From 34fec09ff1f9da7157b8f7d8ad5c918bfc8ea577 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Mon, 4 Apr 2022 15:30:11 +0300
Subject: [PATCH] [containerd] upgrade versions to address CVE-2022-24769
 (#8671)

* [containerd] add hashes for 1.5.11

* [containerd] add hashes for 1.6.2

* [containerd] make 1.6.2 the new default
---
 README.md                        |  2 +-
 roles/download/defaults/main.yml | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c5c26b1bd..35ebc248b 100644
--- a/README.md
+++ b/README.md
@@ -134,7 +134,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.5
   - [etcd](https://github.com/etcd-io/etcd) v3.5.1
   - [docker](https://www.docker.com/) v20.10 (see note)
-  - [containerd](https://containerd.io/) v1.6.1
+  - [containerd](https://containerd.io/) v1.6.2
   - [cri-o](http://cri-o.io/) v1.22 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v1.0.1
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index b1484fd5f..99d097730 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -74,7 +74,7 @@ runc_version: v1.1.1
 kata_containers_version: 2.2.3
 youki_version: 0.0.1
 gvisor_version: 20210921
-containerd_version: 1.6.1
+containerd_version: 1.6.2
 cri_dockerd_version: v0.2.0
 
 # this is relevant when container_manager == 'docker'
@@ -743,8 +743,10 @@ containerd_archive_checksums:
     1.5.8: 0
     1.5.9: 0
     1.5.10: 0
+    1.5.11: 0
     1.6.0: 0
     1.6.1: 0
+    1.6.2: 0
   arm64:
     1.4.9: 0
     1.4.11: 0
@@ -755,8 +757,10 @@ containerd_archive_checksums:
     1.5.8: 0
     1.5.9: 0
     1.5.10: 0
+    1.5.11: 0
     1.6.0: 6eff3e16d44c89e1e8480a9ca078f79bab82af602818455cc162be344f64686a
     1.6.1: fbeec71f2d37e0e4ceaaac2bdf081295add940a7a5c7a6bcc125e5bbae067791
+    1.6.2: a4b24b3c38a67852daa80f03ec2bc94e31a0f4393477cd7dc1c1a7c2d3eb2a95
   amd64:
     1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b
     1.4.11: 80c47ec5ce2cd91a15204b5f5b534892ca653e75f3fba0c451ca326bca45fb00
@@ -767,8 +771,10 @@ containerd_archive_checksums:
     1.5.8: feeda3f563edf0294e33b6c4b89bd7dbe0ee182ca61a2f9b8c3de2766bcbc99b
     1.5.9: a457793a1643657588baf46d3ffbf44fae0139b65076064e237ddf29cd838ba4
     1.5.10: 44f809e02233a510bb9d136906849e9ed058aa1d3d714244376001ab77464db7
+    1.5.11: f2a2476ca44a24067488cd6d0b064b2128e01f6f53e5f29c5acfaf1520927ee2
     1.6.0: f77725e4f757523bf1472ec3b9e02b09303a5d99529173be0f11a6d39f5676e9
     1.6.1: c1df0a12af2be019ca2d6c157f94e8ce7430484ab29948c9805882df40ec458b
+    1.6.2: 3d94f887de5f284b0d6ee61fa17ba413a7d60b4bb27d756a402b713a53685c6a
   ppc64le:
     1.4.9: 0
     1.4.11: 0
@@ -779,8 +785,10 @@ containerd_archive_checksums:
     1.5.8: 0
     1.5.9: 0
     1.5.10: 0
+    1.5.11: 0
     1.6.0: 0
     1.6.1: 0
+    1.6.2: 0
 
 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}"
 flannel_cni_binary_checksum: "{{ flannel_cni_binary_checksums[image_arch][flannel_cni_version] }}"
-- 
GitLab