Update Go runtime to 1.18.5 to address CVE-2022-32189.
Full diff:
https://github.com/golang/go/compare/go1.18.4...go1.18.5
--------------------------------------------------------
From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.
These minor releases include 1 security fixes following the security
policy:
encoding/gob & math/big: decoding big.Float and big.Rat can panic
Decoding big.Float and big.Rat types can panic if the encoded message is
too short.
This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.5
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
Previously we were reassigning os.Stderr to the panic.log file we create
when getting asked to run Containerd as a Windows service. The panic.log
file was used as a means to easily collect panic stacks as Windows
services don't have regular standard IO, and the usual recommendation
is to either write to the event log or just to a file in the case of
running as a service.
One place where this panic.log flow was biting us was with shim logging,
which is forwarded from the shim and copied to os.Stderr directly which was
causing shim logs to get forwarded to this panic.log file instead of just
panics. We expose an additional `--log-file` flag if you ask to run a
windows service which is the main way you'd get Containerd logs, and with
this change all of the shim logging which would today end up in panic.log
will now also go to this log file.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
Add a test to the CRI suite to validate stats functions for hostprocess
containers. hcsshim v0.9.3 had a bug in stats collection so this is
mainly for sanity and to avoid another regression.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This tag contains some fixes for hostprocess containers, mainly around
fixing task stats which regressed from a change in v0.9.3.
https://github.com/microsoft/hcsshim/releases/tag/v0.9.4
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
The ghcr.io/containerd/registry:2.7 image does not support the ppc64le
architecture, causing the TestCRIImagePullTimeout tests to fail when
executed on a ppc64le device.
Replace the ghcr.io/containerd/registry:2.7 image name and index with
the ghcr.io/containerd/volume-ownership:2.1 image and index in the
HoldingContentOpenWriter test.
Change the image pulled in the NoDataTransferred test to the
ghcr.io/containerd/volume-ownership:2.1 image.
Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
This tag brings in a new field to fix an HNS issue in ws2019 as well as
an optimization for collecting Windows stats (memory, cpu, iops).
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
`ioutil` has been deprecated by golang. All the code in `ioutil` just
forwards functionality to code in either the `io` or `os` packages.
See https://github.com/golang/go/pull/51961 for more info.
Signed-off-by: Jeff Widman <jeff@jeffwidman.com>
