[release/1.2] Prepare v1.2.11 release

[thaJeztah]

• Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for
  CVE-2019-16884.

  • More details on the runc CVE in opencontainers/runc#2128, and the additional mitigations in opencontainers/runc#2130.

• Add local-fs.target to service file to fix corrupt image after unexpected host reboot.
  Reported in containerd/containerd#3671,
  and fixed by containerd/containerd#3746.

• Update Golang runtime to 1.12.13, which includes security fixes to the crypto/dsa
  package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12).

• CRI fixes:

  • Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in containerd/cri#1309, and fixed by containerd/containerd#3732 and containerd/containerd#3739.

[thaJeztah]

Generated notes;

containerd 1.2.11

Welcome to the v1.2.11 release of containerd!

The eleventh patch release for containerd 1.2 includes updated vendors/build runtimes that fix reported CVEs in runc and the Golang 1.12 runtime respectively.

Notable Updates

• Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for CVE-2019-16884.

  • More details on the runc CVE in opencontainers/runc#2128, and the additional mitigations in opencontainers/runc#2130.

• Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in containerd/containerd#3671, and fixed by containerd/containerd#3746.

• Update Golang runtime to 1.12.13, which includes security fixes to the crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12).

• CRI fixes:

  • Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in containerd/cri#1309, and fixed by containerd/containerd#3732 and containerd/containerd#3739.

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Lantao Liu
• Michael Crosby
• Derek McGowan
• Wei Fu
• Mike Brown
• Phil Estes

Changes

• 7b9f27e3 Prepare v1.2.11 release
• c2383a5f Merge pull request #3768 from thaJeztah/1.2_backport_bump_golang_1.12.x
• d1960b41 Merge pull request #3771 from estesp/update-vndr
• 0b9135f1 Catch up vndr with state of vendor/ dir
• 435e05fd [release/1.2] pin travis to go 1.12.12
• e319caed Update Golang 1.12.12 (CVE-2019-17596)
• b0d7ef61 Merge pull request #3746 from crosbymichael/localfs2
• c471c95b Add local-fs.target to service file
• c3532a35 Merge pull request #3739 from estesp/cp-1.2-3736
• 847f74c2 Fix delete error code on the containerd daemon side.
• 44563810 Merge pull request #3732 from Random-Liu/cherrypick-#3730-release-1.2
• 611766af Fix shim delete error code.
• 816dfe39 Merge pull request #3723 from thaJeztah/1.2_backport_bump_runc_1.0.0-rc9
• 639be358 bump runc v1.0.0-rc9
• b3019090 Bump runc to 1b8a1eeec3f337ab5d94f28980
• 8fb208fb Revert "Revert "bump libseccomp-golang v0.9.1""
• deca8e0e Merge pull request #3700 from Random-Liu/automate-cri-tarball-release
• 889f5f80 Automate CRI tarball release.

Changes from containerd/cri

• bab7348f Merge pull request #1304 from Random-Liu/cherrypick-#1266-release-1.2
• ec7287ac Support local containerd release.

Dependency Changes

Previous release can be found at v1.2.10

• github.com/containerd/cri 40affe7c7402 -> bab7348fcfcc
• github.com/opencontainers/runc 3e425f80a8c9 -> d736ef14f028
• github.com/seccomp/libseccomp-golang 32f571b70023 -> v0.9.1

[thaJeztah]

hm, looks like GitHub Flavored markdown makes the line-wrapping a bit awkward; let me remove some newlines in the description

[codecov-io]

Codecov Report

Merging #3811 into release/1.2 will not change coverage.
The diff coverage is n/a.

@@             Coverage Diff              @@
##           release/1.2    #3811   +/-   ##
============================================
  Coverage        44.19%   44.19%           
============================================
  Files              100      100           
  Lines            10847    10847           
============================================
  Hits              4794     4794           
  Misses            5313     5313           
  Partials           740      740

Flag	Coverage Δ
#linux	47.87% <ø> (ø)	⬆️
#windows	41% <ø> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db4537e...1b4aebd. Read the comment docs.

[thaJeztah]

note that the Go 1.12.13 bump wasn't merged yet, but I anticipated it to be merged before a release is done 🤗

[fuweid]

one more ticket for #3821.

Thanks!

[dmcgowan]

I pushed an update, @thaJeztah can you review it looks good then we can get this released.

[thaJeztah]

@dmcgowan afaics, changes look good, but looking what change you made 😅

[crosbymichael]

LGTM