This brings in some cri api changes for cgroups, Windows pod sandbox security
context changes and some new fields for the Windows version of a privileged
container.
This also unfortunately bumps the prometheus client, grpc middleware, bolt
and klog :(
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
full diff: 60c769a6c5...69ecbb4d6d
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
to address CVE-2020-7919:
Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We are separating out the encryption code and have designed a few new
interfaces and APIs for processing content streams. This keep the core
clean of encryption code but enables not only encryption but support of
multiple content types ( custom media types ).
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This seems to pickup a bunch of *.c files and some other changes which follow
from having included some new packages because of that.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Initial vendor list validated with empty $GOPATH
and only master checked out; followed by `make`
and verified that all binaries build properly.
Updates require github.com/LK4D4/vndr tool.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
