containerd 1.2.9
Welcome to the v1.2.9 release of containerd!
The ninth patch release for containerd
1.2 provides a handful of bug fixes and an
update to the gRPC vendored codebase to include 3 CVE fixes provided in the upstream
v1.23.0 release of gRPC. Note that updating gRPC to the current release required small
changes to our core containerd codebase to match the upstream changes since gRPC v1.12.0.
These changes have been backported from containerd's master branch, as well as a
similar small change in ttrpc, requiring that package's vendoring to be updated.
In addition to the gRPC update to include CVE fixes, fixes were made to correct a
container's default Unix environment (introduced in 1.2.8), a small list of CRI plugin
fixes, as well as fixes for registry interactions where Docker-Content-Digest
is not
returned (e.g. GitHub Package Registry), and a tar archive modification time bug found
by the buildkit maintainers. A fix to the zfs snapshotter was also included via a
re-vendoring of containerd's zfs import. More notes on these fixes are found below.
Notable Updates
-
Cherry-pick update to gRPC 1.23.0. PR #3586 {cherry-picked from changes in master PRs #3192 and #3581}.
- Fixes grpc/grpc-go#2970 transport: block reading frames when too many transport control frames are queued.
- Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).
- Other changes can be found in the gRPC release notes.
-
CRI fixes:
- Fix a bug that the default apparmor profile is mistakenly applied to privileged containers with runtime/default specified. containerd/cri#1239
- Fix a bug that image can't be pulled if an empty AuthConfig is specified. containerd/cri#1249
-
Bug fix: Compute manifest data when not provided (Docker-Content-Digest header missing). PR #3591 {cherry-picked from master PR #3245 with backports of #2871 and #3335 required}.
-
Bug fix: Use default UNIX env when image has no environment. PR #3601 {cherry-picked from master branch PR #3599}.
-
Bug fix: archive: truncate modification time. PR #3602 {cherry-picked from master branch PR #3589}.
-
Bug fix: zfs: Datasets don't seem to be cleaned up properly on image removal. Reported in containerd/zfs#22 and fixed by PR containerd/zfs#24 and re-vendored into containerd
release/1.2
via PR #3596.
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Michael Crosby
- Phil Estes
- Derek McGowan
- Wei Fu
- Akihiro Suda
- Lantao Liu
- Sebastiaan van Stijn
- Maksym Pavlenko
- Akihiro Suda
- Charles Kenney
- Eric Lin
- Kevin Parsons
- Mark Gordon
- Nishchay
- Nishchay Kumar
- Tõnis Tiigi
Changes
d50db0a420
Merge pull request #3587 from estesp/prep-v1.2.9b3a8460684
Update mailmap1530fcac13
Merge pull request #3608 from awesomenix/release/1.2413609294d
Prepare v1.2.9 release6ef0529f1f
Merge pull request #3591 from thaJeztah/1.2_backport_compute_manifest_metadataad5af8a4e3
Merge pull request #3586 from estesp/cp-3581322c57a10f
Merge pull request #3602 from estesp/cp-3589b1e40b64f8
[release/1.2] Update cri to ad5dcc6cba067488d017540d06ebc08b21bb82bcef264a7411
Merge pull request #3601 from estesp/cp-359914ff021bd6
archive: truncate modification time86ea2b7266
Use default UNIX env when image has no environment783f67d5ac
Merge pull request #3596 from AkihiroSuda/zfs-20190829-1299c2e56e30
bump containerd/zfs 2ceb2dbb8154202ed1b8fd32e4ea25b491d7b2510d6d883a6d
Compute manifest metadata when not provided.e6275a02bf
Add user agent header to all requests4bffd8855e
Explicitly stating utf-8 when fetching oauth token09c68d083f
Add custom headers option to dockerResolver5c284a771b
Revert "Add user agent header to all requests"08325686b9
Update gRPC to v1.23.05fbd02f81b
Update ttrpc to 92c8520ef9f86600c650dd540266a00
Changes from containerd/cri
ad5dcc6c
Merge pull request #1254 from awesomenix/release/1.2ce727bab
fix: support empty auth config for anonymous registry0ee59257
Merge pull request #1241 from Random-Liu/cherrypick-#1240-release-1.2f5a171f4
Fix apparmor for privileged.
Changes from containerd/ttrpc
92c8520
Merge pull request #49 from crosbymichael/status0e0f228
Handle ok status9abb3e2
Merge pull request #48 from crosbymichael/travis8c74fe8
Update to go 1.12x on travis1ab4dfb
Merge pull request #46 from thaJeztah/adjust_for_grpc_1.2317f4d32
Client.Call(): do not return error if no Status is set (gRPC v1.23 and up)f969a7f
Merge pull request #44 from kevpar/method-full-name271238a
Fix method full name generation1fb3814
Merge pull request #42 from crosbymichael/client5829a06
Merge pull request #43 from crosbymichael/metadata694de9d
metadata as KeyValue type3afb82b
Fix error handling with server shutdownf3eb35b
Refactor close handling for ttrpc clientsd134fe7
Merge pull request #41 from crosbymichael/interceptorsde8faac
Add godocs for interceptorse409d7d
Add example binary for testing the example service819653f
Add client and server unary interceptorsa5bd8ce
Merge pull request #40 from mxpv/headers04523b9
Rename headers to metadata5926a92
Support headers
Changes from containerd/zfs
2ceb2db
Merge pull request #24 from AkihiroSuda/fix-remove-committed5b87656
Merge pull request #23 from AkihiroSuda/update-travis1b4b223
update .travis.yml6fde16e
fix removing Committed31af176
Merge pull request #21 from estesp/add-project-repo-checks2f23511
Add common project content/checks to zfsc6182c4
Add license headers to files9f6ef3b
Merge pull request #20 from containerd/skipd78b0d0
Return skip error on unsupported fs39692b4
Merge pull request #19 from AkihiroSuda/update-containerd154f951
update containerd
Dependency Changes
Previous release can be found at v1.2.8
- github.com/containerd/cri d928a4dd337fd2a992dbe72380eff2063c3ec62f -> ad5dcc6cba067488d017540d06ebc08b21bb82bc
- github.com/containerd/ttrpc f82148331ad2181edea8f3f649a1f7add6c3f9c2 -> 92c8520ef9f86600c650dd540266a007bf03670f
- github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec -> 2ceb2dbb8154202ed1b8fd32e4ea25b491d7b251
- github.com/google/uuid v1.1.1 new
- github.com/mistifyio/go-zfs 166add352731e515512690329794ee593f1aaff2 -> f784269be439d704d3dfa1906f45dd848fed2beb
- google.golang.org/grpc v1.12.0 -> 6eaf6f47437a6b4e2153a190160ef39a92c7eceb