From 2ab3cd8c9e5752d0753fb0fcd95640d05ebeefdf Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Mon, 8 Mar 2021 15:27:26 +0100
Subject: [PATCH] update containerd binary to v1.4.4

full diff: https://github.com/containerd/containerd/compare/v1.4.3...v1.4.4

Release notes:

The fourth patch release for `containerd` 1.4 contains a fix for CVE-2021-21334
along with various other minor issues.
See [GHSA-36xw-fx78-c5r4](https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4)
for more details related to CVE-2021-21334.

Notable Updates

- Fix container create in CRI to prevent possible environment variable leak between containers
- Update shim server to return grpc NotFound error
- Add bounds on max `oom_score_adj` value for shim's AdjustOOMScore
- Update task manager to use fresh context when calling shim shutdown
- Update Docker resolver to avoid possible concurrent map access panic
- Update shim's log file open flags to avoid containerd hang on syscall open
- Fix incorrect usage calculation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1a493934033919b91c4e471638ac1a8bbc5792c5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 hack/dockerfile/install/containerd.installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer
index b656a5697b26b..e7c6488096da2 100755
--- a/hack/dockerfile/install/containerd.installer
+++ b/hack/dockerfile/install/containerd.installer
@@ -4,7 +4,7 @@ set -e
 # containerd is also pinned in vendor.conf. When updating the binary
 # version you may also need to update the vendor version to pick up bug
 # fixes or new APIs.
-: "${CONTAINERD_COMMIT:=269548fa27e0089a8b8278fc4fc781d7f65a939b}" # v1.4.3
+: "${CONTAINERD_COMMIT:=05f951a3781f4f2c1911b05e61c160e9c30eaa8e}" # v1.4.4
 
 install_containerd() (
 	echo "Install containerd version $CONTAINERD_COMMIT"