Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[20.10 backport] update containerd binary to v1.5.10 #43329

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Mar 4, 2022

(partial) cherry-pick of #43327 (windows dockerfile doesn't have containerd yet in the 20.10 branch)

Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for CVE-2022-23648
and other issues.

Notable Updates

  • Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
  • Return init pid when clean dead shim in runc.v1/v2 shims
  • Handle sigint/sigterm in shimv2
  • Use readonly mount to read user/group info

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

ndeloof
ndeloof approved these changes Mar 4, 2022
tianon
tianon approved these changes Mar 4, 2022
@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 4, 2022

ah... crap; merge conflict in master (in Dockerfile.windows), due to the golang change; I'll fix that one, and cherry-pick again to at least have the correct commit

@thaJeztah thaJeztah marked this pull request as draft Mar 4, 2022
Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648][1]
and other issues.

Notable Updates

- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims
- Handle sigint/sigterm in shimv2
- Use readonly mount to read user/group info

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
[2]: GHSA-crp2-qrr5-8pq7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2c8f0a0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the 20.10_backport_update_containerd_binary_1.5.10 branch from e7d75d0 to 180f3b9 Compare Mar 4, 2022
@thaJeztah thaJeztah marked this pull request as ready for review Mar 4, 2022
@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 4, 2022

alrighty; fixed that (temporarily moved back to 'draft' to make sure master gets merged first)

@thaJeztah thaJeztah marked this pull request as draft Mar 4, 2022
@thaJeztah thaJeztah marked this pull request as ready for review Mar 4, 2022
@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 4, 2022

master went green and is merged; merging this one as well

@thaJeztah thaJeztah merged commit c3dec60 into moby:20.10 Mar 4, 2022
2 checks passed
@thaJeztah thaJeztah deleted the 20.10_backport_update_containerd_binary_1.5.10 branch Mar 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants