Skip to content

Commit

Permalink
feat: update containerd 1.7.13, runc 1.1.12
Browse files Browse the repository at this point in the history 
See [CVE-2024-21626](GHSA-xr7r-f8xq-vfvv) for the runc update.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
  • Loading branch information
@smira
smira committed Feb 1, 2024
1 parent d53e07c commit 7840f8a
Show file tree
Hide file tree
Showing 9 changed files with 29 additions and 52 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ CLOUD_IMAGES_EXTRA_ARGS ?= ""

ARTIFACTS := _out
TOOLS ?= ghcr.io/siderolabs/tools:v1.6.0-2-g5e034ec
PKGS ?= v1.6.0-15-gf51aedb
PKGS ?= v1.6.0-16-gb77ffb7
PKG_KERNEL ?= ghcr.io/siderolabs/kernel:$(PKGS)
EXTRAS ?= v1.6.0-1-g113887a
# renovate: datasource=github-tags depName=golang/go
Expand Down
14 changes: 7 additions & 7 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/siderolabs/talos

go 1.21.4
go 1.21.6

replace (
// Use nested module.
Expand Down Expand Up @@ -39,7 +39,7 @@ require (
github.com/blang/semver/v4 v4.0.0
github.com/cenkalti/backoff/v4 v4.2.1
github.com/containerd/cgroups/v3 v3.0.2
github.com/containerd/containerd v1.7.11
github.com/containerd/containerd v1.7.13
github.com/containerd/typeurl/v2 v2.1.1
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.3.0
Expand Down Expand Up @@ -87,7 +87,7 @@ require (
github.com/nberlee/go-netstat v0.1.2
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc4
github.com/opencontainers/runtime-spec v1.1.0-rc.1
github.com/opencontainers/runtime-spec v1.1.0
github.com/packethost/packngo v0.30.0
github.com/pelletier/go-toml v1.9.5
github.com/pin/tftp v2.1.1-0.20200117065540-2f79be2dba4e+incompatible
Expand All @@ -104,6 +104,7 @@ require (
github.com/siderolabs/discovery-api v0.1.3
github.com/siderolabs/discovery-client v0.1.5
github.com/siderolabs/gen v0.4.7
github.com/siderolabs/go-api-signature v0.3.1
github.com/siderolabs/go-blockdevice v0.4.7
github.com/siderolabs/go-circular v0.1.0
github.com/siderolabs/go-cmd v0.1.1
Expand Down Expand Up @@ -262,14 +263,14 @@ require (
github.com/moby/sys/mountinfo v0.6.2 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/user v0.1.0 // indirect
github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/nsf/termbox-go v0.0.0-20190121233118-02980233997d // indirect
github.com/opencontainers/runc v1.1.5 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
Expand All @@ -285,7 +286,6 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/satori/go.uuid v1.2.1-0.20181028125025-b2ce2384e17b // indirect
github.com/sethgrid/pester v1.2.0 // indirect
github.com/siderolabs/go-api-signature v0.3.1 // indirect
github.com/siderolabs/protoenc v0.2.1 // indirect
github.com/siderolabs/tcpproxy v0.1.0 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
Expand Down Expand Up @@ -314,8 +314,8 @@ require (
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.16.0 // indirect
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/tools v0.12.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/tools v0.16.1 // indirect
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb // indirect
google.golang.org/appengine v1.6.7 // indirect
Expand Down
45 changes: 10 additions & 35 deletions go.sum
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion go.work
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
go 1.21.4
go 1.21.6

use (
.
Expand Down
6 changes: 4 additions & 2 deletions hack/release.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,10 @@ preface = """\
[notes.updates]
title = "Component Updates"
description = """\
Linux: 6.1.74
Kubernetes: 1.29.1
containerd: 1.7.13
runc: 1.1.12
See [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) for the runc update.
Talos is built with Go 1.21.6.
"""
Expand Down
2 changes: 1 addition & 1 deletion pkg/machinery/constants/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,7 +479,7 @@ const (
TrustdUserID = 51

// DefaultContainerdVersion is the default container runtime version.
DefaultContainerdVersion = "1.7.11"
DefaultContainerdVersion = "1.7.13"

// SystemContainerdNamespace is the Containerd namespace for Talos services.
SystemContainerdNamespace = "system"
Expand Down
2 changes: 1 addition & 1 deletion pkg/machinery/gendata/data/pkgs
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.6.0-15-gf51aedb
v1.6.0-16-gb77ffb7
4 changes: 2 additions & 2 deletions pkg/machinery/go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/siderolabs/talos/pkg/machinery

go 1.21.4
go 1.21.6

// forked go-yaml that introduces RawYAML interface, which can be used to populate YAML fields using bytes
// which are then encoded as a valid YAML blocks with proper indentiation
Expand All @@ -16,7 +16,7 @@ require (
github.com/hashicorp/go-multierror v1.1.1
github.com/jsimonetti/rtnetlink v1.4.0
github.com/mdlayher/ethtool v0.1.0
github.com/opencontainers/runtime-spec v1.1.0-rc.1
github.com/opencontainers/runtime-spec v1.1.0
github.com/siderolabs/crypto v0.4.1
github.com/siderolabs/gen v0.4.7
github.com/siderolabs/go-api-signature v0.3.1
Expand Down
4 changes: 2 additions & 2 deletions pkg/machinery/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,8 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q=
github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w=
github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
Expand Down

0 comments on commit 7840f8a

Please sign in to comment.