search

DelineaXPM / dsv-k8s

A Delinea DevOps Secrets Vault Kubernetes Secrets Injector and Syncer
https://delinea.com/products/devops-secrets-management-vault
MIT License
13 stars 9 forks source link

chore(deps): update ⬆️ golang module github.com/containerd/containerd to v1.6.12 #88

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
github.com/containerd/containerd indirect patch v1.6.6 -> v1.6.12

GitHub Vulnerability Alerts

CVE-2022-23471

Impact

A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO.

Patches

This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue.

Workarounds

Ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.

For more information

If you have any questions or comments about this advisory:

To report a security issue in containerd:

Release Notes

containerd/containerd ### [`v1.6.12`](https://togithub.com/containerd/containerd/releases/tag/v1.6.12): containerd 1.6.12 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.11...v1.6.12) Welcome to the v1.6.12 release of containerd! The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471. ##### Notable Updates - **Fix goroutine leak during Exec in CRI plugin** ([GHSA-2qjp-425j-52j9](https://togithub.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Derek McGowan - Danny Canter - Phil Estes - Sebastiaan van Stijn ##### Changes
5 commits

- Github Security Advisory [GHSA-2qjp-425j-52j9](https://togithub.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) - Prepare release notes for v1.6.12 - CRI stream server: Fix goroutine leak in Exec - \[release/1.6] update to go1.18.9 ([#​7766](https://togithub.com/containerd/containerd/pull/7766)) - \[release/1.6] update to go1.18.9

##### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.11](https://togithub.com/containerd/containerd/releases/tag/v1.6.11) ### [`v1.6.11`](https://togithub.com/containerd/containerd/releases/tag/v1.6.11): containerd 1.6.11 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.10...v1.6.11) Welcome to the v1.6.11 release of containerd! The eleventh patch release for containerd 1.6 contains a various fixes and updates. ##### Notable Updates - **Add pod UID annotation in CRI plugin** ([#​7735](https://togithub.com/containerd/containerd/pull/7735)) - **Fix nil pointer deference for Windows containers in CRI plugin** ([#​7737](https://togithub.com/containerd/containerd/pull/7737)) - **Fix lease labels unexpectedly overwriting expiration** ([#​7745](https://togithub.com/containerd/containerd/pull/7745)) - **Fix for simultaneous diff creation using the same parent snapshot** ([#​7756](https://togithub.com/containerd/containerd/pull/7756)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Derek McGowan - Wei Fu - Austin Vazquez - Kirtana Ashok - Maksym Pavlenko - Phil Estes - Qasim Sarfraz - Sebastiaan van Stijn - cosmoer ##### Changes
12 commits

- Prepare release notes for v1.6.11 ([#​7760](https://togithub.com/containerd/containerd/pull/7760)) - Prepare release notes for v1.6.11 - \[release/1.6] fix: support simultaneous create diff for same parent snapshot ([#​7756](https://togithub.com/containerd/containerd/pull/7756)) - fix: support simultaneous create diff for same parent snapshot - \[release/1.6] cherry-pick: Fix order of operations when setting lease labels ([#​7745](https://togithub.com/containerd/containerd/pull/7745)) - Fix order of operations when setting lease labels - \[release/1.6] Added nullptr checks to pkg/cri/server and sbserver ([#​7737](https://togithub.com/containerd/containerd/pull/7737)) - Added nullptr checks to pkg/cri/server and sbserver - \[release/1.6] cri: add pod uid annotation ([#​7735](https://togithub.com/containerd/containerd/pull/7735)) - cri: add pod uid annotation - \[release/1.6] go.mod: use golang_protobuf_extensions v1.0.4 to prevent incompatible versions ([#​7723](https://togithub.com/containerd/containerd/pull/7723)) - \[release/1.6] go.mod: use golang_protobuf_extensions v1.0.4

##### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.10](https://togithub.com/containerd/containerd/releases/tag/v1.6.10) ### [`v1.6.10`](https://togithub.com/containerd/containerd/releases/tag/v1.6.10): containerd 1.6.10 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.9...v1.6.10) Welcome to the v1.6.10 release of containerd! The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms. ##### Notable Updates - **Always check userxattr for overlay on kernels >= 5.11** ([#​7646](https://togithub.com/containerd/containerd/pull/7646)) - **Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows** ([#​7610](https://togithub.com/containerd/containerd/pull/7610) - **Bump Go version to 1.18.8 to address CVE-2022-41716** ([#​7634](https://togithub.com/containerd/containerd/pull/7634)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Akihiro Suda - Danny Canter - Kazuyoshi Kato - Austin Vazquez - Derek McGowan - Gavin Inglis - Kathryn Baldauf - Kevin Parsons - Phil Estes - Sebastiaan van Stijn - Yasin Turan ##### Changes
14 commits

- \[release/1.6] Prepare release notes for v1.6.10 ([#​7664](https://togithub.com/containerd/containerd/pull/7664)) - Prepare release notes for v1.6.10 - \[release/1.6] overlayutils: Add fastpath for userxattr check ([#​7646](https://togithub.com/containerd/containerd/pull/7646)) - overlayutils: Add fastpath for userxattr check - \[release/1.6] update to Go 1.18.8 to address CVE-2022-41716 ([#​7634](https://togithub.com/containerd/containerd/pull/7634)) - \[release/1.6] update to Go 1.18.8 to address CVE-2022-41716 - \[release/1.6] ctr export strictly match default platform ([#​7627](https://togithub.com/containerd/containerd/pull/7627)) - ctr export strictly match default platform - \[release/1.6] go.mod: Bump hcsshim to v0.9.5 ([#​7610](https://togithub.com/containerd/containerd/pull/7610)) - \[release/1.6] go.mod: Bump hcsshim to v0.9.5 - \[release/1.6] ctr import: strictly match platform ([#​7594](https://togithub.com/containerd/containerd/pull/7594)) - ctr import: strictly match platform - \[release/1.6] cherry-pick: Migrate away from GitHub actions set-output ([#​7582](https://togithub.com/containerd/containerd/pull/7582)) - Migrate away from GitHub actions set-output

##### Dependency Changes - **github.com/Microsoft/hcsshim** v0.9.4 -> v0.9.5 Previous release can be found at [v1.6.9](https://togithub.com/containerd/containerd/releases/tag/v1.6.9) ### [`v1.6.9`](https://togithub.com/containerd/containerd/releases/tag/v1.6.9): containerd 1.6.9 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.8...v1.6.9) Welcome to the v1.6.9 release of containerd! The ninth patch release for containerd 1.6 contains various fixes, reorders the pod setup workflow in the CRI plugin to prevent CNI resource leaks, and includes a new version of runc. ##### Notable Updates - **Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices** ([#​7268](https://togithub.com/containerd/containerd/pull/7268)) - **Fix CRI: Do not append \[]string{""} to command to preserve Docker compatibility** ([#​7298](https://togithub.com/containerd/containerd/pull/7298)) - **Enhance CRI: ContainerStatus to return container resources** ([#​7410](https://togithub.com/containerd/containerd/pull/7410)) - **Fix OCI resolver to skip TLS verification for localhost** ([#​7438](https://togithub.com/containerd/containerd/pull/7438) - **Fix createTarFile: make xattr EPERM non-fatal** ([#​7447](https://togithub.com/containerd/containerd/pull/7447)) - **Fix CRI plugin to setup pod network after creating the sandbox container** ([#​7456](https://togithub.com/containerd/containerd/pull/7456)) - **Fix OCI pusher to retry request on writer reset** ([#​7461](https://togithub.com/containerd/containerd/pull/7461)) - **Fix archive to validate digests before use** ([#​7490](https://togithub.com/containerd/containerd/pull/7490)) - **Migrate from k8s.gcr.io to registry.k8s.io** ([#​7549](https://togithub.com/containerd/containerd/pull/7549)) - **Fix CRI: PodSandboxStatus should tolerate missing task** ([#​7551](https://togithub.com/containerd/containerd/pull/7551)) - **Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil** ([#​7557](https://togithub.com/containerd/containerd/pull/7557)) - **Enhance CRI plugin to add logging volume metrics** ([#​7571](https://togithub.com/containerd/containerd/pull/7571)) - **Add support for CAP_BPF and CAP_PERFMON** ([#​7574](https://togithub.com/containerd/containerd/pull/7574)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Sebastiaan van Stijn - Akihiro Suda - Wei Fu - Samuel Karp - Kazuyoshi Kato - Maksym Pavlenko - Derek McGowan - Phil Estes - Qiutong Song - ruiwen-zhao - zounengren - Akhil Mohan - Andrey Klimentyev - Benjamin Elder - Henry Wang - Iceber Gu - Paco Xu - Sophie Liu - Ye Sijun - rongfu.leng ##### Changes
68 commits

- \[release/1.6] Prepare release notes for v1.6.9 ([#​7573](https://togithub.com/containerd/containerd/pull/7573)) - [`f1493f665`](https://togithub.com/containerd/containerd/commit/f1493f6651bd1955217c6ae444761c73e49726f2) Prepare release notes for v1.6.9 - [`99578d1fc`](https://togithub.com/containerd/containerd/commit/99578d1fc794fb36f58f0cbaf54aea56a95c3c60) Update mailmap - \[release/1.6] adding support of CAP_BPF and CAP_PERFMON ([#​7574](https://togithub.com/containerd/containerd/pull/7574)) - [`346412f5a`](https://togithub.com/containerd/containerd/commit/346412f5aefdcec30908562716de70ffe4824b67) adding support of CAP_BPF and CAP_PERFMON - \[release/1.6] Add logging volume metrics to Containerd CRI plugin ([#​7571](https://togithub.com/containerd/containerd/pull/7571)) - [`a956d8415`](https://togithub.com/containerd/containerd/commit/a956d84158580c91253b4c54b879b1f2b3e98e0f) Add logging volume metrics to Containerd CRI plugin - \[release/1.6] fix pusher concurrent close channel ([#​7562](https://togithub.com/containerd/containerd/pull/7562)) - [`29e2dea50`](https://togithub.com/containerd/containerd/commit/29e2dea5083e9b257471db5380a1b8ff32ae9219) fix pusher concurrent close channel - \[release/1.6] Stats() shouldn't assume s.container is non-nil ([#​7557](https://togithub.com/containerd/containerd/pull/7557)) - [`8a9d69385`](https://togithub.com/containerd/containerd/commit/8a9d69385024854321ba806ea09cc0bbe1af87c3) \[release/1.6] Stats() shouldn't assume s.container is non-nil - \[release/1.6] cri: PodSandboxStatus should tolerate missing task ([#​7551](https://togithub.com/containerd/containerd/pull/7551)) - [`a9adc7938`](https://togithub.com/containerd/containerd/commit/a9adc7938d98d292d7c2b598b1458551e275a507) cri: PodSandboxStatus should tolerate missing task - \[release/1.6] migrate from k8s.gcr.io to registry.k8s.io ([#​7549](https://togithub.com/containerd/containerd/pull/7549)) - [`b66eb726a`](https://togithub.com/containerd/containerd/commit/b66eb726a5bf968ac64f24de98f4065f19ede7f0) migrate from k8s.gcr.io to registry.k8s.io - \[release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 ([#​7518](https://togithub.com/containerd/containerd/pull/7518)) - [`5b40993a5`](https://togithub.com/containerd/containerd/commit/5b40993a5e525012b1e97121cdacccce6ced4d06) \[release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 - \[release/1.6] Update container with sandbox metadata after NetNS is created ([#​7505](https://togithub.com/containerd/containerd/pull/7505)) - [`f2376e659`](https://togithub.com/containerd/containerd/commit/f2376e659ffa55e4ff2578baf4e4c7aab54042e4) Update container with sandbox metadata after NetNS is created - \[release/1.6] archive: validate digests before use ([#​7490](https://togithub.com/containerd/containerd/pull/7490)) - [`06f82efef`](https://togithub.com/containerd/containerd/commit/06f82efef4be5975e7e9a8c8f8d13480065aab9f) archive: validate digests before use - \[release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#​7475](https://togithub.com/containerd/containerd/pull/7475)) - [`28324c529`](https://togithub.com/containerd/containerd/commit/28324c529fad2285d44ae5348377496cdf9c4926) \[release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 - [`0aeeb62cb`](https://togithub.com/containerd/containerd/commit/0aeeb62cba15e383b9387424be5ae4758650afae) \[release/1.6] update golangci-lint to v1.19.0 - [`7db9d1f76`](https://togithub.com/containerd/containerd/commit/7db9d1f76ffc16f970b6179a493caa008aeefef2) Fix linter warnings - [`4dc932e62`](https://togithub.com/containerd/containerd/commit/4dc932e620bd2931c57715dce8cc4ac9f9e1c2d0) \[release/1.6] gofmt with go1.19 - [`7b8d679ad`](https://togithub.com/containerd/containerd/commit/7b8d679ad169fa1a0d1127bc49dff231087ac544) \[release/1.6] integration: remove use of deprecated io/ioutil - \[release/1.6] retry request on writer reset ([#​7461](https://togithub.com/containerd/containerd/pull/7461)) - [`926b9c72f`](https://togithub.com/containerd/containerd/commit/926b9c72f61b5be6bf8d952512f1d0932fbaf898) retry request on writer reset - \[release/1.6] Setup pod network after creating the sandbox container ([#​7456](https://togithub.com/containerd/containerd/pull/7456)) - [`b9a35c6af`](https://togithub.com/containerd/containerd/commit/b9a35c6af9519630179b745e48bd29fd4d067c83) Add integration tests with failpoint - [`1f29fac48`](https://togithub.com/containerd/containerd/commit/1f29fac48ee356918663a4aa1f9880de3e2d6f1a) Persist container and sandbox if resource cleanup fails, like teardownPodNetwork - \[release/1.6] test: introduce failpoint control to runc-shimv2 and cni ([#​7455](https://togithub.com/containerd/containerd/pull/7455)) - [`a85709c6c`](https://togithub.com/containerd/containerd/commit/a85709c6c446b7a6fc49545b01d063473cf09432) integration: simplify CNI-fp and add README.md - [`d89a8d223`](https://togithub.com/containerd/containerd/commit/d89a8d22379f41adae7fd5e1d524c806a011deff) pkg/failpoint: add FreeBSD link and update pkg doc - [`b0ce2965a`](https://togithub.com/containerd/containerd/commit/b0ce2965aea5785f8f2930e358be84b86969a5e7) integration: Add injected failpoint testing for RunPodSandbox - [`a7f956d86`](https://togithub.com/containerd/containerd/commit/a7f956d86498c6066c1934215e64877602ac69f4) integration: CNI bridge wrapper with failpoint - [`07c479471`](https://togithub.com/containerd/containerd/commit/07c4794714db6af21f0bc5fdcd6fad89bd1f967c) pkg/failpoint: add DelegatedEval API - [`4a5bc05aa`](https://togithub.com/containerd/containerd/commit/4a5bc05aa00acd1c197f7547aec8f90f20c9a98f) runtime/v2/shim: return if error in load plugin - [`71ee7de24`](https://togithub.com/containerd/containerd/commit/71ee7de24818907dab4cdac39ba760008331f4a8) bin/ctr,integration: new runc-shim with failpoint - [`3e2e77849`](https://togithub.com/containerd/containerd/commit/3e2e7784907a9dba4af9de5fd81e2674b0a8cfee) runtime/v2: manager supports server interceptor - [`cb935bf49`](https://togithub.com/containerd/containerd/commit/cb935bf49a413c6624638ccc640146527bb05edb) pkg/failpoint: init failpoint package - \[release/1.6] cherry-pick: make xattr EPERM non-fatal in createTarFile ([#​7447](https://togithub.com/containerd/containerd/pull/7447)) - [`2fdfd564c`](https://togithub.com/containerd/containerd/commit/2fdfd564c180e01abe40463b6b6107f9ee2e1cf9) make xattr EPERM non-fatal in createTarFile - \[release/1.6] remotes/docker/config: Skipping TLS verification for localhost ([#​7438](https://togithub.com/containerd/containerd/pull/7438)) - [`89e49609d`](https://togithub.com/containerd/containerd/commit/89e49609d361f618aa1308e75e2fec57485697cc) remotes/docker/config: Skipping TLS verification for localhost - \[release/1.6] .zuul: remove the zull because it is offline ([#​7427](https://togithub.com/containerd/containerd/pull/7427)) - [`b720be2ce`](https://togithub.com/containerd/containerd/commit/b720be2ce3fa088b744dbfd185e615799b8e7bee) remove stray .zuul.yaml - [`6b30bc4b4`](https://togithub.com/containerd/containerd/commit/6b30bc4b4a8d0857e61e8324305c2ba97eba0716) .zuul: remove the zuul because it is offline - \[release/1.6] cherry-pick: Set grpc code for unimplemented cri-api methods ([#​7421](https://togithub.com/containerd/containerd/pull/7421)) - [`0f7e258ee`](https://togithub.com/containerd/containerd/commit/0f7e258eebbf1ebbc3b7fa87618547d1547df3cf) Set grpc code for unimplemented cri-api methods - \[release/1.6] cherry-pick: ContainerStatus to return container resources ([#​7410](https://togithub.com/containerd/containerd/pull/7410)) - [`fb753e5cd`](https://togithub.com/containerd/containerd/commit/fb753e5cd5a907710de673adf3dd5e5721a11fa9) update intergration - [`6ee5bb7ea`](https://togithub.com/containerd/containerd/commit/6ee5bb7eaad1420d6e57438b7a15853a7167e5b5) bump cri-api - [`ae8598615`](https://togithub.com/containerd/containerd/commit/ae85986151295afd08aeb7dcd1a30ca329682b11) ContainerStatus to return container resources - [`d3c7e31c8`](https://togithub.com/containerd/containerd/commit/d3c7e31c8a8f7dc3f0ef0d189fda5a7caca42ce2) Update CRI-API - \[release/1.6] backport: vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#​7340](https://togithub.com/containerd/containerd/pull/7340)) - [`5b44c5271`](https://togithub.com/containerd/containerd/commit/5b44c5271136c5f1c4b6df4275c6ff3b124d731d) vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - \[release/1.6 backport] update runc binary to v1.1.4 ([#​7333](https://togithub.com/containerd/containerd/pull/7333)) - [`3507d600b`](https://togithub.com/containerd/containerd/commit/3507d600b6f5db11f865b96d1ff319708656002d) update runc binary to v1.1.4 - \[release/1.6] ci: remove GOPROXY environment variable due to https://github.com/go-… ([#​7299](https://togithub.com/containerd/containerd/pull/7299)) - [`1efd8b947`](https://togithub.com/containerd/containerd/commit/1efd8b947393ce6911c13898ace01dd673e26633) ci: remove GOPROXY environment variable due to [https://github.com/go-yaml/yaml/issues/887](https://togithub.com/go-yaml/yaml/issues/887) - \[release/1.6] Do not append \[]string{""} to command to preserve Docker compatibility ([#​7298](https://togithub.com/containerd/containerd/pull/7298)) - [`0448673af`](https://togithub.com/containerd/containerd/commit/0448673af283588654f0197fefc33025cf371b6e) Do not append \[]string{""} to command to preserve Docker compatibility - \[release 1.6 backport] Fix cleanup in critest ([#​7274](https://togithub.com/containerd/containerd/pull/7274)) - [`5c230ece0`](https://togithub.com/containerd/containerd/commit/5c230ece0fa985fbc973d1e6dea743439ca2c527) Fix cleanup in critest - \[release/1.6 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#​7268](https://togithub.com/containerd/containerd/pull/7268)) - [`ed9d3dc37`](https://togithub.com/containerd/containerd/commit/ed9d3dc37c7d1f3f4975faa6918d0d3d3056e753) oci: WithDefaultUnixDevices(): remove tun/tap from the default devices

##### Changes from containerd/continuity
28 commits

- go.mod: update dependencies (take 2) ([#​204](https://togithub.com/containerd/continuity/pull/204)) - [`74a0169`](https://togithub.com/containerd/continuity/commit/74a016961cad4d635aeb6d4efb1bcc2268700d7a) go.mod: update dependencies (take 2) - Revert "go.mod: update dependencies" ([#​205](https://togithub.com/containerd/continuity/pull/205)) - [`4ef02a2`](https://togithub.com/containerd/continuity/commit/4ef02a2f72d4ed5539010211e85cbe303eb192bd) Revert "go.mod: update dependencies" - [`e364868`](https://togithub.com/containerd/continuity/commit/e3648687add4203d03811191b4e5692f516d355b) go.mod: update dependencies - [`5df4731`](https://togithub.com/containerd/continuity/commit/5df4731d45253217b8fe4ebf823fffda8da5a7ae) cmd/continuity: remove FUSE for macOS - Various small fix-ups ([#​202](https://togithub.com/containerd/continuity/pull/202)) - [`7fa1569`](https://togithub.com/containerd/continuity/commit/7fa1569efc4aa48f382a1c9ea565bcb62817f1b2) README: update badges and links - [`7917549`](https://togithub.com/containerd/continuity/commit/791754940833264651ac315318beb6998722731d) golangci-lint: replace "golint" with "revive" - [`de7fd6b`](https://togithub.com/containerd/continuity/commit/de7fd6b43f553b9b106ee818597404c2f408efc7) sysx: remove unused sysx/generate.sh script - [`e9ca807`](https://togithub.com/containerd/continuity/commit/e9ca807ed63bd76c91f56007883b62eea7d13dd0) fs: fix minor linting and gofmt issue - update authors and mailmap ([#​201](https://togithub.com/containerd/continuity/pull/201)) - [`3df990d`](https://togithub.com/containerd/continuity/commit/3df990de70e9fdc47d0f27c38414bf0ee63ce9fa) update authors and mailmap - move cmd/continuity to its own go module ([#​200](https://togithub.com/containerd/continuity/pull/200)) - [`9d49199`](https://togithub.com/containerd/continuity/commit/9d49199bde798d374a44dc1e522443c7ec7eb56e) move cmd/continuity to its own go module - [`5b38337`](https://togithub.com/containerd/continuity/commit/5b383371446465527de52c6880d4f5432327dcfb) remove version package - [`480f3bb`](https://togithub.com/containerd/continuity/commit/480f3bb0db8f1414e5190df5c30fcb94273e5dc7) move continuityfs -> cmd/continuity/continuityfs - [`071eff3`](https://togithub.com/containerd/continuity/commit/071eff3ae0a91e87e3985a862aa2f3445dd47314) move commands -> cmd/continuity/commands - [`840357f`](https://togithub.com/containerd/continuity/commit/840357fbaab4d0c486ce9656606d165d4d1c8839) go.mod: update logrus to v1.8.1 - CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#​198](https://togithub.com/containerd/continuity/pull/198)) - [`9b78cc9`](https://togithub.com/containerd/continuity/commit/9b78cc9d2f5c55558269dfd6595a68c5ed383043) CI: resolve Go path before sudoing - [`d67721d`](https://togithub.com/containerd/continuity/commit/d67721dd765a1d31239c4a6459d3dfbeed088e5f) CI: modernize Go setup - [`5bf078f`](https://togithub.com/containerd/continuity/commit/5bf078f2f986072b65b2b1641f5abff8968c516f) Remove deprecated io/ioutil (except ioutil.ReadDir) - fs.CopyDir: support sockets and pipes ([#​197](https://togithub.com/containerd/continuity/pull/197)) - [`ca52b93`](https://togithub.com/containerd/continuity/commit/ca52b934dd01ca5e16244bbe3643a5019360d11c) fs.CopyDir: support sockets and pipes - Fix wrapping errors ([#​196](https://togithub.com/containerd/continuity/pull/196)) - [`def6729`](https://togithub.com/containerd/continuity/commit/def67296172f65f5827e5355efac79e0c1331a48) fs: fix wrapping nil err - [`b17bab4`](https://togithub.com/containerd/continuity/commit/b17bab433315a4936debf5c0c150d9f4e36d7088) fmt.Errorf: use %w, not %v to wrap errors

##### Dependency Changes - **github.com/Microsoft/go-winio** v0.5.1 -> v0.5.2 - **github.com/containerd/continuity** v0.2.2 -> v0.3.0 - **golang.org/x/crypto** [`32db794`](https://togithub.com/containerd/containerd/commit/32db794688a5) -> [`3147a52`](https://togithub.com/containerd/containerd/commit/3147a52a75dd) - **golang.org/x/net** [`fe4d628`](https://togithub.com/containerd/containerd/commit/fe4d6282115f) -> [`a158d28`](https://togithub.com/containerd/containerd/commit/a158d28d115b) - **golang.org/x/sys** [`33da011`](https://togithub.com/containerd/containerd/commit/33da011f77ad) -> [`8c9f86f`](https://togithub.com/containerd/containerd/commit/8c9f86f7a55f) - **golang.org/x/term** [`6886f2d`](https://togithub.com/containerd/containerd/commit/6886f2dfbf5b) -> [`03fcf44`](https://togithub.com/containerd/containerd/commit/03fcf44c2211) - **google.golang.org/grpc** v1.43.0 -> v1.47.0 - **google.golang.org/protobuf** v1.27.1 -> v1.28.0 - **gopkg.in/yaml.v3** [`496545a`](https://togithub.com/containerd/containerd/commit/496545a6307b) -> v3.0.1 - **k8s.io/cri-api** v0.23.1 -> v0.25.0 Previous release can be found at [v1.6.8](https://togithub.com/containerd/containerd/releases/tag/v1.6.8) ### [`v1.6.8`](https://togithub.com/containerd/containerd/releases/tag/v1.6.8): containerd 1.6.8 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.7...v1.6.8) Welcome to the v1.6.8 release of containerd! The eighth patch release for containerd 1.6 fixes a regression in the release build binaries which limited the environments they could be run in. See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Akihiro Suda - Derek McGowan - Samuel Karp - Phil Estes ##### Changes
7 commits

- \[release/1.6] Prepare release notes for v1.6.8 ([#​7263](https://togithub.com/containerd/containerd/pull/7263)) - [`3364f411e`](https://togithub.com/containerd/containerd/commit/3364f411eb1503bac9d1ea09eab45660298845fc) Prepare release notes for v1.6.8 - \[release/1.6] release workflow: increase timeout to 30 minutes & remove Go setup action ([#​7261](https://togithub.com/containerd/containerd/pull/7261)) - [`390920429`](https://togithub.com/containerd/containerd/commit/390920429580f4d36361ea7f395d062c31e3b49a) release workflow: remove Go setup action - [`cf48ba6e8`](https://togithub.com/containerd/containerd/commit/cf48ba6e8b4be7036bde1e1963594436e8d1cc0c) release workflow: increase timeout to 30 minutes - \[release/1.6] release: rollback Ubuntu to 18.04 (except for riscv64) ([#​7260](https://togithub.com/containerd/containerd/pull/7260)) - [`57873e652`](https://togithub.com/containerd/containerd/commit/57873e652f495d1644a7cc99498cb9d60fce2a9e) release: rollback Ubuntu to 18.04 (except for riscv64)

##### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.7](https://togithub.com/containerd/containerd/releases/tag/v1.6.7) ### [`v1.6.7`](https://togithub.com/containerd/containerd/releases/tag/v1.6.7): containerd 1.6.7 [Compare Source](https://togithub.com/containerd/containerd/compare/v1.6.6...v1.6.7) Welcome to the v1.6.7 release of containerd! The seventh patch release for containerd 1.6 contains various fixes, includes a new version of runc and adds support for ppc64le and riscv64 (requires unreleased runc 1.2) builds. ##### Notable Updates - **Update runc to v1.1.3** ([#​7036](https://togithub.com/containerd/containerd/pull/7036)) - **Seccomp: Allow clock_settime64 with CAP_SYS_TIME** ([#​7172](https://togithub.com/containerd/containerd/pull/7172)) - **Fix WWW-Authenticate parsing** ([#​7131](https://togithub.com/containerd/containerd/pull/7131)) - **Support RISC-V 64 and ppc64le builds** ([#​7170](https://togithub.com/containerd/containerd/pull/7170)) - **Windows: Update hcsshim to v0.9.4 to fix regression with HostProcess stats** ([#​7200](https://togithub.com/containerd/containerd/pull/7200)) - **Windows: Fix shim logs going to panic.log file** ([#​7242](https://togithub.com/containerd/containerd/pull/7242)) - **Allow ptrace(2) by default for kernels >= 4.8** ([#​7171](https://togithub.com/containerd/containerd/pull/7171)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ##### Contributors - Phil Estes - Daniel Canter - Derek McGowan - Akihiro Suda - Kazuyoshi Kato - Mike Brown - Sebastiaan van Stijn - Wei Fu - Baoshuo - Gabriel Adrian Samfira - Henry Wang - Iceber Gu - Marvin Giessing ##### Changes
40 commits

- \[release/1.6] Update release build timeout ([#​7250](https://togithub.com/containerd/containerd/pull/7250)) - [`eccb82f6d`](https://togithub.com/containerd/containerd/commit/eccb82f6d6211ac7958abb10b2105e8d7d3fb80f) Update release build timeout to 20 minutes - Prepare releases notes for 1.6.7 ([#​7225](https://togithub.com/containerd/containerd/pull/7225)) - [`6a854d4b5`](https://togithub.com/containerd/containerd/commit/6a854d4b59761698134a89080fe005243af4c0ec) Update mailmap - [`61612e1a2`](https://togithub.com/containerd/containerd/commit/61612e1a2cd63feea45b533ca29524018edbc320) Prepare release notes for 1.6.7 - \[release/1.6] Update golang to 1.17.13 ([#​7244](https://togithub.com/containerd/containerd/pull/7244)) - [`d199ee462`](https://togithub.com/containerd/containerd/commit/d199ee462b8a592277ed910d655b5c9b16295f66) Update golang to 1.17.13 - \[release/1.6] Backport: Change os.Stderr reassign for Windows service ([#​7242](https://togithub.com/containerd/containerd/pull/7242)) - [`0578d20c5`](https://togithub.com/containerd/containerd/commit/0578d20c5db1fd84db42ed35e6e4ee637976b895) Change os.Stderr reassign for Windows service - \[release/1.6] Backport: bump macos runner version ([#​7230](https://togithub.com/containerd/containerd/pull/7230)) - [`12cae4961`](https://togithub.com/containerd/containerd/commit/12cae49615eedcc678d80e1f90e31d1a1315fdcc) Update Vagrant CI to macos-12 - [`bc4091aae`](https://togithub.com/containerd/containerd/commit/bc4091aaebb1e7419f8ff82135fbc1efc0d7ecd6) chore: bump macos runner version - \[release/1.6] Backport Windows HostProcess test improvements ([#​7227](https://togithub.com/containerd/containerd/pull/7227)) - [`cb73bd050`](https://togithub.com/containerd/containerd/commit/cb73bd0501dd7bdeb7fac66776df49e41eeaba6e) Windows HostProcess container CRI stats test - [`ac388525a`](https://togithub.com/containerd/containerd/commit/ac388525aeb2826607d80dff2280cc6ce7faac5a) Add validations for Windows HostProcess CRI configs - \[release/1.6] go.mod: Bump hcsshim to v0.9.4 ([#​7200](https://togithub.com/containerd/containerd/pull/7200)) - [`0007f40fe`](https://togithub.com/containerd/containerd/commit/0007f40fe21a89527961e743af259df312a14823) \[release/1.6] go.mod: Bump hcsshim to v0.9.4 - \[release/1.6] Update Fedora version to 36 ([#​7217](https://togithub.com/containerd/containerd/pull/7217)) - [`c9607e78c`](https://togithub.com/containerd/containerd/commit/c9607e78c98315b2dab55b8d4c73b7b84e146f52) Update Fedora version to 36 - \[release/1.6] Support RISC-V 64 ([#​7170](https://togithub.com/containerd/containerd/pull/7170)) - [`2952b66c0`](https://togithub.com/containerd/containerd/commit/2952b66c0110e634c10925cce4093c5417d09ad6) CI: add riscv64 builds - [`6b2dc9a37`](https://togithub.com/containerd/containerd/commit/6b2dc9a37ae27e4e4785dc07ae464cbc921d00ad) release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64 - [`745dc07c4`](https://togithub.com/containerd/containerd/commit/745dc07c45487217c1cf7bf62987a7bfe0e1f6f9) seccomp: support riscv64 - [`c2f841f21`](https://togithub.com/containerd/containerd/commit/c2f841f218a823ad24127f74e25ae6e90ceea887) Create ppc64le release - \[release/1.6] allow ptrace(2) by default for kernel >= 4.8 ([#​7171](https://togithub.com/containerd/containerd/pull/7171)) - [`f3da3e51f`](https://togithub.com/containerd/containerd/commit/f3da3e51f5f1b3b6b50586c9962b112b26aba672) allow ptrace(2) by default for kernel >= 4.8 - \[release/1.6] seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#​7172](https://togithub.com/containerd/containerd/pull/7172)) - [`86b55bd8d`](https://togithub.com/containerd/containerd/commit/86b55bd8dbb90b84d2b46d8726e3a993f2a75ed4) seccomp: allow clock_settime64 when CAP_SYS_TIME is added - \[release/1.6] update golang to 1.17.12 ([#​7160](https://togithub.com/containerd/containerd/pull/7160)) - [`aa1101068`](https://togithub.com/containerd/containerd/commit/aa110106835c55217c5f10ff23e927bf8b50f307) \[release/1.6] update golang to 1.17.12 - \[release/1.6] Fix WWW-Authenticate parsing ([#​7131](https://togithub.com/containerd/containerd/pull/7131)) - [`37dfc5c9d`](https://togithub.com/containerd/containerd/commit/37dfc5c9db66afcfa47b6f40b7797763ac3fde76) \[release/1.6] Fix WWW-Authenticate parsing - \[release/1.6] Downgrade MinGW to version 10.2.0 ([#​7133](https://togithub.com/containerd/containerd/pull/7133)) - [`fa2016d58`](https://togithub.com/containerd/containerd/commit/fa2016d58ada2438d0af51a522b528dc228cb4ba) \[release/1.6] Downgrade MinGW to version 10.2.0 - \[release/1.6] ctr: fix label args used in NewContainer ([#​7051](https://togithub.com/containerd/containerd/pull/7051)) - [`99c56d217`](https://togithub.com/containerd/containerd/commit/99c56d2175bc02f0fc4db58014b9b483021051a0) ctr: fix label args used in NewContainer - \[release/1.6] Make building static binaries simpler ([#​7045](https://togithub.com/containerd/containerd/pull/7045)) - [`51de785f8`](https://togithub.com/containerd/containerd/commit/51de785f85cb23bc31ea9f85938cc043ded7fdf1) \[release/1.6] Make building static binaries simpler - \[release/1.6] update runc binary to v1.1.3 ([#​7036](https://togithub.com/containerd/containerd/pull/7036)) - [`2ea4e6348`](https://togithub.com/containerd/containerd/commit/2ea4e63483e7799f2fd971cf06d7d0472e9e47d0) update runc binary to v1.1.3

##### Dependency Changes - **github.com/Microsoft/hcsshim** v0.9.3 -> v0.9.4 Previous release can be found at [v1.6.6](https://togithub.com/containerd/containerd/releases/tag/v1.6.6)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.