From cfcf25bb5409eb0c3a9c257b225f2b8890142030 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 28 Nov 2019 10:51:45 +0100 Subject: [PATCH] [19.03] Update containerd binary to v1.2.11 full diff: https://github.com/containerd/containerd/compare/v1.2.10...v1.2.11 The eleventh patch release for containerd 1.2 includes an updated runc with an additional fix for CVE-2019-16884 and a Golang update. Notable Updates ----------------------- - Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for CVE-2019-16884. More details on the runc CVE in opencontainers/runc#2128, and the additional mitigations in opencontainers/runc#2130. - Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in containerd/containerd#3671, and fixed by containerd/containerd#3746. - Update Golang runtime to 1.12.13, which includes security fixes to the crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12). CRI fixes: ----------------------- - Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in containerd/cri#1309, and fixed by containerd/containerd#3732 and containerd/containerd#3739. Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/containerd.installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer index 1c301d2dd4..9e81208677 100755 --- a/hack/dockerfile/install/containerd.installer +++ b/hack/dockerfile/install/containerd.installer @@ -4,7 +4,7 @@ # containerd is also pinned in vendor.conf. When updating the binary # version you may also need to update the vendor version to pick up bug # fixes or new APIs. -CONTAINERD_COMMIT=b34a5c8af56e510852c35414db4c1f4fa6172339 # v1.2.10 +CONTAINERD_COMMIT=f772c10a585ced6be8f86e8c58c2b998412dd963 # v1.2.11 install_containerd() { echo "Install containerd version $CONTAINERD_COMMIT"