From patchwork Fri Mar 12 22:48:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Stewart X-Patchwork-Id: 1452412 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dy1Fn0Srhz9sRR for ; Sat, 13 Mar 2021 09:49:01 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C41AD4E804; Fri, 12 Mar 2021 22:48:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wc-ztE53LhxT; Fri, 12 Mar 2021 22:48:55 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id DA34C4ED29; Fri, 12 Mar 2021 22:48:53 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 515A61BF379 for ; Fri, 12 Mar 2021 22:48:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3F5994F074 for ; Fri, 12 Mar 2021 22:48:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q31JeSEsjrB1 for ; Fri, 12 Mar 2021 22:48:36 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by smtp4.osuosl.org (Postfix) with ESMTPS id AD2024F071 for ; Fri, 12 Mar 2021 22:48:36 +0000 (UTC) Received: by mail-pl1-f179.google.com with SMTP id q12so2134666plr.1 for ; Fri, 12 Mar 2021 14:48:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uELuiqpViq9TXXZgVueaZJexgdR2LD9JCOTTSIK+nqY=; b=qVJznPIaqcVGH60XmCYvc4mdgxjpcORhxLUD+sH7hdPnmN0Hb4PU2FOgpFVJ7AK2LW qDo0pVlneiK4sJUyZDauVy/IBCtYZSehCNVfHgbGzTXkhOvaQfB+IxbSiquV5luqRjUD qBrL5lIc0hCQwZYNULiPlPWtA2kHSkrafNf0dpT+JcyRtzi4uq6vySZ8FK5A2XdwY6Y8 4/WQWfKyVF+OdfiYbmC5sxy2oZnTacQQI30Uvl+Wqk+5Anp9x/v2Y1ohZmOnlg5H30Or bgFr7IcTxKstOMxzVrmoFd86sKQhnK9CDVtP50AQWjO9TKlW/RiZXpICZEX8hwQVQO0a 7q0Q== X-Gm-Message-State: AOAM5318QVASUJjHkQR+tid7AeKOjty51oS2VXWM4rJVLJpcrYAQ75Tw uavvhCTVUILHb2TQs2e1j4mwSP1yOElf9g== X-Google-Smtp-Source: ABdhPJweUaU9btC1jGiHRTWRJHVnrXhL93rdf3Tqh3QKFdDzx1SvobsDJrXZMtFJVr+mjYV5E9a82Q== X-Received: by 2002:a17:90a:d801:: with SMTP id a1mr551816pjv.84.1615589315832; Fri, 12 Mar 2021 14:48:35 -0800 (PST) Received: from localhost.localdomain (ip70-191-80-27.sb.sd.cox.net. [70.191.80.27]) by smtp.gmail.com with ESMTPSA id z68sm6516646pfz.39.2021.03.12.14.48.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Mar 2021 14:48:35 -0800 (PST) From: Christian Stewart To: buildroot@buildroot.org Date: Fri, 12 Mar 2021 14:48:31 -0800 Message-Id: <20210312224833.1908386-1-christian@paral.in> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Matthew Weber , Christian Stewart , Anisse Astier , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Security fix for CVE-2021-21334: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4 Other changes: - Fix container create in CRI to prevent possible environment variable leak between containers - Update shim server to return grpc NotFound error - Add bounds on max oom_score_adj value for shim's AdjustOOMScore - Update task manager to use fresh context when calling shim shutdown - Update Docker resolver to avoid possible concurrent map access panic - Update shim's log file open flags to avoid containerd hang on syscall open - Fix incorrect usage calculation Signed-off-by: Christian Stewart --- package/docker-containerd/docker-containerd.hash | 2 +- package/docker-containerd/docker-containerd.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash index c5cfc137b8..bb544e8d60 100644 --- a/package/docker-containerd/docker-containerd.hash +++ b/package/docker-containerd/docker-containerd.hash @@ -1,3 +1,3 @@ # Computed locally -sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz +sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 docker-containerd-1.4.4.tar.gz sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk index 626889e5f4..e229d9cb54 100644 --- a/package/docker-containerd/docker-containerd.mk +++ b/package/docker-containerd/docker-containerd.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_CONTAINERD_VERSION = 1.4.3 +DOCKER_CONTAINERD_VERSION = 1.4.4 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION)) DOCKER_CONTAINERD_LICENSE = Apache-2.0 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE