diff --git a/_service b/_service
index 0dfeca6..068709a 100644
--- a/_service
+++ b/_service
@@ -1,20 +1,20 @@
-
-
+
+
https://github.com/moby/buildkit.git
git
.git
- v0.12.4
+ v0.12.5
@PARENT_TAG@
enable
v(.*)
-
-
+
+
*.tar
zst
-
+
zst
diff --git a/_servicedata b/_servicedata
index 5533f3b..c1d722f 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
https://github.com/moby/buildkit.git
- 833949d0f7908608b00ab6b93b8f92bdb147fcca
+ bac3f2b673f3f9d33e79046008e7a38e856b3dc6
-
+
\ No newline at end of file
diff --git a/buildkit-0.12.4.tar.zst b/buildkit-0.12.4.tar.zst
deleted file mode 100644
index d67bc88..0000000
--- a/buildkit-0.12.4.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2461a23f704b5b0bc4f7ca9f78ff1024b970f3b47bc8e9312fea73b977c26454
-size 7253926
diff --git a/buildkit-0.12.5.tar.zst b/buildkit-0.12.5.tar.zst
new file mode 100644
index 0000000..2fd0b1d
--- /dev/null
+++ b/buildkit-0.12.5.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:73670b7394a72320f7ac5c7dd1994ae089e00eec374ef6268d3fae4af124df77
+size 5898472
diff --git a/buildkit.changes b/buildkit.changes
index 5826d33..9714bd4 100644
--- a/buildkit.changes
+++ b/buildkit.changes
@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu Feb 01 16:36:18 UTC 2024 - dcermak@suse.com
+
+- Update to version 0.12.5:
+ * update runc to v1.1.12
+ * exec: add extra validation for submount sources (fixes CVE-2024-23651, bsc#1219267)
+ * oci: fix error handling on submount calls
+ * executor: recheck mount stub path within root after container run (fixes CVE-2024-23652, bsc#1219268)
+ * llbsolver: make sure interactive container API validates entitlements
+ * gateway: pass executor with build and not access worker directly
+ * pb: add extra validation to protobuf types
+ * sourcepolicy: add validations for nil values
+ * exporter: add validation for platforms key value
+ * exporter: add validation for invalid platorm
+ * exporter: validate null config metadata from gateway
+ * ci: disable push if not upstream repo
+ * hack: use git context only for upstream repo
+ * hack/test: allow ALPINE_VERSION to be set from env
+ * hack: align syntax
+ * vendor: github.com/cyphar/filepath-securejoin v0.2.4
+ * tracing: allow the `Resource` to be set externally
+
-------------------------------------------------------------------
Mon Dec 04 13:14:41 UTC 2023 - fredrik.lonnegren@suse.com
diff --git a/buildkit.spec b/buildkit.spec
index cba43a3..2aa4f2a 100644
--- a/buildkit.spec
+++ b/buildkit.spec
@@ -23,7 +23,7 @@
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
%global import_path %{provider_prefix}
Name: buildkit
-Version: 0.12.4
+Version: 0.12.5
Release: 0
Summary: Toolkit for converting source code to build artifacts
License: Apache-2.0
diff --git a/vendor.tar.zst b/vendor.tar.zst
index d137baf..99ebe6c 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:ddf4316814f4e75a841641fd89b48f7ca682a6a5dfba973682b6a0bc1657dbbc
-size 6469603
+oid sha256:f2c3aa0ee8516335a75e8042464dc983e0675072af688aa67fba4dbc7a011402
+size 4533584