* [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4
@ 2021-03-12 22:48 Christian Stewart
2021-03-12 22:48 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 20.10.5 Christian Stewart
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Christian Stewart @ 2021-03-12 22:48 UTC (permalink / raw)
To: buildroot
Security fix for CVE-2021-21334:
https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
Other changes:
- Fix container create in CRI to prevent possible environment variable leak between containers
- Update shim server to return grpc NotFound error
- Add bounds on max oom_score_adj value for shim's AdjustOOMScore
- Update task manager to use fresh context when calling shim shutdown
- Update Docker resolver to avoid possible concurrent map access panic
- Update shim's log file open flags to avoid containerd hang on syscall open
- Fix incorrect usage calculation
Signed-off-by: Christian Stewart <christian@paral.in>
---
package/docker-containerd/docker-containerd.hash | 2 +-
package/docker-containerd/docker-containerd.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash
index c5cfc137b8..bb544e8d60 100644
--- a/package/docker-containerd/docker-containerd.hash
+++ b/package/docker-containerd/docker-containerd.hash
@@ -1,3 +1,3 @@
# Computed locally
-sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz
+sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 docker-containerd-1.4.4.tar.gz
sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
index 626889e5f4..e229d9cb54 100644
--- a/package/docker-containerd/docker-containerd.mk
+++ b/package/docker-containerd/docker-containerd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_CONTAINERD_VERSION = 1.4.3
+DOCKER_CONTAINERD_VERSION = 1.4.4
DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
DOCKER_CONTAINERD_LICENSE = Apache-2.0
DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 20.10.5
2021-03-12 22:48 [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Christian Stewart
@ 2021-03-12 22:48 ` Christian Stewart
2021-03-20 19:08 ` Peter Korsgaard
2021-03-12 22:48 ` [Buildroot] [PATCH 3/3] package/docker-engine: " Christian Stewart
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Christian Stewart @ 2021-03-12 22:48 UTC (permalink / raw)
To: buildroot
https://docs.docker.com/engine/release-notes/
Signed-off-by: Christian Stewart <christian@paral.in>
---
package/docker-cli/docker-cli.hash | 2 +-
package/docker-cli/docker-cli.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash
index 95b15b539b..f4787062bb 100644
--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 aafba3765d9013cb75810b4f4334525f0e74e82ef073b4df9e8b524f3794e60a docker-cli-20.10.3.tar.gz
+sha256 4ba845f8c7e2e0a2ca1ec6589847159ca8d0d37b609f0e6f78def7a893b9b342 docker-cli-20.10.5.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE
diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk
index d90c3b7d10..d710bb2fee 100644
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_CLI_VERSION = 20.10.3
+DOCKER_CLI_VERSION = 20.10.5
DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
DOCKER_CLI_LICENSE = Apache-2.0
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 3/3] package/docker-engine: bump version to 20.10.5
2021-03-12 22:48 [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Christian Stewart
2021-03-12 22:48 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 20.10.5 Christian Stewart
@ 2021-03-12 22:48 ` Christian Stewart
2021-03-20 19:08 ` Peter Korsgaard
2021-03-14 15:51 ` [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Yann E. MORIN
2021-03-20 19:08 ` Peter Korsgaard
3 siblings, 1 reply; 7+ messages in thread
From: Christian Stewart @ 2021-03-12 22:48 UTC (permalink / raw)
To: buildroot
Signed-off-by: Christian Stewart <christian@paral.in>
---
package/docker-engine/docker-engine.hash | 2 +-
package/docker-engine/docker-engine.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 69ebd113ea..7e3ce6a5cf 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 62bb03f197b8a064da568e62639f6834f91c8cfc9273126a978847becc214c31 docker-engine-20.10.3.tar.gz
+sha256 bcf651d75e5c80421e8cd3b0d47f3425e01047cf67aef0eda83b68776905a583 docker-engine-20.10.5.tar.gz
sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index bbc97af8b5..d3f4d81572 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_ENGINE_VERSION = 20.10.3
+DOCKER_ENGINE_VERSION = 20.10.5
DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0
--
2.30.2
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4
2021-03-12 22:48 [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Christian Stewart
2021-03-12 22:48 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 20.10.5 Christian Stewart
2021-03-12 22:48 ` [Buildroot] [PATCH 3/3] package/docker-engine: " Christian Stewart
@ 2021-03-14 15:51 ` Yann E. MORIN
2021-03-20 19:08 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Yann E. MORIN @ 2021-03-14 15:51 UTC (permalink / raw)
To: buildroot
Christian, All,
On 2021-03-12 14:48 -0800, Christian Stewart spake thusly:
> Security fix for CVE-2021-21334:
>
> https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
>
> Other changes:
>
> - Fix container create in CRI to prevent possible environment variable leak between containers
> - Update shim server to return grpc NotFound error
> - Add bounds on max oom_score_adj value for shim's AdjustOOMScore
> - Update task manager to use fresh context when calling shim shutdown
> - Update Docker resolver to avoid possible concurrent map access panic
> - Update shim's log file open flags to avoid containerd hang on syscall open
> - Fix incorrect usage calculation
>
> Signed-off-by: Christian Stewart <christian@paral.in>
Series of 3 applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/docker-containerd/docker-containerd.hash | 2 +-
> package/docker-containerd/docker-containerd.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash
> index c5cfc137b8..bb544e8d60 100644
> --- a/package/docker-containerd/docker-containerd.hash
> +++ b/package/docker-containerd/docker-containerd.hash
> @@ -1,3 +1,3 @@
> # Computed locally
> -sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 docker-containerd-1.4.3.tar.gz
> +sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 docker-containerd-1.4.4.tar.gz
> sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE
> diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
> index 626889e5f4..e229d9cb54 100644
> --- a/package/docker-containerd/docker-containerd.mk
> +++ b/package/docker-containerd/docker-containerd.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -DOCKER_CONTAINERD_VERSION = 1.4.3
> +DOCKER_CONTAINERD_VERSION = 1.4.4
> DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,v$(DOCKER_CONTAINERD_VERSION))
> DOCKER_CONTAINERD_LICENSE = Apache-2.0
> DOCKER_CONTAINERD_LICENSE_FILES = LICENSE
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4
2021-03-12 22:48 [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Christian Stewart
` (2 preceding siblings ...)
2021-03-14 15:51 ` [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Yann E. MORIN
@ 2021-03-20 19:08 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2021-03-20 19:08 UTC (permalink / raw)
To: buildroot
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes:
> Security fix for CVE-2021-21334:
> https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
> Other changes:
> - Fix container create in CRI to prevent possible environment
> variable leak between containers
> - Update shim server to return grpc NotFound error
> - Add bounds on max oom_score_adj value for shim's AdjustOOMScore
> - Update task manager to use fresh context when calling shim shutdown
> - Update Docker resolver to avoid possible concurrent map access panic
> - Update shim's log file open flags to avoid containerd hang on syscall open
> - Fix incorrect usage calculation
> Signed-off-by: Christian Stewart <christian@paral.in>
Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-03-20 19:08 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-12 22:48 [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Christian Stewart
2021-03-12 22:48 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 20.10.5 Christian Stewart
2021-03-20 19:08 ` Peter Korsgaard
2021-03-12 22:48 ` [Buildroot] [PATCH 3/3] package/docker-engine: " Christian Stewart
2021-03-20 19:08 ` Peter Korsgaard
2021-03-14 15:51 ` [Buildroot] [PATCH 1/3] package/docker-containerd: security bump to 1.4.4 Yann E. MORIN
2021-03-20 19:08 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.