Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package containerd for openSUSE:Factory checked in at 2022-03-05 14:43:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/containerd (Old) and /work/SRC/openSUSE:Factory/.containerd.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "containerd" Sat Mar 5 14:43:21 2022 rev:47 rq:958598 version:1.4.13 Changes: -------- --- /work/SRC/openSUSE:Factory/containerd/containerd.changes 2021-11-22 23:03:51.417997889 +0100 +++ /work/SRC/openSUSE:Factory/.containerd.new.1958/containerd.changes 2022-03-05 14:44:11.135712555 +0100 @@ -1,0 +2,5 @@ +Thu Mar 3 07:24:10 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441 + +------------------------------------------------------------------- Old: ---- containerd-1.4.12_7b11cfaabd73.tar.xz New: ---- containerd-1.4.13_9cc61520f4cd.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ containerd.spec ++++++ --- /var/tmp/diff_new_pack.GGdMQ5/_old 2022-03-05 14:44:11.647712684 +0100 +++ /var/tmp/diff_new_pack.GGdMQ5/_new 2022-03-05 14:44:11.651712685 +0100 @@ -1,7 +1,7 @@ # # spec file for package containerd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,11 +23,11 @@ %endif # MANUAL: Update the git_version. -%define git_version 7b11cfaabd73bb80907dd23182b9347b4245eb5d -%define git_short 7b11cfaabd73 +%define git_version 9cc61520f4cd876b86e77edfeb88fbcd536d1f9d +%define git_short 9cc61520f4cd Name: containerd -Version: 1.4.12 +Version: 1.4.13 Release: 0 Summary: Standalone OCI Container Daemon License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.GGdMQ5/_old 2022-03-05 14:44:11.683712693 +0100 +++ /var/tmp/diff_new_pack.GGdMQ5/_new 2022-03-05 14:44:11.687712694 +0100 @@ -3,8 +3,8 @@ <param name="url">https://github.com/containerd/containerd.git</param> <param name="scm">git</param> <param name="filename">containerd</param> - <param name="versionformat">1.4.12_%h</param> - <param name="revision">v1.4.12</param> + <param name="versionformat">1.4.13_%h</param> + <param name="revision">v1.4.13</param> <param name="exclude">.git</param> </service> <service name="recompress" mode="disabled"> ++++++ containerd-1.4.12_7b11cfaabd73.tar.xz -> containerd-1.4.13_9cc61520f4cd.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/.github/workflows/ci.yml new/containerd-1.4.13_9cc61520f4cd/.github/workflows/ci.yml --- old/containerd-1.4.12_7b11cfaabd73/.github/workflows/ci.yml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/.github/workflows/ci.yml 2022-03-02 19:03:17.000000000 +0100 @@ -26,7 +26,7 @@ - name: Install Go uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash @@ -82,7 +82,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash @@ -128,7 +128,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash @@ -166,7 +166,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash @@ -199,7 +199,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash @@ -285,7 +285,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/.github/workflows/nightly.yml new/containerd-1.4.13_9cc61520f4cd/.github/workflows/nightly.yml --- old/containerd-1.4.12_7b11cfaabd73/.github/workflows/nightly.yml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/.github/workflows/nightly.yml 2022-03-02 19:03:17.000000000 +0100 @@ -14,7 +14,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Checkout uses: actions/checkout@v1 @@ -138,7 +138,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Checkout uses: actions/checkout@v1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/.github/workflows/release.yml new/containerd-1.4.13_9cc61520f4cd/.github/workflows/release.yml --- old/containerd-1.4.12_7b11cfaabd73/.github/workflows/release.yml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/.github/workflows/release.yml 2022-03-02 19:03:17.000000000 +0100 @@ -62,7 +62,7 @@ - name: Install Go uses: actions/setup-go@v2 with: - go-version: '1.16.10' + go-version: '1.16.14' - name: Set env shell: bash diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/.travis.yml new/containerd-1.4.13_9cc61520f4cd/.travis.yml --- old/containerd-1.4.12_7b11cfaabd73/.travis.yml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/.travis.yml 2022-03-02 19:03:17.000000000 +0100 @@ -15,7 +15,7 @@ - linux go: - - "1.16.10" + - "1.16.14" env: - TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/.zuul/playbooks/containerd-build/run.yaml new/containerd-1.4.13_9cc61520f4cd/.zuul/playbooks/containerd-build/run.yaml --- old/containerd-1.4.12_7b11cfaabd73/.zuul/playbooks/containerd-build/run.yaml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/.zuul/playbooks/containerd-build/run.yaml 2022-03-02 19:03:17.000000000 +0100 @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.16.10' + go_version: '1.16.14' arch: arm64 tasks: - name: Build containerd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/Vagrantfile new/containerd-1.4.13_9cc61520f4cd/Vagrantfile --- old/containerd-1.4.12_7b11cfaabd73/Vagrantfile 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/Vagrantfile 2022-03-02 19:03:17.000000000 +0100 @@ -77,7 +77,7 @@ config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.16.10", + 'GO_VERSION': ENV['GO_VERSION'] || "1.16.14", } sh.inline = <<~SHELL #!/usr/bin/env bash diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/contrib/Dockerfile.test new/containerd-1.4.13_9cc61520f4cd/contrib/Dockerfile.test --- old/containerd-1.4.12_7b11cfaabd73/contrib/Dockerfile.test 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/contrib/Dockerfile.test 2022-03-02 19:03:17.000000000 +0100 @@ -10,7 +10,7 @@ # # docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc93 -f Dockerfile.test ../ -ARG GOLANG_VERSION=1.16.10 +ARG GOLANG_VERSION=1.16.14 FROM golang:${GOLANG_VERSION} AS golang-base RUN mkdir -p /go/src/github.com/containerd/containerd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/contrib/gce/cloud-init/master.yaml new/containerd-1.4.13_9cc61520f4cd/contrib/gce/cloud-init/master.yaml --- old/containerd-1.4.12_7b11cfaabd73/contrib/gce/cloud-init/master.yaml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/contrib/gce/cloud-init/master.yaml 2022-03-02 19:03:17.000000000 +0100 @@ -75,7 +75,8 @@ content: | [Unit] Description=Download and install k8s binaries and configurations - After=network-online.target + After=network-online.target containerd.target + Wants=network-online.target containerd.target [Service] Type=oneshot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/contrib/gce/cloud-init/node.yaml new/containerd-1.4.13_9cc61520f4cd/contrib/gce/cloud-init/node.yaml --- old/containerd-1.4.12_7b11cfaabd73/contrib/gce/cloud-init/node.yaml 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/contrib/gce/cloud-init/node.yaml 2022-03-02 19:03:17.000000000 +0100 @@ -69,7 +69,8 @@ content: | [Unit] Description=Download and install k8s binaries and configurations - After=network-online.target + After=network-online.target containerd.target + Wants=network-online.target containerd.target [Service] Type=oneshot diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/releases/v1.4.13.toml new/containerd-1.4.13_9cc61520f4cd/releases/v1.4.13.toml --- old/containerd-1.4.12_7b11cfaabd73/releases/v1.4.13.toml 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/releases/v1.4.13.toml 2022-03-02 19:03:17.000000000 +0100 @@ -0,0 +1,21 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.4.12" + +pre_release = false + +preface = """\ +The thirteenth patch release for containerd 1.4 is a security release to address +[CVE-2022-23648](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7). + +### Notable Updates + +* **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7)) + +See the changelog for complete list of changes""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/script/setup/install-critools new/containerd-1.4.13_9cc61520f4cd/script/setup/install-critools --- old/containerd-1.4.12_7b11cfaabd73/script/setup/install-critools 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/script/setup/install-critools 2022-03-02 19:03:17.000000000 +0100 @@ -20,7 +20,8 @@ # set -eu -o pipefail -go get -u github.com/onsi/ginkgo/ginkgo +GO111MODULE=on go install github.com/onsi/ginkgo/ginkgo@v1.16.5 + CRITEST_COMMIT=53ad8bb7f97e1b1d1c0c0634e43a3c2b8b07b718 git clone https://github.com/kubernetes-sigs/cri-tools.git "$GOPATH"/src/github.com/kubernetes-sigs/cri-tools cd "$GOPATH"/src/github.com/kubernetes-sigs/cri-tools diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/script/setup/install-dev-tools new/containerd-1.4.13_9cc61520f4cd/script/setup/install-dev-tools --- old/containerd-1.4.12_7b11cfaabd73/script/setup/install-dev-tools 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/script/setup/install-dev-tools 2022-03-02 19:03:17.000000000 +0100 @@ -20,15 +20,13 @@ # set -eu -o pipefail -# install the `protobuild` binary in $GOPATH/bin; requires module-aware install -# to pin dependencies -GO111MODULE=on go get github.com/stevvooe/protobuild +# install `protobuild` and other commands +GO111MODULE=on go install github.com/stevvooe/protobuild@v0.1.0 +GO111MODULE=on go install github.com/cpuguy83/go-md2man/v2@v2.0.0 +GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.23.8 # the following packages need to exist in $GOPATH so we can't use # go modules-aware mode of `go get` for these includes used during # proto building GO111MODULE=off go get -d github.com/gogo/googleapis || true GO111MODULE=off go get -d github.com/gogo/protobuf || true - -GO111MODULE=on go get github.com/cpuguy83/go-md2man/v2@v2.0.0 -GO111MODULE=on go get github.com/golangci/golangci-lint/cmd/golangci-lint@v1.23.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/script/setup/runc-version new/containerd-1.4.13_9cc61520f4cd/script/setup/runc-version --- old/containerd-1.4.12_7b11cfaabd73/script/setup/runc-version 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/script/setup/runc-version 2022-03-02 19:03:17.000000000 +0100 @@ -1 +1 @@ -v1.0.2 +v1.0.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/containerd/cri/README.md new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/containerd/cri/README.md --- old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/containerd/cri/README.md 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/containerd/cri/README.md 2022-03-02 19:03:17.000000000 +0100 @@ -88,7 +88,7 @@ backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty. * **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL) 2. Install **`pkg-config`** (required for linking with `libseccomp`). -3. Install and setup a Go 1.15.5 development environment. +3. Install and setup a Go 1.15.14 development environment. 4. Make a local clone of this repository. 5. Install binary dependencies by running the following command from your cloned `cri/` project directory: ```bash diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go --- old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go 2022-03-02 19:03:17.000000000 +0100 @@ -20,7 +20,6 @@ "context" "io/ioutil" "os" - "path/filepath" "github.com/containerd/containerd" "github.com/containerd/containerd/containers" @@ -88,7 +87,10 @@ }() for host, volume := range volumeMounts { - src := filepath.Join(root, volume) + src, err := fs.RootPath(root, volume) + if err != nil { + return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume) + } if _, err := os.Stat(src); err != nil { if os.IsNotExist(err) { // Skip copying directory if it does not exist. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go --- old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go 2022-03-02 19:03:17.000000000 +0100 @@ -21,6 +21,9 @@ type Index struct { specs.Versioned + // MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json` + MediaType string `json:"mediaType,omitempty"` + // Manifests references platform specific manifests. Manifests []Descriptor `json:"manifests"` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go --- old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go 2022-03-02 19:03:17.000000000 +0100 @@ -20,6 +20,9 @@ type Manifest struct { specs.Versioned + // MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json` + MediaType string `json:"mediaType,omitempty"` + // Config references a configuration object for a container, by digest. // The referenced configuration object is a JSON blob that the runtime uses to set up the container. Config Descriptor `json:"config"` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/version.go new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/version.go --- old/containerd-1.4.12_7b11cfaabd73/vendor/github.com/opencontainers/image-spec/specs-go/version.go 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor/github.com/opencontainers/image-spec/specs-go/version.go 2022-03-02 19:03:17.000000000 +0100 @@ -22,7 +22,7 @@ // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 0 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 1 + VersionPatch = 2 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/vendor.conf new/containerd-1.4.13_9cc61520f4cd/vendor.conf --- old/containerd-1.4.12_7b11cfaabd73/vendor.conf 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/vendor.conf 2022-03-02 19:03:17.000000000 +0100 @@ -30,7 +30,7 @@ github.com/Microsoft/go-winio v0.4.19 github.com/Microsoft/hcsshim v0.8.21 github.com/opencontainers/go-digest v1.0.0 -github.com/opencontainers/image-spec v1.0.1 +github.com/opencontainers/image-spec v1.0.2 github.com/opencontainers/runc v1.0.0-rc94 github.com/opencontainers/runtime-spec 4d89ac9fbff6c455f46a5bb59c6b1bb7184a5e43 # v1.0.3-0.20200728170252-4d89ac9fbff6 github.com/pkg/errors v0.9.1 @@ -57,7 +57,7 @@ github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 3b02bec1603179debe2cde54509b2bfc45fc27d3 # release/1.4 +github.com/containerd/cri 8f1a8a1fb9ebd821a1afe3b3ff3adec7bd33cfdf # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.4.12_7b11cfaabd73/version/version.go new/containerd-1.4.13_9cc61520f4cd/version/version.go --- old/containerd-1.4.12_7b11cfaabd73/version/version.go 2021-11-17 20:52:12.000000000 +0100 +++ new/containerd-1.4.13_9cc61520f4cd/version/version.go 2022-03-02 19:03:17.000000000 +0100 @@ -23,7 +23,7 @@ Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.12+unknown" + Version = "1.4.13+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.