From ec221d6881bfc23ce732e2950a69349c11a45e3d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 24 Mar 2022 12:44:08 +0100 Subject: [PATCH] vendor: github.com/containerd/containerd v1.6.2 includes a fix for CVE-2022-24769. Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 3 ++- vendor/github.com/containerd/containerd/Vagrantfile | 2 +- vendor/github.com/containerd/containerd/oci/spec.go | 7 +++---- vendor/github.com/containerd/containerd/oci/spec_opts.go | 5 +---- vendor/github.com/containerd/containerd/version/version.go | 2 +- vendor/modules.txt | 4 ++-- 7 files changed, 11 insertions(+), 14 deletions(-) diff --git a/vendor.mod b/vendor.mod index aa58a51bc5..9e353e7e8c 100644 --- a/vendor.mod +++ b/vendor.mod @@ -18,7 +18,7 @@ require ( github.com/bsphere/le_go v0.0.0-20170215134836-7a984a84b549 github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5 github.com/containerd/cgroups v1.0.3 - github.com/containerd/containerd v1.6.1 + github.com/containerd/containerd v1.6.2 github.com/containerd/continuity v0.2.2 github.com/containerd/fifo v1.0.0 github.com/containerd/typeurl v1.0.2 diff --git a/vendor.sum b/vendor.sum index d1c70558a9..18a600ce6a 100644 --- a/vendor.sum +++ b/vendor.sum @@ -232,8 +232,9 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= -github.com/containerd/containerd v1.6.1 h1:oa2uY0/0G+JX4X7hpGCYvkp9FjUancz56kSNnb1sG3o= github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= +github.com/containerd/containerd v1.6.2 h1:pcaPUGbYW8kBw6OgIZwIVIeEhdWVrBzsoCfVJ5BjrLU= +github.com/containerd/containerd v1.6.2/go.mod h1:sidY30/InSE1j2vdD1ihtKoJz+lWdaXMdiAeIupaf+s= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile index 16feb48a1a..3e8e466196 100644 --- a/vendor/github.com/containerd/containerd/Vagrantfile +++ b/vendor/github.com/containerd/containerd/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.17.7", + 'GO_VERSION': ENV['GO_VERSION'] || "1.17.8", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/vendor/github.com/containerd/containerd/oci/spec.go b/vendor/github.com/containerd/containerd/oci/spec.go index 34d7662309..a1c98ddcbd 100644 --- a/vendor/github.com/containerd/containerd/oci/spec.go +++ b/vendor/github.com/containerd/containerd/oci/spec.go @@ -148,10 +148,9 @@ func populateDefaultUnixSpec(ctx context.Context, s *Spec, id string) error { GID: 0, }, Capabilities: &specs.LinuxCapabilities{ - Bounding: defaultUnixCaps(), - Permitted: defaultUnixCaps(), - Inheritable: defaultUnixCaps(), - Effective: defaultUnixCaps(), + Bounding: defaultUnixCaps(), + Permitted: defaultUnixCaps(), + Effective: defaultUnixCaps(), }, Rlimits: []specs.POSIXRlimit{ { diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts.go b/vendor/github.com/containerd/containerd/oci/spec_opts.go index 9b0cfc3f17..36eae16798 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_opts.go +++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go @@ -810,7 +810,6 @@ func WithCapabilities(caps []string) SpecOpts { s.Process.Capabilities.Bounding = caps s.Process.Capabilities.Effective = caps s.Process.Capabilities.Permitted = caps - s.Process.Capabilities.Inheritable = caps return nil } @@ -845,7 +844,6 @@ func WithAddedCapabilities(caps []string) SpecOpts { &s.Process.Capabilities.Bounding, &s.Process.Capabilities.Effective, &s.Process.Capabilities.Permitted, - &s.Process.Capabilities.Inheritable, } { if !capsContain(*cl, c) { *cl = append(*cl, c) @@ -865,7 +863,6 @@ func WithDroppedCapabilities(caps []string) SpecOpts { &s.Process.Capabilities.Bounding, &s.Process.Capabilities.Effective, &s.Process.Capabilities.Permitted, - &s.Process.Capabilities.Inheritable, } { removeCap(cl, c) } @@ -880,7 +877,7 @@ func WithDroppedCapabilities(caps []string) SpecOpts { func WithAmbientCapabilities(caps []string) SpecOpts { return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error { setCapabilities(s) - + s.Process.Capabilities.Inheritable = caps s.Process.Capabilities.Ambient = caps return nil } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index a92784ef81..07e9f9ccc2 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.6.1+unknown" + Version = "1.6.2+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/modules.txt b/vendor/modules.txt index 70b56953ac..45a7974cd3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -153,8 +153,8 @@ github.com/containerd/cgroups/v2/stats # github.com/containerd/console v1.0.3 ## explicit; go 1.13 github.com/containerd/console -# github.com/containerd/containerd v1.6.1 -## explicit; go 1.16 +# github.com/containerd/containerd v1.6.2 +## explicit; go 1.17 github.com/containerd/containerd github.com/containerd/containerd/api/events github.com/containerd/containerd/api/services/containers/v1