containerd 1.2.11 Welcome to the v1.2.11 release of containerd! The eleventh patch release for `containerd` 1.2 includes an updated runc with an additional fix for CVE-2019-16884 and a Golang update. ### Notable Updates * Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for [CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884). - More details on the runc CVE in [opencontainers/runc#2128](https://github.com/opencontainers/runc/issues/2128), and the additional mitigations in [opencontainers/runc#2130](https://github.com/opencontainers/runc/pull/2130). * Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in [containerd/containerd#3671](https://github.com/containerd/containerd/issues/3671), and fixed by [containerd/containerd#3746](https://github.com/containerd/containerd/pull/3746). * Update Golang runtime to 1.12.13, which includes security fixes to the `crypto/dsa` package made in Go 1.12.11 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596)), and fixes to the go command, `runtime`, `syscall` and `net` packages (Go 1.12.12). * CRI fixes: - Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in [containerd/cri#1309](https://github.com/containerd/cri/issues/1309), and fixed by [containerd/containerd#3732](https://github.com/containerd/containerd/pull/3732) and [containerd/containerd#3739](https://github.com/containerd/containerd/pull/3739). Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Sebastiaan van Stijn * Michael Crosby * Derek McGowan * Lantao Liu * Wei Fu * Maksym Pavlenko * Mike Brown * Phil Estes ### Changes * [`f772c10a58`](https://github.com/containerd/containerd/commit/f772c10a585ced6be8f86e8c58c2b998412dd963) Merge pull request [#3811](https://github.com/containerd/containerd/pull/3811) from thaJeztah/release_1.2.11 * [`1b4aebd681`](https://github.com/containerd/containerd/commit/1b4aebd681eee0d84d1aa279da954c5bdad9d5b6) Prepare v1.2.11 release * [`db4537e43d`](https://github.com/containerd/containerd/commit/db4537e43de82f7413c14504195d736c11dd93d4) Merge pull request [#3821](https://github.com/containerd/containerd/pull/3821) from fuweid/cherry-pick-3819-1.2 * [`128664b677`](https://github.com/containerd/containerd/commit/128664b6779adb08c7a2a115fe1466264756b1d7) snapshots: return error if readSnapshot fails * [`a287c087b6`](https://github.com/containerd/containerd/commit/a287c087b61412e106390e71bed2c79436fde579) Merge pull request [#3809](https://github.com/containerd/containerd/pull/3809) from thaJeztah/1.2_backport_bump_golang_1.12.13 * [`342c953a53`](https://github.com/containerd/containerd/commit/342c953a532f8e95ae27c87267e5c89085cc1d91) Update to Golang 1.12.13 * [`6b94990c11`](https://github.com/containerd/containerd/commit/6b94990c113277be8bfb699872207f07ac1a2526) Revert "[release/1.2] pin travis to go 1.12.12" * [`c2383a5f2c`](https://github.com/containerd/containerd/commit/c2383a5f2c046b1a262209f981420ffd5fa4b354) Merge pull request [#3768](https://github.com/containerd/containerd/pull/3768) from thaJeztah/1.2_backport_bump_golang_1.12.x * [`d1960b4129`](https://github.com/containerd/containerd/commit/d1960b4129c12cfa525977b26160a2f63e53941f) Merge pull request [#3771](https://github.com/containerd/containerd/pull/3771) from estesp/update-vndr * [`0b9135f1dc`](https://github.com/containerd/containerd/commit/0b9135f1dcd16826936f00c6ad92b7029154aa3c) Catch up vndr with state of vendor/ dir * [`435e05fd0d`](https://github.com/containerd/containerd/commit/435e05fd0d3e367c330868fa70d2b054c6273204) [release/1.2] pin travis to go 1.12.12 * [`e319caedc4`](https://github.com/containerd/containerd/commit/e319caedc4f32d6eb91352c52e008f6c934fb2cc) Update Golang 1.12.12 (CVE-2019-17596) * [`b0d7ef6110`](https://github.com/containerd/containerd/commit/b0d7ef6110931ae7a2238b6984a098fc97b2e5f6) Merge pull request [#3746](https://github.com/containerd/containerd/pull/3746) from crosbymichael/localfs2 * [`c471c95bc5`](https://github.com/containerd/containerd/commit/c471c95bc552f55ebef54cd3cb3e31a3d0951514) Add local-fs.target to service file * [`c3532a35cc`](https://github.com/containerd/containerd/commit/c3532a35ccca10cd21d1f0c3c5499474d3d8250d) Merge pull request [#3739](https://github.com/containerd/containerd/pull/3739) from estesp/cp-1.2-3736 * [`847f74c284`](https://github.com/containerd/containerd/commit/847f74c284008247ae0d028c20910a0abcd90593) Fix delete error code on the containerd daemon side. * [`445638104e`](https://github.com/containerd/containerd/commit/445638104e99e0129f43d9fe7a443e30b0965448) Merge pull request [#3732](https://github.com/containerd/containerd/pull/3732) from Random-Liu/cherrypick-#3730-release-1.2 * [`611766aff3`](https://github.com/containerd/containerd/commit/611766aff3da9b79ae3d18c2a8633bb1e374e76f) Fix shim delete error code. * [`816dfe3960`](https://github.com/containerd/containerd/commit/816dfe3960a99a9469f1bb69733f7d994d6826f5) Merge pull request [#3723](https://github.com/containerd/containerd/pull/3723) from thaJeztah/1.2_backport_bump_runc_1.0.0-rc9 * [`639be35858`](https://github.com/containerd/containerd/commit/639be3585829465244e00741a2f4d6b9b1bc7d8c) bump runc v1.0.0-rc9 * [`b30190905f`](https://github.com/containerd/containerd/commit/b30190905fe9ce83b95b8648812174101abd91ab) Bump runc to 1b8a1eeec3f337ab5d94f28980 * [`8fb208fb14`](https://github.com/containerd/containerd/commit/8fb208fb14742813cfa0e431732ef5fdf0c97d0c) Revert "Revert "bump libseccomp-golang v0.9.1"" * [`deca8e0e31`](https://github.com/containerd/containerd/commit/deca8e0e31020515db580e932a5595fe275b7ba0) Merge pull request [#3700](https://github.com/containerd/containerd/pull/3700) from Random-Liu/automate-cri-tarball-release * [`889f5f8036`](https://github.com/containerd/containerd/commit/889f5f803699d078b3cda03054211bfbff41efa6) Automate CRI tarball release. ### Changes from containerd/cri * [`bab7348f`](https://github.com/containerd/cri/commit/bab7348fcfcc795e0dda2cc02e8cac6316c85edc) Merge pull request [#1304](https://github.com/containerd/cri/pull/1304) from Random-Liu/cherrypick-#1266-release-1.2 * [`ec7287ac`](https://github.com/containerd/cri/commit/ec7287ac136efe04caa41b8eb192715e813283a1) Support local containerd release. ### Dependency Changes Previous release can be found at [v1.2.10](https://github.com/containerd/containerd/releases/tag/v1.2.10) * **github.com/containerd/cri** 40affe7c7402d41618b9791a8cf105ac74ce56d0 -> bab7348fcfcc795e0dda2cc02e8cac6316c85edc * **github.com/opencontainers/runc** 3e425f80a8c931f88e6d94a8c831b9d5aa481657 -> d736ef14f0288d6993a1845745d6756cfc9ddd5a * **github.com/seccomp/libseccomp-golang** 32f571b70023028bd57d9288c20efbcb237f3ce0 -> v0.9.1