From e9176b36cc734b29e8282bbcb07c1a96b9f65289 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 13 Oct 2022 15:05:24 +0200 Subject: [PATCH 1/2] [20.10] vendor: github.com/containerd/continuity v0.3.0 full diff: https://github.com/containerd/continuity/compare/efbc4488d8fe1bdc16bde3b2d2990d9b3a899165...v0.3.0 Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- .../containerd/continuity/README.md | 19 ++++++++----- .../github.com/containerd/continuity/go.mod | 27 +++++++------------ .../containerd/continuity/sysx/nodata_unix.go | 3 ++- .../containerd/continuity/sysx/xattr.go | 1 + .../continuity/sysx/xattr_unsupported.go | 1 + 6 files changed, 26 insertions(+), 27 deletions(-) diff --git a/vendor.conf b/vendor.conf index e8815ecaac..f34faf86b4 100755 --- a/vendor.conf +++ b/vendor.conf @@ -4,7 +4,7 @@ github.com/beorn7/perks 37c8de3658fcb183f997c4e13e83 github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1 github.com/containerd/console 5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1 github.com/containerd/containerd 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 # master (v1.5.0-dev) -github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 +github.com/containerd/continuity 5ad51c7aca47b8e742f5e6e7dc841d50f5f6affd # v0.3.0 github.com/containerd/cgroups 0b889c03f102012f1d93a97ddd3ef71cd6f4f510 github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1 github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12 diff --git a/vendor/github.com/containerd/continuity/README.md b/vendor/github.com/containerd/continuity/README.md index f9f9ef0f96..10996df163 100644 --- a/vendor/github.com/containerd/continuity/README.md +++ b/vendor/github.com/containerd/continuity/README.md @@ -1,19 +1,20 @@ # continuity -[![GoDoc](https://godoc.org/github.com/containerd/continuity?status.svg)](https://godoc.org/github.com/containerd/continuity) -[![Build Status](https://travis-ci.org/containerd/continuity.svg?branch=master)](https://travis-ci.org/containerd/continuity) +[![Go Reference](https://pkg.go.dev/badge/github.com/containerd/continuity.svg)](https://pkg.go.dev/github.com/containerd/continuity) +[![Build Status](https://github.com/containerd/continuity/workflows/Continuity/badge.svg)](https://github.com/containerd/continuity/actions?query=workflow%3AContinuity+branch%3Amain) A transport-agnostic, filesystem metadata manifest system This project is a staging area for experiments in providing transport agnostic metadata storage. -Please see https://github.com/opencontainers/specs/issues/11 for more details. +See [opencontainers/runtime-spec#11](https://github.com/opencontainers/runtime-spec/issues/11) +for more details. ## Manifest Format A continuity manifest encodes filesystem metadata in Protocol Buffers. -Please refer to [proto/manifest.proto](proto/manifest.proto). +Refer to [proto/manifest.proto](proto/manifest.proto) for more details. ## Usage @@ -63,6 +64,10 @@ $ stat -c %a Makefile $ ./bin/continuity verify . /tmp/a.pb ``` +## Platforms + +continuity primarily targets Linux. Continuity may compile for and work on +other operating systems, but those platforms are not tested. ## Contribution Guide ### Building Proto Package @@ -77,8 +82,8 @@ $ go generate ./proto continuity is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). As a containerd sub-project, you will find the: - * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md), - * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS), - * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md) + * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), + * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), + * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) information in our [`containerd/project`](https://github.com/containerd/project) repository. diff --git a/vendor/github.com/containerd/continuity/go.mod b/vendor/github.com/containerd/continuity/go.mod index 75a061aaac..b1a393cc96 100644 --- a/vendor/github.com/containerd/continuity/go.mod +++ b/vendor/github.com/containerd/continuity/go.mod @@ -1,23 +1,14 @@ module github.com/containerd/continuity -go 1.13 +go 1.17 require ( - bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898 - github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4 - github.com/golang/protobuf v1.2.0 - github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/onsi/ginkgo v1.10.1 // indirect - github.com/onsi/gomega v1.7.0 // indirect - github.com/opencontainers/go-digest v1.0.0-rc1 - github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7 - github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2 - github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee - github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95 // indirect - github.com/stretchr/testify v1.4.0 // indirect - golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3 // indirect - golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e - gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect - gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect + github.com/Microsoft/go-winio v0.5.2 + github.com/opencontainers/go-digest v1.0.0 + github.com/sirupsen/logrus v1.8.1 + golang.org/x/sync v0.0.0-20210220032951-036812b2e83c + golang.org/x/sys v0.0.0-20220405210540-1e041c57c461 + google.golang.org/protobuf v1.26.0 ) + +require github.com/stretchr/testify v1.3.0 // indirect diff --git a/vendor/github.com/containerd/continuity/sysx/nodata_unix.go b/vendor/github.com/containerd/continuity/sysx/nodata_unix.go index de4b3d50ce..e78f77f6a1 100644 --- a/vendor/github.com/containerd/continuity/sysx/nodata_unix.go +++ b/vendor/github.com/containerd/continuity/sysx/nodata_unix.go @@ -1,4 +1,5 @@ -// +build darwin freebsd openbsd +//go:build !(linux || solaris || windows) +// +build !linux,!solaris,!windows /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/continuity/sysx/xattr.go b/vendor/github.com/containerd/continuity/sysx/xattr.go index db6fe70fe9..1497398553 100644 --- a/vendor/github.com/containerd/continuity/sysx/xattr.go +++ b/vendor/github.com/containerd/continuity/sysx/xattr.go @@ -1,3 +1,4 @@ +//go:build linux || darwin // +build linux darwin /* diff --git a/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go b/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go index f8fa8c63fb..da1e940d62 100644 --- a/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go +++ b/vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !darwin // +build !linux,!darwin /* From e82aa8574116c2ec5995b10e1416fda1ff1e8f9a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 13 Oct 2022 15:20:33 +0200 Subject: [PATCH 2/2] [20.10] vendor: github.com/docker/docker v20.10.18 full diff: https://github.com/docker/docker/compare/v20.10.17...v20.10.18 Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- vendor/github.com/docker/docker/client/client.go | 3 --- vendor/github.com/docker/docker/client/request.go | 12 ++++-------- .../docker/docker/pkg/archive/archive_unix.go | 4 ++-- vendor/github.com/docker/docker/pkg/archive/copy.go | 10 ++++++++++ .../docker/docker/pkg/system/stat_linux.go | 2 +- .../github.com/docker/docker/registry/endpoint_v1.go | 5 +---- vendor/github.com/docker/docker/vendor.conf | 8 ++++---- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/vendor.conf b/vendor.conf index f34faf86b4..824b20ccdc 100755 --- a/vendor.conf +++ b/vendor.conf @@ -13,7 +13,7 @@ github.com/creack/pty 2a38352e8b4d7ab6c336eef107e4 github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/docker/compose-on-kubernetes 1f9b5b8cb6aca13deee947511801cf89447c1bfe # v0.5.0 github.com/docker/distribution b5ca020cfbe998e5af3457fda087444cf5116496 # v2.8.1 -github.com/docker/docker a89b84221c8560e7a3dee2a653353429e7628424 # v20.10.17 +github.com/docker/docker e42327a6d3c55ceda3bd5475be7aae6036d02db3 # v20.10.18 github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go index 21edf1fa1f..9b2b2eaeb8 100644 --- a/vendor/github.com/docker/docker/client/client.go +++ b/vendor/github.com/docker/docker/client/client.go @@ -135,9 +135,6 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) { } } - if _, ok := c.client.Transport.(http.RoundTripper); !ok { - return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", c.client.Transport) - } if c.scheme == "" { c.scheme = "http" diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go index 813eac2c9e..7f54b1dd80 100644 --- a/vendor/github.com/docker/docker/client/request.go +++ b/vendor/github.com/docker/docker/client/request.go @@ -150,10 +150,8 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp if err.Timeout() { return serverResp, ErrorConnectionFailed(cli.host) } - if !err.Temporary() { - if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") { - return serverResp, ErrorConnectionFailed(cli.host) - } + if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") { + return serverResp, ErrorConnectionFailed(cli.host) } } @@ -242,10 +240,8 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request req.Header.Set(k, v) } - if headers != nil { - for k, v := range headers { - req.Header[k] = v - } + for k, v := range headers { + req.Header[k] = v } return req } diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go index 1eb0b74c35..fea53d3ae2 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go @@ -52,8 +52,8 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) ( // Currently go does not fill in the major/minors if s.Mode&unix.S_IFBLK != 0 || s.Mode&unix.S_IFCHR != 0 { - hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert - hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert + hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert + hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert } } diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go index 57fddac078..4b9f504d7d 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy.go @@ -354,6 +354,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read return } + // Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433 + // and https://cure53.de/pentest-report_opa.pdf, which recommends to + // replace io.Copy with io.CopyN7. The latter allows to specify the + // maximum number of bytes that should be read. By properly defining + // the limit, it can be assured that a GZip compression bomb cannot + // easily cause a Denial-of-Service. + // After reviewing with @tonistiigi and @cpuguy83, this should not + // affect us, because here we do not read into memory, hence should + // not be vulnerable to this code consuming memory. + //nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err = io.Copy(rebasedTar, srcTar); err != nil { w.CloseWithError(err) return diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go index 17d5d131a3..3ac02393f0 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go @@ -9,7 +9,7 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) { uid: s.Uid, gid: s.Gid, // the type is 32bit on mips - rdev: uint64(s.Rdev), // nolint: unconvert + rdev: uint64(s.Rdev), //nolint: unconvert mtim: s.Mtim}, nil } diff --git a/vendor/github.com/docker/docker/registry/endpoint_v1.go b/vendor/github.com/docker/docker/registry/endpoint_v1.go index db342d1412..a355a4f872 100644 --- a/vendor/github.com/docker/docker/registry/endpoint_v1.go +++ b/vendor/github.com/docker/docker/registry/endpoint_v1.go @@ -89,10 +89,7 @@ func trimV1Address(address string) (string, error) { apiVersionStr string ) - if strings.HasSuffix(address, "/") { - address = address[:len(address)-1] - } - + address = strings.TrimSuffix(address, "/") chunks = strings.Split(address, "/") apiVersionStr = chunks[len(chunks)-1] if apiVersionStr == "v1" { diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf index 54e97e4562..1cafd8252e 100644 --- a/vendor/github.com/docker/docker/vendor.conf +++ b/vendor/github.com/docker/docker/vendor.conf @@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware 3c51f7f332123e8be5a157c0802a # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork f6ccccb1c082a432c2a5814aaedaca56af33d9ea +github.com/docker/libnetwork 0dde5c895075df6e3630e76f750a447cf63f4789 github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec @@ -79,7 +79,7 @@ github.com/modern-go/reflect2 94122c33edd36123c84d5368cfb2 # get graph and distribution packages github.com/docker/distribution b5ca020cfbe998e5af3457fda087444cf5116496 # v2.8.1 -github.com/vbatts/tar-split 620714a4c508c880ac1bdda9c8370a2b19af1a55 # v0.11.1 +github.com/vbatts/tar-split 80a436fd6164c557b131f7c59ed69bd81af69761 # v0.11.2 github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0 # get go-zfs packages @@ -132,9 +132,9 @@ github.com/googleapis/gax-go bd5b16380fd03dc758d11cef74ba google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8 # containerd -github.com/containerd/containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791 https://github.com/moby/containerd.git # master (v1.5.0-dev) + patch for CVE-2021-41190 and CVE-2022-24769 +github.com/containerd/containerd 96c5ae04b6784e180aaeee50fba715ac448ddb0d https://github.com/moby/containerd.git # docker-20.10 branch github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb -github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 +github.com/containerd/continuity 5ad51c7aca47b8e742f5e6e7dc841d50f5f6affd # v0.3.0 github.com/containerd/cgroups b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1 github.com/containerd/console 5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1 github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b