containerd 1.1.6 Welcome to the v1.1.6 release of containerd! This is the sixth patch release for the `containerd` 1.1 release. This release specifically re-vendors `runc` to capture the fix for the critical CVE-2019-5736 container escape. Several CRI fixes were also included in this release and are listed below. ## Runtime * Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d to fix CVE-2019-5736 ## CRI * containerd/cri#984 filter events for non k8s.io namespaces (resolves https://github.com/firecracker-microvm/firecracker-containerd/issues/35) * containerd/cri#991 Remove container lifecycle image dependency (fixes containerd/cri#990) * containerd/cri#1016 Specify platform for image pull (fixes containerd/cri#1015) * containerd/cri#1027 Fix the log ending newline handling (fixes containerd/cri#1026) * containerd/cri#1042 Set /etc/hostname (fixes containerd/cri#1041) * containerd/cri#1045 Fix env performance issue (fixes containerd/cri#1044) * Update cri to f0b5665a959119b6a6234001e6d55206d9200e95 Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Lantao Liu * Phil Estes * Michael Crosby * Sebastiaan van Stijn * Akihiro Suda * Derek McGowan * Lifubang * Mike Brown * Wei Fu * Ace-Tang * Mike Brown ### Changes * [`0ad902c05b`](https://github.com/containerd/containerd/commit/0ad902c05b13590a0393c89b1276b5d46d507312) Merge pull request [#3003](https://github.com/containerd/containerd/pull/3003) from estesp/prepare-v1.1.6-release * [`ed854e3ca1`](https://github.com/containerd/containerd/commit/ed854e3ca171ec0a927769c2a1c1b78d9516a410) Prepare v1.1.6 release * [`a79c691e0f`](https://github.com/containerd/containerd/commit/a79c691e0f2ec2b58e0a645703ed8f047afa0905) Merge pull request [#3015](https://github.com/containerd/containerd/pull/3015) from thaJeztah/1.1_bump_cri * [`38bf6c598a`](https://github.com/containerd/containerd/commit/38bf6c598ad1f13b37cf5605d5ae2677c2160677) [release/1.1] update containerd/cri to f0b5665a959119b6a6234001e6d55206d9200e95 * [`878924b9b5`](https://github.com/containerd/containerd/commit/878924b9b5b2d5fc22a3bdbe93ac736f31618f44) Merge pull request [#2999](https://github.com/containerd/containerd/pull/2999) from thaJeztah/1.1_backport_bump_runc_cve_2019-5736 * [`3177b4b96e`](https://github.com/containerd/containerd/commit/3177b4b96eedebc6d2e9a1eb6dda5624e4aee733) Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736) * [`80c3f1a3e4`](https://github.com/containerd/containerd/commit/80c3f1a3e42063d8bcd735eecc19d51a759d15cb) Merge pull request [#2966](https://github.com/containerd/containerd/pull/2966) from fuweid/remove-noop-1-1 * [`3e6d7f678d`](https://github.com/containerd/containerd/commit/3e6d7f678dd2e8b496014e5541ab912c97b32481) metadata/gc: remove the noop-loop for snapshot reference * [`813e5f6765`](https://github.com/containerd/containerd/commit/813e5f67655ea3bcf64784dbfde007b8d0084793) Merge pull request [#2954](https://github.com/containerd/containerd/pull/2954) from thaJeztah/1.1_backport_fix_xattr * [`b48afb426e`](https://github.com/containerd/containerd/commit/b48afb426e4c9acecf5abc0d2c62f2ee8fa975b8) fix: SCHILY.xattrs should be SCHILY.xattr * [`9979a1a936`](https://github.com/containerd/containerd/commit/9979a1a9362ec63977e3ebd8b914403395cbd960) Merge pull request [#2951](https://github.com/containerd/containerd/pull/2951) from crosbymichael/lint-relase11 * [`ff8a80e4c1`](https://github.com/containerd/containerd/commit/ff8a80e4c18299f533a2dae92906db6d302b5600) [release/1.1] fix: linter issue * [`6b15143e8d`](https://github.com/containerd/containerd/commit/6b15143e8d0ccadf847d12e4244cd8e92f12d286) Merge pull request [#2933](https://github.com/containerd/containerd/pull/2933) from AkihiroSuda/runc20190115-1.1 * [`acd495de00`](https://github.com/containerd/containerd/commit/acd495de0085179fa6712863bb9da5f29885e5e3) bump up runc * [`b55cf2cc05`](https://github.com/containerd/containerd/commit/b55cf2cc05db3e6683b4fd8c9cc5c2d126e090f1) Merge pull request [#2892](https://github.com/containerd/containerd/pull/2892) from thaJeztah/1.1_revert_temp_golang_fix * [`0e93a1e41f`](https://github.com/containerd/containerd/commit/0e93a1e41fbb89c2bb6dca64629471ec375772db) Revert "Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)" * [`02e398d93e`](https://github.com/containerd/containerd/commit/02e398d93e184989efa1781b3bd2df80cedce700) Merge pull request [#2880](https://github.com/containerd/containerd/pull/2880) from thaJeztah/1.1_backport_fix_ci_golang_1.11 * [`66a3eeb5b7`](https://github.com/containerd/containerd/commit/66a3eeb5b78ef409b7520dae64e17bc3aceb1ebc) Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround) * [`3c89a5e3f1`](https://github.com/containerd/containerd/commit/3c89a5e3f10b6f404353c0bd87aa261c7a11e1ce) Merge pull request [#2833](https://github.com/containerd/containerd/pull/2833) from acmcodercom/pidreuseattack * [`0bb672dc2b`](https://github.com/containerd/containerd/commit/0bb672dc2b4347798d9119deb29efb3005d63253) Merge pull request [#2864](https://github.com/containerd/containerd/pull/2864) from thaJeztah/1.1_backport_runc-kill-paused * [`a1bfd3a2ed`](https://github.com/containerd/containerd/commit/a1bfd3a2ed1d5c40158a90572fc6e3966dc0dff2) Update runc to 96ec2177ae841256168fcf76954f7177af * [`dbf186d970`](https://github.com/containerd/containerd/commit/dbf186d970d329467f458fa5d44bb10324e066b3) Merge pull request [#2848](https://github.com/containerd/containerd/pull/2848) from thaJeztah/1.1_backport_mask_asound * [`3d313382ca`](https://github.com/containerd/containerd/commit/3d313382ca535e5f9a586fd184bdb3cc44a907ce) Add /proc/asound to masked paths * [`6bb83f2195`](https://github.com/containerd/containerd/commit/6bb83f21952db7bae88f41b04903f2d12bb6102d) Merge pull request [#2834](https://github.com/containerd/containerd/pull/2834) from acmcodercom/execrace * [`190c910435`](https://github.com/containerd/containerd/commit/190c910435299eecf915d06586b8d4e1412de95a) fix pid reuse attack when kill a exec process * [`33c860f31d`](https://github.com/containerd/containerd/commit/33c860f31d1346a95f65a54083523060a35085fd) fix race in exec delete and start ### Changes from containerd/cri * [`f0b5665a`](https://github.com/containerd/cri/commit/f0b5665a959119b6a6234001e6d55206d9200e95) Merge pull request [#1048](https://github.com/containerd/cri/pull/1048) from Random-Liu/cherrypick-#1045-release-1.0 * [`5edec1d8`](https://github.com/containerd/cri/commit/5edec1d8a6efe5e996b8153ff4a7cdba349a8ec9) Include default envs from containerd. * [`03cd5a31`](https://github.com/containerd/cri/commit/03cd5a31e2bbdae56fa6188e35ac511f598ff456) Add env cache. * [`eedb9f81`](https://github.com/containerd/cri/commit/eedb9f81cc50f49f53f0359edcb21675775fada1) Merge pull request [#1047](https://github.com/containerd/cri/pull/1047) from Random-Liu/cherrypick-#1042-release-1.0 * [`b33f16e1`](https://github.com/containerd/cri/commit/b33f16e12ce6ebfd1368697213bd9b02f5fbbbfe) Don't log config at info level. * [`3c7c404d`](https://github.com/containerd/cri/commit/3c7c404d7cf3dae79ec59a73c2b5eec04124e2c7) Set /etc/hostname. * [`71909a1a`](https://github.com/containerd/cri/commit/71909a1a18a2bfc4caa29aeff755b423c417d767) Merge pull request [#1031](https://github.com/containerd/cri/pull/1031) from Random-Liu/cherrypick-#1027-release-1.0 * [`dd55db0a`](https://github.com/containerd/cri/commit/dd55db0ab0d020e7ee2596ff4624c91a0d2fe78e) Add integration test. * [`b9cb0b21`](https://github.com/containerd/cri/commit/b9cb0b217e0f3e919f17de76afb62d3d40ee2ba4) Fix lint error. * [`0e24a83a`](https://github.com/containerd/cri/commit/0e24a83ad4d4125d3afc0226f934b9625e28cec3) Fix the log ending newline handling. * [`562eefa9`](https://github.com/containerd/cri/commit/562eefa97463a40f26c1806d66fe51e1f9efd8ca) Merge pull request [#1016](https://github.com/containerd/cri/pull/1016) from Random-Liu/specify-platform-release-1.0 * [`3a10f4e6`](https://github.com/containerd/cri/commit/3a10f4e6fc56219b06a7f9c75629c4f82ff82a60) Specify platform for image pull. * [`12b411e8`](https://github.com/containerd/cri/commit/12b411e805cb9a5ceac9ed12261561be7cca9249) Merge pull request [#1008](https://github.com/containerd/cri/pull/1008) from Random-Liu/revert-#998-release-1.0 * [`1347be5a`](https://github.com/containerd/cri/commit/1347be5a127ad5f14ab3b7bd87ae19ba5b26b353) Revert "Temporary fix for golang regression #29241." * [`685bd043`](https://github.com/containerd/cri/commit/685bd043f5497d965765617ee7e060d549d99e83) Merge pull request [#1006](https://github.com/containerd/cri/pull/1006) from Random-Liu/cherrypick-#1004-release-1.0 * [`9d3f7085`](https://github.com/containerd/cri/commit/9d3f70851d95fc884a64d7e78d2a461cda2529e7) Install libseccomp2 package based on debian version. * [`5766ef2d`](https://github.com/containerd/cri/commit/5766ef2dfc8c7daef66e3c53f3dbe6b379ab70db) Merge pull request [#995](https://github.com/containerd/cri/pull/995) from Random-Liu/cherrypick-#991-release-1.0 * [`a8b85255`](https://github.com/containerd/cri/commit/a8b8525574f23d6c3dac47e7a3340114556fcc42) Merge pull request [#998](https://github.com/containerd/cri/pull/998) from Random-Liu/cherrypick-#997-release-1.0 * [`2b2ca4c4`](https://github.com/containerd/cri/commit/2b2ca4c472915caf3919d64ce34d5db315de9406) Temporary fix for golang regression #29241. * [`0ac83633`](https://github.com/containerd/cri/commit/0ac8363365ee9c811c5dee4060849823ed1bd30f) Add integration test. * [`5e759f5c`](https://github.com/containerd/cri/commit/5e759f5c71d4d89f94efd393d23184bd4f828b50) Remove container lifecycle image ref dependency. * [`89aaac88`](https://github.com/containerd/cri/commit/89aaac88fa23e5e1bbe73b790996c5aee7c63a3f) Merge pull request [#988](https://github.com/containerd/cri/pull/988) from mikebrow/cherrypick-#984-release-1.0 * [`2f5d677a`](https://github.com/containerd/cri/commit/2f5d677aabb526fd628c30678e9e2f2391a04a1b) filter namespace ### Dependency Changes Previous release can be found at [v1.1.5](https://github.com/containerd/containerd/releases/tag/v1.1.5) * **github.com/containerd/cri** bad0ae1102e1bf9e53876f75eacc42bc97cfb557 -> f0b5665a959119b6a6234001e6d55206d9200e95 * **github.com/opencontainers/runc** 10d38b660a77168360df3522881e2dc2be5056bd -> 6635b4f0c6af3810594d2770f662f34ddc15b40d * **golang.org/x/sys** 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 -> 41f3e6584952bb034a481797859f6ab34b6803bd