-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 #9020
[release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 #9020
Conversation
a3cb04f
to
8b18bdf
Compare
To keep the vendor-validation happy: + verify-vendor go: downloading github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 go: downloading golang.org/x/sync v0.1.0 golang.org/x/sync has different values in the go.mod files require section: v0.0.0-20210220032951-036812b2e83c in root go.mod v0.1.0 in integration/client/go.mod Found 1 error(s). full diff: golang/sync@036812b...v0.1.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 4b9fd6b) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 8bf975b) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
"SA1019: tar.TypeRegA has been deprecated since Go 1.11 and an alternative has been available since Go 1.1: Use TypeReg instead. (staticcheck)" Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 9b510e9) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit a9ac5f9) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
From golangci-lint: > SA1019: rand.Read has been deprecated since Go 1.20 because it >shouldn't be used: For almost all use cases, crypto/rand.Read is more >appropriate. (staticcheck) > SA1019: rand.Seed has been deprecated since Go 1.20 and an alternative >has been available since Go 1.0: Programs that call Seed and then expect >a specific sequence of results from the global random source (using >functions such as Int) can be broken when a dependency changes how >much it consumes from the global random source. To avoid such breakages, >programs that need a specific result sequence should use >NewRand(NewSource(seed)) to obtain a random generator that other >packages cannot access. (staticcheck) See also: - https://pkg.go.dev/math/rand@go1.20#Read - https://pkg.go.dev/math/rand@go1.20#Seed Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit d8b68e3) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit 281f89a) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
> go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, > as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and > the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. > See the Go 1.20.2 milestone on our issue tracker for details. https://go.dev/doc/devel/release#go1.20.minor Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> (cherry picked from commit f2bb9c9) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.3 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. See the Go 1.20.3 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved full diff: golang/go@go1.20.2...go1.20.3 go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the linker, the runtime, and the time package. See the Go 1.19.8 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved full diff: golang/go@go1.19.7...go1.19.8 Further details from the announcement on the mailing list: We have just released Go versions 1.20.3 and 1.19.8, minor point releases. These minor releases include 4 security fixes following the security policy: - go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains `//line` directives with very large line numbers can cause an infinite loop due to integer overflow. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. This is CVE-2023-24537 and Go issue https://go.dev/issue/59180. - html/template: backticks not treated as string delimiters Templates did not properly consider backticks (`) as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a Go template action within a Javascript template literal, the contents of the action could be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, we've decided to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. Template.Parse will now return an Error when it encounters templates like this, with a currently unexported ErrorCode with a value of 12. This ErrorCode will be exported in the next major release. Users who rely on this behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Thanks to Sohom Datta, Manipal Institute of Technology, for reporting this issue. This is CVE-2023-24538 and Go issue https://go.dev/issue/59234. - net/http, net/textproto: denial of service from excessive memory allocation HTTP and MIME header parsing could allocate large amounts of memory, even when parsing small inputs. Certain unusual patterns of input data could cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. Header parsing now correctly allocates only the memory required to hold parsed headers. Thanks to Jakob Ackermann (@das7pad) for discovering this issue. This is CVE-2023-24534 and Go issue https://go.dev/issue/58975. - net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm could undercount the amount of memory consumed, leading it to accept larger inputs than intended. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. ReadForm could allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, mime/multipart.Reader now imposes the following limits on the size of parsed forms: Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. Thanks to Jakob Ackermann for discovering this issue. This is CVE-2023-24536 and Go issue https://go.dev/issue/59153. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 0fb2d91) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.4 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle, crypto/tls, net/http, and syscall packages. See the Go 1.20.4 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved release notes: https://go.dev/doc/devel/release#go1.20.4 full diff: golang/go@go1.20.3...go1.20.4 from the announcement: > These minor releases include 3 security fixes following the security policy: > > - html/template: improper sanitization of CSS values > > Angle brackets (`<>`) were not considered dangerous characters when inserted > into CSS contexts. Templates containing multiple actions separated by a '/' > character could result in unexpectedly closing the CSS context and allowing > for injection of unexpected HMTL, if executed with untrusted input. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-24539 and Go issue https://go.dev/issue/59720. > > - html/template: improper handling of JavaScript whitespace > > Not all valid JavaScript whitespace characters were considered to be > whitespace. Templates containing whitespace characters outside of the character > set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain > actions may not be properly sanitized during execution. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-24540 and Go issue https://go.dev/issue/59721. > > - html/template: improper handling of empty HTML attributes > > Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") > executed with empty input could result in output that would have unexpected > results when parsed due to HTML normalization rules. This may allow injection > of arbitrary attributes into tags. > > Thanks to Juho Nurminen of Mattermost for reporting this issue. > > This is CVE-2023-29400 and Go issue https://go.dev/issue/59722. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b947a6f) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and runtime packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved full diff: golang/go@go1.20.4...go1.20.5 These minor releases include 3 security fixes following the security policy: - cmd/go: cgo code injection The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). Thanks to Juho Nurminen of Mattermost for reporting this issue. This is CVE-2023-29402 and Go issue https://go.dev/issue/60167. - runtime: unexpected behavior of setuid/setgid binaries The Go runtime didn't act any differently when a binary had the setuid/setgid bit set. On Unix platforms, if a setuid/setgid binary was executed with standard I/O file descriptors closed, opening any files could result in unexpected content being read/written with elevated prilieges. Similarly if a setuid/setgid program was terminated, either via panic or signal, it could leak the contents of its registers. Thanks to Vincent Dehors from Synacktiv for reporting this issue. This is CVE-2023-29403 and Go issue https://go.dev/issue/60272. - cmd/go: improper sanitization of LDFLAGS The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Thanks to Juho Nurminen of Mattermost for reporting this issue. This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit e9f63f6) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. See the Go 1.20.6 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved Full diff: golang/go@go1.20.5...go1.20.6 These minor releases include 1 security fixes following the security policy: - net/http: insufficient sanitization of Host header The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Thanks to Bartek Nowotarski for reporting this issue. Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374 Signed-off-by: Danny Canter <danny@dcantah.dev> (cherry picked from commit 52ef346) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes a fix for CVE-2023-29409 go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. See the Go 1.20.7 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved - full diff: golang/go@go1.20.6...go1.20.7 go1.19.12 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. See the Go 1.19.12 milestone on our issue tracker for details. - https://github.com/golang/go/issues?q=milestone%3AGo1.19.12+label%3ACherryPickApproved - full diff: golang/go@go1.19.11...go1.19.12 From the mailing list announcement: [security] Go 1.20.7 and Go 1.19.12 are released Hello gophers, We have just released Go versions 1.20.7 and 1.19.12, minor point releases. These minor releases include 1 security fixes following the security policy: - crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. View the release notes for more information: https://go.dev/doc/devel/release#go1.20.7 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 157dff2) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
8b18bdf
to
8e6a9de
Compare
Also updating golang.org/x/sync to keep CI happy;
full diff: golang/sync@036812b...v0.1.0 |
FWIW, I want to look at that CI check that failed, as I think it may be wrong; it looks like it's invalidating because indirect dependencies aren't at the same version, but that's a legit situation (because the list if direct dependencies is different for this module). Not a huge issue in this case, but we want to prevent this test-module from affecting the main module (which is why it was created in the first place) |
containerd 1.6.24 Welcome to the v1.6.24 release of containerd! The twenty-fourth patch release for containerd 1.6 contains various fixes and updates. * **CRI: fix leaked shim caused by high IO pressure** ([containerd#9004](containerd#9004)) * **Update to go1.20.8** ([containerd#9073](containerd#9073)) * **Update runc to v1.1.9** ([containerd#8966](containerd#8966)) * **Backport: add configurable mount options to overlay snapshotter** ([containerd#8961](containerd#8961)) * **log: cleanups and improvements to decouple more from logrus** ([containerd#9002](containerd#9002)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Sebastiaan van Stijn * Akihiro Suda * Wei Fu * Derek McGowan * Akhil Mohan * Cardy.Tang * Danny Canter * Kazuyoshi Kato * Mike Brown * Phil Estes * Samuel Karp <details><summary>45 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.24 ([containerd#9087](containerd#9087)) * [`cdd59290d`](containerd@cdd5929) Prepare release notes for v1.6.24 * [release/1.6 backport] log: cleanups and improvements to decouple more from logrus ([containerd#9002](containerd#9002)) * [`33c2d88e7`](containerd@33c2d88) Revert "log: define G() as a function instead of a variable" * [`0a7f2975e`](containerd@0a7f297) log: swap logrus functions with their equivalent on default logger * [`9d175a19b`](containerd@9d175a1) log: add package documentation and summary of package's purpose * [`96fb65529`](containerd@96fb655) log: make Fields type a generic map[string]any * [`bace17e2e`](containerd@bace17e) log: add log.Entry type * [`dd127885f`](containerd@dd12788) log: define OutputFormat type * [`5b4cf2329`](containerd@5b4cf23) log: define G() as a function instead of a variable * [`ee1b4a1e2`](containerd@ee1b4a1) log: add all log-levels that are accepted * [`d563a411f`](containerd@d563a41) log: group "enum" consts and touch-up docs * [`6e8f4555b`](containerd@6e8f455) log: WithLogger: remove redundant intermediate var * [`c19325559`](containerd@c193255) log: SetFormat: include returns in switch * [`c3c22f8cb`](containerd@c3c22f8) log: remove gotest.tools dependency * [release/1.6] update to go1.20.8 ([containerd#9073](containerd#9073)) * [`a2c294800`](containerd@a2c2948) [release/1.6] update to go1.20.8 * [release/1.6 backport] make repositories of install dependencies configurable ([containerd#9024](containerd#9024)) * [`0da8dcaa7`](containerd@0da8dca) make repositories of install dependencies configurable * [release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 ([containerd#9020](containerd#9020)) * [`8e6a9de5b`](containerd@8e6a9de) update to go1.20.7, go1.19.12 * [`8b2eb371f`](containerd@8b2eb37) Update Go to 1.20.6,1.19.11 * [`cff669c7a`](containerd@cff669c) update go to go1.20.5, go1.19.10 * [`f34a22de9`](containerd@f34a22d) update go to go1.20.4, go1.19.9 * [`e8e73065e`](containerd@e8e7306) update go to go1.20.3, go1.19.8 * [`9b3f950d6`](containerd@9b3f950) Go 1.20.2 * [`17d03ac68`](containerd@17d03ac) Go 1.20.1 * [`861f65447`](containerd@861f654) go.mod: go 1.19 * [`81fa93784`](containerd@81fa937) Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20) * [`70dc11a6c`](containerd@70dc11a) lint: remove `//nolint:dupword` that are no longer needed * [`fec784a06`](containerd@fec784a) lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)" * [`6648df1ad`](containerd@6648df1) lint: silence "type `HostFileConfig` is unused (unused)" * [`e6b268bc7`](containerd@e6b268b) golangci-lint v1.51.1 * [`c552ccf67`](containerd@c552ccf) go.mod: golang.org/x/sync v0.1.0 * [releases/1.6] *: fix leaked shim caused by high IO pressure ([containerd#9004](containerd#9004)) * [`d00af5c3e`](containerd@d00af5c) integration: issue7496 case should work for runc.v2 only * [`583696e4e`](containerd@583696e) Vagrantfile: add strace tool * [`ab21d60d2`](containerd@ab21d60) pkg/cri/server: add criService as argument when handle exit event * [`a229883cb`](containerd@a229883) pkg/cri/server: fix leaked shim issue * [`d8f824200`](containerd@d8f8242) integration: add case to reproduce containerd#7496 * [release/1.6] Cherry-pick: [overlay] add configurable mount options to overlay snapshotter ([containerd#8961](containerd#8961)) * [`8cd40e1d0`](containerd@8cd40e1) Add configurable mount options to overlay * [`453fa397a`](containerd@453fa39) feat: make overlay sync removal configurable * [release/1.6 backport] update runc binary to v1.1.9 ([containerd#8966](containerd#8966)) * [`4cb7764df`](containerd@4cb7764) update runc binary to v1.1.9 </p> </details> * **golang.org/x/sync** 036812b2e83c -> v0.1.0 Previous release can be found at [v1.6.23](https://github.com/containerd/containerd/releases/tag/v1.6.23)
containerd 1.6.24 Welcome to the v1.6.24 release of containerd! The twenty-fourth patch release for containerd 1.6 contains various fixes and updates. * **CRI: fix leaked shim caused by high IO pressure** ([containerd#9004](containerd#9004)) * **Update to go1.20.8** ([containerd#9073](containerd#9073)) * **Update runc to v1.1.9** ([containerd#8966](containerd#8966)) * **Backport: add configurable mount options to overlay snapshotter** ([containerd#8961](containerd#8961)) * **log: cleanups and improvements to decouple more from logrus** ([containerd#9002](containerd#9002)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Sebastiaan van Stijn * Akihiro Suda * Wei Fu * Derek McGowan * Akhil Mohan * Cardy.Tang * Danny Canter * Kazuyoshi Kato * Mike Brown * Phil Estes * Samuel Karp <details><summary>45 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.24 ([containerd#9087](containerd#9087)) * [`cdd59290d`](containerd@cdd5929) Prepare release notes for v1.6.24 * [release/1.6 backport] log: cleanups and improvements to decouple more from logrus ([containerd#9002](containerd#9002)) * [`33c2d88e7`](containerd@33c2d88) Revert "log: define G() as a function instead of a variable" * [`0a7f2975e`](containerd@0a7f297) log: swap logrus functions with their equivalent on default logger * [`9d175a19b`](containerd@9d175a1) log: add package documentation and summary of package's purpose * [`96fb65529`](containerd@96fb655) log: make Fields type a generic map[string]any * [`bace17e2e`](containerd@bace17e) log: add log.Entry type * [`dd127885f`](containerd@dd12788) log: define OutputFormat type * [`5b4cf2329`](containerd@5b4cf23) log: define G() as a function instead of a variable * [`ee1b4a1e2`](containerd@ee1b4a1) log: add all log-levels that are accepted * [`d563a411f`](containerd@d563a41) log: group "enum" consts and touch-up docs * [`6e8f4555b`](containerd@6e8f455) log: WithLogger: remove redundant intermediate var * [`c19325559`](containerd@c193255) log: SetFormat: include returns in switch * [`c3c22f8cb`](containerd@c3c22f8) log: remove gotest.tools dependency * [release/1.6] update to go1.20.8 ([containerd#9073](containerd#9073)) * [`a2c294800`](containerd@a2c2948) [release/1.6] update to go1.20.8 * [release/1.6 backport] make repositories of install dependencies configurable ([containerd#9024](containerd#9024)) * [`0da8dcaa7`](containerd@0da8dca) make repositories of install dependencies configurable * [release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 ([containerd#9020](containerd#9020)) * [`8e6a9de5b`](containerd@8e6a9de) update to go1.20.7, go1.19.12 * [`8b2eb371f`](containerd@8b2eb37) Update Go to 1.20.6,1.19.11 * [`cff669c7a`](containerd@cff669c) update go to go1.20.5, go1.19.10 * [`f34a22de9`](containerd@f34a22d) update go to go1.20.4, go1.19.9 * [`e8e73065e`](containerd@e8e7306) update go to go1.20.3, go1.19.8 * [`9b3f950d6`](containerd@9b3f950) Go 1.20.2 * [`17d03ac68`](containerd@17d03ac) Go 1.20.1 * [`861f65447`](containerd@861f654) go.mod: go 1.19 * [`81fa93784`](containerd@81fa937) Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20) * [`70dc11a6c`](containerd@70dc11a) lint: remove `//nolint:dupword` that are no longer needed * [`fec784a06`](containerd@fec784a) lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)" * [`6648df1ad`](containerd@6648df1) lint: silence "type `HostFileConfig` is unused (unused)" * [`e6b268bc7`](containerd@e6b268b) golangci-lint v1.51.1 * [`c552ccf67`](containerd@c552ccf) go.mod: golang.org/x/sync v0.1.0 * [releases/1.6] *: fix leaked shim caused by high IO pressure ([containerd#9004](containerd#9004)) * [`d00af5c3e`](containerd@d00af5c) integration: issue7496 case should work for runc.v2 only * [`583696e4e`](containerd@583696e) Vagrantfile: add strace tool * [`ab21d60d2`](containerd@ab21d60) pkg/cri/server: add criService as argument when handle exit event * [`a229883cb`](containerd@a229883) pkg/cri/server: fix leaked shim issue * [`d8f824200`](containerd@d8f8242) integration: add case to reproduce containerd#7496 * [release/1.6] Cherry-pick: [overlay] add configurable mount options to overlay snapshotter ([containerd#8961](containerd#8961)) * [`8cd40e1d0`](containerd@8cd40e1) Add configurable mount options to overlay * [`453fa397a`](containerd@453fa39) feat: make overlay sync removal configurable * [release/1.6 backport] update runc binary to v1.1.9 ([containerd#8966](containerd#8966)) * [`4cb7764df`](containerd@4cb7764) update runc binary to v1.1.9 </p> </details> * **golang.org/x/sync** 036812b2e83c -> v0.1.0 Previous release can be found at [v1.6.23](https://github.com/containerd/containerd/releases/tag/v1.6.23)
containerd 1.6.24 Welcome to the v1.6.24 release of containerd! The twenty-fourth patch release for containerd 1.6 contains various fixes and updates. * **CRI: fix leaked shim caused by high IO pressure** ([containerd#9004](containerd#9004)) * **Update to go1.20.8** ([containerd#9073](containerd#9073)) * **Update runc to v1.1.9** ([containerd#8966](containerd#8966)) * **Backport: add configurable mount options to overlay snapshotter** ([containerd#8961](containerd#8961)) * **log: cleanups and improvements to decouple more from logrus** ([containerd#9002](containerd#9002)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Sebastiaan van Stijn * Akihiro Suda * Wei Fu * Derek McGowan * Akhil Mohan * Cardy.Tang * Danny Canter * Kazuyoshi Kato * Mike Brown * Phil Estes * Samuel Karp <details><summary>45 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.24 ([containerd#9087](containerd#9087)) * [`cdd59290d`](containerd@cdd5929) Prepare release notes for v1.6.24 * [release/1.6 backport] log: cleanups and improvements to decouple more from logrus ([containerd#9002](containerd#9002)) * [`33c2d88e7`](containerd@33c2d88) Revert "log: define G() as a function instead of a variable" * [`0a7f2975e`](containerd@0a7f297) log: swap logrus functions with their equivalent on default logger * [`9d175a19b`](containerd@9d175a1) log: add package documentation and summary of package's purpose * [`96fb65529`](containerd@96fb655) log: make Fields type a generic map[string]any * [`bace17e2e`](containerd@bace17e) log: add log.Entry type * [`dd127885f`](containerd@dd12788) log: define OutputFormat type * [`5b4cf2329`](containerd@5b4cf23) log: define G() as a function instead of a variable * [`ee1b4a1e2`](containerd@ee1b4a1) log: add all log-levels that are accepted * [`d563a411f`](containerd@d563a41) log: group "enum" consts and touch-up docs * [`6e8f4555b`](containerd@6e8f455) log: WithLogger: remove redundant intermediate var * [`c19325559`](containerd@c193255) log: SetFormat: include returns in switch * [`c3c22f8cb`](containerd@c3c22f8) log: remove gotest.tools dependency * [release/1.6] update to go1.20.8 ([containerd#9073](containerd#9073)) * [`a2c294800`](containerd@a2c2948) [release/1.6] update to go1.20.8 * [release/1.6 backport] make repositories of install dependencies configurable ([containerd#9024](containerd#9024)) * [`0da8dcaa7`](containerd@0da8dca) make repositories of install dependencies configurable * [release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 ([containerd#9020](containerd#9020)) * [`8e6a9de5b`](containerd@8e6a9de) update to go1.20.7, go1.19.12 * [`8b2eb371f`](containerd@8b2eb37) Update Go to 1.20.6,1.19.11 * [`cff669c7a`](containerd@cff669c) update go to go1.20.5, go1.19.10 * [`f34a22de9`](containerd@f34a22d) update go to go1.20.4, go1.19.9 * [`e8e73065e`](containerd@e8e7306) update go to go1.20.3, go1.19.8 * [`9b3f950d6`](containerd@9b3f950) Go 1.20.2 * [`17d03ac68`](containerd@17d03ac) Go 1.20.1 * [`861f65447`](containerd@861f654) go.mod: go 1.19 * [`81fa93784`](containerd@81fa937) Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20) * [`70dc11a6c`](containerd@70dc11a) lint: remove `//nolint:dupword` that are no longer needed * [`fec784a06`](containerd@fec784a) lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)" * [`6648df1ad`](containerd@6648df1) lint: silence "type `HostFileConfig` is unused (unused)" * [`e6b268bc7`](containerd@e6b268b) golangci-lint v1.51.1 * [`c552ccf67`](containerd@c552ccf) go.mod: golang.org/x/sync v0.1.0 * [releases/1.6] *: fix leaked shim caused by high IO pressure ([containerd#9004](containerd#9004)) * [`d00af5c3e`](containerd@d00af5c) integration: issue7496 case should work for runc.v2 only * [`583696e4e`](containerd@583696e) Vagrantfile: add strace tool * [`ab21d60d2`](containerd@ab21d60) pkg/cri/server: add criService as argument when handle exit event * [`a229883cb`](containerd@a229883) pkg/cri/server: fix leaked shim issue * [`d8f824200`](containerd@d8f8242) integration: add case to reproduce containerd#7496 * [release/1.6] Cherry-pick: [overlay] add configurable mount options to overlay snapshotter ([containerd#8961](containerd#8961)) * [`8cd40e1d0`](containerd@8cd40e1) Add configurable mount options to overlay * [`453fa397a`](containerd@453fa39) feat: make overlay sync removal configurable * [release/1.6 backport] update runc binary to v1.1.9 ([containerd#8966](containerd#8966)) * [`4cb7764df`](containerd@4cb7764) update runc binary to v1.1.9 </p> </details> * **golang.org/x/sync** 036812b2e83c -> v0.1.0 Previous release can be found at [v1.6.23](https://github.com/containerd/containerd/releases/tag/v1.6.23)
Backports:
relates to: