.py b/src/ocispec/generate.py
+--- a/src/ocispec/generate.py
++++ b/src/ocispec/generate.py
+@@ -423,6 +423,10 @@
+     History: 2019-06-17
+     """
+     cur = node_info.cur
++
++    if isinstance(cur["items"], list):
++        # If items is a list, use the first element as the item schema.
++        cur["items"] = cur["items"][0]
+ 
+     if 'allOf' in cur["items"]:
+         return gen_all_arr_typnode(node_info, src, typ, refname)
diff --git a/recipes-containers/crun/crun_git.bb b/recipes-containers/crun/crun_git.bb
index ccd14310..edaf15b8 100644
--- a/recipes-containers/crun/crun_git.bb
+++ b/recipes-containers/crun/crun_git.bb
@@ -3,10 +3,10 @@ LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 PRIORITY = "optional"
 
-SRCREV_crun = "ca8e5c74c13dbd5b1125d0357a9081d283a50971"
-SRCREV_libocispec = "68397329bc51a66c56938fc4111fac751d6fd3b0"
-SRCREV_ispec = "64294bd7a2bf2537e1a6a34d687caae70300b0c4"
-SRCREV_rspec = "82cca47c22f5e87880421381fe1f8e0ef541ab64"
+SRCREV_crun = "64611d7ac938b8397e8a00a0e69987583fadec7d"
+SRCREV_libocispec = "552ccbbad3aaff8e07e8fbad210ec3b4c9c95a66"
+SRCREV_ispec = "6519a62d628ec31b5da156de745b516d8850c8e3"
+SRCREV_rspec = "5610abdb9fac3b48b2c0ba6216d77320cbbbfb6f"
 SRCREV_yajl = "f344d21280c3e4094919fd318bc5ce75da91fc06"
 
 SRCREV_FORMAT = "crun_rspec"
@@ -15,9 +15,11 @@ SRC_URI = "git://github.com/containers/crun.git;branch=main;name=crun;protocol=h
            git://github.com/opencontainers/runtime-spec.git;branch=main;name=rspec;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/libocispec/runtime-spec;protocol=https \
            git://github.com/opencontainers/image-spec.git;branch=main;name=ispec;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/libocispec/image-spec;protocol=https \
            git://github.com/containers/yajl.git;branch=main;name=yajl;destsuffix=${BB_GIT_DEFAULT_DESTSUFFIX}/libocispec/yajl;protocol=https \
+           file://0001-libocispec-correctly-parse-JSON-schema-references.patch;patchdir=libocispec \
+           file://0002-libocispec-fix-array-items-parsing.patch;patchdir=libocispec \
           "
 
-PV = "v1.23.1+git${SRCREV_crun}"
+PV = "v1.24.0+git"
 
 inherit autotools-brokensep pkgconfig