From 6835d15f5523063f0a04a86d4810a637c6010d62 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 1 Oct 2021 10:22:34 +0200 Subject: [PATCH 1/2] [20.10] update containerd binary to v1.4.10 - Update runc to v1.0.2 - Update hcsshim to v0.8.21 - Support "clone3" in default seccomp profile - Fix panic in metadata content writer on copy error Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/containerd.installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer index 47fbf06d1d..ad774c2e17 100755 --- a/hack/dockerfile/install/containerd.installer +++ b/hack/dockerfile/install/containerd.installer @@ -4,7 +4,7 @@ set -e # containerd is also pinned in vendor.conf. When updating the binary # version you may also need to update the vendor version to pick up bug # fixes or new APIs. -: "${CONTAINERD_COMMIT:=e25210fe30a0a703442421b0f60afac609f950a3}" # v1.4.9 +: "${CONTAINERD_COMMIT:=8848fdb7c4ae3815afcc990a8a99d663dda1b590}" # v1.4.10 install_containerd() ( echo "Install containerd version $CONTAINERD_COMMIT" From 129a2000cf752e0afbe935d9e258f916becf8367 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 4 Oct 2021 21:15:47 +0200 Subject: [PATCH 2/2] [20.10] update containerd binary to v1.4.11 The eleventh patch release for containerd 1.4 is a security release to fix CVE-2021-41103. Notable Updates - Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/containerd.installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer index ad774c2e17..92547b6d9b 100755 --- a/hack/dockerfile/install/containerd.installer +++ b/hack/dockerfile/install/containerd.installer @@ -4,7 +4,7 @@ set -e # containerd is also pinned in vendor.conf. When updating the binary # version you may also need to update the vendor version to pick up bug # fixes or new APIs. -: "${CONTAINERD_COMMIT:=8848fdb7c4ae3815afcc990a8a99d663dda1b590}" # v1.4.10 +: "${CONTAINERD_COMMIT:=5b46e404f6b9f661a205e28d59c982d3634148f8}" # v1.4.11 install_containerd() ( echo "Install containerd version $CONTAINERD_COMMIT"