Backport updates for Bottlerocket, containerd and runc

UPSTREAM_PROJECTS.yaml

@@ -73,8 +73,8 @@ projects:
     repos:
       - name: containerd
         versions:
-          - tag: v1.6.21
-            go_version: "1.19"
+          - tag: v1.7.12
+            go_version: "1.20"
   - org: distribution
     repos:
       - name: distribution
@@ -223,7 +223,7 @@ projects:
     repos:
       - name: runc
         versions:
-          - tag: v1.1.7
+          - tag: v1.1.12
             go_version: "1.20"
   - org: prometheus
     repos:

projects/containerd/containerd/ATTRIBUTION.txt

@@ -1,4 +1,7 @@
 
+** github.com/container-orchestrated-devices/container-device-interface; version v0.6.1 --
+https://github.com/cncf-tags/container-device-interface
+
 ** github.com/containerd/aufs; version v1.0.0 --
 https://github.com/containerd/aufs
 
@@ -11,7 +14,7 @@ https://github.com/containerd/cgroups
 ** github.com/containerd/console; version v1.0.3 --
 https://github.com/containerd/console
 
-** github.com/containerd/containerd; version v1.6.21 --
+** github.com/containerd/containerd; version v1.7.12 --
 https://github.com/containerd/containerd
 
 ** github.com/containerd/continuity; version v0.3.0 --
@@ -104,6 +107,9 @@ https://github.com/moby/sys/signal
 ** github.com/moby/sys/symlink; version v0.2.0 --
 https://github.com/moby/sys/symlink
 
+** github.com/moby/sys/user; version v0.1.0 --
+https://github.com/moby/sys/user
+
 ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd --
 https://github.com/modern-go/concurrent
 
@@ -116,10 +122,7 @@ https://github.com/opencontainers/go-digest
 ** github.com/opencontainers/image-spec; version v1.1.0-rc2.0.20221005185240-3a7f492d3f1b --
 https://github.com/opencontainers/image-spec
 
-** github.com/opencontainers/runc/libcontainer/user; version v1.1.5 --
-https://github.com/opencontainers/runc
-
-** github.com/opencontainers/runtime-spec/specs-go; version v1.0.3-0.20210326190908-1c3f411f0417 --
+** github.com/opencontainers/runtime-spec/specs-go; version v1.1.0 --
 https://github.com/opencontainers/runtime-spec
 
 ** github.com/opencontainers/selinux; version v1.10.1 --
@@ -477,26 +480,6 @@ This product includes software developed at
 Docker Inc. (https://www.docker.com/).
 
 
-* For github.com/opencontainers/runc/libcontainer/user see also this required NOTICE:
-runc
-
-Copyright 2012-2015 Docker, Inc.
-
-This product includes software developed at Docker, Inc. (http://www.docker.com).
-
-The following is courtesy of our legal counsel:
-
-
-Use and transfer of Docker may be subject to certain restrictions by the
-United States and other governments.  
-It is your responsibility to ensure that your use and/or transfer does not
-violate applicable laws. 
-
-For more information, please see http://www.bis.doc.gov
-
-See also http://www.apache.org/dev/crypto.html and/or seek legal counsel.
-
-
 * For github.com/prometheus/client_golang/prometheus see also this required NOTICE:
 Prometheus instrumentation library for Go applications
 Copyright 2012-2015 The Prometheus Authors
@@ -695,6 +678,71 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
+** dario.cat/mergo; version v1.0.0 --
+https://dario.cat/mergo
+
+Copyright (c) 2013 Dario Castañé. All rights reserved.
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+------
+
+** github.com/fsnotify/fsnotify; version v1.6.0 --
+https://github.com/fsnotify/fsnotify
+
+Copyright © 2012 The Go Authors. All rights reserved.
+Copyright © fsnotify Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this
+  list of conditions and the following disclaimer in the documentation and/or
+  other materials provided with the distribution.
+* Neither the name of Google Inc. nor the names of its contributors may be used
+  to endorse or promote products derived from this software without specific
+  prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+------
+
 ** github.com/gogo/protobuf; version v1.3.2 --
 https://github.com/gogo/protobuf
 
@@ -869,75 +917,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** github.com/imdario/mergo; version v0.3.12 --
-https://github.com/darccio/mergo
-
-Copyright (c) 2013 Dario Castañé. All rights reserved.
-Copyright (c) 2012 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-------
-
-** github.com/klauspost/compress; version v1.11.13 --
-https://github.com/klauspost/compress
-
-Copyright (c) 2012 The Go Authors. All rights reserved.
-Copyright (c) 2019 Klaus Post. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-------
-
-** github.com/klauspost/compress/snappy; version v1.11.13 --
+** github.com/klauspost/compress/internal/snapref; version v1.16.0 --
 https://github.com/klauspost/compress
 
 Copyright (c) 2011 The Snappy-Go Authors. All rights reserved.

projects/containerd/containerd/CHECKSUMS

@@ -1,10 +1,10 @@
-193cd91b211413914b1a9635ead834a09b76acd02a34fb724015b7556084d27e  _output/bin/containerd/linux-amd64/containerd
-f4ae2a32170eaa7114b30393910e36aabbb359d6497c0d741d4b4c1c7183c447  _output/bin/containerd/linux-amd64/containerd-shim
-ca1acf9ba6336c428493785491eb5fe56f9105d9fca5f3d264abd3448ee22f62  _output/bin/containerd/linux-amd64/containerd-shim-runc-v1
-6a0b826abb0146cbd8a6655ef5ba7d3c927b63ceb03f2f93fdcab0f6ac31a036  _output/bin/containerd/linux-amd64/containerd-shim-runc-v2
-76c5f20a1d270c4fa0007d8ec77c00b1aff0c491a0e1f17a6ea5484a21b6c34b  _output/bin/containerd/linux-amd64/ctr
-dddaa09c41b5e1bd74ec6cf4a4e9f8e5ff196e4e9196c079494d7e003b3748fc  _output/bin/containerd/linux-arm64/containerd
-88d4bac6374cf50b22297a340780e247eb4deb9a1e7ce37ddd0c43211da386d1  _output/bin/containerd/linux-arm64/containerd-shim
-d695816c580436504268af2f1b84f5c2481e738aa3ee86b8fe801e542305bd23  _output/bin/containerd/linux-arm64/containerd-shim-runc-v1
-75623f058dbb6d49fd3572ec6657ee0a507d914d755902282fe3c6aa9de3a6fe  _output/bin/containerd/linux-arm64/containerd-shim-runc-v2
-48fb44c8c8536e5b4079083e5b51c52bd032914c7ff31757e21c146333415d99  _output/bin/containerd/linux-arm64/ctr
+91749df27bb808563765cd70e4d5dbd31c866ed4ef8de3448a9fec7b943a5026  _output/bin/containerd/linux-amd64/containerd
+dc557637403f6738ef64005264b73af837a44e0bcf6dd64c8a6f04317d954ed9  _output/bin/containerd/linux-amd64/containerd-shim
+e7601e6932204a5f0760daf58ccd431f91166c23566e638dca372ab9360b8077  _output/bin/containerd/linux-amd64/containerd-shim-runc-v1
+96addbf8d427c5560557d21c3167789e90d6d3a59dd75673439e08d6500eb54f  _output/bin/containerd/linux-amd64/containerd-shim-runc-v2
+b07138cbf160b923fbae9ebded121e24f6b81d402fedcd77e8f56fa409757dbc  _output/bin/containerd/linux-amd64/ctr
+39aa0aa519c7bebbedb227aeefcf4d32a7595f83b85700ccbec8669a6a53dcb6  _output/bin/containerd/linux-arm64/containerd
+d53487120a1eec77a251066e3e38c08d71cee1d7d9954be48a019ae185579fa3  _output/bin/containerd/linux-arm64/containerd-shim
+555be3753d0d178565f09abcdb1c4f4158355bb1621e820043e099b8a30d91cf  _output/bin/containerd/linux-arm64/containerd-shim-runc-v1
+7b8c25a9387a0ae349790980e27dacdc3d430b22a24c2290cc049bac5c8cb399  _output/bin/containerd/linux-arm64/containerd-shim-runc-v2
+8419c0d447d904f2100b689b36d9df4eed86fd9eb11a2d2364c10cc06d6e8fe1  _output/bin/containerd/linux-arm64/ctr

projects/containerd/containerd/GIT_TAG

@@ -1 +1 @@
-v1.6.21
+v1.7.12

projects/containerd/containerd/GOLANG_VERSION

@@ -1 +1 @@
-1.19
+1.20

projects/containerd/containerd/README.md

@@ -1,5 +1,5 @@
 ## **containerd**
-![Version](https://img.shields.io/badge/version-v1.6.21-blue)
+![Version](https://img.shields.io/badge/version-v1.7.12-blue)
 ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiTWhoMS9lejNIZmxuZzB2NThxU1N5VXNoVVR3MlNWYVBqajA4M3QwN3BERHRjN3oxSGxCcmk4R3pqVVU0aVVHYVVsRnVReU5pdnRRQ1FGQ2djT0pmbjVzPSIsIml2UGFyYW1ldGVyU3BlYyI6ImpGdnQ4d05CL21Lbjdsa0oiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main)
 
 [containerd](https://github.com/containerd/containerd) is available as a daemon for Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.
@@ -10,7 +10,7 @@
 [repo](https://github.com/containerd/containerd) and decide on new version. 
 1. Update the `GIT_TAG` file to have the new desired version based on the upstream release tags.
 1. Compare the old tag to the new, looking specifically for Makefile changes. 
-ex: [1.6.20 compared to 1.6.21](https://github.com/containerd/containerd/compare/v1.6.20...v1.6.21). Check the release [dockerfile](https://github.com/containerd/containerd/blob/main/.github/workflows/release/Dockerfile)
+ex: [1.6.20 compared to 1.6.21](https://github.com/containerd/containerd/compare/v1.6.20...v1.7.12). Check the release [dockerfile](https://github.com/containerd/containerd/blob/main/.github/workflows/release/Dockerfile)
 and [Makefile](https://github.com/containerd/containerd/blob/main/Makefile#L99) for any build flag changes, tag changes, dependencies, etc.
 1. Verify the golang version has not changed. The version specified in the release github [action](https://github.com/containerd/containerd/blob/main/.github/workflows/release.yml#L16)
 should be considered the source of truth.

projects/kubernetes-sigs/image-builder/BOTTLEROCKET_ADMIN_CONTAINER_METADATA

@@ -1,2 +1,2 @@
-tag: v0.11.0
-imageDigest: sha256:2a81ceb8d2f40c1573d2358398da97c12d516888a702e710ea46d0ef5380e5a3
+tag: v0.11.3
+imageDigest: sha256:63f09bdd416168d17403b9e4adea2d4719d809c3264fb2c327ce1c85850fa6ad

projects/kubernetes-sigs/image-builder/BOTTLEROCKET_CONTROL_CONTAINER_METADATA

@@ -1,2 +1,2 @@
-tag: v0.7.4
-imageDigest: sha256:551be0f7ec17780e766e2ed9d8162b9a65c9f455d32f32aa095f1c5ba5c32118
+tag: v0.7.7
+imageDigest: sha256:cf47a547bdc9c2ac6192b5c62f0158be30ff9073b4be60b6c6b22f3bf95203e9

projects/kubernetes-sigs/image-builder/BOTTLEROCKET_RELEASES

@@ -1,21 +1,20 @@
 1-24:
-    ami-release-version: v1.15.1
-    ova-release-version: v1.15.1
-    raw-release-version: v1.15.1
+    ami-release-version: v1.18.0
+    ova-release-version: v1.18.0
+    raw-release-version: v1.18.0
 1-25:
-    ami-release-version: v1.15.1
-    ova-release-version: v1.15.1
-    raw-release-version: v1.15.1
+    ami-release-version: v1.18.0
+    ova-release-version: v1.18.0
+    raw-release-version: v1.18.0
 1-26:
-    ami-release-version: v1.15.1
-    ova-release-version: v1.15.1
-    raw-release-version: v1.15.1
+    ami-release-version: v1.18.0
+    ova-release-version: v1.18.0
+    raw-release-version: v1.18.0
 1-27:
-    ami-release-version: v1.15.1
-    ova-release-version: v1.15.1
-    raw-release-version: v1.15.1
-
+    ami-release-version: v1.18.0
+    ova-release-version: v1.18.0
+    raw-release-version: v1.18.0
 1-28:
-    ami-release-version: v1.15.1
-    ova-release-version: v1.15.1
-    raw-release-version: v1.15.1
+    ami-release-version: v1.18.0
+    ova-release-version: v1.18.0
+    raw-release-version: v1.18.0

projects/opencontainers/runc/ATTRIBUTION.txt

@@ -17,7 +17,7 @@ https://github.com/moby/sys/mountinfo
 ** github.com/mrunalp/fileutils; version v0.5.0 --
 https://github.com/mrunalp/fileutils
 
-** github.com/opencontainers/runc; version v1.1.7 --
+** github.com/opencontainers/runc; version v1.1.12 --
 https://github.com/opencontainers/runc
 
 ** github.com/opencontainers/runtime-spec/specs-go; version v1.0.3-0.20210326190908-1c3f411f0417 --
@@ -361,7 +361,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** github.com/cyphar/filepath-securejoin; version v0.2.3 --
+** github.com/cyphar/filepath-securejoin; version v0.2.4 --
 https://github.com/cyphar/filepath-securejoin
 
 Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved.

projects/opencontainers/runc/CHECKSUMS

@@ -1,2 +1,2 @@
-d09c17af9295d30b3788b6f99bf5a87f4d247a63242e188f28803f06f8124051  _output/bin/runc/linux-amd64/runc
-2bdb9b498532b447777f58a68106de5d385f9ce9a1eebcedbc6d2f9208fc3978  _output/bin/runc/linux-arm64/runc
+3284210da97d68362b47cdc645fc4fb7f30f58c66999b969105ff27b32a20d58  _output/bin/runc/linux-amd64/runc
+94bba1a9c68a530cfc1920680929d5c5879700b18a55bb49aa3ccbe93ad8a010  _output/bin/runc/linux-arm64/runc

projects/opencontainers/runc/GIT_TAG

@@ -1 +1 @@
-v1.1.7
+v1.1.12

projects/opencontainers/runc/README.md

@@ -1,5 +1,5 @@
 ## **runc**
-![Version](https://img.shields.io/badge/version-v1.1.7-blue)
+![Version](https://img.shields.io/badge/version-v1.1.12-blue)
 ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiQ3dHSU45Mnd3bGhzMCtlbGliWXFNcXIxbGx0VDAxVmZqaGtSQ0hXMFN2Rm1DWkNuMG5ibi9GTVRSOFVQK0ZZZW9sUEU4MGJwTzYyVUxEU0lBUG1zVlk4PSIsIml2UGFyYW1ldGVyU3BlYyI6Im5Td1JrV0NEOEh1akJWSXQiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main)
 
 [runc](https://github.com/opencontainers/runc) is a CLI tool for spawning and running containers on Linux according to the OCI specification.
@@ -10,7 +10,7 @@
 [repo](https://github.com/opencontainers/runc) and decide on new version. 
 1. Update the `GIT_TAG` file to have the new desired version based on the upstream release tags.
 1. Compare the old tag to the new, looking specifically for Makefile changes. 
-ex: [1.1.6 compared to 1.1.7](https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.7). Check the release [Makefile](https://github.com/opencontainers/runc/blob/main/Makefile)
+ex: [1.1.6 compared to 1.1.7](https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.12). Check the release [Makefile](https://github.com/opencontainers/runc/blob/main/Makefile)
 for any build flag changes, tag changes, dependencies, etc.  The [GO_BUILD](https://github.com/opencontainers/runc/blob/main/Makefile#L27) definition should be looked at closely.
 1. Verify the golang version has not changed. The version specified in the [Dockerfile](https://github.com/opencontainers/runc/blob/main/Dockerfile#L1)
 should be considered the source of truth.