From 471585dcd5ff0f684d6cfe4470a226095277ea48 Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Fri, 4 Mar 2022 00:51:16 +0200
Subject: [PATCH] [containerd]: upgrade versions to fix CVE-2022-23648 (#8597)
* [containerd] add hashes for 1.6.1
* [contained] make 1.6.1 the default
* [containerd] add hashes for 1.5.10
* [containerd] add hashes for 1.4.13
* [nerdct] bump to 0.17.1
---
README.md | 2 +-
roles/download/defaults/main.yml | 24 ++++++++++++++++++------
2 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/README.md b/README.md
index 4b708a244..76daea7cb 100644
--- a/README.md
+++ b/README.md
@@ -134,7 +134,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.4
- [etcd](https://github.com/etcd-io/etcd) v3.5.1
- [docker](https://www.docker.com/) v20.10 (see note)
- - [containerd](https://containerd.io/) v1.6.0
+ - [containerd](https://containerd.io/) v1.6.1
- [cri-o](http://cri-o.io/) v1.22 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
- Network Plugin
- [cni-plugins](https://github.com/containernetworking/plugins) v1.0.1
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 821e456cb..d98392164 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -74,7 +74,7 @@ runc_version: v1.1.0
kata_containers_version: 2.2.3
youki_version: 0.0.1
gvisor_version: 20210921
-containerd_version: 1.6.0
+containerd_version: 1.6.1
# this is relevant when container_manager == 'docker'
docker_containerd_version: 1.4.12
@@ -112,7 +112,7 @@ kube_ovn_version: "v1.8.1"
kube_router_version: "v1.4.0"
multus_version: "v3.8"
helm_version: "v3.8.0"
-nerdctl_version: "0.17.0"
+nerdctl_version: "0.17.1"
krew_version: "v0.4.2"
# Get kubernetes major version (i.e. 1.17.4 => 1.17)
@@ -668,51 +668,63 @@ gvisor_containerd_shim_binary_checksums:
nerdctl_archive_checksums:
arm:
- 0.17.0: 6fc702457e2013cc66b90300b19f860908b6ed124a24c0c5eb2c3ade47d4d9bf
+ 0.17.1: 0fa2da009be79e6d45e34e4c53da194f9c69bb59f3d12c21df80d4ace8461af1
arm64:
- 0.17.0: cddd33f915c617e7ed32f79bc5a18eb2821cddf4de082e3e47764871abe21f90
+ 0.17.1: 8828b59c95398556d11be4684929fc975c25cb794c31d41d57baf489efb2ad2d
amd64:
- 0.17.0: 4c08a6ce657ff851dd7a7b1d21c64f1c1950e35de03fa7f1853eab47fa2b2d53
+ 0.17.1: 6d18d3eaa74cd2f8e36e51f551282355d0bb1dd962ecd2d1dfecee161d0bd39a
ppc64le:
- 0.17.0: b9113bb537861ecd400e12649045c4587c3bd229ac6ccf36af69c79da5563840
+ 0.17.1: e34ba71e37855211bbd7d563a2c89d4686f553d1100e59401d95493614b278a7
containerd_archive_checksums:
arm:
1.4.9: 0
1.4.11: 0
1.4.12: 0
+ 1.4.13: 0
1.5.5: 0
1.5.7: 0
1.5.8: 0
1.5.9: 0
+ 1.5.10: 0
1.6.0: 0
+ 1.6.1: 0
arm64:
1.4.9: 0
1.4.11: 0
1.4.12: 0
+ 1.4.13: 0
1.5.5: 0
1.5.7: 0
1.5.8: 0
1.5.9: 0
+ 1.5.10: 0
1.6.0: 6eff3e16d44c89e1e8480a9ca078f79bab82af602818455cc162be344f64686a
+ 1.6.1: fbeec71f2d37e0e4ceaaac2bdf081295add940a7a5c7a6bcc125e5bbae067791
amd64:
1.4.9: 346f88ad5b973960ff81b5539d4177af5941ec2e4703b479ca9a6081ff1d023b
1.4.11: 80c47ec5ce2cd91a15204b5f5b534892ca653e75f3fba0c451ca326bca45fb00
1.4.12: 26bb35ee8a2467029ca450352112ba3a0d2b8bf6b70bf040f62d91f3c501736c
+ 1.4.13: bc8b3e6abe99143788de5afaaf896cb7f229733f1ebd980eec48e71cc21c0a6a
1.5.5: 8efc527ffb772a82021800f0151374a3113ed2439922497ff08f2596a70f10f1
1.5.7: 109fc95b86382065ea668005c376360ddcd8c4ec413e7abe220ae9f461e0e173
1.5.8: feeda3f563edf0294e33b6c4b89bd7dbe0ee182ca61a2f9b8c3de2766bcbc99b
1.5.9: a457793a1643657588baf46d3ffbf44fae0139b65076064e237ddf29cd838ba4
+ 1.5.10: 44f809e02233a510bb9d136906849e9ed058aa1d3d714244376001ab77464db7
1.6.0: f77725e4f757523bf1472ec3b9e02b09303a5d99529173be0f11a6d39f5676e9
+ 1.6.1: c1df0a12af2be019ca2d6c157f94e8ce7430484ab29948c9805882df40ec458b
ppc64le:
1.4.9: 0
1.4.11: 0
1.4.12: 0
+ 1.4.13: 0
1.5.5: 0
1.5.7: 0
1.5.8: 0
1.5.9: 0
+ 1.5.10: 0
1.6.0: 0
+ 1.6.1: 0
etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}"
flannel_cni_binary_checksum: "{{ flannel_cni_binary_checksums[image_arch][flannel_cni_version] }}"
--
GitLab