github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Files
21220045259f810e05d50185e4d90dfe89e44054
containerd/contrib
History
Sebastiaan van Stijn 2122004525 update to go1.21.4, go1.20.11 
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-05 23:31:28 +01:00
..
ansible
upgrade registry.k8s.io/pause version
2023-05-28 07:59:10 +08:00
apparmor
switch back from golang.org/x/sys/execabs to os/exec (go1.19)
2023-11-02 21:15:40 +01:00
autocomplete
Fix zsh autocomplete script
2020-02-11 19:56:27 +08:00
aws
Move snapshotters benchmark to a separate package
2019-04-02 14:42:21 -07:00
diffservice
Update go module to github.com/containerd/containerd/v2
2023-10-29 20:52:21 -07:00
Dockerfile.test.d
contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages
2023-01-03 20:19:38 +09:00
fuzz
update to go1.21.4, go1.20.11
2023-12-05 23:31:28 +01:00
gce
migrate to community owned bucket
2023-07-25 12:09:54 +03:00
nvidia
switch back from golang.org/x/sys/execabs to os/exec (go1.19)
2023-11-02 21:15:40 +01:00
seccomp
Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile.
2023-11-02 01:23:58 +00:00
snapshotservice
Update go module to github.com/containerd/containerd/v2
2023-10-29 20:52:21 -07:00
Dockerfile.test
update to go1.21.4, go1.20.11
2023-12-05 23:31:28 +01:00
README.md
Add readme to contib
2017-09-18 11:47:27 -04:00

README.md

contrib

The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.

Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.

Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.

Testing

Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.