Add upstream changelog

Signed-off-by: Leandro Motta Barros <leandro@balena.io> Change-type: patch
balena-os · Nov 22, 2022 · 54951df · 54951df
1 parent 3b4f18c
commit 54951df
Show file tree

Hide file tree

Showing 4 changed files with 189 additions and 2 deletions.
diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml
@@ -1,3 +1,16 @@
+- commits:
+  - subject: Merge upstream v20.10.17
+    hash: 3b4f18ca10d205273e89086c29064c74b514a1b7
+    body: >-
+      For full changelog see:
+      https://github.com/balena-os/balena-engine/blob/20.10.17-balena/CHANGELOG.md#2022-11-21-upstream-release
+    footers:
+      change-type: patch
+      signed-off-by: Leandro Motta Barros <leandro@balena.io>
+    author: Leandro Motta Barros
+    nested: []
+  version: 20.10.21
+  date: 2022-11-21T12:00:00.000Z
 - commits:
     - subject: Improve docs for balenaEngine devs
       hash: 70983b153cd2881862b2e74d03aa5bb104466e0c

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,180 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+# v20.10.21
+## (2022-11-21) [upstream release]
+
+<details>
+<summary>Merge upstream 20.10.17 [Leandro Motta Barros]</summary>
+
+## 20.10.17
+
+2022-06-06
+
+This release of Docker Engine comes with updated versions of Docker Compose and the `containerd`, and `runc` components, as well as some minor bug fixes.
+
+### Client
+
+* Remove asterisk from docker commands in zsh completion script [docker/cli#3648](https://github.com/docker/cli/pull/3648).
+
+### Networking
+
+* Fix Windows port conflict with published ports in host mode for overlay [moby/moby#43644](https://github.com/moby/moby/pull/43644).
+* Ensure performance tuning is always applied to libnetwork sandboxes [moby/moby#43683](https://github.com/moby/moby/pull/43683).
+
+### Packaging
+
+* Update Docker Compose to [v2.6.0](https://github.com/docker/compose/releases/tag/v2.6.0).
+* Update containerd (`containerd.io` package) to [v1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6), which contains a fix for [CVE-2022-31030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030)
+* Update runc version to [v1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2), which contains a fix for [CVE-2022-29162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162).
+* Update Go runtime to [1.17.11](https://go.dev/doc/devel/release#go1.17.minor), which contains fixes for [CVE-2022-30634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30634), [CVE-2022-30629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629), [CVE-2022-30580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30580) and [CVE-2022-29804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29804)
+
+## 20.10.16
+
+2022-05-12
+
+This release of Docker Engine fixes a regression in the Docker CLI builds for macOS, fixes an issue with `docker stats` when using containerd 1.5 and up, and updates the Go runtime to include a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
+
+### Client
+
+* Fixed a regression in binaries for macOS introduced in [20.10.15](#201015), which resulted in a panic [docker/cli#43426](https://github.com/docker/cli/pull/3592).
+* Update golang.org/x/sys dependency which contains a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
+
+### Daemon
+
+* Fixed an issue where `docker stats` was showing empty stats when running with containerd 1.5.0 or up [moby/moby#43567](https://github.com/moby/moby/pull/43567).
+* Updated the `golang.org/x/sys` build-time dependency which contains a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
+
+### Packaging
+
+* Updated Go runtime to [1.17.10](https://go.dev/doc/devel/release#go1.17.minor), which contains a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
+* Used “weak” dependencies for the `docker scan` CLI plugin, to prevent a “conflicting requests” error when users performed an off-line installation from downloaded RPM packages [docker/docker-ce-packaging#659](https://github.com/docker/docker-ce-packaging/pull/659).
+
+## 20.10.15
+
+2022-05-05
+
+This release of Docker Engine comes with updated versions of the `compose`, `buildx`, `containerd`, and `runc` components, as well as some minor bug fixes.
+
+> **Known issues**
+>
+> We’ve identified an issue with the [macOS CLI binaries](https://download.docker.com/mac/static/stable/) in the 20.10.15 release. This issue has been resolved in the [20.10.16](#201016) release.
+
+### Daemon
+
+* Use a RWMutex for stateCounter to prevent potential locking congestion [moby/moby#43426](https://github.com/moby/moby/pull/43426).
+* Prevent an issue where the daemon was unable to find an available IP-range in some conditions [moby/moby#43360](https://github.com/moby/moby/pull/43360)
+
+### Packaging
+
+* Update Docker Compose to [v2.5.0](https://github.com/docker/compose/releases/tag/v2.5.0).
+* Update Docker Buildx to [v0.8.2](https://github.com/docker/buildx/releases/tag/v0.8.2).
+* Update Go runtime to [1.17.9](https://go.dev/doc/devel/release#go1.17.minor).
+* Update containerd (`containerd.io` package) to [v1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4).
+* Update runc version to [v1.1.1](https://github.com/opencontainers/runc/releases/tag/v1.1.1).
+* Add packages for CentOS 9 stream and Fedora 36.
+
+## 20.10.14
+
+2022-03-23
+
+This release of Docker Engine updates the default inheritable capabilities for containers to address [CVE-2022-24769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769), a new version of the `containerd.io` runtime is also included to address the same issue.
+
+### Daemon
+
+* Update the default inheritable capabilities.
+
+### Builder
+
+* Update the default inheritable capabilities for containers used during build.
+
+### Packaging
+
+* Update containerd (`containerd.io` package) to [v1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11).
+* Update `docker buildx` to [v0.8.1](https://github.com/docker/buildx/releases/tag/v0.8.1).
+
+## 20.10.13
+
+2022-03-10
+
+This release of Docker Engine contains some bug-fixes and packaging changes, updates to the `docker scan` and `docker buildx` commands, an updated version of the Go runtime, and new versions of the `containerd.io` runtime. Together with this release, we now also provide `.deb` and `.rpm` packages of Docker Compose V2, which can be installed using the (optional) `docker-compose-plugin` package.
+
+### Builder
+
+* Updated the bundled version of buildx to [v0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0).
+
+### Daemon
+
+* Fix a race condition when updating the container’s state [moby/moby#43166](https://github.com/moby/moby/pull/43166).
+* Update the etcd dependency to prevent the daemon from incorrectly holding file locks [moby/moby#43259](https://github.com/moby/moby/pull/43259)
+* Fix detection of user-namespaces when configuring the default `net.ipv4.ping_group_range` sysctl [moby/moby#43084](https://github.com/moby/moby/pull/43084).
+
+### Distribution
+
+* Retry downloading image-manifests if a connection failure happens during image pull [moby/moby#43333](https://github.com/moby/moby/pull/43333).
+
+### Documentation
+
+* Various fixes in command-line reference and API documentation.
+
+### Logging
+
+* Prevent an OOM when using the “local” logging driver with containers that produce a large amount of log messages [moby/moby#43165](https://github.com/moby/moby/pull/43165).
+* Updates the fluentd log driver to prevent a potential daemon crash, and prevent containers from hanging when using the `fluentd-async-connect=true` and the remote server is unreachable [moby/moby#43147](https://github.com/moby/moby/pull/43147).
+
+### Packaging
+
+* Provide `.deb` and `.rpm` packages for Docker Compose V2\. [Docker Compose v2.3.3](https://github.com/docker/compose/releases/tag/v2.3.3) can now be installed on Linux using the `docker-compose-plugin` packages, which provides the `docker compose` subcommand on the Docker CLI. The Docker Compose plugin can also be installed and run standalone to be used as a drop-in replacement for `docker-compose` (Docker Compose V1) [docker/docker-ce-packaging#638](https://github.com/docker/docker-ce-packaging/pull/638). The `compose-cli-plugin` package can also be used on older version of the Docker CLI with support for CLI plugins (Docker CLI 18.09 and up).
+* Provide packages for the upcoming Ubuntu 22.04 “Jammy Jellyfish” LTS release [docker/docker-ce-packaging#645](https://github.com/docker/docker-ce-packaging/pull/645), [docker/containerd-packaging#271](https://github.com/docker/containerd-packaging/pull/271).
+* Update `docker buildx` to [v0.8.0](https://github.com/docker/buildx/releases/tag/v0.8.0).
+* Update `docker scan` (`docker-scan-plugin`) to [v0.17.0](https://github.com/docker/scan-cli-plugin/releases/tag/v0.17.0).
+* Update containerd (`containerd.io` package) to [v1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10).
+* Update the bundled runc version to [v1.0.3](https://github.com/opencontainers/runc/releases/tag/v1.0.3).
+* Update Golang runtime to Go 1.16.15.
+
+## 20.10.12
+
+2021-12-13
+
+This release of Docker Engine contains changes in packaging only, and provides updates to the `docker scan` and `docker buildx` commands. Versions of `docker scan` before v0.11.0 are not able to detect the [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228). We are shipping an updated version of `docker scan` in this release to help you scan your images for this vulnerability.
+
+> **Note**
+>
+> The `docker scan` command on Linux is currently only supported on x86 platforms. We do not yet provide a package for other hardware architectures on Linux.
+
+The `docker scan` feature is provided as a separate package and, depending on your upgrade or installation method, ‘docker scan’ may not be updated automatically to the latest version. Use the instructions below to update `docker scan` to the latest version. You can also use these instructions to install, or upgrade the `docker scan` package without upgrading the Docker Engine:
+
+On `.deb` based distros, such as Ubuntu and Debian:
+
+```
+$ apt-get update && apt-get install docker-scan-plugin
+```
+
+On rpm-based distros, such as CentOS or Fedora:
+
+```
+$ yum install docker-scan-plugin
+```
+
+After upgrading, verify you have the latest version of `docker scan` installed:
+
+```
+$ docker scan --accept-license --version
+Version:    v0.12.0
+Git commit: 1074dd0
+Provider:   Snyk (1.790.0 (standalone))
+```
+
+[Read our blog post on CVE-2021-44228](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) to learn how to use the `docker scan` command to check if images are vulnerable.
+
+### Packaging
+
+* Update `docker scan` to [v0.12.0](https://github.com/docker/scan-cli-plugin/releases/tag/v0.12.0).
+* Update `docker buildx` to [v0.7.1](https://github.com/docker/buildx/releases/tag/v0.7.1).
+* Update Golang runtime to Go 1.16.12.
+
+</details>
+
 # v20.10.20
 ## (2022-11-17)
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-20.10.20
+20.10.21
diff --git a/contrib/install.sh b/contrib/install.sh
@@ -2,7 +2,7 @@
 
 set -eo pipefail
 
-tag="v20.10.19"
+tag="v20.10.21"
 tag=$(echo "$tag" | sed 's|+|.|g')
 
 machine=$(uname -m)