From 0cc1a3e056b9e684dbd76f2f1839c91894f315b2d7e31d11d325a74c1a2c1ebb Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 6 Jun 2022 05:45:19 +0000 Subject: [PATCH 1/2] Accepting request 980949 from home:cyphar:docker - Update to containerd v1.5.12. Upstream release notes: OBS-URL: https://build.opensuse.org/request/show/980949 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/containerd?expand=0&rev=132 --- _service | 4 ++-- containerd-1.5.11_3df54a852345.tar.xz | 3 --- containerd-1.5.12_a4014bc909aa.tar.xz | 3 +++ containerd.changes | 6 ++++++ containerd.spec | 10 +++++----- 5 files changed, 16 insertions(+), 10 deletions(-) delete mode 100644 containerd-1.5.11_3df54a852345.tar.xz create mode 100644 containerd-1.5.12_a4014bc909aa.tar.xz diff --git a/_service b/_service index f774943..e294f97 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/containerd/containerd.git git containerd - 1.5.11_%h - v1.5.11 + 1.5.12_%h + v1.5.12 .git diff --git a/containerd-1.5.11_3df54a852345.tar.xz b/containerd-1.5.11_3df54a852345.tar.xz deleted file mode 100644 index f00ddd1..0000000 --- a/containerd-1.5.11_3df54a852345.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9c336dd3501a9a81e24d3385b84a946bc252e6379929e372bac58c31d757d688 -size 4439804 diff --git a/containerd-1.5.12_a4014bc909aa.tar.xz b/containerd-1.5.12_a4014bc909aa.tar.xz new file mode 100644 index 0000000..98637ed --- /dev/null +++ b/containerd-1.5.12_a4014bc909aa.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:18d7f7583a7cf94329827ca8b6bbc5c65db566917433c07d86a9702e013f39d3 +size 4482804 diff --git a/containerd.changes b/containerd.changes index 4b27a73..e78e292 100644 --- a/containerd.changes +++ b/containerd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 6 05:41:10 UTC 2022 - Aleksa Sarai + +- Update to containerd v1.5.12. Upstream release notes: + + ------------------------------------------------------------------- Thu Apr 14 04:15:16 UTC 2022 - Aleksa Sarai diff --git a/containerd.spec b/containerd.spec index a468291..1807a39 100644 --- a/containerd.spec +++ b/containerd.spec @@ -23,11 +23,11 @@ %endif # MANUAL: Update the git_version. -%define git_version 3df54a852345ae127d1fa3092b95168e4a88e2f8 -%define git_short 3df54a852345 +%define git_version a4014bc909aa533eb3c22f83f2a258bb0822e1b0 +%define git_short a4014bc909aa Name: containerd -Version: 1.5.11 +Version: 1.5.12 Release: 0 Summary: Standalone OCI Container Daemon License: Apache-2.0 @@ -43,8 +43,8 @@ BuildRequires: libbtrfs-devel >= 3.8 BuildRequires: libseccomp-devel >= 2.2 BuildRequires: pkg-config # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires -# for 'golang(API) >= 1.16' here, so just require 1.16 exactly. bsc#1172608 -BuildRequires: go1.16 +# for 'golang(API) >= 1.18' here, so just require 1.18 exactly. bsc#1172608 +BuildRequires: go1.18 # We provide a git revision so that Docker can require it properly. Provides: %{name}-git = %{git_version} # Currently runc is the only supported runtime for containerd. We pin the same From 24ee4c282765bc21a7db4593baef6a61e21f9ac57569d42392b1ddf785d62c91 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 7 Jun 2022 07:53:46 +0000 Subject: [PATCH 2/2] Accepting request 981100 from home:cyphar:docker - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch OBS-URL: https://build.opensuse.org/request/show/981100 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/containerd?expand=0&rev=133 --- _service | 4 ++-- containerd-1.5.12_a4014bc909aa.tar.xz | 3 --- containerd-1.6.6_10c12954828e.tar.xz | 3 +++ containerd.changes | 16 ++++++++++++++++ containerd.spec | 21 ++++----------------- 5 files changed, 25 insertions(+), 22 deletions(-) delete mode 100644 containerd-1.5.12_a4014bc909aa.tar.xz create mode 100644 containerd-1.6.6_10c12954828e.tar.xz diff --git a/_service b/_service index e294f97..9ecc82c 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/containerd/containerd.git git containerd - 1.5.12_%h - v1.5.12 + 1.6.6_%h + v1.6.6 .git diff --git a/containerd-1.5.12_a4014bc909aa.tar.xz b/containerd-1.5.12_a4014bc909aa.tar.xz deleted file mode 100644 index 98637ed..0000000 --- a/containerd-1.5.12_a4014bc909aa.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18d7f7583a7cf94329827ca8b6bbc5c65db566917433c07d86a9702e013f39d3 -size 4482804 diff --git a/containerd-1.6.6_10c12954828e.tar.xz b/containerd-1.6.6_10c12954828e.tar.xz new file mode 100644 index 0000000..c91e58c --- /dev/null +++ b/containerd-1.6.6_10c12954828e.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91a3145a069c223e7db9694c1c08f44457f15f9b6fc77a156d558587e01bcb0d +size 5209856 diff --git a/containerd.changes b/containerd.changes index e78e292..00aca35 100644 --- a/containerd.changes +++ b/containerd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Jun 7 07:22:02 UTC 2022 - Aleksa Sarai + +- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements + of Docker v20.10.17-ce. bsc#1200145 +- Remove upstreamed patches: + - bsc1200145-Limit-the-response-size-of-ExecSync.patch + +------------------------------------------------------------------- +Mon Jun 6 05:49:56 UTC 2022 - Aleksa Sarai + +[ This patch was only released in SLES and Leap. ] + +- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + + bsc1200145-Limit-the-response-size-of-ExecSync.patch + ------------------------------------------------------------------- Mon Jun 6 05:41:10 UTC 2022 - Aleksa Sarai diff --git a/containerd.spec b/containerd.spec index 1807a39..31b8bad 100644 --- a/containerd.spec +++ b/containerd.spec @@ -23,11 +23,11 @@ %endif # MANUAL: Update the git_version. -%define git_version a4014bc909aa533eb3c22f83f2a258bb0822e1b0 -%define git_short a4014bc909aa +%define git_version 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 +%define git_short 10c12954828e Name: containerd -Version: 1.5.12 +Version: 1.6.6 Release: 0 Summary: Standalone OCI Container Daemon License: Apache-2.0 @@ -84,21 +84,8 @@ separately from Docker. %setup -q -n %{name}-%{version}_%{git_short} %build -# NOTE: containerd will switch to go.mod in 1.5.x so this can be removed after -# we update to that version. - -# Do not use symlinks. If you want to run the unit tests for this package at -# some point during the build and you need to directly use go list directly it -# will get confused by symlinks. -export GOPATH=$HOME/go -export PROJECT=$HOME/go/src/github.com/containerd/containerd -export GO111MODULE=off -mkdir -p $PROJECT -rm -rf $PROJECT/* -cp -ar * $PROJECT - BUILDTAGS="apparmor selinux seccomp" -make -C "$PROJECT"\ +%make_build \ BUILDTAGS="$BUILDTAGS" \ VERSION="v%{version}" \ REVISION="%{git_version}"