From 24ee4c282765bc21a7db4593baef6a61e21f9ac57569d42392b1ddf785d62c91 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Tue, 7 Jun 2022 07:53:46 +0000 Subject: [PATCH] Accepting request 981100 from home:cyphar:docker - Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements of Docker v20.10.17-ce. bsc#1200145 - Remove upstreamed patches: - bsc1200145-Limit-the-response-size-of-ExecSync.patch OBS-URL: https://build.opensuse.org/request/show/981100 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/containerd?expand=0&rev=133 --- _service | 4 ++-- containerd-1.5.12_a4014bc909aa.tar.xz | 3 --- containerd-1.6.6_10c12954828e.tar.xz | 3 +++ containerd.changes | 16 ++++++++++++++++ containerd.spec | 21 ++++----------------- 5 files changed, 25 insertions(+), 22 deletions(-) delete mode 100644 containerd-1.5.12_a4014bc909aa.tar.xz create mode 100644 containerd-1.6.6_10c12954828e.tar.xz diff --git a/_service b/_service index e294f97..9ecc82c 100644 --- a/_service +++ b/_service @@ -3,8 +3,8 @@ https://github.com/containerd/containerd.git git containerd - 1.5.12_%h - v1.5.12 + 1.6.6_%h + v1.6.6 .git diff --git a/containerd-1.5.12_a4014bc909aa.tar.xz b/containerd-1.5.12_a4014bc909aa.tar.xz deleted file mode 100644 index 98637ed..0000000 --- a/containerd-1.5.12_a4014bc909aa.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18d7f7583a7cf94329827ca8b6bbc5c65db566917433c07d86a9702e013f39d3 -size 4482804 diff --git a/containerd-1.6.6_10c12954828e.tar.xz b/containerd-1.6.6_10c12954828e.tar.xz new file mode 100644 index 0000000..c91e58c --- /dev/null +++ b/containerd-1.6.6_10c12954828e.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:91a3145a069c223e7db9694c1c08f44457f15f9b6fc77a156d558587e01bcb0d +size 5209856 diff --git a/containerd.changes b/containerd.changes index e78e292..00aca35 100644 --- a/containerd.changes +++ b/containerd.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Jun 7 07:22:02 UTC 2022 - Aleksa Sarai + +- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements + of Docker v20.10.17-ce. bsc#1200145 +- Remove upstreamed patches: + - bsc1200145-Limit-the-response-size-of-ExecSync.patch + +------------------------------------------------------------------- +Mon Jun 6 05:49:56 UTC 2022 - Aleksa Sarai + +[ This patch was only released in SLES and Leap. ] + +- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145 + + bsc1200145-Limit-the-response-size-of-ExecSync.patch + ------------------------------------------------------------------- Mon Jun 6 05:41:10 UTC 2022 - Aleksa Sarai diff --git a/containerd.spec b/containerd.spec index 1807a39..31b8bad 100644 --- a/containerd.spec +++ b/containerd.spec @@ -23,11 +23,11 @@ %endif # MANUAL: Update the git_version. -%define git_version a4014bc909aa533eb3c22f83f2a258bb0822e1b0 -%define git_short a4014bc909aa +%define git_version 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1 +%define git_short 10c12954828e Name: containerd -Version: 1.5.12 +Version: 1.6.6 Release: 0 Summary: Standalone OCI Container Daemon License: Apache-2.0 @@ -84,21 +84,8 @@ separately from Docker. %setup -q -n %{name}-%{version}_%{git_short} %build -# NOTE: containerd will switch to go.mod in 1.5.x so this can be removed after -# we update to that version. - -# Do not use symlinks. If you want to run the unit tests for this package at -# some point during the build and you need to directly use go list directly it -# will get confused by symlinks. -export GOPATH=$HOME/go -export PROJECT=$HOME/go/src/github.com/containerd/containerd -export GO111MODULE=off -mkdir -p $PROJECT -rm -rf $PROJECT/* -cp -ar * $PROJECT - BUILDTAGS="apparmor selinux seccomp" -make -C "$PROJECT"\ +%make_build \ BUILDTAGS="$BUILDTAGS" \ VERSION="v%{version}" \ REVISION="%{git_version}"