v1.2.11 · 标签 · oss-mirrors / Containerd

v1.2.11
f772c10a · Merge pull request #3811 from thaJeztah/release_1.2.11 · 11月 26, 2019
containerd 1.2.11

Welcome to the v1.2.11 release of containerd!

The eleventh patch release for `containerd` 1.2 includes an updated runc with
an additional fix for CVE-2019-16884 and a Golang update.

### Notable Updates

* Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for [CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884).
    - More details on the runc CVE in [opencontainers/runc#2128](https://github.com/opencontainers/runc/issues/2128), and the additional mitigations in [opencontainers/runc#2130](https://github.com/opencontainers/runc/pull/2130).
* Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in [containerd/containerd#3671](https://github.com/containerd/containerd/issues/3671), and fixed by [containerd/containerd#3746](https://github.com/containerd/containerd/pull/3746).
* Update Golang runtime to 1.12.13, which includes security fixes to the `crypto/dsa` package made in Go 1.12.11 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596)), and fixes to the go command, `runtime`, `syscall` and `net` packages (Go 1.12.12).

* CRI fixes:
    - Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in [containerd/cri#1309](https://github.com/containerd/cri/issues/1309), and fixed by [containerd/containerd#3732](https://github.com/containerd/containerd/pull/3732) and [containerd/containerd#3739](https://github.com/containerd/containerd/pull/3739).

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Sebastiaan van Stijn
* Michael Crosby
* Derek McGowan
* Lantao Liu
* Wei Fu
* Maksym Pavlenko
* Mike Brown
* Phil Estes

### Changes

* [`f772c10a58`](https://github.com/containerd/containerd/commit/f772c10a585ced6be8f86e8c58c2b998412dd963) Merge pull request  [#3811](https://github.com/containerd/containerd/pull/3811) from thaJeztah/release_1.2.11
* [`1b4aebd681`](https://github.com/containerd/containerd/commit/1b4aebd681eee0d84d1aa279da954c5bdad9d5b6) Prepare v1.2.11 release
* [`db4537e43d`](https://github.com/containerd/containerd/commit/db4537e43de82f7413c14504195d736c11dd93d4) Merge pull request  [#3821](https://github.com/containerd/containerd/pull/3821) from fuweid/cherry-pick-3819-1.2
* [`128664b677`](https://github.com/containerd/containerd/commit/128664b6779adb08c7a2a115fe1466264756b1d7) snapshots: return error if readSnapshot fails
* [`a287c087b6`](https://github.com/containerd/containerd/commit/a287c087b61412e106390e71bed2c79436fde579) Merge pull request  [#3809](https://github.com/containerd/containerd/pull/3809) from thaJeztah/1.2_backport_bump_golang_1.12.13
* [`342c953a53`](https://github.com/containerd/containerd/commit/342c953a532f8e95ae27c87267e5c89085cc1d91) Update to Golang 1.12.13
* [`6b94990c11`](https://github.com/containerd/containerd/commit/6b94990c113277be8bfb699872207f07ac1a2526) Revert "[release/1.2] pin travis to go 1.12.12"
* [`c2383a5f2c`](https://github.com/containerd/containerd/commit/c2383a5f2c046b1a262209f981420ffd5fa4b354) Merge pull request  [#3768](https://github.com/containerd/containerd/pull/3768) from thaJeztah/1.2_backport_bump_golang_1.12.x
* [`d1960b4129`](https://github.com/containerd/containerd/commit/d1960b4129c12cfa525977b26160a2f63e53941f) Merge pull request  [#3771](https://github.com/containerd/containerd/pull/3771) from estesp/update-vndr
* [`0b9135f1dc`](https://github.com/containerd/containerd/commit/0b9135f1dcd16826936f00c6ad92b7029154aa3c) Catch up vndr with state of vendor/ dir
* [`435e05fd0d`](https://github.com/containerd/containerd/commit/435e05fd0d3e367c330868fa70d2b054c6273204) [release/1.2] pin travis to go 1.12.12
* [`e319caedc4`](https://github.com/containerd/containerd/commit/e319caedc4f32d6eb91352c52e008f6c934fb2cc) Update Golang 1.12.12 (CVE-2019-17596)
* [`b0d7ef6110`](https://github.com/containerd/containerd/commit/b0d7ef6110931ae7a2238b6984a098fc97b2e5f6) Merge pull request  [#3746](https://github.com/containerd/containerd/pull/3746) from crosbymichael/localfs2
* [`c471c95bc5`](https://github.com/containerd/containerd/commit/c471c95bc552f55ebef54cd3cb3e31a3d0951514) Add local-fs.target to service file
* [`c3532a35cc`](https://github.com/containerd/containerd/commit/c3532a35ccca10cd21d1f0c3c5499474d3d8250d) Merge pull request  [#3739](https://github.com/containerd/containerd/pull/3739) from estesp/cp-1.2-3736
* [`847f74c284`](https://github.com/containerd/containerd/commit/847f74c284008247ae0d028c20910a0abcd90593) Fix delete error code on the containerd daemon side.
* [`445638104e`](https://github.com/containerd/containerd/commit/445638104e99e0129f43d9fe7a443e30b0965448) Merge pull request  [#3732](https://github.com/containerd/containerd/pull/3732) from Random-Liu/cherrypick-#3730-release-1.2
* [`611766aff3`](https://github.com/containerd/containerd/commit/611766aff3da9b79ae3d18c2a8633bb1e374e76f) Fix shim delete error code.
* [`816dfe3960`](https://github.com/containerd/containerd/commit/816dfe3960a99a9469f1bb69733f7d994d6826f5) Merge pull request  [#3723](https://github.com/containerd/containerd/pull/3723) from thaJeztah/1.2_backport_bump_runc_1.0.0-rc9
* [`639be35858`](https://github.com/containerd/containerd/commit/639be3585829465244e00741a2f4d6b9b1bc7d8c) bump runc v1.0.0-rc9
* [`b30190905f`](https://github.com/containerd/containerd/commit/b30190905fe9ce83b95b8648812174101abd91ab) Bump runc to 1b8a1eeec3f337ab5d94f28980
* [`8fb208fb14`](https://github.com/containerd/containerd/commit/8fb208fb14742813cfa0e431732ef5fdf0c97d0c) Revert "Revert "bump libseccomp-golang v0.9.1""
* [`deca8e0e31`](https://github.com/containerd/containerd/commit/deca8e0e31020515db580e932a5595fe275b7ba0) Merge pull request  [#3700](https://github.com/containerd/containerd/pull/3700) from Random-Liu/automate-cri-tarball-release
* [`889f5f8036`](https://github.com/containerd/containerd/commit/889f5f803699d078b3cda03054211bfbff41efa6) Automate CRI tarball release.

### Changes from containerd/cri

* [`bab7348f`](https://github.com/containerd/cri/commit/bab7348fcfcc795e0dda2cc02e8cac6316c85edc) Merge pull request  [#1304](https://github.com/containerd/cri/pull/1304) from Random-Liu/cherrypick-#1266-release-1.2
* [`ec7287ac`](https://github.com/containerd/cri/commit/ec7287ac136efe04caa41b8eb192715e813283a1) Support local containerd release.

### Dependency Changes

Previous release can be found at [v1.2.10](https://github.com/containerd/containerd/releases/tag/v1.2.10)

* **github.com/containerd/cri**             40affe7c7402d41618b9791a8cf105ac74ce56d0 -> bab7348fcfcc795e0dda2cc02e8cac6316c85edc
* **github.com/opencontainers/runc**        3e425f80a8c931f88e6d94a8c831b9d5aa481657 -> d736ef14f0288d6993a1845745d6756cfc9ddd5a
* **github.com/seccomp/libseccomp-golang**  32f571b70023028bd57d9288c20efbcb237f3ce0 -> v0.9.1