From 2e7fa14db7f4448751280520fef2c628ed07b0eb Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 30 Jan 2024 22:48:01 -0800 Subject: [PATCH 1/2] Update runc binary to v1.1.12 Update the runc binary, which includes a fix for [CVE-2024-21626]. - release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12 - full diff: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12 [CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv Signed-off-by: Derek McGowan (cherry picked from commit 82fb589ffb495f857f61bcd5975728f78f755fca) Signed-off-by: Derek McGowan --- script/setup/runc-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/setup/runc-version b/script/setup/runc-version index 183679ecba04..19f5e1b57edb 100644 --- a/script/setup/runc-version +++ b/script/setup/runc-version @@ -1 +1 @@ -v1.1.11 +v1.1.12 From b97e611b9b931225f2385d5fcc31873577464edd Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 30 Jan 2024 22:29:50 -0800 Subject: [PATCH 2/2] Prepare release notes for v1.7.13 Signed-off-by: Derek McGowan --- releases/v1.7.13.toml | 33 +++++++++++++++++++++++++++++++++ version/version.go | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 releases/v1.7.13.toml diff --git a/releases/v1.7.13.toml b/releases/v1.7.13.toml new file mode 100644 index 000000000000..5d573ad240cd --- /dev/null +++ b/releases/v1.7.13.toml @@ -0,0 +1,33 @@ +# commit to be tagged for new release +commit = "HEAD" + +# project_name is used to refer to the project in the notes +project_name = "containerd" + +# github_repo is the github project, only github is currently supported +github_repo = "containerd/containerd" + +# match_deps is a pattern to determine which dependencies should be included +# as part of this release. The changelog will also include changes for these +# dependencies based on the change in the dependency's version. +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release of this project for determining changes +previous = "v1.7.12" + +# pre_release is whether to include a disclaimer about being a pre-release +pre_release = false + +# preface is the description of the release which precedes the author list +# and changelog. This description could include highlights as well as any +# description of changes. Use markdown formatting. +preface = """\ +The thirteenth patch release for containerd 1.7 updates the runc binary +in the release builds to address CVE-2024-21626 + +### Notable Updates + +* **Update runc binary to v1.1.12** ([GHSA-xr7r-f8xq-vfvv](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv)) +* **Update seccomp profile for new syscalls added since Linux 5.16** ([#9693](https://github.com/containerd/containerd/pull/9693)) + +See the changelog for complete list of changes""" diff --git a/version/version.go b/version/version.go index c01bc57e87e3..225ddc389d84 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.7.12+unknown" + Version = "1.7.13+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.