From: Marcus Hoffmann <marcus.hoffmann@othermo.de>
To: buildroot@buildroot.org
Subject: Re: [Buildroot] [git commit] package/containerd: security bump to version 1.5.11
Date: Mon, 11 Apr 2022 14:28:51 +0200 [thread overview]
Message-ID: <9ca9a86e-917a-ea5a-04bf-b9cd0e15aff5@othermo.de> (raw)
In-Reply-To: <20220405185320.319C18361B@busybox.osuosl.org>
Hi Peter,
On 05.04.22 19:28, Peter Korsgaard wrote:
> commit: https://git.buildroot.net/buildroot/commit/?id=2642edb0af08f04fb98f4cb5f88895faded4b325
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
>
> Fixes the following security issues:
>
> - CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes
> https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
>
> - CVE-2022-24769: Default inheritable capabilities for linux container
> should be empty
> https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/containerd/containerd.hash | 2 +-
> package/containerd/containerd.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/containerd/containerd.hash b/package/containerd/containerd.hash
> index d5aafe2e70..23dacded88 100644
> --- a/package/containerd/containerd.hash
> +++ b/package/containerd/containerd.hash
> @@ -1,3 +1,3 @@
> # Computed locally
> -sha256 40c9767af3e87f2c36adf2f563f0a8374e80b30bd2b7aa80058c85912406cef4 containerd-1.5.9.tar.gz
> +sha256 6a289406c1c0583763e5a9754e31a1eced55cd5f162a7bc2a3a315d5eb05c7a1 containerd-1.5.11.tar.gz
I get a different hash for this download, both within buildroot as well
as downloading the file manually from github:
ERROR: containerd-1.5.11.tar.gz has wrong sha256 hash:
ERROR: expected:
6a289406c1c0583763e5a9754e31a1eced55cd5f162a7bc2a3a315d5eb05c7a1
ERROR: got :
02b79d5e2b07b5e64cd28f1fe84395ee11eef95fc49fd923a9ab93022b148be6
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Did the file change in the meantime or did something else go wrong here?
Should send a patch changing the hash to
02b79d5e2b07b5e64cd28f1fe84395ee11eef95fc49fd923a9ab93022b148be6?
> [...]
Best,
Marcus
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-04-11 12:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-05 17:28 [Buildroot] [git commit] package/containerd: security bump to version 1.5.11 Peter Korsgaard
2022-04-11 12:28 ` Marcus Hoffmann [this message]
2022-04-11 17:03 ` Arnout Vandecappelle
2022-04-11 18:33 ` Yann E. MORIN
2022-04-11 19:02 ` Peter Korsgaard
2022-04-11 20:27 ` Arnout Vandecappelle
2022-04-11 20:34 ` Peter Korsgaard
2022-04-12 8:28 ` Arnout Vandecappelle
2022-04-12 9:26 ` Peter Korsgaard
2022-04-14 19:15 ` Arnout Vandecappelle
2022-04-14 20:06 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9ca9a86e-917a-ea5a-04bf-b9cd0e15aff5@othermo.de \
--to=marcus.hoffmann@othermo.de \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.