Merge containerd from Debian unstable for mantic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
containerd (Ubuntu) |
Fix Released
|
Undecided
|
Lucas Kanashiro |
Bug Description
Upstream: tbd
Debian: 1.6.20~ds1-1 1.6.20~ds1-1
Ubuntu: 1.6.12-0ubuntu3
Debian new has 1.6.20~ds1-1, which may be available for merge soon.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
### New Debian Changes ###
containerd (1.6.20~ds1-1) unstable; urgency=medium
* New upstream version 1.6.20~ds1
* Bump golang-
* Bump golang-
-- Shengjing Zhu <email address hidden> Sat, 01 Apr 2023 01:27:11 +0800
containerd (1.6.18~ds1-1) unstable; urgency=medium
* New upstream version 1.6.18~ds1
+ CVE-2023-25153: OCI image importer memory exhaustion
+ CVE-2023-25173: Supplementary groups are not set up properly
* Install cni-bridge-fp to /usr/lib/cni in autopkgtest
-- Shengjing Zhu <email address hidden> Thu, 16 Feb 2023 07:16:20 +0800
containerd (1.6.17~ds1-1) unstable; urgency=medium
* New upstream version 1.6.17~ds1
* Add missing failpoint binaries in cri-integration autopkgtest
-- Shengjing Zhu <email address hidden> Sat, 11 Feb 2023 02:01:05 +0800
containerd (1.6.16~ds1-1) unstable; urgency=medium
* New upstream version 1.6.16~ds1
* Only track 1.6 LTS version in uscan watch file
* Drop 'Skip failed TestUpdateOCILi
https:/
-- Shengjing Zhu <email address hidden> Sun, 29 Jan 2023 03:07:20 +0800
containerd (1.6.14~ds1-1) unstable; urgency=medium
* New upstream version 1.6.14~ds1
* Update Standards-Version to 4.6.2 (no changes)
* Skip failed TestUpdateOCILi
-- Shengjing Zhu <email address hidden> Tue, 20 Dec 2022 10:30:50 +0800
containerd (1.6.13~ds1-1) unstable; urgency=medium
[ Benjamin Drung ]
* Bump golang-
* Let the dev package depend on golang-
`pkg/
therefore golang-
golang-
[ Shengjing Zhu ]
* New upstream version 1.6.13~ds1
-- Shengjing Zhu <email address hidden> Fri, 16 Dec 2022 02:42:08 +0800
containerd (1.6.12~ds1-1) unstable; urgency=medium
* New upstream version 1.6.12~ds1
+ CVE-2022-23471: CRI plugin: Fix goroutine leak during Exec
-- Shengjing Zhu <email address hidden> Thu, 08 Dec 2022 10:02:21 +0800
containerd (1.6.11~ds1-1) unstable; urgency=medium
* New upstream version 1.6.11~ds1
-- Shengjing Zhu <email address hidden> Wed, 07 Dec 2022 10:24:32 +0800
containerd (1.6.9~ds1-1) unstable; urgency=medium
* New upstream version 1.6.9~ds1
* Unvendor klog and go-logr
* Add golang-k8s-klog-dev to Build-Depends
-- Shengjing Zhu <email address hidden> Tue, 25 Oct 2022 02:52:23 +0800
containerd (1.6.8~ds1-1) unstable; urgency=medium
* New upstream version 1.6.8~ds1 (Closes: #1017917)
* Remove compatibility patch for
golang-
-- Shengjing Zhu <email address hidden> Tue, 23 Aug 2022 00:33:54 +0800
containerd (1.6.6~ds1-1) unstable; urgency=medium
* New upstream version 1.6.6~ds1
CVE-2022-31030: CRI plugin: Host memory exhaustion through ExecSync
* Update Standards-Version to 4.6.1 (no changes)
-- Shengjing Zhu <email address hidden> Tue, 07 Jun 2022 02:13:49 +0800
containerd (1.6.2~ds1-1) unstable; urgency=medium
* New upstream version 1.6.2~ds1
CVE-2022-24769: Default inheritable capabilities for linux container
should be empty
-- Shengjing Zhu <email address hidden> Thu, 24 Mar 2022 15:47:18 +0800
### Old Ubuntu Delta ###
containerd (1.6.12-0ubuntu3) lunar; urgency=medium
* d/p/skip-
fix a FTBFS in Ubuntu builders only.
-- Lucas Kanashiro <email address hidden> Mon, 10 Apr 2023 15:42:57 -0300
containerd (1.6.12-0ubuntu2) lunar; urgency=medium
* Add unvendored dependencies to golang-
Ideally containerd should be unvendored like in Debian. (LP: #1998847)
-- Benjamin Drung <email address hidden> Tue, 13 Dec 2022 11:52:06 +0100
containerd (1.6.12-0ubuntu1) lunar; urgency=medium
* New upstream release.
- Fixes CVE-2022-23471.
-- Lucas Kanashiro <email address hidden> Mon, 12 Dec 2022 11:55:18 -0300
containerd (1.6.10-0ubuntu1) lunar; urgency=medium
* New upstream release (LP: #1993392).
-- Lucas Kanashiro <email address hidden> Wed, 16 Nov 2022 12:04:51 -0300
containerd (1.6.4-0ubuntu1) kinetic; urgency=medium
* New upstream release.
* Remove patches applied by upstream:
- d/p/build-
- d/p/CVE-
* d/p/build-
avoid calling go run to build manpages.
* d/rules: fix DESTDIR and PREFIX variables.
-- Lucas Kanashiro <email address hidden> Wed, 11 May 2022 17:48:49 -0300
containerd (1.5.9-0ubuntu3) jammy; urgency=medium
* d/p/build-
In Go 1.17 the module graph has been changed to enable pruning and lazy
loading, some changes to go.{mod,sum} files are needed. We were delaying
the fix of this issue but now is the time.
-- Lucas Kanashiro <email address hidden> Wed, 23 Mar 2022 19:41:42 +0000
containerd (1.5.9-0ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: Insecure handling of image volumes
- debian/
volumes.
- CVE-2022-23648
-- Lucas Kanashiro <email address hidden> Thu, 03 Mar 2022 13:17:25 -0300
containerd (1.5.9-0ubuntu1) jammy; urgency=medium
* New upstream release (LP: #1946851, #1955413).
* Remove patches applied by upstream.
-- Lucas Kanashiro <email address hidden> Mon, 10 Jan 2022 16:27:26 -0300
containerd (1.5.5-0ubuntu3) impish; urgency=medium
* SECURITY UPDATE: insufficiently restricted directory permissions
- debian/
permissions for bundle dir in runtime/
runtime/
runtime/
runtime/
snapshots
- CVE-2021-41103
-- Marc Deslauriers <email address hidden> Wed, 06 Oct 2021 09:13:26 -0400
containerd (1.5.5-0ubuntu2) impish; urgency=medium
* d/p/seccomp-
to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
(LP: #1943049).
-- Lucas Kanashiro <email address hidden> Tue, 14 Sep 2021 11:45:36 -0300
containerd (1.5.5-0ubuntu1) impish; urgency=medium
* New upstream release.
* Bump debhelper compatibility level to 11.
- d/rules: remove the unneeded --with=systemd from the dh call.
- d/rules: override dh_installsystemd instead of dh_installinit.
-- Lucas Kanashiro <email address hidden> Wed, 04 Aug 2021 17:37:16 -0300
containerd (1.5.2-0ubuntu1) impish; urgency=medium
* New upstream release.
* d/p/skip-
require a certain level of privilege not achievable in the build
environment.
-- Lucas Kanashiro <email address hidden> Thu, 20 May 2021 15:55:04 -0300
containerd (1.4.4-0ubuntu1) hirsute; urgency=medium
* New upstream release.
- It contains a fix for CVE-2021-21334 along with various other minor
issues.
* Refresh preserve-
* d/rules: set GO111MODULE to auto. In Go 1.16, which is the default in
Hirsute now, the packages are built in module-aware mode. Since containerd
does not have a go.mod file in its source tree it FTBFS. Setting GO111MODULE
to auto we can have the previous behavior which is enable module-aware mode
only if the go.mod file exists.
-- Lucas Kanashiro <email address hidden> Tue, 10 Mar 2021 11:45:18 -0300
containerd (1.4.3-0ubuntu1) hirsute; urgency=medium
* New upstream release.
* Drop patches applied by upstream.
- d/p/4134-
- d/p/4277-
- d/p/e859b8a-
- d/p/CVE-
* Update the copyright file.
* Build depend on default Golang version in all architectures.
-- Lucas Kanashiro <email address hidden> Tue, 12 Jan 2021 18:45:18 -0300
containerd (1.3.7-0ubuntu5) hirsute; urgency=medium
* d/control: add a Breaks for docker.io lower than 19.03.13-0ubuntu4.
See LP #1870514. The previous versions stop the docker daemon when a
containerd update is performed, this Breaks statement will make sure we
have a newer version which has the appropriate fix.
-- Lucas Kanashiro <email address hidden> Mon, 07 Dec 2020 16:33:03 -0300
containerd (1.3.7-0ubuntu4) hirsute; urgency=medium
* SECURITY UPDATE: Elevation of privilege vulnerability
- debian/
and use path-based unix socket for containerd-shim.
- CVE-2020-15257
-- Paulo Flabiano Smorigo <email address hidden> Thu, 26 Nov 2020 17:35:23 +0000
containerd (1.3.7-0ubuntu3) groovy; urgency=medium
* Build with Go 1.14 on riscv64 as 1.13 does not exist here. Adventurous
riscv64 users can deal with any breakage :)
-- Michael Hudson-Doyle <email address hidden> Tue, 13 Oct 2020 12:14:27 +1300
containerd (1.3.7-0ubuntu2) groovy; urgency=medium
[ Tianon Gravi ]
* Build using Go 1.13 (per upstream)
* Use dh-golang to generate appropriate Built-Using
-- Michael Hudson-Doyle <email address hidden> Thu, 08 Oct 2020 10:51:47 +1300
containerd (1.3.7-0ubuntu1) groovy; urgency=medium
* New upstream release.
-- Michael Hudson-Doyle <email address hidden> Thu, 17 Sep 2020 09:10:52 +1200
containerd (1.3.6-0ubuntu1) groovy; urgency=medium
* New upstream release.
* d/rules: remove vendor directory from the library package
-- Lucas Kanashiro <email address hidden> Sat, 11 Jul 2020 11:20:49 -0300
containerd (1.3.4-0ubuntu6) groovy; urgency=medium
* d/control: remove the golang-
package is no longer built from source with latest golang.
-- Łukasz 'sil2100' Zemczak <email address hidden> Tue, 16 Jun 2020 10:12:13 +0200
containerd (1.3.4-0ubuntu5) groovy; urgency=medium
* Rename install file to match the new binary package name
-- Lucas Kanashiro <email address hidden> Mon, 01 Jun 2020 09:51:41 -0300
containerd (1.3.4-0ubuntu4) groovy; urgency=medium
* d/control: rename binary package with dev files and update
XS-
golang-
golang-
-- Lucas Kanashiro <email address hidden> Thu, 28 May 2020 17:05:30 -0300
containerd (1.3.4-0ubuntu3) groovy; urgency=medium
* Add a patch to fix the gc/scheduler flaky test on riscv64
-- Lucas Kanashiro <email address hidden> Thu, 21 May 2020 18:48:48 -0300
containerd (1.3.4-0ubuntu2) groovy; urgency=medium
* Add a patch to not use -buildmode=pie on riscv64
* d/rules: check for DEB_BUILD_ARCH to set variables to build on riscv64
-- Lucas Kanashiro <email address hidden> Wed, 20 May 2020 19:19:41 -0300
containerd (1.3.4-0ubuntu1) groovy; urgency=medium
* New upstream release.
* d/p/0001-
patch applied by upstream.
* debian/control: update Vcs-{Git,Broswer} to point to the Github repository.
* d/p/update_
version 1.3.4 to fix a FTBFS against Go 1.14.
* d/rules: disable btrfs plugin on riscv64, it needs cgo and riscv64 doesn't
support.
-- Lucas Kanashiro <email address hidden> Fri, 15 May 2020 10:36:37 -0300
containerd (1.3.3-0ubuntu2) focal; urgency=high
* d/p/0001-
Fixes regression introduced in 1.3.3 update, LP: #1867398.
-- Jorge Niedbalski <email address hidden> Thu, 26 Mar 2020 21:24:48 -0300
containerd (1.3.3-0ubuntu1) focal; urgency=medium
* New upstream version.
-- Michael Hudson-Doyle <email address hidden> Wed, 12 Feb 2020 14:18:29 +1300
containerd (1.3.2-0ubuntu1) focal; urgency=medium
[ Tianon Gravi ]
* Use 'sed' to adjust upstream's service file ExecStart value
* Update to 1.3.2 upstream release
[ Michael Hudson-Doyle ]
* d/patches/
them so we still get ddebs.
-- Michael Hudson-Doyle <email address hidden> Tue, 11 Feb 2020 12:29:51 +1300
containerd (1.3.1-0ubuntu1) focal; urgency=medium
* Update to 1.3.1 upstream release (LP: #1854841)
-- Tianon Gravi <email address hidden> Tue, 03 Dec 2019 15:24:58 +1300
containerd (1.2.10-0ubuntu1) eoan; urgency=medium
* New upstream release.
-- Michael Hudson-Doyle <email address hidden> Mon, 30 Sep 2019 11:31:16 +1300
containerd (1.2.9-0ubuntu1) eoan; urgency=medium
* New upstream release.
* Set GOCACHE to a safely-writeable directory during build.
-- Michael Hudson-Doyle <email address hidden> Wed, 18 Sep 2019 09:46:57 +0200
containerd (1.2.6-0ubuntu1) disco; urgency=medium
* New upstream release.
-- Michael Hudson-Doyle <email address hidden> Fri, 12 Apr 2019 12:28:52 +1200
containerd (1.2.5-0ubuntu1) disco; urgency=medium
* New upstream release.
-- Michael Hudson-Doyle <email address hidden> Thu, 14 Mar 2019 10:59:45 +1300
containerd (1.2.2-0ubuntu3) disco; urgency=medium
* Add available docs to containerd package
* Add 'basic-smoke' autopkgtest to verify basic functionality
* Skip tests on armhf (for now)
-- Tianon Gravi <email address hidden> Thu, 14 Feb 2019 14:26:03 -0800
containerd (1.2.2-0ubuntu2) disco; urgency=medium
* Update 'golang-
-- Tianon Gravi <email address hidden> Wed, 13 Feb 2019 16:17:22 -0800
containerd (1.2.2-0ubuntu1) disco; urgency=medium
* Update to 1.2.2 upstream release
-- Tianon Gravi <email address hidden> Thu, 17 Jan 2019 15:40:26 -0800
containerd (0.2.5-0ubuntu2) artful; urgency=medium
* No change rebuild to fix miscompilation on ppc64el. (LP: #1711935)
-- Michael Hudson-Doyle <email address hidden> Thu, 24 Aug 2017 20:19:36 +1200
containerd (0.2.5-0ubuntu1) zesty; urgency=medium
* Update to 0.2.5 upstream release (LP: #1655906)
-- Tianon Gravi <email address hidden> Fri, 13 Jan 2017 12:08:00 +1300
containerd (0.2.3-0ubuntu1) yakkety; urgency=medium
* Update to 0.2.3 upstream release
- remove 'fix-arm64.patch'; applied upstream,
https:/
- update runc dependency (>= 1.0.0-rc1)
-- Tianon Gravi <email address hidden> Wed, 24 Aug 2016 15:44:28 -0700
containerd (0.2.1-0ubuntu4) yakkety; urgency=medium
* Add d/patches/
-- Michael Hudson-Doyle <email address hidden> Wed, 06 Jul 2016 14:26:33 +1200
containerd (0.2.1-0ubuntu3) yakkety; urgency=medium
* Fix '-dev' package Depends, and use vendoring more directly
-- Tianon Gravi <email address hidden> Wed, 15 Jun 2016 14:47:15 -0700
containerd (0.2.1-0ubuntu2) yakkety; urgency=medium
* No change rebuild to pick up s390x fixes.
-- Michael Hudson-Doyle <email address hidden> Fri, 10 Jun 2016 15:13:39 +1200
containerd (0.2.1-0ubuntu1) yakkety; urgency=medium
* Use bundled dependencies for Ubuntu
-- Tianon Gravi <email address hidden> Fri, 20 May 2016 09:39:39 -0700
Changed in containerd (Ubuntu): | |
milestone: | none → ubuntu-23.06 |
Changed in containerd (Ubuntu): | |
assignee: | nobody → Lucas Kanashiro (lucaskanashiro) |
Changed in containerd (Ubuntu): | |
status: | New → In Progress |
Sorry, forgot to close this bug via changelog. The version 1.6.20~ds1-1ubuntu2 already landed in Mantic's release pocket.