containerd 1.2.12
Welcome to the v1.2.12 release of containerd!
The twelfth patch release for `containerd` 1.2 includes an updated runc with
a fix for CVE-2019-19921, an updated version of the opencontainers/selinux
dependency, which includes a fix for CVE-2019-16884, an updated version of the
`gopkg.in/yaml.v2` dependency to address CVE-2019-11253, and a Golang update.
### Notable Updates
* Update the runc vendor to v1.0.0-rc10 which includes a mitigation for [CVE-2019-19921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921).
* Update the opencontainers/selinux which includes a mitigation for [CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884).
* Update Golang runtime to 1.12.16, mitigating the [CVE-2020-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601) certificate verification bypass on Windows, and [CVE-2020-7919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919), which only affects 32-bit architectures.
* Update Golang runtime to 1.12.15, which includes a fix to the runtime (Go 1.12.14, Go 1.12.15) and and the `net/http` package (Go 1.12.15)
* A fix to prevent `SIGSEGV` when starting containerd-shim [containerd/containerd#3960](https://github.com/containerd/containerd/pull/3960)
* Fixes to `exec` [containerd/containerd#3755](https://github.com/containerd/containerd/pull/3755)
- Prevent `docker exec` hanging if an earlier `docker exec` left a zombie process
- Prevent High system load/CPU utilization with liveness and readiness probes
- Prevent Docker healthcheck causing high CPU utilization
* CRI fixes:
- Update the `gopkg.in/yaml.v2` vendor to v2.2.8 with a mitigation for [CVE-2019-11253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253)
### API
* Fix API filters to properly handle and return parse errors [containerd/containerd#3950](https://github.com/containerd/containerd/pull/3950)
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Sebastiaan van Stijn
* Lantao Liu
* Phil Estes
* Derek McGowan
* Davanum Srinivas
* Michael Crosby
* Mike Brown
* Maksym Pavlenko
* Akihiro Suda
* Reid Li
* Wei Fu
### Changes
* [`35bd7a5f69`](https://github.com/containerd/containerd/commit/35bd7a5f69c13e1563af8a93431411cd9ecf5021) Merge pull request [#3984](https://github.com/containerd/containerd/pull/3984) from thaJeztah/release_1.2.12
* [`79d65767e4`](https://github.com/containerd/containerd/commit/79d65767e48dbfa4bbf55ebf231a806b167d0cd0) Prepare v1.2.12 release
* [`9be62a7ee9`](https://github.com/containerd/containerd/commit/9be62a7ee93d0b80850b1042e6b8c0b9b52d80a8) Update mailmap
* [`7018df2284`](https://github.com/containerd/containerd/commit/7018df2284152999d37d6e53ac37aad530a60f03) Merge pull request [#3996](https://github.com/containerd/containerd/pull/3996) from thaJeztah/1.2_bump_containerd_cri
* [`9c7bd5072d`](https://github.com/containerd/containerd/commit/9c7bd5072d634512078319ce5ba4ee36653c2e08) Merge pull request [#3997](https://github.com/containerd/containerd/pull/3997) from thaJeztah/1.2_backport_dockerfile_test_fixes
* [`89c589bf03`](https://github.com/containerd/containerd/commit/89c589bf03de17835cb5cbc4b2efa39ab931e53d) Merge pull request [#3995](https://github.com/containerd/containerd/pull/3995) from thaJeztah/1.2_backport_bump_grpc
* [`8761b1bf86`](https://github.com/containerd/containerd/commit/8761b1bf869a09970d0c1319b17f2e103744b760) Update name for btrfs headers package
* [`5db3987ebf`](https://github.com/containerd/containerd/commit/5db3987ebff7b5baa9338d55e78461690432cbb7) Fix dependency in BUILDING.md
* [`945611681c`](https://github.com/containerd/containerd/commit/945611681c83926238d9053478403d6d1f003357) [release/1.2] vendor: bump containerd/cri b1052f3b73fb9f0a6805d3c20e884a4cef265a38
* [`520c8cb846`](https://github.com/containerd/containerd/commit/520c8cb84692be33af35cf290d9203a87155dc28) bump google.golang.org/grpc v1.23.1
* [`a558638ee7`](https://github.com/containerd/containerd/commit/a558638ee7a6e88bcea56c2f4421d6e95d6e1c1b) Merge pull request [#3993](https://github.com/containerd/containerd/pull/3993) from thaJeztah/1.2_update_containerd_cri
* [`c12aaf0e59`](https://github.com/containerd/containerd/commit/c12aaf0e59960d6df523740cb71799bb9d9e868e) vendor: bump gopkg.in/yaml.v2 v2.2.8
* [`9d1954f2ec`](https://github.com/containerd/containerd/commit/9d1954f2ec2d68a883b82a0486e88ef2b4f52184) vendor: bump containerd/cri b075cc4e9f394780dbed101601c48dcc3d37c828 (release/1.2 branch)
* [`92b40b6254`](https://github.com/containerd/containerd/commit/92b40b6254b8a15fbf809fa7e7a31b3f60c22013) Merge pull request [#3988](https://github.com/containerd/containerd/pull/3988) from thaJeztah/1.2_bump_golang_1.12.16
* [`1bc2590d98`](https://github.com/containerd/containerd/commit/1bc2590d983711a4b715521dc1966d2a01fc5c33) vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
* [`44b5bac0c0`](https://github.com/containerd/containerd/commit/44b5bac0c08a0b296cd4e16f0055187b0dfb00d7) Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919)
* [`7276974071`](https://github.com/containerd/containerd/commit/7276974071698a8f45a9fa64f27cd18bfea280ea) Merge pull request [#3982](https://github.com/containerd/containerd/pull/3982) from dims/bump-opencontainers/selinux-for-CVE-2019-16884-release-1.2
* [`4c03d5dfb8`](https://github.com/containerd/containerd/commit/4c03d5dfb85fc10243fc10442959096ba077396c) Pick up fix for CVE-2019-16884 in opencontainers/selinux
* [`318111bdfe`](https://github.com/containerd/containerd/commit/318111bdfebfb398551159e15cd1c2f4d6869901) Merge pull request [#3977](https://github.com/containerd/containerd/pull/3977) from dims/update-to-new-rc10-of-opencontainers/runc-release-1.2
* [`87648d2a7b`](https://github.com/containerd/containerd/commit/87648d2a7b0cc0d6990ffadcdd797b1048bb1e62) Bump to opencontainers/runc new version - v1.0.0-rc10
* [`701a8d0db8`](https://github.com/containerd/containerd/commit/701a8d0db8609fd1c867f02ec45b3b8631ca30c0) Merge pull request [#3968](https://github.com/containerd/containerd/pull/3968) from thaJeztah/1.2_bump_golang_1.12.15
* [`f106ae4ab5`](https://github.com/containerd/containerd/commit/f106ae4ab5815564d8a0c8b7e738d5f44896caf8) Update Golang 1.12.15
* [`625b11b6e1`](https://github.com/containerd/containerd/commit/625b11b6e1102267cb2daf4a4a504037e0887684) Merge pull request [#3960](https://github.com/containerd/containerd/pull/3960) from fuweid/cp-3559
* [`4288ba10fd`](https://github.com/containerd/containerd/commit/4288ba10fd55b9be3995544a36895cd87325aa58) runtime: only check killall for init process
* [`28d162717f`](https://github.com/containerd/containerd/commit/28d162717f9037963cee307e6cb4e8a98544997c) Merge pull request [#3918](https://github.com/containerd/containerd/pull/3918) from thaJeztah/1.2_bump_golang_1.12.14
* [`e7b06baa68`](https://github.com/containerd/containerd/commit/e7b06baa68ff3554c4dc08e8d29b776698cce9ad) Update Golang 1.12.14
* [`b584375bdf`](https://github.com/containerd/containerd/commit/b584375bdf9bb9798321b92616451feb11892c3e) Merge pull request [#3909](https://github.com/containerd/containerd/pull/3909) from estesp/cp-3898-1.2
* [`34978bf3bd`](https://github.com/containerd/containerd/commit/34978bf3bde9cf680474d3d22cb7d03e7af2bf12) Disable criu tests in Travis CI
* [`79f4c650d5`](https://github.com/containerd/containerd/commit/79f4c650d542451846348867c0ed8a07f9e956b1) Merge pull request [#3755](https://github.com/containerd/containerd/pull/3755) from thaJeztah/1.2_backport_avoid_unnecessary_runc_state
* [`ec48c95015`](https://github.com/containerd/containerd/commit/ec48c95015791e5f6d1666da359de4d674a7c85f) Merge pull request [#3856](https://github.com/containerd/containerd/pull/3856) from fuweid/cp-1.2-3853
* [`de8ed89b12`](https://github.com/containerd/containerd/commit/de8ed89b12a31eefbbe447ffa5543b1045390f4c) Fix cleanup error on content client test
* [`0877136a97`](https://github.com/containerd/containerd/commit/0877136a97a24650432d65c4b9d1cde1dc47ec13) Use cached state instead of `runc state`.
* [`f71f6d39b6`](https://github.com/containerd/containerd/commit/f71f6d39b6131a72bcc93a667f72c1ed722ef3e4) Robust pid locking for shim processes
* [`42aba6e0fe`](https://github.com/containerd/containerd/commit/42aba6e0fe5e8cc7f2eaceb41fb1d596e8759cac) Add timeout for I/O waitgroups
### Changes from containerd/cri
* [`b1052f3b`](https://github.com/containerd/cri/commit/b1052f3b73fb9f0a6805d3c20e884a4cef265a38) Merge pull request [#1392](https://github.com/containerd/cri/pull/1392) from dims/sync-vendors-with-containerd-in-release/1.2
* [`6adfc229`](https://github.com/containerd/cri/commit/6adfc229944db6299e60cebf7eed25dbaebcd0ba) Merge pull request [#1389](https://github.com/containerd/cri/pull/1389) from dims/update-opencontainers/selinux-in-release/1.2
* [`6f8dc60e`](https://github.com/containerd/cri/commit/6f8dc60e183cd373556e3090236f8f7cbf014531) Sync vendors with containerd 1.2.11
* [`ae6b4816`](https://github.com/containerd/cri/commit/ae6b4816d9bd2a886d8c244e65c1b076ff4926e2) pick up fix for CVE-2019-19921 in opencontainers/selinux
* [`b075cc4e`](https://github.com/containerd/cri/commit/b075cc4e9f394780dbed101601c48dcc3d37c828) Merge pull request [#1388](https://github.com/containerd/cri/pull/1388) from thaJeztah/1.2_bump_yaml
* [`b1a3e1e9`](https://github.com/containerd/cri/commit/b1a3e1e98b8da6da374c1aaa857805e289996eb1) [release/1.2] vendor: bump gopkg.in/yaml.v2 v2.2.8
* [`5420c6fb`](https://github.com/containerd/cri/commit/5420c6fb838ddde819c31c8c3669d43797287c7d) Merge pull request [#1354](https://github.com/containerd/cri/pull/1354) from Random-Liu/cherrypick-#1351-release-1.2
* [`12b09431`](https://github.com/containerd/cri/commit/12b094311ec3ad730bc5cf87522a69b68284d4d1) Better handle unknown state.
* [`57022a55`](https://github.com/containerd/cri/commit/57022a55d869701d61f9cff446f5ea38780b379f) Merge pull request [#1321](https://github.com/containerd/cri/pull/1321) from Random-Liu/cherrypick-#1319-release-1.2
* [`c229ad5c`](https://github.com/containerd/cri/commit/c229ad5c2fd96d456bf7afdfb2f1b767ca9b86b4) Fix containerd build, use `libbtrfs-dev` when available.
* [`80959d35`](https://github.com/containerd/cri/commit/80959d352ef88aa2ed9d44ef06cb766cd1a2729e) Merge pull request [#1313](https://github.com/containerd/cri/pull/1313) from Random-Liu/cherrypick-#1312-release-1.2
* [`6a7a8275`](https://github.com/containerd/cri/commit/6a7a827597b5f8edde71df11f209584345005ca5) Update based on default xenial distro.
* [`69a876d4`](https://github.com/containerd/cri/commit/69a876d4bc879a67bf7029dffa091a92c80b32a0) Merge pull request [#1305](https://github.com/containerd/cri/pull/1305) from Random-Liu/sync-vendor-release-1.2
* [`b638ad99`](https://github.com/containerd/cri/commit/b638ad99854e2a9d9f26421f6427cf708ced8eb3) Sync vendors with containerd.
### Dependency Changes
Previous release can be found at [v1.2.11](https://github.com/containerd/containerd/releases/tag/v1.2.11)
* **github.com/containerd/cri** bab7348fcfcc795e0dda2cc02e8cac6316c85edc -> b1052f3b73fb9f0a6805d3c20e884a4cef265a38
* **github.com/opencontainers/runc** d736ef14f0288d6993a1845745d6756cfc9ddd5a -> dc9208a3303feef5b3839f4323d9beb36df0a9dd
* **github.com/opencontainers/selinux** v1.2.2 -> 5215b1806f52b1fcc2070a8826c542c9d33cd3cf
* **golang.org/x/crypto** 49796115aa4b964c318aad4f3084fdb41e9aa067 -> 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
* **google.golang.org/appengine** 54a98f90d1c46b7731eb8fb305d2a321c30ef610 **_new_**
* **google.golang.org/grpc** 6eaf6f47437a6b4e2153a190160ef39a92c7eceb -> 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6
* **gopkg.in/yaml.v2** v2.2.1 -> 53403b58ad1b561927d19068c655246f2db79d48