[0.8] update containerd to latest of docker-20.10 branch

This brings the containerd vendoring up-to-date with the latest changes from the docker-20.10 branch in our fork. This fork has fixes that were previously included in Akihiro's fork, and some security fixes that were included in moby patch releases; - Fix Inheritable capability defaults (CVE-2022-24769) - images: validate document type before unmarshal (CVE-2021-41190) - schema1: reject ambiguous documents (CVE-2021-41190) Patches included in the fork; moby/containerd@0edc412...96c5ae0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
moby · Sep 8, 2022 · 215f064 · 215f064
1 parent 4c987d0
commit 215f064
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 17 deletions.
diff --git a/go.mod b/go.mod
@@ -9,8 +9,7 @@ require (
 	github.com/Microsoft/hcsshim v0.8.10
 	github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect
 	github.com/containerd/console v1.0.1
-	// containerd: the actual version is replaced in replace()
-	github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc
+	github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc // the actual version is replaced in replace()
 	github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe
 	github.com/containerd/go-cni v1.0.1
 	github.com/containerd/go-runc v0.0.0-20201020171139-16b287bc67d0
@@ -72,11 +71,16 @@ require (
 )
 
 replace (
-	// containerd: Forked from 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 (20201117) with:
+	// containerd: vendoring from the docker/20.10 branch in https://github.com/moby/containerd
+	//
+	// Forked from 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 (20201117) with:
+	// - `images: validate document type before unmarshal`   (eb9ba7ed8d46d48fb22362f9d91fff6fb837e37e)
+	// - `schema1: reject ambiguous documents`               (70c88f507579277ab7af23b06666e3b57d4b4f2d)
+	// - `Fix the Inheritable capability defaults`           (6906b57c721f9114377ceb069662b196876915c0)
 	// - `Adjust overlay tests to expect "index=off"`        (#4719, for ease of cherry-picking #5076)
 	// - `overlay: support "userxattr" option (kernel 5.11)` (#5076)
 	// - `docker: avoid concurrent map access panic`         (#4855)
-	github.com/containerd/containerd => github.com/AkihiroSuda/containerd v1.1.1-0.20210312044057-48f85a131bb8
+	github.com/containerd/containerd => github.com/moby/containerd v0.0.0-20220901192706-96c5ae04b678
 	// protobuf: corresponds to containerd
 	github.com/golang/protobuf => github.com/golang/protobuf v1.3.5
 	github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe

diff --git a/go.sum b/go.sum
@@ -44,8 +44,6 @@ contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcig
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AkihiroSuda/containerd v1.1.1-0.20210312044057-48f85a131bb8 h1:YqSRKDiQLq/NKLrhiEoxQMvNMDJG49WYf4crjJ1i6Y8=
-github.com/AkihiroSuda/containerd v1.1.1-0.20210312044057-48f85a131bb8/go.mod h1:5IBP++IFtudvjLCXBrBPdXGu8s/AL9xiPCjz0K9psr4=
 github.com/AkihiroSuda/containerd-fuse-overlayfs v1.0.0 h1:LhS8BiMh7ULa6zkkF5XI6piLV5XVTR7mSm9j3hTUB/k=
 github.com/AkihiroSuda/containerd-fuse-overlayfs v1.0.0/go.mod h1:0mMDvQFeLbbn1Wy8P2j3hwFhqBq+FKn8OZPno8WLmp8=
 github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
@@ -622,6 +620,8 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
+github.com/moby/containerd v0.0.0-20220901192706-96c5ae04b678 h1:eDq3voeTd6v6bmQi/gaA/gEMDHGqZ7//yisQlgfkkvM=
+github.com/moby/containerd v0.0.0-20220901192706-96c5ae04b678/go.mod h1:F+mq0u1LuleSUA1uQ74yceU7zJEg15FOIAovIkRiC08=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/sys/mount v0.1.0/go.mod h1:FVQFLDRWwyBjDTBNQXDlWnSFREqOo3OKX9aqhmeoo74=

diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go
diff --git a/vendor/github.com/containerd/containerd/oci/spec.go b/vendor/github.com/containerd/containerd/oci/spec.go
diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts.go b/vendor/github.com/containerd/containerd/oci/spec_opts.go
diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -37,7 +37,7 @@ github.com/Microsoft/hcsshim/osversion
 github.com/containerd/cgroups/stats/v1
 # github.com/containerd/console v1.0.1
 github.com/containerd/console
-# github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc => github.com/AkihiroSuda/containerd v1.1.1-0.20210312044057-48f85a131bb8
+# github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc => github.com/moby/containerd v0.0.0-20220901192706-96c5ae04b678
 github.com/containerd/containerd
 github.com/containerd/containerd/api/services/containers/v1
 github.com/containerd/containerd/api/services/content/v1