full diff: 60c769a6c5...69ecbb4d6d
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
to address CVE-2020-7919:
Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
List generated by running:
`git diff c9d45e652619589b4bf9 vendor.conf`
in the containerd/cri repositoru
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
full diff: f4fb1b73fb...v0.9.4
version v0.9.0 is the minimum tagged version to work with go-metrics v0.0.1,
as it depends on `prometheus.Observer`:
vendor/github.com/docker/go-metrics/timer.go:39:4: undefined: prometheus.Observer
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 4c0e84591b...v1.0.1
- beorn7/perks#3 Avoid iterating on maps
- Speed up InsertTargeted* functions by at least 2x by avoiding iterating on maps.
- beorn7/perks#4 Fixed format error
- Use 1000000 instead of 1e6 for int constant
- Add go module support
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+ archive: don't convert syscall.Timespec to unix.Timespec
archive/tar_unix.go:179:76: error: invalid type conversion (cannot use type syscall.Timespec as type unix.Timespec)
179 | timespec := []unix.Timespec{unix.Timespec(fs.StatAtime(st)), unix.Timespec(fs.StatMtime(st))}
+ gccgo has no plugin support
https://github.com/golang/go/issues/36403
+ update github.com/containerd/continuity
to include same fix for Timespec
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
* only shim v2 runc v2 ("io.containerd.runc.v2") is supported
* only PID metrics is implemented. Others should be implemented in separate PRs.
* lots of code duplication in v1 metrics and v2 metrics. Dedupe should be separate PR.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Update cri and docker to recent commits for mips enablement
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This prepares us to be able to update docker/docker vendoring to a
recent commit.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Updates Microsoft/hcsshim vendor commit hash to a recent version that now:
1. Supports container stats via the Stats RuntimeV2 gRPC call.
2. Fixes a regression when issuing a resize of the pty after the container has
exited which previously in Docker was expected to be a non-error case.
3. Puts in a workaround when using a non-default sandbox size for Windows
containers due to a platform bug. This expansion now happens in the go library
itself.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1
- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
- Before the fix, if the timer to remove a SubConn fires at the
same time NewSubConn cancels the timer, it caused a mutex leak
and deadlock.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change includes a cri master bump and a cgroup bump for windows support
with cgroup stats and reusing the cgroup metric types.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
The switch to urfave/cli had a use of a /v2 API, which
go modules handles correctly but vndr ignores. Downgrade
urfave/cli for now until the switch to go modules. Add
missing dependencies, which vndr now sees.
Note that CI was not catching this issue, it seems that
some part of the build process was pulling in dependencies
even if they weren't in vendor, causing the build to work.
However the vendor check was not seeing it. The ARM build
didn't pull in other dependencies into the gopath, causing
those builds to break.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
The climan package has a command that can be registered with any urfav
cli app to generate man pages.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
