containerd (1.4.13~ds1-1~deb11u4) bullseye; urgency=medium

  * CVE-2023-25153: OCI image importer memory exhaustion
  * CVE-2023-25173: Supplementary groups are not set up properly

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 17 Feb 2023 23:11:26 +0800

containerd (1.4.13~ds1-1~deb11u3) bullseye; urgency=medium

  * CVE-2022-23471: CRI plugin: Fix goroutine leak during Exec

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 08 Dec 2022 10:24:34 +0800

containerd (1.4.13~ds1-1~deb11u2) bullseye-security; urgency=high

  * CVE-2022-31030: CRI plugin: Host memory exhaustion through ExecSync
  * CVE-2022-24769: Default inheritable capabilities for linux container
    should be empty

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 07 Jun 2022 03:07:20 +0800

containerd (1.4.13~ds1-1~deb11u1) bullseye-security; urgency=high

  * New upstream version 1.4.13~ds1
    CVE-2022-23648: CRI plugin: insecure handling of image volumes.

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 03 Mar 2022 02:21:10 +0800

containerd (1.4.12~ds1-1~deb11u1) bullseye; urgency=medium

  * New upstream version 1.4.12~ds1
    + 1.4.12
      * Mitigate CVE-2021-41190: Handle ambiguous OCI manifest parsing
      * Update pull to try next mirror for non-404 errors
      * Update pull to handle of non-https urls in descriptors
    + 1.4.11
      * CVE-2021-41103: Fix insufficiently restricted permissions on container
        root and plugin directories
    + 1.4.10
      * Support "clone3" in default seccomp profile
      * Fix panic in metadata content writer on copy error
    + 1.4.9
      * Update pull authorization logic on redirect
      * Fix user agent used for fetching registry authentication tokens
    + 1.4.8
      * CVE-2021-32760: Archive package allows chmod of file outside of unpack
        target directory
    + 1.4.7
      * Fix invalid validation error checking
      * Fix error on image pull resume
  * Refresh patches
    + Drop CVE-2021-32760 patch
    + Drop CVE-2021-41103 patch
    + Refresh 0005-backport-github.com-containerd-containerd-remotes.patch
      with latest 1.5 release branch
  * Backport RPi1/RPi0 workaround (Closes: #998909)

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 23 Nov 2021 18:42:16 +0800

containerd (1.4.5~ds1-2+deb11u1) bullseye-security; urgency=high

  * CVE-2021-41103: Insufficiently restricted permissions on container
    root and plugin directories

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 05 Oct 2021 18:45:47 +0800

containerd (1.4.5~ds1-2) unstable; urgency=medium

  * Backport patches for CVE-2021-32760

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 20 Jul 2021 02:36:10 +0800

containerd (1.4.5~ds1-1) unstable; urgency=medium

  * New upstream patch version v1.4.5
  * Drop patch applied in new version:
    - 0008-backport-overlay-support-userxattr-kernel-5.11.patch

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 12 May 2021 13:17:38 +0800

containerd (1.4.4~ds1-2) unstable; urgency=medium

  * Backport apparmor signal handle patch
    https://github.com/containerd/containerd/pull/4467
  * Backport patch to ignore false positive file-already-closed message
    https://github.com/containerd/containerd/pull/5174
  * Backport overlayfs userxattr support for kernel 5.11
    https://github.com/containerd/containerd/pull/5076

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 14 Mar 2021 02:02:27 +0800

containerd (1.4.4~ds1-1) unstable; urgency=medium

  * New upstream version 1.4.4~ds1
    Fix CVE-2021-21334:
    CRI plugin: environment variables can leak between containers

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 05 Mar 2021 16:37:29 +0800

containerd (1.4.3~ds1-2) unstable; urgency=medium

  * No longer need to mention docker-containerd in package description
  * Run integration test in autopkgtest

 -- Shengjing Zhu <zhsj@debian.org>  Mon, 08 Feb 2021 01:40:14 +0800

containerd (1.4.3~ds1-1) unstable; urgency=medium

  * New upstream version 1.4.3~ds1
    Fix CVE-2020-15257

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 01 Dec 2020 10:13:21 +0800

containerd (1.4.2~ds1-3) experimental; urgency=medium

  * Enable CRI when build with gccgo

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 29 Nov 2020 17:04:46 +0800

containerd (1.4.2~ds1-2) experimental; urgency=medium

  * Backport github.com/containerd/containerd/remotes package.
    Update to f601887a3cafeef462d72add63693d9941889bd7
    For reason in https://bugs.debian.org/974857#36

 -- Shengjing Zhu <zhsj@debian.org>  Sat, 28 Nov 2020 00:19:03 +0800

containerd (1.4.2~ds1-1) unstable; urgency=medium

  * Update uscan watch file version to 4
  * New upstream version 1.4.2~ds1
  * Bump Standards-Version to 4.5.1 (no changes)

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 27 Nov 2020 01:45:34 +0800

containerd (1.4.1~ds1-2) unstable; urgency=medium

  * Add patch to relax structured-merge-diff version (Closes: #975636)

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 24 Nov 2020 23:06:33 +0800

containerd (1.4.1~ds1-1) unstable; urgency=medium

  * New upstream version 1.4.1~ds1

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 16 Sep 2020 15:16:41 +0800

containerd (1.4.0~ds1-1) unstable; urgency=medium

  * New upstream version 1.4.0~ds1

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 20 Aug 2020 01:27:53 +0800

containerd (1.4.0~beta2~ds1-1) experimental; urgency=medium

  [ Shengjing Zhu ]

  [ Arnaud Rebillout ]
  * Depend on gotest.tools >= 3.0.0, and remove related patch

  [ Shengjing Zhu ]
  * New upstream version 1.4.0~beta2~ds1
  * Unvendor golang-k8s-sigs-structured-merge-diff-dev
  * Unvendor golang-github-containers-ocicrypt-dev
  * Add golang-github-google-gofuzz-dev to Build-Depends
  * Add golang-github-fsnotify-fsnotify-dev to Build-Depends
  * Update Files-Excluded for 1.4.0-beta.2

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 14 Jul 2020 01:51:43 +0800

containerd (1.4.0~beta1~ds1-1) experimental; urgency=medium

  * New upstream version 1.4.0~beta1~ds1
  * Revert "Add socat to Suggests, it's used by containerd CRI plugin"
    CRI 1.4 doesn't need socat
  * Fix `go env` command without writable HOME.
    The command failed with:
    failed to initialize build cache at /sbuild-nonexistent/.cache/go-build:
    mkdir /sbuild-nonexistent: permission denied

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 29 May 2020 14:00:27 +0800

containerd (1.4.0~beta0~ds1-1) experimental; urgency=medium

  * Add socat to Suggests, it's used by containerd CRI plugin
  * Update Files-Excluded in d/copyright for 1.4 release
  * New upstream version 1.4.0~beta0~ds1
  * Update Depends for 1.4 release
    + Vendor golang-github-containerd-cgroups-dev
    + Add golang-github-coreos-go-systemd-dev,
    + Bump golang-github-gogo-googleapis-dev to 1.4.0
    + Bump golang-github-gogo-protobuf-dev to 1.3.0
    + Bump golang-github-opencontainers-go-digest-dev to 1.0.0
  * Refresh patches for 1.4 release
    - mipsel.patch
    - pr-3706.patch
    - pr-3935.patch
    - pr-3963.patch
    + 0001-disable-windows-support-in-ctr-metric.patch
    + 0002-Add-go.mod-file.patch
    + 0003-disable-runhcs-option-in-cri-config.patch
    + 0004-reduce-ocicrypt-dependency.patch
    + 0005-use-gotest.tools-v2.patch

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 19 May 2020 18:05:54 +0800

containerd (1.3.4~ds1-1) unstable; urgency=medium

  * New upstream version 1.3.4~ds1
  * Disable btrfs plugin on riscv64.
    As this plugin needs cgo and riscv64 doesn't support

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 24 Apr 2020 22:52:10 +0800

containerd (1.3.3.59~ds1-1) experimental; urgency=medium

  * New upstream snapshot.
    This is latest version from branch release/1.3, which
    will become 1.3.4 soon.
  * Move cli manpages to section 8

 -- Shengjing Zhu <zhsj@debian.org>  Tue, 14 Apr 2020 00:51:37 +0800

containerd (1.3.3~ds1-2) unstable; urgency=medium

  * Enable building btrfs plugin on mipsel.
    Issue in golang-github-containerd-btrfs-dev is fixed in 0.0~git20200117.1539353-1
  * Add bash/zsh completion script for ctr
  * Set CGO_CFLAGS and CGO_CPPFLAGS with dpkg-buildflags.
    This should fix reproducible-build, by adding one more
    -fdebug-prefix-map for source files

 -- Shengjing Zhu <zhsj@debian.org>  Thu, 13 Feb 2020 22:37:29 +0800

containerd (1.3.3~ds1-1) unstable; urgency=medium

  * New upstream version 1.3.3~ds1
  * Backport upstream patch to fix flaky tests
  * Backport upstream patch to fix building with gccgo
  * Don't build CRI when using gccgo
  * Populate package version and revision when building
  * Unvendor sigs.k8s.io/yaml
  * Remove patches applied in new release
  * Update Standards-Version to 4.5.0 (no changes)

 -- Shengjing Zhu <zhsj@debian.org>  Fri, 07 Feb 2020 17:02:22 +0800

containerd (1.3.2~ds1-3) unstable; urgency=medium

  * Update armel/armhf patch to fix failing test
  * Remove unused Depends from -dev package.
    Since the containerd/cri is removed from -dev package

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 08 Jan 2020 16:20:14 +0800

containerd (1.3.2~ds1-2) unstable; urgency=medium

  * Upload to unstable
  * Add containernetworking-plugins to Suggests
    containerd-cri may use cni plugins from containernetworking-plugins
  * Add default config.toml
  * Fix build on mipsel
    + Add patch to cast uint32 Rdev
    + Exclude btrfs plugin on mipsel
  * Backport upstream patch to fix i386 build
  * Exclude container-cri in -dev packages
  * Add autopkgtest-pkg-go
  * Backport upstream patch to fix armhf/armel test

 -- Shengjing Zhu <zhsj@debian.org>  Wed, 08 Jan 2020 01:43:35 +0800

containerd (1.3.2~ds1-1) experimental; urgency=medium

  * New upstream version 1.3.2~ds1
  * Update Excluded-Files and Build-Depends for 1.3.2 release
  * Much stricter on package version in Build-Depends
  * Update debhelper compat to 12 with new syntax
  * Update Standards-Version to 4.4.1 (no changes)
  * Update build rules for 1.3.2 release
  * Only install docs and manpage to containerd package
  * Remove unused vendor files
  * Fix build manpage in rules, need to run in Go env
  * Update package description to clarify the difference between docker.io
  * Add containerd systemd service
  * Backport upstream patch to fix test with go1.13
  * Add Rules-Requires-Root
  * Update copyright for 1.3.2 release

 -- Shengjing Zhu <zhsj@debian.org>  Sat, 04 Jan 2020 18:11:52 +0800

containerd (1.2.4~ds1-1) experimental; urgency=medium

  [ Alexandre Viau ]
  * Point Vcs-* urls to salsa.debian.org.

  [ Jelmer Vernooĳ ]
  * Use secure copyright file specification URI.

  [ Shengjing Zhu ]
  * New upstream version 1.2.4~ds1
  * Update Build-Depends for new version
  * Update debhelper and campat to 11
  * Update copyright file for new version
  * Remove patches no longer used
  * Update debian/rules for new version
  * Vendor dependencies
    + github.com/containerd/continuity: 49 files
    + github.com/containerd/go-runc: 10 files
    + github.com/containerd/ttrpc: 9 files
    + github.com/docker/distribution: 5 files
  * Install all files to -dev package
  * Generate manpages from docs/man directory
  * Update Maintainer address to team+pkg-go@tracker.debian.org
  * Add myself to Uploaders
  * Add a TODO file
  * Update package description with words in upstream README
  * Install Apache NOTICE file
  * Remove unneeded tag in lintian overrides

 -- Shengjing Zhu <zhsj@debian.org>  Sun, 17 Feb 2019 04:12:40 +0800

containerd (0.2.3+git20170126.85.aa8187d~ds1-2) unstable; urgency=medium

  * Replace golang-go with golang-any in Build-Depends

 -- Konstantinos Margaritis <markos@debian.org>  Tue, 08 Aug 2017 11:51:26 +0300

containerd (0.2.3+git20170126.85.aa8187d~ds1-1) unstable; urgency=medium

  [ Jordi Mallach ]
  * Actually use DEB_HOST_GNU_TYPE to determine the arch triplet.

  [ Tim Potter ]
  * New upstream snapshot for Docker 1.13.1.

 -- Tim Potter <tpot@hpe.com>  Wed, 24 May 2017 11:38:46 +1000

containerd (0.2.3~git20161117.78.03e5862~ds1-2) unstable; urgency=medium

  * Add Breaks line to binary package to avoid messing up previous
    Docker installs.
  * Use DEB_BUILD_GNU_TYPE in debian/rules instead of hardcoding for
    amd64. (Closes: #858266)
  * Suppress binary-without-manpage and spelling-error-in-binary
    Lintian messages.

 -- Tim Potter <tpot@hpe.com>  Tue, 21 Mar 2017 09:01:49 +1100

containerd (0.2.3~git20161117.78.03e5862~ds1-1) unstable; urgency=medium

  * New upstream version.
  * Regenerate proto files on each rebuild.

 -- Tim Potter <tpot@hpe.com>  Fri, 27 Jan 2017 12:30:54 +1100

containerd (0.2.1~ds1-3) unstable; urgency=medium

  [ Team upload ]
  * Rebuild proto files against newer version of grpc (Closes: #835736)

 -- Tim Potter <tpot@hpe.com>  Fri, 09 Sep 2016 10:11:54 +1000

containerd (0.2.1~ds1-2) unstable; urgency=medium

  * Team upload.
  * Standards-Version: 3.9.8.
  * Trim -dev package to avoid circular dependency with Docker.
  * dev/Depends:
    - golang-github-codegangsta-cli-dev
    - golang-github-cyberdelia-go-metrics-graphite-dev
    - golang-github-docker-docker-dev

 -- Dmitry Smirnov <onlyjob@debian.org>  Mon, 13 Jun 2016 11:15:48 +1000

containerd (0.2.1~ds1-1) unstable; urgency=medium

  * Team upload.

  [ Tianon Gravi ]
  * Update to 0.2.1 upstream release

  [ Tim Potter ]
  * Add "golang-github-docker-containerd-dev" package (Closes: #822213)

 -- Dmitry Smirnov <onlyjob@debian.org>  Sat, 23 Apr 2016 22:54:15 +1000

containerd (0.1.0~ds1-1) unstable; urgency=medium

  * Initial release (Closes: #819520)

 -- Tianon Gravi <tianon@debian.org>  Sat, 02 Apr 2016 11:05:01 -0700
