From 223df488a13ef39b0175a514c389a23e3ecb1115 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 30 Nov 2020 20:04:31 +0100
Subject: [PATCH 1/2] update containerd binary to v1.3.8

full diff: https://github.com/containerd/containerd/compare/v1.3.7...v1.3.8

Release notes:

containerd 1.3.8
----------------------

Welcome to the v1.3.8 release of containerd!

The eighth patch release for containerd 1.3 includes several bug fixes and updates.

Notable Updates

- Fix metrics monitoring of v2 runtime tasks
- Fix nil pointer error when restoring checkpoint
- Fix devmapper device deletion on rollback
- Fix integer overflow on Windows
- Update seccomp default profile

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: 1babdf81e764c63a53c99dddaf08a9953ae2da16
Component: engine
---
 components/engine/hack/dockerfile/install/containerd.installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/dockerfile/install/containerd.installer b/components/engine/hack/dockerfile/install/containerd.installer
index 7fcd0c7fbc5..dedf997bbd5 100755
--- a/components/engine/hack/dockerfile/install/containerd.installer
+++ b/components/engine/hack/dockerfile/install/containerd.installer
@@ -4,7 +4,7 @@
 # containerd is also pinned in vendor.conf. When updating the binary
 # version you may also need to update the vendor version to pick up bug
 # fixes or new APIs.
-: "${CONTAINERD_COMMIT:=8fba4e9a7d01810a393d5d25a3621dc101981175}" # v1.3.7
+: "${CONTAINERD_COMMIT:=7fb6e171309113ddcb8ea9599e34321550469250}" # v1.3.8
 
 install_containerd() {
 	echo "Install containerd version $CONTAINERD_COMMIT"

From d62f3a433509812c7516b5441019beaabcd229a9 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 30 Nov 2020 20:07:34 +0100
Subject: [PATCH 2/2] update containerd binary to v1.3.9 (address
 CVE-2020-15257)

full diff: https://github.com/containerd/containerd/compare/v1.3.8...v1.3.9

Release notes:

containerd 1.3.9
---------------------

Welcome to the v1.3.9 release of containerd!

The ninth patch release for containerd 1.3 is a security release to address
CVE-2020-15257. See GHSA-36xw-fx78-c5r4 for more details:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Upstream-commit: d3c550633005b8533683c7b9119625241d7cd55b
Component: engine
---
 components/engine/hack/dockerfile/install/containerd.installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/engine/hack/dockerfile/install/containerd.installer b/components/engine/hack/dockerfile/install/containerd.installer
index dedf997bbd5..f7ead974e62 100755
--- a/components/engine/hack/dockerfile/install/containerd.installer
+++ b/components/engine/hack/dockerfile/install/containerd.installer
@@ -4,7 +4,7 @@
 # containerd is also pinned in vendor.conf. When updating the binary
 # version you may also need to update the vendor version to pick up bug
 # fixes or new APIs.
-: "${CONTAINERD_COMMIT:=7fb6e171309113ddcb8ea9599e34321550469250}" # v1.3.8
+: "${CONTAINERD_COMMIT:=ea765aba0d05254012b0b9e595e995c09186427f}" # v1.3.9
 
 install_containerd() {
 	echo "Install containerd version $CONTAINERD_COMMIT"