diff --git a/releases/v1.4.13.toml b/releases/v1.4.13.toml new file mode 100644 index 000000000000..6bcf6a6cab57 --- /dev/null +++ b/releases/v1.4.13.toml @@ -0,0 +1,21 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.4.12" + +pre_release = false + +preface = """\ +The thirteenth patch release for containerd 1.4 is a security release to address +[CVE-2022-23648](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7). + +### Notable Updates + +* **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7)) + +See the changelog for complete list of changes""" diff --git a/vendor.conf b/vendor.conf index 92380c3949ff..1db811260486 100644 --- a/vendor.conf +++ b/vendor.conf @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 3b02bec1603179debe2cde54509b2bfc45fc27d3 # release/1.4 +github.com/containerd/cri 8f1a8a1fb9ebd821a1afe3b3ff3adec7bd33cfdf # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index 9b23c75029b3..6a60db94b054 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -88,7 +88,7 @@ specifications as appropriate. backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty. * **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL) 2. Install **`pkg-config`** (required for linking with `libseccomp`). -3. Install and setup a Go 1.15.5 development environment. +3. Install and setup a Go 1.15.14 development environment. 4. Make a local clone of this repository. 5. Install binary dependencies by running the following command from your cloned `cri/` project directory: ```bash diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go index fe199d5fb5e9..585dca96a726 100644 --- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go +++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go @@ -20,7 +20,6 @@ import ( "context" "io/ioutil" "os" - "path/filepath" "github.com/containerd/containerd" "github.com/containerd/containerd/containers" @@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts { }() for host, volume := range volumeMounts { - src := filepath.Join(root, volume) + src, err := fs.RootPath(root, volume) + if err != nil { + return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume) + } if _, err := os.Stat(src); err != nil { if os.IsNotExist(err) { // Skip copying directory if it does not exist. diff --git a/version/version.go b/version/version.go index dab4a1656a6d..285ee99d75da 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.12+unknown" + Version = "1.4.13+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.