Ubuntu
containerd package

Change logs for containerd source package in Hirsute

  1. Hirsute (21.04)
  2. Change log 
  • containerd (1.5.5-0ubuntu3~21.04.1) hirsute; urgency=medium

  * Backport version 1.5.5-0ubuntu3 from Impish (LP: #1938908).

containerd (1.5.5-0ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
      snapshots/btrfs/btrfs.go.
    - CVE-2021-41103

containerd (1.5.5-0ubuntu2) impish; urgency=medium

  * d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
    to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
    (LP: #1943049).

 -- Lucas Kanashiro <email address hidden>  Fri, 08 Oct 2021 11:37:00 -0300
  • containerd (1.5.5-0ubuntu2~21.04.1) hirsute; urgency=medium

  * Backport version 1.5.5-0ubuntu2 from Impish (LP: #1938908).

containerd (1.5.5-0ubuntu2) impish; urgency=medium

  * d/p/seccomp-support-clone3-syscall.patch: clone3 is explicitly requested
    to give ENOSYS instead of the default EPERM, when CAP_SYS_ADMIN is unset.
    (LP: #1943049).

 -- Lucas Kanashiro <email address hidden>  Tue, 21 Sep 2021 17:28:52 -0300
  • containerd (1.5.2-0ubuntu1~21.04.3) hirsute-security; urgency=medium

  * SECURITY UPDATE: insufficiently restricted directory permissions
    - debian/patches/1.5-reduce-directory-permissions.patch: reduce
      permissions for bundle dir in runtime/v1/linux/bundle.go,
      runtime/v1/linux/bundle_test.go, runtime/v2/bundle.go,
      runtime/v2/bundle_default.go, runtime/v2/bundle_linux.go,
      runtime/v2/bundle_linux_test.go, runtime/v2/bundle_test.go,
      snapshots/btrfs/btrfs.go.
    - CVE-2021-41103

 -- Marc Deslauriers <email address hidden>  Wed, 29 Sep 2021 06:45:53 -0400
  • containerd (1.5.2-0ubuntu1~21.04.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: unexpected host file permission changes
    - debian/patches/1.5-Cleanup-lchmod-logic-in-archive.patch: cleanup
      lchmod logic in archive in archive/tar.go, archive/tar_freebsd.go,
      archive/tar_mostunix.go, archive/tar_test.go, archive/tar_unix.go,
      archive/tar_windows.go.
    - No CVE number yet

 -- Marc Deslauriers <email address hidden>  Tue, 13 Jul 2021 12:52:53 -0400
  • containerd (1.5.2-0ubuntu1~21.04.1) hirsute; urgency=medium

  * New upstream release, backport from Impish (LP: #1931464).
  * d/p/skip-tests-with-privilege.patch: add a patch to skip tests which
    require a certain level of privilege not achievable in the build
    environment.

 -- Lucas Kanashiro <email address hidden>  Fri, 21 May 2021 16:48:34 -0300
  • containerd (1.4.4-0ubuntu1) hirsute; urgency=medium

  * New upstream release.
    - It contains a fix for CVE-2021-21334 along with various other minor
      issues.
  * Refresh preserve-debug-info.patch
  * d/rules: set GO111MODULE to auto. In Go 1.16, which is the default in
    Hirsute now, the packages are built in module-aware mode. Since containerd
    does not have a go.mod file in its source tree it FTBFS. Setting GO111MODULE
    to auto we can have the previous behavior which is enable module-aware mode
    only if the go.mod file exists.

 -- Lucas Kanashiro <email address hidden>  Tue, 10 Mar 2021 11:45:18 -0300
  • containerd (1.4.3-0ubuntu1) hirsute; urgency=medium

  * New upstream release.
  * Drop patches applied by upstream.
    - d/p/4134-update-etcd-bbolt.patch
    - d/p/4277-fix-build-on-riscv64.patch
    - d/p/e859b8a-gc-increase-sleep-time-in-test.patch
    - d/p/CVE-2020-15257.patch
  * Update the copyright file.
  * Build depend on default Golang version in all architectures.

 -- Lucas Kanashiro <email address hidden>  Tue, 12 Jan 2021 18:45:18 -0300
  • containerd (1.3.7-0ubuntu5) hirsute; urgency=medium

  * d/control: add a Breaks for docker.io lower than 19.03.13-0ubuntu4.
    See LP #1870514. The previous versions stop the docker daemon when a
    containerd update is performed, this Breaks statement will make sure we
    have a newer version which has the appropriate fix.

 -- Lucas Kanashiro <email address hidden>  Mon, 07 Dec 2020 16:33:03 -0300
  • containerd (1.3.7-0ubuntu4) hirsute; urgency=medium

  * SECURITY UPDATE: Elevation of privilege vulnerability
    - debian/patches/CVE-2020-15257.patch: Use path based unix socket for shims
      and use path-based unix socket for containerd-shim.
    - CVE-2020-15257

 -- Paulo Flabiano Smorigo <email address hidden>  Thu, 26 Nov 2020 17:35:23 +0000
  • containerd (1.3.7-0ubuntu3) groovy; urgency=medium

  * Build with Go 1.14 on riscv64 as 1.13 does not exist here. Adventurous
    riscv64 users can deal with any breakage :)

 -- Michael Hudson-Doyle <email address hidden>  Tue, 13 Oct 2020 12:14:27 +1300