containerd (1.4.13~ds1-1~deb11u2) bullseye-security; urgency=high * CVE-2022-31030: CRI plugin: Host memory exhaustion through ExecSync * CVE-2022-24769: Default inheritable capabilities for linux container should be empty -- Shengjing Zhu Tue, 07 Jun 2022 03:07:20 +0800 containerd (1.4.13~ds1-1~deb11u1) bullseye-security; urgency=high * New upstream version 1.4.13~ds1 CVE-2022-23648: CRI plugin: insecure handling of image volumes. -- Shengjing Zhu Thu, 03 Mar 2022 02:21:10 +0800 containerd (1.4.12~ds1-1~deb11u1) bullseye; urgency=medium * New upstream version 1.4.12~ds1 + 1.4.12 * Mitigate CVE-2021-41190: Handle ambiguous OCI manifest parsing * Update pull to try next mirror for non-404 errors * Update pull to handle of non-https urls in descriptors + 1.4.11 * CVE-2021-41103: Fix insufficiently restricted permissions on container root and plugin directories + 1.4.10 * Support "clone3" in default seccomp profile * Fix panic in metadata content writer on copy error + 1.4.9 * Update pull authorization logic on redirect * Fix user agent used for fetching registry authentication tokens + 1.4.8 * CVE-2021-32760: Archive package allows chmod of file outside of unpack target directory + 1.4.7 * Fix invalid validation error checking * Fix error on image pull resume * Refresh patches + Drop CVE-2021-32760 patch + Drop CVE-2021-41103 patch + Refresh 0005-backport-github.com-containerd-containerd-remotes.patch with latest 1.5 release branch * Backport RPi1/RPi0 workaround (Closes: #998909) -- Shengjing Zhu Tue, 23 Nov 2021 18:42:16 +0800 containerd (1.4.5~ds1-2+deb11u1) bullseye-security; urgency=high * CVE-2021-41103: Insufficiently restricted permissions on container root and plugin directories -- Shengjing Zhu Tue, 05 Oct 2021 18:45:47 +0800 containerd (1.4.5~ds1-2) unstable; urgency=medium * Backport patches for CVE-2021-32760 -- Shengjing Zhu Tue, 20 Jul 2021 02:36:10 +0800 containerd (1.4.5~ds1-1) unstable; urgency=medium * New upstream patch version v1.4.5 * Drop patch applied in new version: - 0008-backport-overlay-support-userxattr-kernel-5.11.patch -- Shengjing Zhu Wed, 12 May 2021 13:17:38 +0800 containerd (1.4.4~ds1-2) unstable; urgency=medium * Backport apparmor signal handle patch https://github.com/containerd/containerd/pull/4467 * Backport patch to ignore false positive file-already-closed message https://github.com/containerd/containerd/pull/5174 * Backport overlayfs userxattr support for kernel 5.11 https://github.com/containerd/containerd/pull/5076 -- Shengjing Zhu Sun, 14 Mar 2021 02:02:27 +0800 containerd (1.4.4~ds1-1) unstable; urgency=medium * New upstream version 1.4.4~ds1 Fix CVE-2021-21334: CRI plugin: environment variables can leak between containers -- Shengjing Zhu Fri, 05 Mar 2021 16:37:29 +0800 containerd (1.4.3~ds1-2) unstable; urgency=medium * No longer need to mention docker-containerd in package description * Run integration test in autopkgtest -- Shengjing Zhu Mon, 08 Feb 2021 01:40:14 +0800 containerd (1.4.3~ds1-1) unstable; urgency=medium * New upstream version 1.4.3~ds1 Fix CVE-2020-15257 -- Shengjing Zhu Tue, 01 Dec 2020 10:13:21 +0800 containerd (1.4.2~ds1-3) experimental; urgency=medium * Enable CRI when build with gccgo -- Shengjing Zhu Sun, 29 Nov 2020 17:04:46 +0800 containerd (1.4.2~ds1-2) experimental; urgency=medium * Backport github.com/containerd/containerd/remotes package. Update to f601887a3cafeef462d72add63693d9941889bd7 For reason in https://bugs.debian.org/974857#36 -- Shengjing Zhu Sat, 28 Nov 2020 00:19:03 +0800 containerd (1.4.2~ds1-1) unstable; urgency=medium * Update uscan watch file version to 4 * New upstream version 1.4.2~ds1 * Bump Standards-Version to 4.5.1 (no changes) -- Shengjing Zhu Fri, 27 Nov 2020 01:45:34 +0800 containerd (1.4.1~ds1-2) unstable; urgency=medium * Add patch to relax structured-merge-diff version (Closes: #975636) -- Shengjing Zhu Tue, 24 Nov 2020 23:06:33 +0800 containerd (1.4.1~ds1-1) unstable; urgency=medium * New upstream version 1.4.1~ds1 -- Shengjing Zhu Wed, 16 Sep 2020 15:16:41 +0800 containerd (1.4.0~ds1-1) unstable; urgency=medium * New upstream version 1.4.0~ds1 -- Shengjing Zhu Thu, 20 Aug 2020 01:27:53 +0800 containerd (1.4.0~beta2~ds1-1) experimental; urgency=medium [ Shengjing Zhu ] [ Arnaud Rebillout ] * Depend on gotest.tools >= 3.0.0, and remove related patch [ Shengjing Zhu ] * New upstream version 1.4.0~beta2~ds1 * Unvendor golang-k8s-sigs-structured-merge-diff-dev * Unvendor golang-github-containers-ocicrypt-dev * Add golang-github-google-gofuzz-dev to Build-Depends * Add golang-github-fsnotify-fsnotify-dev to Build-Depends * Update Files-Excluded for 1.4.0-beta.2 -- Shengjing Zhu Tue, 14 Jul 2020 01:51:43 +0800 containerd (1.4.0~beta1~ds1-1) experimental; urgency=medium * New upstream version 1.4.0~beta1~ds1 * Revert "Add socat to Suggests, it's used by containerd CRI plugin" CRI 1.4 doesn't need socat * Fix `go env` command without writable HOME. The command failed with: failed to initialize build cache at /sbuild-nonexistent/.cache/go-build: mkdir /sbuild-nonexistent: permission denied -- Shengjing Zhu Fri, 29 May 2020 14:00:27 +0800 containerd (1.4.0~beta0~ds1-1) experimental; urgency=medium * Add socat to Suggests, it's used by containerd CRI plugin * Update Files-Excluded in d/copyright for 1.4 release * New upstream version 1.4.0~beta0~ds1 * Update Depends for 1.4 release + Vendor golang-github-containerd-cgroups-dev + Add golang-github-coreos-go-systemd-dev, + Bump golang-github-gogo-googleapis-dev to 1.4.0 + Bump golang-github-gogo-protobuf-dev to 1.3.0 + Bump golang-github-opencontainers-go-digest-dev to 1.0.0 * Refresh patches for 1.4 release - mipsel.patch - pr-3706.patch - pr-3935.patch - pr-3963.patch + 0001-disable-windows-support-in-ctr-metric.patch + 0002-Add-go.mod-file.patch + 0003-disable-runhcs-option-in-cri-config.patch + 0004-reduce-ocicrypt-dependency.patch + 0005-use-gotest.tools-v2.patch -- Shengjing Zhu Tue, 19 May 2020 18:05:54 +0800 containerd (1.3.4~ds1-1) unstable; urgency=medium * New upstream version 1.3.4~ds1 * Disable btrfs plugin on riscv64. As this plugin needs cgo and riscv64 doesn't support -- Shengjing Zhu Fri, 24 Apr 2020 22:52:10 +0800 containerd (1.3.3.59~ds1-1) experimental; urgency=medium * New upstream snapshot. This is latest version from branch release/1.3, which will become 1.3.4 soon. * Move cli manpages to section 8 -- Shengjing Zhu Tue, 14 Apr 2020 00:51:37 +0800 containerd (1.3.3~ds1-2) unstable; urgency=medium * Enable building btrfs plugin on mipsel. Issue in golang-github-containerd-btrfs-dev is fixed in 0.0~git20200117.1539353-1 * Add bash/zsh completion script for ctr * Set CGO_CFLAGS and CGO_CPPFLAGS with dpkg-buildflags. This should fix reproducible-build, by adding one more -fdebug-prefix-map for source files -- Shengjing Zhu Thu, 13 Feb 2020 22:37:29 +0800 containerd (1.3.3~ds1-1) unstable; urgency=medium * New upstream version 1.3.3~ds1 * Backport upstream patch to fix flaky tests * Backport upstream patch to fix building with gccgo * Don't build CRI when using gccgo * Populate package version and revision when building * Unvendor sigs.k8s.io/yaml * Remove patches applied in new release * Update Standards-Version to 4.5.0 (no changes) -- Shengjing Zhu Fri, 07 Feb 2020 17:02:22 +0800 containerd (1.3.2~ds1-3) unstable; urgency=medium * Update armel/armhf patch to fix failing test * Remove unused Depends from -dev package. Since the containerd/cri is removed from -dev package -- Shengjing Zhu Wed, 08 Jan 2020 16:20:14 +0800 containerd (1.3.2~ds1-2) unstable; urgency=medium * Upload to unstable * Add containernetworking-plugins to Suggests containerd-cri may use cni plugins from containernetworking-plugins * Add default config.toml * Fix build on mipsel + Add patch to cast uint32 Rdev + Exclude btrfs plugin on mipsel * Backport upstream patch to fix i386 build * Exclude container-cri in -dev packages * Add autopkgtest-pkg-go * Backport upstream patch to fix armhf/armel test -- Shengjing Zhu Wed, 08 Jan 2020 01:43:35 +0800 containerd (1.3.2~ds1-1) experimental; urgency=medium * New upstream version 1.3.2~ds1 * Update Excluded-Files and Build-Depends for 1.3.2 release * Much stricter on package version in Build-Depends * Update debhelper compat to 12 with new syntax * Update Standards-Version to 4.4.1 (no changes) * Update build rules for 1.3.2 release * Only install docs and manpage to containerd package * Remove unused vendor files * Fix build manpage in rules, need to run in Go env * Update package description to clarify the difference between docker.io * Add containerd systemd service * Backport upstream patch to fix test with go1.13 * Add Rules-Requires-Root * Update copyright for 1.3.2 release -- Shengjing Zhu Sat, 04 Jan 2020 18:11:52 +0800 containerd (1.2.4~ds1-1) experimental; urgency=medium [ Alexandre Viau ] * Point Vcs-* urls to salsa.debian.org. [ Jelmer Vernooij ] * Use secure copyright file specification URI. [ Shengjing Zhu ] * New upstream version 1.2.4~ds1 * Update Build-Depends for new version * Update debhelper and campat to 11 * Update copyright file for new version * Remove patches no longer used * Update debian/rules for new version * Vendor dependencies + github.com/containerd/continuity: 49 files + github.com/containerd/go-runc: 10 files + github.com/containerd/ttrpc: 9 files + github.com/docker/distribution: 5 files * Install all files to -dev package * Generate manpages from docs/man directory * Update Maintainer address to team+pkg-go@tracker.debian.org * Add myself to Uploaders * Add a TODO file * Update package description with words in upstream README * Install Apache NOTICE file * Remove unneeded tag in lintian overrides -- Shengjing Zhu Sun, 17 Feb 2019 04:12:40 +0800 containerd (0.2.3+git20170126.85.aa8187d~ds1-2) unstable; urgency=medium * Replace golang-go with golang-any in Build-Depends -- Konstantinos Margaritis Tue, 08 Aug 2017 11:51:26 +0300 containerd (0.2.3+git20170126.85.aa8187d~ds1-1) unstable; urgency=medium [ Jordi Mallach ] * Actually use DEB_HOST_GNU_TYPE to determine the arch triplet. [ Tim Potter ] * New upstream snapshot for Docker 1.13.1. -- Tim Potter Wed, 24 May 2017 11:38:46 +1000 containerd (0.2.3~git20161117.78.03e5862~ds1-2) unstable; urgency=medium * Add Breaks line to binary package to avoid messing up previous Docker installs. * Use DEB_BUILD_GNU_TYPE in debian/rules instead of hardcoding for amd64. (Closes: #858266) * Suppress binary-without-manpage and spelling-error-in-binary Lintian messages. -- Tim Potter Tue, 21 Mar 2017 09:01:49 +1100 containerd (0.2.3~git20161117.78.03e5862~ds1-1) unstable; urgency=medium * New upstream version. * Regenerate proto files on each rebuild. -- Tim Potter Fri, 27 Jan 2017 12:30:54 +1100 containerd (0.2.1~ds1-3) unstable; urgency=medium [ Team upload ] * Rebuild proto files against newer version of grpc (Closes: #835736) -- Tim Potter Fri, 09 Sep 2016 10:11:54 +1000 containerd (0.2.1~ds1-2) unstable; urgency=medium * Team upload. * Standards-Version: 3.9.8. * Trim -dev package to avoid circular dependency with Docker. * dev/Depends: - golang-github-codegangsta-cli-dev - golang-github-cyberdelia-go-metrics-graphite-dev - golang-github-docker-docker-dev -- Dmitry Smirnov Mon, 13 Jun 2016 11:15:48 +1000 containerd (0.2.1~ds1-1) unstable; urgency=medium * Team upload. [ Tianon Gravi ] * Update to 0.2.1 upstream release [ Tim Potter ] * Add "golang-github-docker-containerd-dev" package (Closes: #822213) -- Dmitry Smirnov Sat, 23 Apr 2016 22:54:15 +1000 containerd (0.1.0~ds1-1) unstable; urgency=medium * Initial release (Closes: #819520) -- Tianon Gravi Sat, 02 Apr 2016 11:05:01 -0700