File CVE-2022-23648.patch of Package containerd.23284
From 925d9a2cdd2350b6277bab8d1da96b9aea7c9901 Mon Sep 17 00:00:00 2001
From: Derek McGowan <derek@mcg.dev>
Date: Tue, 22 Feb 2022 17:03:27 -0800
Subject: [PATCH] Use fs.RootPath when mounting volumes
Signed-off-by: Derek McGowan <derek@mcg.dev>
---
vendor.conf | 2 +-
vendor/github.com/containerd/cri/README.md | 2 +-
.../containerd/cri/pkg/containerd/opts/container.go | 6 ++++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/vendor.conf b/vendor.conf
index 92380c394..a726f5923 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28
# cri dependencies
-github.com/containerd/cri 3b02bec1603179debe2cde54509b2bfc45fc27d3 # release/1.4
+github.com/containerd/cri 266448830509d303bfb2c11b0185ffada7e9ef5e # release/1.4
github.com/davecgh/go-spew v1.1.1
github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md
index 9b23c7502..6a60db94b 100644
--- a/vendor/github.com/containerd/cri/README.md
+++ b/vendor/github.com/containerd/cri/README.md
@@ -88,7 +88,7 @@ specifications as appropriate.
backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty.
* **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL)
2. Install **`pkg-config`** (required for linking with `libseccomp`).
-3. Install and setup a Go 1.15.5 development environment.
+3. Install and setup a Go 1.15.14 development environment.
4. Make a local clone of this repository.
5. Install binary dependencies by running the following command from your cloned `cri/` project directory:
```bash
diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
index fe199d5fb..585dca96a 100644
--- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
@@ -20,7 +20,6 @@ import (
"context"
"io/ioutil"
"os"
- "path/filepath"
"github.com/containerd/containerd"
"github.com/containerd/containerd/containers"
@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {
}()
for host, volume := range volumeMounts {
- src := filepath.Join(root, volume)
+ src, err := fs.RootPath(root, volume)
+ if err != nil {
+ return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume)
+ }
if _, err := os.Stat(src); err != nil {
if os.IsNotExist(err) {
// Skip copying directory if it does not exist.
--
2.35.1