Overview

File CVE-2022-23648.patch of Package containerd.23284

From 925d9a2cdd2350b6277bab8d1da96b9aea7c9901 Mon Sep 17 00:00:00 2001
From: Derek McGowan <derek@mcg.dev>
Date: Tue, 22 Feb 2022 17:03:27 -0800
Subject: [PATCH] Use fs.RootPath when mounting volumes

Signed-off-by: Derek McGowan <derek@mcg.dev>
---
 vendor.conf                                                 | 2 +-
 vendor/github.com/containerd/cri/README.md                  | 2 +-
 .../containerd/cri/pkg/containerd/opts/container.go         | 6 ++++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/vendor.conf b/vendor.conf
index 92380c394..a726f5923 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -57,7 +57,7 @@ gotest.tools/v3                                     v3.0.2
 github.com/cilium/ebpf                              1c8d4c9ef7759622653a1d319284a44652333b28
 
 # cri dependencies
-github.com/containerd/cri                           3b02bec1603179debe2cde54509b2bfc45fc27d3 # release/1.4
+github.com/containerd/cri                           266448830509d303bfb2c11b0185ffada7e9ef5e # release/1.4
 github.com/davecgh/go-spew                          v1.1.1
 github.com/docker/docker                            4634ce647cf2ce2c6031129ccd109e557244986f
 github.com/docker/spdystream                        449fdfce4d962303d702fec724ef0ad181c92528
diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md
index 9b23c7502..6a60db94b 100644
--- a/vendor/github.com/containerd/cri/README.md
+++ b/vendor/github.com/containerd/cri/README.md
@@ -88,7 +88,7 @@ specifications as appropriate.
 backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty.
 * **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL)
 2. Install **`pkg-config`** (required for linking with `libseccomp`).
-3. Install and setup a Go 1.15.5 development environment.
+3. Install and setup a Go 1.15.14 development environment.
 4. Make a local clone of this repository.
 5. Install binary dependencies by running the following command from your cloned `cri/` project directory:
 ```bash
diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
index fe199d5fb..585dca96a 100644
--- a/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
+++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/container.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/containers"
@@ -88,7 +87,10 @@ func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts {
 		}()
 
 		for host, volume := range volumeMounts {
-			src := filepath.Join(root, volume)
+			src, err := fs.RootPath(root, volume)
+			if err != nil {
+				return errors.Wrapf(err, "rootpath on root %s, volume %s", root, volume)
+			}
 			if _, err := os.Stat(src); err != nil {
 				if os.IsNotExist(err) {
 					// Skip copying directory if it does not exist.
-- 
2.35.1
openSUSE Build Service is sponsored by
Places