Bump to opencontainers/runc new version - v1.0.0-rc10#3973
Bump to opencontainers/runc new version - v1.0.0-rc10#3973estesp merged 1 commit intocontainerd:masterfrom
Conversation
|
Doesn't https://github.com/containerd/containerd/tree/master/vendor/github.com/opencontainers/runc actually have to be updated? |
|
Build succeeded.
|
|
e.g. with |
There was a problem hiding this comment.
This change needs to be committed to https://github.com/containerd/cri and then revendored into this repo
|
Perhaps the commit message should contain some details about the changes, as this update of runc includes opencontainers/runc#2207, which fixes: CVE-2019-19921 (as reported in opencontainers/runc#2197) Given; that fix is in the binary not in the vendored code, but the version in vendor.conf is currently used as the source of truth for what version or runc should be installed/used/packaged. Are there other notable changes? This is the full diff upstream; opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 |
|
@liggitt @AkihiroSuda the CRI PR is here - containerd/cri#1383. looks like we have another problem with containerd/containerd <-> containerd/cri <-> k8s.io loop because of how we do staging for cri-api in kubernetes/kubernetes |
1746787 to
b6b670b
Compare
|
Build succeeded.
|
|
@dims I see you updated the PR description but the actual commit message is empty; could you update the commit message itself (so that it's included in git's history), and also mention the CVE? |
4251dec to
58529a3
Compare
We have a new release of runc ( opencontainers/runc#2217 ). This release has a fix for a race condition we are struggling with in kubernetes (especially CI jobs) which was fixed in opencontainers/runc#2185 The v1.0.0-rc10 includes the fix for CVE-2019-19921 as well. The full diff upstream is here: opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10 Signed-off-by: Davanum Srinivas <davanum@gmail.com>
58529a3 to
923c05b
Compare
|
@thaJeztah yep Done! |
|
@thaJeztah @mikebrow looks like i may have to update the SHA for |
|
Build succeeded.
|
|
@dims yes, that makes sense (although it will already pick up the current version that's vendored as part of this PR, so it's ok to do in a follow up) If you decide to do it as part of this PR, please do that update as a separate commit (so that it's easier to backport the changes individually to the release branches, which need to vendor a different branch of containerd/cri) |
|
@thaJeztah will do it in a follow up. |
|
@thaJeztah @mikebrow this is ready too! |
yes can add another commit to pull in whatever updates are needed to merge the vendor conf to master pick up cri dependencies, for example pick up the selinux update as well .. or merging the latest containerd/cri can be done via a different PR. @dmcgowan and @Random-Liu usually do the containerd/cri -> containerd/containerd updates |
|
Ack @mikebrow, Also once this is manually merged, i'll open a cherry pick to |
|
yes at least 1.3 probably also 1.2 |
|
@mikebrow i've logged the backport cherry picks |
We have a new release of runc ( opencontainers/runc#2217 ). This release
has a fix for a race condition we are struggling with in kubernetes
(especially CI jobs) which was fixed in opencontainers/runc#2185
The v1.0.0-rc10 includes the fix for CVE-2019-16884 as well. The full
diff upstream is here:
opencontainers/runc@v1.0.0-rc9...v1.0.0-rc10
Signed-off-by: Davanum Srinivas <davanum@gmail.com>