Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package containerd for openSUSE:Factory checked in at 2022-12-09 13:15:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/containerd (Old) and /work/SRC/openSUSE:Factory/.containerd.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "containerd" Fri Dec 9 13:15:29 2022 rev:52 rq:1041295 version:1.6.12 Changes: -------- --- /work/SRC/openSUSE:Factory/containerd/containerd.changes 2022-12-07 17:35:42.052780887 +0100 +++ /work/SRC/openSUSE:Factory/.containerd.new.1835/containerd.changes 2022-12-09 13:15:30.366277147 +0100 @@ -1,0 +2,12 @@ +Thu Dec 8 01:28:48 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to containerd v1.6.12 to fix CVE-2022-23471. Upstream release notes: + <https://github.com/containerd/containerd/releases/tag/v1.6.11> + +------------------------------------------------------------------- +Tue Dec 6 22:41:50 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to containerd v1.6.11. Upstream release notes: + <https://github.com/containerd/containerd/releases/tag/v1.6.11> + +------------------------------------------------------------------- Old: ---- containerd-1.6.9_1c90a4424897.tar.xz New: ---- containerd-1.6.12_a05d175400b1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ containerd.spec ++++++ --- /var/tmp/diff_new_pack.mheNIl/_old 2022-12-09 13:15:30.934280125 +0100 +++ /var/tmp/diff_new_pack.mheNIl/_new 2022-12-09 13:15:30.938280146 +0100 @@ -23,14 +23,14 @@ %endif # MANUAL: Update the git_version. -%define git_version 1c90a442489720eec95342e1789ee8a5e1b9536f -%define git_short 1c90a4424897 +%define git_version a05d175400b1145e5e6a735a6710579d181e7fb0 +%define git_short a05d175400b1 %global provider_prefix github.com/containerd/containerd %global import_path %{provider_prefix} Name: containerd -Version: 1.6.9 +Version: 1.6.12 Release: 0 Summary: Standalone OCI Container Daemon License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.mheNIl/_old 2022-12-09 13:15:30.990280419 +0100 +++ /var/tmp/diff_new_pack.mheNIl/_new 2022-12-09 13:15:30.994280440 +0100 @@ -3,8 +3,8 @@ <param name="url">https://github.com/containerd/containerd.git</param> <param name="scm">git</param> <param name="filename">containerd</param> - <param name="versionformat">1.6.9_%h</param> - <param name="revision">v1.6.9</param> + <param name="versionformat">1.6.12_%h</param> + <param name="revision">v1.6.12</param> <param name="exclude">.git</param> </service> <service name="recompress" mode="disabled"> ++++++ containerd-1.6.9_1c90a4424897.tar.xz -> containerd-1.6.12_a05d175400b1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/build-test-images.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/build-test-images.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/build-test-images.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/build-test-images.yml 2022-12-07 22:50:27.000000000 +0100 @@ -39,7 +39,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/ci.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/ci.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/ci.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/ci.yml 2022-12-07 22:50:27.000000000 +0100 @@ -20,7 +20,7 @@ strategy: matrix: - go-version: [1.18.7] + go-version: [1.18.9] os: [ubuntu-18.04, macos-12, windows-2019] steps: @@ -46,7 +46,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: @@ -78,7 +78,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: @@ -110,7 +110,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 - run: go install github.com/cpuguy83/go-md2man/v2@v2.0.1 - run: make man @@ -148,7 +148,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 - run: | set -e -x @@ -215,7 +215,7 @@ strategy: matrix: os: [ubuntu-18.04, macos-12, windows-2019, windows-2022] - go-version: ['1.17.13', '1.18.7'] + go-version: ['1.17.13', '1.18.9'] steps: - uses: actions/setup-go@v2 @@ -262,7 +262,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: @@ -352,7 +352,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 @@ -475,7 +475,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 - run: sudo -E PATH=$PATH script/setup/install-gotestsum - name: Tests diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/codeql.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/codeql.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/codeql.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/codeql.yml 2022-12-07 22:50:27.000000000 +0100 @@ -26,7 +26,7 @@ - uses: actions/setup-go@v2 with: - go-version: 1.18.7 + go-version: 1.18.9 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/images.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/images.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/images.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/images.yml 2022-12-07 22:50:27.000000000 +0100 @@ -24,7 +24,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/nightly.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/nightly.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/nightly.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/nightly.yml 2022-12-07 22:50:27.000000000 +0100 @@ -18,7 +18,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: @@ -155,7 +155,7 @@ steps: - uses: actions/setup-go@v2 with: - go-version: '1.18.7' + go-version: '1.18.9' - uses: actions/checkout@v2 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/release.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/release.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/release.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/release.yml 2022-12-07 22:50:27.000000000 +0100 @@ -38,7 +38,7 @@ id: contentrel run: | RELEASEVER=${{ github.ref }} - echo "::set-output name=stringver::${RELEASEVER#refs/tags/v}" + echo "stringver=${RELEASEVER#refs/tags/v}" >> $GITHUB_OUTPUT git tag -l ${RELEASEVER#refs/tags/} -n20000 | tail -n +3 | cut -c 5- >release-notes.md working-directory: src/github.com/containerd/containerd @@ -111,7 +111,7 @@ find ./releases/ -maxdepth 1 -type l | xargs rm working-directory: src/github.com/containerd/containerd env: - GO_VERSION: '1.18.7' + GO_VERSION: '1.18.9' PLATFORM: ${{ matrix.platform }} - name: Save Artifacts uses: actions/upload-artifact@v2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/.github/workflows/windows-periodic.yml new/containerd-1.6.12_a05d175400b1/.github/workflows/windows-periodic.yml --- old/containerd-1.6.9_1c90a4424897/.github/workflows/windows-periodic.yml 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/.github/workflows/windows-periodic.yml 2022-12-07 22:50:27.000000000 +0100 @@ -217,8 +217,8 @@ - name: AssignGcpCreds id: AssignGcpCreds run: | - echo '::set-output name=GCP_SERVICE_ACCOUNT::${{ secrets.GCP_SERVICE_ACCOUNT }}' - echo '::set-output name=GCP_WORKLOAD_IDENTITY_PROVIDER::${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' + echo 'GCP_SERVICE_ACCOUNT=${{ secrets.GCP_SERVICE_ACCOUNT }}' >> $GITHUB_OUTPUT + echo 'GCP_WORKLOAD_IDENTITY_PROVIDER=${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' >> $GITHUB_OUTPUT - name: AuthGcp uses: google-github-actions/auth@v0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/Vagrantfile new/containerd-1.6.12_a05d175400b1/Vagrantfile --- old/containerd-1.6.9_1c90a4424897/Vagrantfile 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/Vagrantfile 2022-12-07 22:50:27.000000000 +0100 @@ -91,7 +91,7 @@ config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.18.7", + 'GO_VERSION': ENV['GO_VERSION'] || "1.18.9", } sh.inline = <<~SHELL #!/usr/bin/env bash diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/cmd/ctr/commands/images/export.go new/containerd-1.6.12_a05d175400b1/cmd/ctr/commands/images/export.go --- old/containerd-1.6.9_1c90a4424897/cmd/ctr/commands/images/export.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/cmd/ctr/commands/images/export.go 2022-12-07 22:50:27.000000000 +0100 @@ -80,7 +80,7 @@ } exportOpts = append(exportOpts, archive.WithPlatform(platforms.Ordered(all...))) } else { - exportOpts = append(exportOpts, archive.WithPlatform(platforms.Default())) + exportOpts = append(exportOpts, archive.WithPlatform(platforms.DefaultStrict())) } if context.Bool("all-platforms") { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/cmd/ctr/commands/images/import.go new/containerd-1.6.12_a05d175400b1/cmd/ctr/commands/images/import.go --- old/containerd-1.6.9_1c90a4424897/cmd/ctr/commands/images/import.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/cmd/ctr/commands/images/import.go 2022-12-07 22:50:27.000000000 +0100 @@ -89,9 +89,9 @@ Action: func(context *cli.Context) error { var ( - in = context.Args().First() - opts []containerd.ImportOpt - platformMacher platforms.MatchComparer + in = context.Args().First() + opts []containerd.ImportOpt + platformMatcher platforms.MatchComparer ) prefix := context.String("base-name") @@ -126,8 +126,8 @@ if err != nil { return err } - platformMacher = platforms.Only(platSpec) - opts = append(opts, containerd.WithImportPlatform(platformMacher)) + platformMatcher = platforms.OnlyStrict(platSpec) + opts = append(opts, containerd.WithImportPlatform(platformMatcher)) } opts = append(opts, containerd.WithAllPlatforms(context.Bool("all-platforms"))) @@ -160,10 +160,10 @@ log.G(ctx).Debugf("unpacking %d images", len(imgs)) for _, img := range imgs { - if platformMacher == nil { // if platform not specified use default. - platformMacher = platforms.Default() + if platformMatcher == nil { // if platform not specified use default. + platformMatcher = platforms.Default() } - image := containerd.NewImageWithPlatform(client, img, platformMacher) + image := containerd.NewImageWithPlatform(client, img, platformMatcher) // TODO: Show unpack status fmt.Printf("unpacking %s (%s)...", img.Name, img.Target.Digest) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/contrib/Dockerfile.test new/containerd-1.6.12_a05d175400b1/contrib/Dockerfile.test --- old/containerd-1.6.9_1c90a4424897/contrib/Dockerfile.test 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/contrib/Dockerfile.test 2022-12-07 22:50:27.000000000 +0100 @@ -10,7 +10,7 @@ # # docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../ -ARG GOLANG_VERSION=1.18.7 +ARG GOLANG_VERSION=1.18.9 ARG GOLANG_IMAGE=golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/go.mod new/containerd-1.6.12_a05d175400b1/go.mod --- old/containerd-1.6.9_1c90a4424897/go.mod 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/go.mod 2022-12-07 22:50:27.000000000 +0100 @@ -5,7 +5,7 @@ require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 github.com/Microsoft/go-winio v0.5.2 - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.9.5 github.com/containerd/aufs v1.0.0 github.com/containerd/btrfs v1.0.0 github.com/containerd/cgroups v1.0.3 @@ -95,7 +95,7 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect github.com/moby/spdystream v0.2.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/go.sum new/containerd-1.6.12_a05d175400b1/go.sum --- old/containerd-1.6.9_1c90a4424897/go.sum 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/go.sum 2022-12-07 22:50:27.000000000 +0100 @@ -83,8 +83,8 @@ github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.5 h1:AbV+VPfTrIVffukazHcpxmz/sRiE6YaMDzHWR9BXZHo= +github.com/Microsoft/hcsshim v0.9.5/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -623,8 +623,9 @@ github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/integration/client/go.mod new/containerd-1.6.12_a05d175400b1/integration/client/go.mod --- old/containerd-1.6.9_1c90a4424897/integration/client/go.mod 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/integration/client/go.mod 2022-12-07 22:50:27.000000000 +0100 @@ -3,7 +3,7 @@ go 1.15 require ( - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.9.5 github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 github.com/containerd/cgroups v1.0.3 // the actual version of containerd is replaced with the code at the root of this repository diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/integration/client/go.sum new/containerd-1.6.12_a05d175400b1/integration/client/go.sum --- old/containerd-1.6.9_1c90a4424897/integration/client/go.sum 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/integration/client/go.sum 2022-12-07 22:50:27.000000000 +0100 @@ -55,8 +55,8 @@ github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.5 h1:AbV+VPfTrIVffukazHcpxmz/sRiE6YaMDzHWR9BXZHo= +github.com/Microsoft/hcsshim v0.9.5/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 h1:pVKfKyPkXna29XlGjxSr9J0A7vNucOUHZ/2ClcTWalw= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1/go.mod h1:Cmvnhlie15Ha2UYrJs9EhgSx76Bq9RV2FgfEiT78GhI= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -422,6 +422,7 @@ github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/integration/sandbox_clean_remove_windows_test.go new/containerd-1.6.12_a05d175400b1/integration/sandbox_clean_remove_windows_test.go --- old/containerd-1.6.9_1c90a4424897/integration/sandbox_clean_remove_windows_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.6.12_a05d175400b1/integration/sandbox_clean_remove_windows_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -0,0 +1,179 @@ +//go:build windows +// +build windows + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package integration + +import ( + "context" + "fmt" + "strconv" + "testing" + + "github.com/Microsoft/hcsshim/osversion" + "github.com/stretchr/testify/require" + "golang.org/x/sys/windows/registry" + runtime "k8s.io/cri-api/pkg/apis/runtime/v1" +) + +// Returns what nanoserver image version to use according to the build number +func getTestImage() (string, error) { + k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE) + if err != nil { + return "", err + } + defer k.Close() + + b, _, _ := k.GetStringValue("CurrentBuild") + buildNum, _ := strconv.Atoi(b) + + switch buildNum { + case osversion.RS1: + return "mcr.microsoft.com/windows/nanoserver:sac2016", nil + case osversion.RS3: + return "mcr.microsoft.com/windows/nanoserver:1709", nil + case osversion.RS4: + return "mcr.microsoft.com/windows/nanoserver:1803", nil + case osversion.RS5: + return "mcr.microsoft.com/windows/nanoserver:1809", nil + case osversion.V19H1: + return "mcr.microsoft.com/windows/nanoserver:1903", nil + case osversion.V19H2: + return "mcr.microsoft.com/windows/nanoserver:1909", nil + case osversion.V20H1: + return "mcr.microsoft.com/windows/nanoserver:2004", nil + case osversion.V20H2: + return "mcr.microsoft.com/windows/nanoserver:20H2", nil + case osversion.V21H2Server: + return "mcr.microsoft.com/windows/nanoserver:ltsc2022", nil + default: + // Due to some efforts in improving down-level compatibility for Windows containers (see + // https://techcommunity.microsoft.com/t5/containers/windows-server-2022-and-beyond-for-containers/ba-p/2712487) + // the ltsc2022 image should continue to work on builds ws2022 and onwards (Windows 11 for example). With this in mind, + // if there's no mapping for the host build just use the Windows Server 2022 image. + if buildNum > osversion.V21H2Server { + return "mcr.microsoft.com/windows/nanoserver:ltsc2022", nil + } + return "", fmt.Errorf("No test image defined for Windows build version: %s", b) + } +} + +func removePodSandbox(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, podID string) { + t.Helper() + _, err := client.RemovePodSandbox(ctx, &runtime.RemovePodSandboxRequest{ + PodSandboxId: podID, + }) + require.NoError(t, err, "failed RemovePodSandbox for sandbox: %s", podID) +} + +func stopPodSandbox(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, podID string) { + t.Helper() + _, err := client.StopPodSandbox(ctx, &runtime.StopPodSandboxRequest{ + PodSandboxId: podID, + }) + require.NoError(t, err, "failed StopPodSandbox for sandbox: %s", podID) +} + +func stopContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.StopContainer(ctx, &runtime.StopContainerRequest{ + ContainerId: containerID, + Timeout: 0, + }) + require.NoError(t, err, "failed StopContainer request for container: %s", containerID) +} + +func startContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.StartContainer(ctx, &runtime.StartContainerRequest{ + ContainerId: containerID, + }) + require.NoError(t, err, "failed StartContainer request for container: %s", containerID) +} + +func removeContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.RemoveContainer(ctx, &runtime.RemoveContainerRequest{ + ContainerId: containerID, + }) + require.NoError(t, err, "failed RemoveContainer request for container: %s", containerID) +} + +// This test checks if create/stop and remove pods and containers work as expected +func TestCreateContainer(t *testing.T) { + testImage, err := getTestImage() + if err != nil { + t.Skip("skipping test, error: ", err) + } + client, err := RawRuntimeClient() + require.NoError(t, err, "failed to get raw grpc runtime service client") + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(func() { cancel() }) + + t.Log("Create a pod sandbox") + sbConfig := &runtime.PodSandboxConfig{ + Metadata: &runtime.PodSandboxMetadata{ + Name: t.Name(), + }, + } + sandboxRequest := &runtime.RunPodSandboxRequest{ + Config: sbConfig, + RuntimeHandler: "runhcs-wcow-process", + } + sandBoxResponse, err := client.RunPodSandbox(ctx, sandboxRequest) + require.NoError(t, err, "failed RunPodSandbox request") + // Make sure the sandbox is cleaned up. + t.Cleanup(func() { removePodSandbox(ctx, t, client, sandBoxResponse.PodSandboxId) }) + t.Cleanup(func() { stopPodSandbox(ctx, t, client, sandBoxResponse.PodSandboxId) }) + + EnsureImageExists(t, testImage) + + t.Log("Create a container") + createCtrRequest := &runtime.CreateContainerRequest{ + Config: &runtime.ContainerConfig{ + Metadata: &runtime.ContainerMetadata{ + Name: t.Name() + "-CreateContainerTest", + }, + Image: &runtime.ImageSpec{ + Image: testImage, + }, + Command: []string{ + "cmd", + "/c", + "ping", + "-t", + "127.0.0.1", + }, + Windows: &runtime.WindowsContainerConfig{ + Resources: &runtime.WindowsContainerResources{ + CpuShares: 500, + }, + }, + }, + PodSandboxId: sandBoxResponse.PodSandboxId, + SandboxConfig: sandboxRequest.Config, + } + + createCtrResponse, err := client.CreateContainer(ctx, createCtrRequest) + require.NoError(t, err, "failed CreateContainer request in sandbox: %s", sandBoxResponse.PodSandboxId) + // Make sure the container is cleaned up. + t.Cleanup(func() { removeContainer(ctx, t, client, createCtrResponse.ContainerId) }) + + startContainer(ctx, t, client, createCtrResponse.ContainerId) + stopContainer(ctx, t, client, createCtrResponse.ContainerId) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/leases/lease.go new/containerd-1.6.12_a05d175400b1/leases/lease.go --- old/containerd-1.6.9_1c90a4424897/leases/lease.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/leases/lease.go 2022-12-07 22:50:27.000000000 +0100 @@ -65,10 +65,15 @@ return nil } -// WithLabels sets labels on a lease +// WithLabels merges labels on a lease func WithLabels(labels map[string]string) Opt { return func(l *Lease) error { - l.Labels = labels + if l.Labels == nil { + l.Labels = map[string]string{} + } + for k, v := range labels { + l.Labels[k] = v + } return nil } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/leases/lease_test.go new/containerd-1.6.12_a05d175400b1/leases/lease_test.go --- old/containerd-1.6.9_1c90a4424897/leases/lease_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.6.12_a05d175400b1/leases/lease_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -0,0 +1,83 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package leases + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestWithLabels(t *testing.T) { + type unitTest struct { + name string + uut *Lease + labels map[string]string + expected map[string]string + } + + addLabelsToEmptyMap := &unitTest{ + name: "AddLabelsToEmptyMap", + uut: &Lease{}, + labels: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + }, + expected: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + }, + } + + addLabelsToNonEmptyMap := &unitTest{ + name: "AddLabelsToNonEmptyMap", + uut: &Lease{ + Labels: map[string]string{ + "containerd.io/gc.expire": "2015-12-05T00:00:00Z", + }, + }, + labels: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + "containerd.io/gc.ref.snapshot.overlayfs": "sha256:87806a591ce894ff5c699c28fe02093d6cdadd6b1ad86819acea05ccb212ff3d", + }, + expected: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + "containerd.io/gc.ref.snapshot.overlayfs": "sha256:87806a591ce894ff5c699c28fe02093d6cdadd6b1ad86819acea05ccb212ff3d", + "containerd.io/gc.expire": "2015-12-05T00:00:00Z", + }, + } + + testcases := []*unitTest{ + addLabelsToEmptyMap, + addLabelsToNonEmptyMap, + } + + for _, testcase := range testcases { + testcase := testcase + + t.Run(testcase.name, func(t *testing.T) { + f := WithLabels(testcase.labels) + + err := f(testcase.uut) + require.NoError(t, err) + + for k, v := range testcase.expected { + assert.Contains(t, testcase.uut.Labels, k) + assert.Equal(t, v, testcase.uut.Labels[k]) + } + }) + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/annotations/annotations.go new/containerd-1.6.12_a05d175400b1/pkg/cri/annotations/annotations.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/annotations/annotations.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/annotations/annotations.go 2022-12-07 22:50:27.000000000 +0100 @@ -58,6 +58,11 @@ // SandboxNamespace is the name of the namespace of the sandbox (pod) SandboxNamespace = "io.kubernetes.cri.sandbox-namespace" + // SandboxUID is the uid of the sandbox (pod) passed to CRI via RunPodSanbox, + // this field is useful for linking the uid created by the CRI client (e.g. kubelet) + // to the internal Sandbox.ID created by the containerd sandbox service + SandboxUID = "io.kubernetes.cri.sandbox-uid" + // SandboxName is the name of the sandbox (pod) SandboxName = "io.kubernetes.cri.sandbox-name" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_linux.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_linux.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_linux.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_linux.go 2022-12-07 22:50:27.000000000 +0100 @@ -301,6 +301,7 @@ customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), customopts.WithAnnotation(annotations.SandboxID, sandboxID), customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), customopts.WithAnnotation(annotations.ContainerName, containerName), customopts.WithAnnotation(annotations.ImageName, imageName), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_linux_test.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_linux_test.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_linux_test.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_linux_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -179,6 +179,9 @@ assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-sandbox-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-sandbox-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-sandbox-name") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_windows.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_windows.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_windows.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_windows.go 2022-12-07 22:50:27.000000000 +0100 @@ -128,6 +128,7 @@ customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), customopts.WithAnnotation(annotations.SandboxID, sandboxID), customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), customopts.WithAnnotation(annotations.ContainerName, containerName), customopts.WithAnnotation(annotations.ImageName, imageName), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_windows_test.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_windows_test.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/container_create_windows_test.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/container_create_windows_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -130,6 +130,9 @@ assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-sandbox-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-sandbox-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-sandbox-name") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/helpers.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/helpers.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/helpers.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/helpers.go 2022-12-07 22:50:27.000000000 +0100 @@ -494,7 +494,11 @@ if spec.Windows.Resources.CPU != nil { if spec.Windows.Resources.CPU.Shares != nil { status.Resources.Windows.CpuShares = int64(*spec.Windows.Resources.CPU.Shares) + } + if spec.Windows.Resources.CPU.Count != nil { status.Resources.Windows.CpuCount = int64(*spec.Windows.Resources.CPU.Count) + } + if spec.Windows.Resources.CPU.Maximum != nil { status.Resources.Windows.CpuMaximum = int64(*spec.Windows.Resources.CPU.Maximum) } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_linux.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_linux.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_linux.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_linux.go 2022-12-07 22:50:27.000000000 +0100 @@ -175,6 +175,7 @@ customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), customopts.WithAnnotation(annotations.SandboxID, id), customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_linux_test.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_linux_test.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_linux_test.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_linux_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -78,6 +78,9 @@ assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-name") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_windows.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_windows.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_windows.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_windows.go 2022-12-07 22:50:27.000000000 +0100 @@ -84,6 +84,7 @@ customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), customopts.WithAnnotation(annotations.SandboxID, id), customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_windows_test.go new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_windows_test.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/server/sandbox_run_windows_test.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/server/sandbox_run_windows_test.go 2022-12-07 22:50:27.000000000 +0100 @@ -80,6 +80,9 @@ assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-name") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/pkg/cri/streaming/remotecommand/httpstream.go new/containerd-1.6.12_a05d175400b1/pkg/cri/streaming/remotecommand/httpstream.go --- old/containerd-1.6.9_1c90a4424897/pkg/cri/streaming/remotecommand/httpstream.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/pkg/cri/streaming/remotecommand/httpstream.go 2022-12-07 22:50:27.000000000 +0100 @@ -33,6 +33,7 @@ package remotecommand import ( + gocontext "context" "encoding/json" "errors" "fmt" @@ -132,7 +133,7 @@ if ctx.resizeStream != nil { ctx.resizeChan = make(chan remotecommand.TerminalSize) - go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) + go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) } return ctx, true @@ -425,7 +426,7 @@ // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } -func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { +func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { defer runtime.HandleCrash() defer close(channel) @@ -435,7 +436,15 @@ if err := decoder.Decode(&size); err != nil { break } - channel <- size + + select { + case channel <- size: + case <-ctx.Done(): + // To avoid leaking this routine, exit if the http request finishes. This path + // would generally be hit if starting the process fails and nothing is started to + // ingest these resize events. + return + } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/releases/v1.6.10.toml new/containerd-1.6.12_a05d175400b1/releases/v1.6.10.toml --- old/containerd-1.6.9_1c90a4424897/releases/v1.6.10.toml 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.6.12_a05d175400b1/releases/v1.6.10.toml 2022-12-07 22:50:27.000000000 +0100 @@ -0,0 +1,22 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.9" + +pre_release = false + +preface = """\ +The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms. + +### Notable Updates + +* **Always check userxattr for overlay on kernels >= 5.11** ([#7646](https://github.com/containerd/containerd/pull/7646)) +* **Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows** ([#7610](https://github.com/containerd/containerd/pull/7610) +* **Bump Go version to 1.18.8 to address CVE-2022-41716** ([#7634](https://github.com/containerd/containerd/pull/7634)) + +See the changelog for complete list of changes""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/releases/v1.6.11.toml new/containerd-1.6.12_a05d175400b1/releases/v1.6.11.toml --- old/containerd-1.6.9_1c90a4424897/releases/v1.6.11.toml 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.6.12_a05d175400b1/releases/v1.6.11.toml 2022-12-07 22:50:27.000000000 +0100 @@ -0,0 +1,22 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.10" + +pre_release = false + +preface = """\ +The eleventh patch release for containerd 1.6 contains a various fixes and updates. + +### Notable Updates +* **Add pod UID annotation in CRI plugin** ([#7735](https://github.com/containerd/containerd/pull/7735)) +* **Fix nil pointer deference for Windows containers in CRI plugin** ([#7737](https://github.com/containerd/containerd/pull/7737)) +* **Fix lease labels unexpectedly overwriting expiration** ([#7745](https://github.com/containerd/containerd/pull/7745)) +* **Fix for simultaneous diff creation using the same parent snapshot** ([#7756](https://github.com/containerd/containerd/pull/7756)) + +See the changelog for complete list of changes""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/releases/v1.6.12.toml new/containerd-1.6.12_a05d175400b1/releases/v1.6.12.toml --- old/containerd-1.6.9_1c90a4424897/releases/v1.6.12.toml 1970-01-01 01:00:00.000000000 +0100 +++ new/containerd-1.6.12_a05d175400b1/releases/v1.6.12.toml 2022-12-07 22:50:27.000000000 +0100 @@ -0,0 +1,19 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.11" + +pre_release = false + +preface = """\ +The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471. + +### Notable Updates +* **Fix goroutine leak during Exec in CRI plugin** ([GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)) + +See the changelog for complete list of changes""" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/rootfs/diff.go new/containerd-1.6.12_a05d175400b1/rootfs/diff.go --- old/containerd-1.6.9_1c90a4424897/rootfs/diff.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/rootfs/diff.go 2022-12-07 22:50:27.000000000 +0100 @@ -44,7 +44,7 @@ return ocispec.Descriptor{}, err } - lowerKey := fmt.Sprintf("%s-parent-view", info.Parent) + lowerKey := fmt.Sprintf("%s-parent-view-%s", info.Parent, uniquePart()) lower, err := sn.View(ctx, lowerKey, info.Parent) if err != nil { return ocispec.Descriptor{}, err @@ -58,7 +58,7 @@ return ocispec.Descriptor{}, err } } else { - upperKey := fmt.Sprintf("%s-view", snapshotID) + upperKey := fmt.Sprintf("%s-view-%s", snapshotID, uniquePart()) upper, err = sn.View(ctx, upperKey, snapshotID) if err != nil { return ocispec.Descriptor{}, err diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/script/setup/prepare_env_windows.ps1 new/containerd-1.6.12_a05d175400b1/script/setup/prepare_env_windows.ps1 --- old/containerd-1.6.9_1c90a4424897/script/setup/prepare_env_windows.ps1 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/script/setup/prepare_env_windows.ps1 2022-12-07 22:50:27.000000000 +0100 @@ -1,6 +1,6 @@ # Prepare windows environment for building and running containerd tests -$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.7"; make = ""; nssm = "" } +$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.9"; make = ""; nssm = "" } Write-Host "Downloading chocolatey package" curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg"; -o 'c:\choco.zip' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/snapshots/overlay/overlayutils/check.go new/containerd-1.6.12_a05d175400b1/snapshots/overlay/overlayutils/check.go --- old/containerd-1.6.9_1c90a4424897/snapshots/overlay/overlayutils/check.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/snapshots/overlay/overlayutils/check.go 2022-12-07 22:50:27.000000000 +0100 @@ -24,6 +24,7 @@ "os" "path/filepath" + kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/pkg/userns" @@ -113,10 +114,14 @@ return false, nil } - // TODO: add fast path for kernel >= 5.11 . + // Fast path on kernels >= 5.11 // - // Keep in mind that distro vendors might be going to backport the patch to older kernels. - // So we can't completely remove the check. + // Keep in mind that distro vendors might be going to backport the patch to older kernels + // so we can't completely remove the "slow path". + fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11} + if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok { + return true, nil + } tdRoot := filepath.Join(d, "userxattr-check") if err := os.RemoveAll(tdRoot); err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go new/containerd-1.6.12_a05d175400b1/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go --- old/containerd-1.6.9_1c90a4424897/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go 2022-12-07 22:50:27.000000000 +0100 @@ -154,7 +154,7 @@ func (e *HcsError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *HcsError) Timeout() bool { @@ -193,7 +193,7 @@ func (e *SystemError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *SystemError) Timeout() bool { @@ -224,7 +224,7 @@ func (e *ProcessError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *ProcessError) Timeout() bool { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/vendor/modules.txt new/containerd-1.6.12_a05d175400b1/vendor/modules.txt --- old/containerd-1.6.9_1c90a4424897/vendor/modules.txt 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/vendor/modules.txt 2022-12-07 22:50:27.000000000 +0100 @@ -11,7 +11,7 @@ github.com/Microsoft/go-winio/pkg/guid github.com/Microsoft/go-winio/pkg/security github.com/Microsoft/go-winio/vhd -# github.com/Microsoft/hcsshim v0.9.4 +# github.com/Microsoft/hcsshim v0.9.5 ## explicit; go 1.13 github.com/Microsoft/hcsshim github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options @@ -288,7 +288,7 @@ github.com/klauspost/compress/snappy github.com/klauspost/compress/zstd github.com/klauspost/compress/zstd/internal/xxhash -# github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 +# github.com/matttproud/golang_protobuf_extensions v1.0.4 ## explicit; go 1.9 github.com/matttproud/golang_protobuf_extensions/pbutil # github.com/miekg/pkcs11 v1.1.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/containerd-1.6.9_1c90a4424897/version/version.go new/containerd-1.6.12_a05d175400b1/version/version.go --- old/containerd-1.6.9_1c90a4424897/version/version.go 2022-10-24 19:30:42.000000000 +0200 +++ new/containerd-1.6.12_a05d175400b1/version/version.go 2022-12-07 22:50:27.000000000 +0100 @@ -23,7 +23,7 @@ Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.6.9+unknown" + Version = "1.6.12+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.
