Merge pull request #18875 from Luap99/update-contianer-deps

update c/{common,image,storage} to latest

Makefile

@@ -57,7 +57,6 @@ BUILDTAGS ?= \
 	$(shell hack/libsubid_tag.sh) \
 	exclude_graphdriver_devicemapper \
 	seccomp
-ROOTLESSPORTTAGS ?= exclude_graphdriver_aufs exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay exclude_graphdriver_zfs
 PYTHON ?= $(shell command -v python3 python|head -n1)
 PKG_MANAGER ?= $(shell command -v dnf yum|head -n1)
 # ~/.local/bin is not in PATH on all systems
@@ -404,7 +403,6 @@ bin/rootlessport: $(SOURCES) go.mod go.sum
 	CGO_ENABLED=$(CGO_ENABLED) \
 		$(GO) build \
 		$(BUILDFLAGS) \
-		-tags "$(ROOTLESSPORTTAGS)" \
 		-o $@ ./cmd/rootlessport
 
 .PHONY: rootlessport

go.mod

@@ -13,13 +13,13 @@ require (
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.3.0
 	github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07
-	github.com/containers/common v0.53.1-0.20230608150349-2c1849f43e14
+	github.com/containers/common v0.53.1-0.20230613082804-74f276a3624f
 	github.com/containers/conmon v2.0.20+incompatible
-	github.com/containers/image/v5 v5.25.1-0.20230608153337-8ad019310ff2
+	github.com/containers/image/v5 v5.25.1-0.20230613062531-9e44c062ca20
 	github.com/containers/libhvee v0.0.5
 	github.com/containers/ocicrypt v1.1.7
 	github.com/containers/psgo v1.8.0
-	github.com/containers/storage v1.46.2-0.20230530174214-1dc289a244ce
+	github.com/containers/storage v1.46.2-0.20230613134951-e424b6649be3
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/coreos/stream-metadata-go v0.4.2
 	github.com/crc-org/vfkit v0.0.5-0.20230602131541-3d57f09010c9
@@ -48,7 +48,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0-rc3
 	github.com/opencontainers/runc v1.1.7
-	github.com/opencontainers/runtime-spec v1.1.0-rc.2
+	github.com/opencontainers/runtime-spec v1.1.0-rc.3
 	github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69
 	github.com/opencontainers/selinux v1.11.0
 	github.com/openshift/imagebuilder v1.2.5
@@ -106,7 +106,7 @@ require (
 	github.com/go-openapi/runtime v0.26.0 // indirect
 	github.com/go-openapi/spec v0.20.9 // indirect
 	github.com/go-openapi/strfmt v0.21.7 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/copier v0.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
+	github.com/klauspost/compress v1.16.6 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 // indirect

go.sum

@@ -239,12 +239,12 @@ github.com/containernetworking/plugins v1.3.0 h1:QVNXMT6XloyMUoO2wUOqWTC1hWFV62Q
 github.com/containernetworking/plugins v1.3.0/go.mod h1:Pc2wcedTQQCVuROOOaLBPPxrEXqqXBFt3cZ+/yVg6l0=
 github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07 h1:Bs2sNFh/fSYr4J6JJLFqzyn3dp6HhlA6ewFwRYUpeIE=
 github.com/containers/buildah v1.30.1-0.20230504052500-e925b5852e07/go.mod h1:6A/BK0YJLXL8+AqlbceKJrhUT+NtEgsvAc51F7TAllc=
-github.com/containers/common v0.53.1-0.20230608150349-2c1849f43e14 h1:THwcUhmyEiq/W7S0eUtGLcm6EB8ih1iQpd7OCV4xuT8=
-github.com/containers/common v0.53.1-0.20230608150349-2c1849f43e14/go.mod h1:xBDye1c2T/Ms2zGhMeamNi6u158M3FbRLEsWdAwmSkk=
+github.com/containers/common v0.53.1-0.20230613082804-74f276a3624f h1:M8DumcKWflPzUji+ng/7XtYyb+yhUXdam+P8xiPL3Mc=
+github.com/containers/common v0.53.1-0.20230613082804-74f276a3624f/go.mod h1:YWVW6IZuya3i4FEBz0IKcCVJEpmupR1mdHurdur5Pes=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
-github.com/containers/image/v5 v5.25.1-0.20230608153337-8ad019310ff2 h1:Fh+hVnBC+/oCVACYwBttfNz0ZEiTaXbempEJPc0CkM4=
-github.com/containers/image/v5 v5.25.1-0.20230608153337-8ad019310ff2/go.mod h1:lbnQxsf2S4lhn6fiBH2ucjiQu5kfBuGkGCif+AICyx0=
+github.com/containers/image/v5 v5.25.1-0.20230613062531-9e44c062ca20 h1:Oe+oEssTGb8bRtBbPHInujDIiUOIdPn6vcxOoVo7AV8=
+github.com/containers/image/v5 v5.25.1-0.20230613062531-9e44c062ca20/go.mod h1:oyytyLzwdS0YyBBMHqgQQeWpJhAG7zseE25n+hIJ6Vo=
 github.com/containers/libhvee v0.0.5 h1:5tUiF2eVe8XbVSPD/Os4dIU1gJWoQgtkQHIjQ5X7wpE=
 github.com/containers/libhvee v0.0.5/go.mod h1:AYsyMe44w9ylWWEZNW+IOzA7oZ2i/P9TChNljavhYMI=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
@@ -257,8 +257,8 @@ github.com/containers/ocicrypt v1.1.7/go.mod h1:7CAhjcj2H8AYp5YvEie7oVSK2AhBY8Ns
 github.com/containers/psgo v1.8.0 h1:2loGekmGAxM9ir5OsXWEfGwFxorMPYnc6gEDsGFQvhY=
 github.com/containers/psgo v1.8.0/go.mod h1:T8ZxnX3Ur4RvnhxFJ7t8xJ1F48RhiZB4rSrOaR/qGHc=
 github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s=
-github.com/containers/storage v1.46.2-0.20230530174214-1dc289a244ce h1:who8o0q9CLMCOs8DunR66IfWno2eLwgNH8u7JsJP69A=
-github.com/containers/storage v1.46.2-0.20230530174214-1dc289a244ce/go.mod h1:ke6qnPYu0t2bUfYvBSWI7R8dNitNsS97t3z3hveOINY=
+github.com/containers/storage v1.46.2-0.20230613134951-e424b6649be3 h1:nSCnnrCMocJDsNUU4EDPT8GkW7ToU43/QbXGRC+ciEs=
+github.com/containers/storage v1.46.2-0.20230613134951-e424b6649be3/go.mod h1:pRp3lkRo2qodb/ltpnudoXggrviRmaCmU5a5GhTBae0=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
@@ -430,8 +430,8 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
 github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
 github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
 github.com/go-rod/rod v0.113.1 h1:+Qb4K/vkR7BOhW6FhfhtLzUD3l11+0XlF4do+27sOQk=
@@ -644,8 +644,8 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.15.7/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
 github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU=
-github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI=
-github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk=
+github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
@@ -789,8 +789,8 @@ github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.m
 github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8=
-github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.1.0-rc.3 h1:l04uafi6kxByhbxev7OWiuUv0LZxEsYUfDWZ6bztAuU=
+github.com/opencontainers/runtime-spec v1.1.0-rc.3/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69 h1:NL4xDvl68WWqQ+8WPMM3l5PsZTxaT7Z4K3VSKDRuAGs=
 github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69/go.mod h1:bNpfuSHA3DZRtD0TPWO8LzgtLpFPTVA/3jDkzD/OPyk=

libpod/define/config.go

@@ -5,7 +5,6 @@ import (
 	"io"
 
 	"github.com/containers/common/libnetwork/types"
-	"github.com/containers/storage/pkg/regexp"
 )
 
 var (
@@ -18,9 +17,6 @@ var (
 	// This must NOT be changed from outside of Libpod. It should be a
 	// constant, but Go won't let us do that.
 	NameRegex = types.NameRegex
-	// NotHexRegex is a regular expression to check if a string is
-	// a hexadecimal string.
-	NotHexRegex = regexp.Delayed(`[^0-9a-fA-F]`)
 	// RegexError is thrown in presence of an invalid container/pod name.
 	RegexError = types.RegexError
 )

pkg/domain/filters/containers.go

@@ -3,16 +3,14 @@ package filters
 import (
 	"errors"
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/containers/common/pkg/filters"
-	cutil "github.com/containers/common/pkg/util"
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/util"
 )
 
 // GenerateContainerFilterFuncs return ContainerFilter functions based of filter.
@@ -20,18 +18,7 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
 	switch filter {
 	case "id":
 		return func(c *libpod.Container) bool {
-			for _, want := range filterValues {
-				isRegex := define.NotHexRegex.MatchString(want)
-				if isRegex {
-					match, err := regexp.MatchString(want, c.ID())
-					if err == nil && match {
-						return true
-					}
-				} else if strings.HasPrefix(c.ID(), strings.ToLower(want)) {
-					return true
-				}
-			}
-			return false
+			return util.FilterID(c.ID(), filterValues)
 		}, nil
 	case "label":
 		// we have to match that all given labels exits on that container
@@ -270,7 +257,7 @@ func GenerateContainerFilterFuncs(filter string, filterValues []string, r *libpo
 				return false
 			}
 			for _, net := range networks {
-				if cutil.StringInSlice(net, inputNetNames) {
+				if util.StringInSlice(net, inputNetNames) {
 					return true
 				}
 			}
@@ -324,7 +311,7 @@ func GeneratePruneContainerFilterFuncs(filter string, filterValues []string, r *
 }
 
 func prepareUntilFilterFunc(filterValues []string) (func(container *libpod.Container) bool, error) {
-	until, err := util.ComputeUntilTimestamp(filterValues)
+	until, err := filters.ComputeUntilTimestamp(filterValues)
 	if err != nil {
 		return nil, err
 	}

pkg/domain/filters/pods.go

@@ -3,15 +3,13 @@ package filters
 import (
 	"errors"
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"
 
 	"github.com/containers/common/pkg/filters"
-	cutil "github.com/containers/common/pkg/util"
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/podman/v4/libpod"
 	"github.com/containers/podman/v4/libpod/define"
-	"github.com/containers/podman/v4/pkg/util"
 )
 
 // GeneratePodFilterFunc takes a filter and filtervalue (key, value)
@@ -26,24 +24,9 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 			if err != nil {
 				return false
 			}
-			for _, want := range filterValues {
-				isRegex := define.NotHexRegex.MatchString(want)
-				if isRegex {
-					re, err := regexp.Compile(want)
-					if err != nil {
-						return false
-					}
-					for _, id := range ctrIds {
-						if re.MatchString(id) {
-							return true
-						}
-					}
-				} else {
-					for _, id := range ctrIds {
-						if strings.HasPrefix(id, strings.ToLower(want)) {
-							return true
-						}
-					}
+			for _, id := range ctrIds {
+				if util.FilterID(id, filterValues) {
+					return true
 				}
 			}
 			return false
@@ -78,7 +61,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 		}, nil
 	case "ctr-status":
 		for _, filterValue := range filterValues {
-			if !cutil.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) {
+			if !util.StringInSlice(filterValue, []string{"created", "running", "paused", "stopped", "exited", "unknown"}) {
 				return nil, fmt.Errorf("%s is not a valid status", filterValue)
 			}
 		}
@@ -107,18 +90,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 		}, nil
 	case "id":
 		return func(p *libpod.Pod) bool {
-			for _, want := range filterValues {
-				isRegex := define.NotHexRegex.MatchString(want)
-				if isRegex {
-					match, err := regexp.MatchString(want, p.ID())
-					if err == nil && match {
-						return true
-					}
-				} else if strings.HasPrefix(p.ID(), strings.ToLower(want)) {
-					return true
-				}
-			}
-			return false
+			return util.FilterID(p.ID(), filterValues)
 		}, nil
 	case "name":
 		return func(p *libpod.Pod) bool {
@@ -126,7 +98,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 		}, nil
 	case "status":
 		for _, filterValue := range filterValues {
-			if !cutil.StringInSlice(filterValue, []string{"stopped", "running", "paused", "exited", "dead", "created", "degraded"}) {
+			if !util.StringInSlice(filterValue, []string{"stopped", "running", "paused", "exited", "dead", "created", "degraded"}) {
 				return nil, fmt.Errorf("%s is not a valid pod status", filterValue)
 			}
 		}
@@ -149,7 +121,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 		}, nil
 	case "until":
 		return func(p *libpod.Pod) bool {
-			until, err := util.ComputeUntilTimestamp(filterValues)
+			until, err := filters.ComputeUntilTimestamp(filterValues)
 			if err != nil {
 				return false
 			}
@@ -182,7 +154,7 @@ func GeneratePodFilterFunc(filter string, filterValues []string, r *libpod.Runti
 				return false
 			}
 			for _, net := range networks {
-				if cutil.StringInSlice(net, inputNetNames) {
+				if util.StringInSlice(net, inputNetNames) {
 					return true
 				}
 			}

pkg/domain/filters/volumes.go

@@ -6,14 +6,13 @@ import (
 	"regexp"
 	"strings"
 
-	pruneFilters "github.com/containers/common/pkg/filters"
+	"github.com/containers/common/pkg/filters"
 	"github.com/containers/podman/v4/libpod"
-	"github.com/containers/podman/v4/pkg/util"
 )
 
-func GenerateVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
+func GenerateVolumeFilters(filtersValues url.Values) ([]libpod.VolumeFilter, error) {
 	var vf []libpod.VolumeFilter
-	for filter, v := range filters {
+	for filter, v := range filtersValues {
 		for _, val := range v {
 			switch filter {
 			case "name":
@@ -37,12 +36,12 @@ func GenerateVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
 			case "label":
 				filter := val
 				vf = append(vf, func(v *libpod.Volume) bool {
-					return pruneFilters.MatchLabelFilters([]string{filter}, v.Labels())
+					return filters.MatchLabelFilters([]string{filter}, v.Labels())
 				})
 			case "label!":
 				filter := val
 				vf = append(vf, func(v *libpod.Volume) bool {
-					return !pruneFilters.MatchLabelFilters([]string{filter}, v.Labels())
+					return !filters.MatchLabelFilters([]string{filter}, v.Labels())
 				})
 			case "opt":
 				filterArray := strings.SplitN(val, "=", 2)
@@ -98,20 +97,20 @@ func GenerateVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
 	return vf, nil
 }
 
-func GeneratePruneVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, error) {
+func GeneratePruneVolumeFilters(filtersValues url.Values) ([]libpod.VolumeFilter, error) {
 	var vf []libpod.VolumeFilter
-	for filter, v := range filters {
+	for filter, v := range filtersValues {
 		for _, val := range v {
 			filterVal := val
 			switch filter {
 			case "label":
 				vf = append(vf, func(v *libpod.Volume) bool {
-					return pruneFilters.MatchLabelFilters([]string{filterVal}, v.Labels())
+					return filters.MatchLabelFilters([]string{filterVal}, v.Labels())
 				})
 			case "label!":
 				filter := val
 				vf = append(vf, func(v *libpod.Volume) bool {
-					return !pruneFilters.MatchLabelFilters([]string{filter}, v.Labels())
+					return !filters.MatchLabelFilters([]string{filter}, v.Labels())
 				})
 			case "until":
 				f, err := createUntilFilterVolumeFunction(filterVal)
@@ -128,7 +127,7 @@ func GeneratePruneVolumeFilters(filters url.Values) ([]libpod.VolumeFilter, erro
 }
 
 func createUntilFilterVolumeFunction(filter string) (libpod.VolumeFilter, error) {
-	until, err := util.ComputeUntilTimestamp([]string{filter})
+	until, err := filters.ComputeUntilTimestamp([]string{filter})
 	if err != nil {
 		return nil, err
 	}

pkg/util/filters.go

@@ -2,32 +2,11 @@ package util
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/http"
 	"strings"
-	"time"
-
-	"github.com/containers/podman/v4/pkg/timetype"
 )
 
-// ComputeUntilTimestamp extracts until timestamp from filters
-func ComputeUntilTimestamp(filterValues []string) (time.Time, error) {
-	invalid := time.Time{}
-	if len(filterValues) != 1 {
-		return invalid, errors.New("specify exactly one timestamp for until")
-	}
-	ts, err := timetype.GetTimestamp(filterValues[0], time.Now())
-	if err != nil {
-		return invalid, err
-	}
-	seconds, nanoseconds, err := timetype.ParseTimestamps(ts, 0)
-	if err != nil {
-		return invalid, err
-	}
-	return time.Unix(seconds, nanoseconds), nil
-}
-
 // filtersFromRequests extracts the "filters" parameter from the specified
 // http.Request.  The parameter can either be a `map[string][]string` as done
 // in new versions of Docker and libpod, or a `map[string]map[string]bool` as

pkg/util/filters_test.go

@@ -79,37 +79,3 @@ func TestMatchLabelFilters(t *testing.T) {
 		})
 	}
 }
-
-func TestComputeUntilTimestamp(t *testing.T) {
-	tests := []struct {
-		name    string
-		args    []string
-		wantErr bool
-	}{
-		{
-			name:    "Return error when more values in list",
-			args:    []string{"5h", "6s"},
-			wantErr: true,
-		},
-		{
-			name:    "Return error when invalid time",
-			args:    []string{"invalidTime"},
-			wantErr: true,
-		},
-		{
-			name:    "Do not return error when correct time format supplied",
-			args:    []string{"44m"},
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		tt := tt
-		t.Run(tt.name, func(t *testing.T) {
-			_, err := ComputeUntilTimestamp(tt.args)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("ComputeUntilTimestamp() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-		})
-	}
-}

rpm/podman.spec

@@ -277,7 +277,6 @@ ln -s vendor src
 LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
 
 # build rootlessport first
-export BUILDTAGS="exclude_graphdriver_aufs exclude_graphdriver_btrfs exclude_graphdriver_devicemapper exclude_graphdriver_overlay exclude_graphdriver_zfs"
 %gobuild -o bin/rootlessport %{import_path}/cmd/rootlessport
 
 export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"

test/e2e/network_test.go

@@ -179,7 +179,7 @@ var _ = Describe("Podman network", func() {
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring(net + " " + netID[:12]))
 
-		session = podmanTest.Podman([]string{"network", "ls", "--format", "{{.Name}} {{.ID}}", "--filter", "id=" + netID[10:50], "--no-trunc"})
+		session = podmanTest.Podman([]string{"network", "ls", "--format", "{{.Name}} {{.ID}}", "--filter", "id=" + netID[:50], "--no-trunc"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(Exit(0))
 		Expect(session.OutputToString()).To(ContainSubstring(net + " " + netID))

vendor/github.com/containers/common/libnetwork/types/define.go

@@ -3,7 +3,8 @@ package types
 import (
 	"errors"
 	"fmt"
-	"regexp"
+
+	"github.com/containers/storage/pkg/regexp"
 )
 
 var (
@@ -19,7 +20,11 @@ var (
 
 	// NameRegex is a regular expression to validate names.
 	// This must NOT be changed.
-	NameRegex = regexp.MustCompile("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$")
+	NameRegex = regexp.Delayed("^[a-zA-Z0-9][a-zA-Z0-9_.-]*$")
 	// RegexError is thrown in presence of an invalid name.
 	RegexError = fmt.Errorf("names must match [a-zA-Z0-9][a-zA-Z0-9_.-]*: %w", ErrInvalidArg) // nolint:revive // This lint is new and we do not want to break the API.
+
+	// NotHexRegex is a regular expression to check if a string is
+	// a hexadecimal string.
+	NotHexRegex = regexp.Delayed(`[^0-9a-fA-F]`)
 )

vendor/github.com/containers/common/libnetwork/util/filters.go

@@ -38,7 +38,7 @@ func createFilterFuncs(key string, filterValues []string) (types.FilterFunc, err
 	case "id":
 		// matches part of one id
 		return func(net types.Network) bool {
-			return util.StringMatchRegexSlice(net.ID, filterValues)
+			return util.FilterID(net.ID, filterValues)
 		}, nil
 
 		// TODO: add dns enabled, internal filter

vendor/github.com/containers/common/pkg/config/default.go

@@ -32,8 +32,6 @@ const (
 )
 
 var (
-	// DefaultInitPath is the default path to the container-init binary.
-	DefaultInitPath = "/usr/libexec/podman/catatonit"
 	// DefaultInfraImage is the default image to run as infrastructure containers in pods.
 	DefaultInfraImage = ""
 	// DefaultRootlessSHMLockPath is the default path for rootless SHM locks.

vendor/github.com/containers/common/pkg/config/default_common.go

@@ -0,0 +1,7 @@
+//go:build !freebsd
+// +build !freebsd
+
+package config
+
+// DefaultInitPath is the default path to the container-init binary.
+var DefaultInitPath = "/usr/libexec/podman/catatonit"

vendor/github.com/containers/common/pkg/config/default_freebsd.go

@@ -1,5 +1,8 @@
 package config
 
+// DefaultInitPath is the default path to the container-init binary.
+var DefaultInitPath = "/usr/local/libexec/podman/catatonit"
+
 func getDefaultCgroupsMode() string {
 	return "enabled"
 }

vendor/github.com/containers/common/pkg/retry/retry.go

@@ -17,8 +17,9 @@ import (
 
 // Options defines the option to retry.
 type Options struct {
-	MaxRetry int           // The number of times to possibly retry.
-	Delay    time.Duration // The delay to use between retries, if set.
+	MaxRetry         int           // The number of times to possibly retry.
+	Delay            time.Duration // The delay to use between retries, if set.
+	IsErrorRetryable func(error) bool
 }
 
 // RetryOptions is deprecated, use Options.
@@ -31,8 +32,11 @@ func RetryIfNecessary(ctx context.Context, operation func() error, options *Opti
 
 // IfNecessary retries the operation in exponential backoff with the retry Options.
 func IfNecessary(ctx context.Context, operation func() error, options *Options) error {
+	if options.IsErrorRetryable == nil {
+		options.IsErrorRetryable = IsErrorRetryable
+	}
 	err := operation()
-	for attempt := 0; err != nil && isRetryable(err) && attempt < options.MaxRetry; attempt++ {
+	for attempt := 0; err != nil && options.IsErrorRetryable(err) && attempt < options.MaxRetry; attempt++ {
 		delay := time.Duration(int(math.Pow(2, float64(attempt)))) * time.Second
 		if options.Delay != 0 {
 			delay = options.Delay
@@ -49,7 +53,11 @@ func IfNecessary(ctx context.Context, operation func() error, options *Options)
 	return err
 }
 
-func isRetryable(err error) bool {
+// IsErrorRetryable makes a HEURISTIC determination whether it is worth retrying upon encountering an error.
+// That heuristic is NOT STABLE and it CAN CHANGE AT ANY TIME.
+// Callers that have a hard requirement for specific treatment of a class of errors should make their own check
+// instead of relying on this function maintaining its past behavior.
+func IsErrorRetryable(err error) bool {
 	switch err {
 	case nil:
 		return false
@@ -72,18 +80,18 @@ func isRetryable(err error) bool {
 		}
 		return true
 	case *net.OpError:
-		return isRetryable(e.Err)
+		return IsErrorRetryable(e.Err)
 	case *url.Error: // This includes errors returned by the net/http client.
 		if e.Err == io.EOF { // Happens when a server accepts a HTTP connection and sends EOF
 			return true
 		}
-		return isRetryable(e.Err)
+		return IsErrorRetryable(e.Err)
 	case syscall.Errno:
 		return isErrnoRetryable(e)
 	case errcode.Errors:
 		// if this error is a group of errors, process them all in turn
 		for i := range e {
-			if !isRetryable(e[i]) {
+			if !IsErrorRetryable(e[i]) {
 				return false
 			}
 		}
@@ -91,7 +99,7 @@ func isRetryable(err error) bool {
 	case *multierror.Error:
 		// if this error is a group of errors, process them all in turn
 		for i := range e.Errors {
-			if !isRetryable(e.Errors[i]) {
+			if !IsErrorRetryable(e.Errors[i]) {
 				return false
 			}
 		}
@@ -102,11 +110,11 @@ func isRetryable(err error) bool {
 		}
 		if unwrappable, ok := e.(unwrapper); ok {
 			err = unwrappable.Unwrap()
-			return isRetryable(err)
+			return IsErrorRetryable(err)
 		}
 	case unwrapper: // Test this last, because various error types might implement .Unwrap()
 		err = e.Unwrap()
-		return isRetryable(err)
+		return IsErrorRetryable(err)
 	}
 
 	return false

vendor/github.com/containers/common/pkg/util/util.go

@@ -6,6 +6,8 @@ import (
 	"os/exec"
 	"regexp"
 	"strings"
+
+	"github.com/containers/common/libnetwork/types"
 )
 
 const (
@@ -110,3 +112,22 @@ func StringMatchRegexSlice(s string, re []string) bool {
 	}
 	return false
 }
+
+// FilterID is a function used to compare an id against a set of ids, if the
+// input is hex we check if the prefix matches. Otherwise we assume it is a
+// regex and try to match that.
+// see https://github.com/containers/podman/issues/18471 for why we do this
+func FilterID(id string, filters []string) bool {
+	for _, want := range filters {
+		isRegex := types.NotHexRegex.MatchString(want)
+		if isRegex {
+			match, err := regexp.MatchString(want, id)
+			if err == nil && match {
+				return true
+			}
+		} else if strings.HasPrefix(id, strings.ToLower(want)) {
+			return true
+		}
+	}
+	return false
+}

vendor/github.com/containers/image/v5/docker/docker_client.go

@@ -161,17 +161,6 @@ func newBearerTokenFromJSONBlob(blob []byte) (*bearerToken, error) {
 	return token, nil
 }
 
-// this is cloned from docker/go-connections because upstream docker has changed
-// it and make deps here fails otherwise.
-// We'll drop this once we upgrade to docker 1.13.x deps.
-func serverDefault() *tls.Config {
-	return &tls.Config{
-		// Avoid fallback to SSL protocols < TLS1.0
-		MinVersion:   tls.VersionTLS10,
-		CipherSuites: tlsconfig.DefaultServerAcceptedCiphers,
-	}
-}
-
 // dockerCertDir returns a path to a directory to be consumed by tlsclientconfig.SetupCertificates() depending on ctx and hostPort.
 func dockerCertDir(sys *types.SystemContext, hostPort string) (string, error) {
 	if sys != nil && sys.DockerCertPath != "" {
@@ -254,7 +243,9 @@ func newDockerClient(sys *types.SystemContext, registry, reference string) (*doc
 	if registry == dockerHostname {
 		registry = dockerRegistry
 	}
-	tlsClientConfig := serverDefault()
+	tlsClientConfig := &tls.Config{
+		CipherSuites: tlsconfig.DefaultServerAcceptedCiphers,
+	}
 
 	// It is undefined whether the host[:port] string for dockerHostname should be dockerHostname or dockerRegistry,
 	// because docker/docker does not read the certs.d subdirectory at all in that case.  We use the user-visible

vendor/github.com/containers/image/v5/openshift/openshift-copies.go

@@ -957,8 +957,6 @@ func tlsConfigFor(c *restConfig) (*tls.Config, error) {
 	}
 
 	tlsConfig := &tls.Config{
-		// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
-		MinVersion:         tls.VersionTLS10,
 		InsecureSkipVerify: c.Insecure,
 	}
 

vendor/github.com/containers/storage/.cirrus.yml

@@ -23,7 +23,7 @@ env:
     # GCE project where images live
     IMAGE_PROJECT: "libpod-218412"
     # VM Image built in containers/automation_images
-    IMAGE_SUFFIX: "c20230517t144652z-f38f37d12"
+    IMAGE_SUFFIX: "c20230601t145439z-f38f37d12"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
 

vendor/github.com/containers/storage/drivers/quota/projectquota.go

@@ -428,7 +428,14 @@ func makeBackingFsDev(home string) (string, error) {
 	backingFsBlockDevTmp := backingFsBlockDev + ".tmp"
 	// Re-create just in case someone copied the home directory over to a new device
 	if err := unix.Mknod(backingFsBlockDevTmp, unix.S_IFBLK|0o600, int(stat.Dev)); err != nil {
-		return "", fmt.Errorf("failed to mknod %s: %w", backingFsBlockDevTmp, err)
+		if !errors.Is(err, unix.EEXIST) {
+			return "", fmt.Errorf("failed to mknod %s: %w", backingFsBlockDevTmp, err)
+		}
+		// On EEXIST, try again after unlinking any potential leftover.
+		_ = unix.Unlink(backingFsBlockDevTmp)
+		if err := unix.Mknod(backingFsBlockDevTmp, unix.S_IFBLK|0o600, int(stat.Dev)); err != nil {
+			return "", fmt.Errorf("failed to mknod %s: %w", backingFsBlockDevTmp, err)
+		}
 	}
 	if err := unix.Rename(backingFsBlockDevTmp, backingFsBlockDev); err != nil {
 		return "", fmt.Errorf("failed to rename %s to %s: %w", backingFsBlockDevTmp, backingFsBlockDev, err)

vendor/github.com/containers/storage/layers.go

@@ -2246,50 +2246,59 @@ func (r *layerStore) applyDiffWithOptions(to string, layerOptions *LayerOptions,
 	defragmented = io.TeeReader(defragmented, compressedCounter)
 
 	tsdata := bytes.Buffer{}
-	compressor, err := pgzip.NewWriterLevel(&tsdata, pgzip.BestSpeed)
-	if err != nil {
-		compressor = pgzip.NewWriter(&tsdata)
-	}
-	if err := compressor.SetConcurrency(1024*1024, 1); err != nil { // 1024*1024 is the hard-coded default; we're not changing that
-		logrus.Infof("setting compression concurrency threads to 1: %v; ignoring", err)
-	}
-	metadata := storage.NewJSONPacker(compressor)
-	uncompressed, err := archive.DecompressStream(defragmented)
-	if err != nil {
-		return -1, err
-	}
-	defer uncompressed.Close()
 	uidLog := make(map[uint32]struct{})
 	gidLog := make(map[uint32]struct{})
-	idLogger, err := tarlog.NewLogger(func(h *tar.Header) {
-		if !strings.HasPrefix(path.Base(h.Name), archive.WhiteoutPrefix) {
-			uidLog[uint32(h.Uid)] = struct{}{}
-			gidLog[uint32(h.Gid)] = struct{}{}
+	var uncompressedCounter *ioutils.WriteCounter
+
+	size, err = func() (int64, error) { // A scope for defer
+		compressor, err := pgzip.NewWriterLevel(&tsdata, pgzip.BestSpeed)
+		if err != nil {
+			return -1, err
 		}
-	})
+		defer compressor.Close()                                        // This must happen before tsdata is consumed.
+		if err := compressor.SetConcurrency(1024*1024, 1); err != nil { // 1024*1024 is the hard-coded default; we're not changing that
+			logrus.Infof("setting compression concurrency threads to 1: %v; ignoring", err)
+		}
+		metadata := storage.NewJSONPacker(compressor)
+		uncompressed, err := archive.DecompressStream(defragmented)
+		if err != nil {
+			return -1, err
+		}
+		defer uncompressed.Close()
+		idLogger, err := tarlog.NewLogger(func(h *tar.Header) {
+			if !strings.HasPrefix(path.Base(h.Name), archive.WhiteoutPrefix) {
+				uidLog[uint32(h.Uid)] = struct{}{}
+				gidLog[uint32(h.Gid)] = struct{}{}
+			}
+		})
+		if err != nil {
+			return -1, err
+		}
+		defer idLogger.Close() // This must happen before uidLog and gidLog is consumed.
+		uncompressedCounter = ioutils.NewWriteCounter(idLogger)
+		uncompressedWriter := (io.Writer)(uncompressedCounter)
+		if uncompressedDigester != nil {
+			uncompressedWriter = io.MultiWriter(uncompressedWriter, uncompressedDigester.Hash())
+		}
+		payload, err := asm.NewInputTarStream(io.TeeReader(uncompressed, uncompressedWriter), metadata, storage.NewDiscardFilePutter())
+		if err != nil {
+			return -1, err
+		}
+		options := drivers.ApplyDiffOpts{
+			Diff:       payload,
+			Mappings:   r.layerMappings(layer),
+			MountLabel: layer.MountLabel,
+		}
+		size, err := r.driver.ApplyDiff(layer.ID, layer.Parent, options)
+		if err != nil {
+			return -1, err
+		}
+		return size, err
+	}()
 	if err != nil {
 		return -1, err
 	}
-	defer idLogger.Close()
-	uncompressedCounter := ioutils.NewWriteCounter(idLogger)
-	uncompressedWriter := (io.Writer)(uncompressedCounter)
-	if uncompressedDigester != nil {
-		uncompressedWriter = io.MultiWriter(uncompressedWriter, uncompressedDigester.Hash())
-	}
-	payload, err := asm.NewInputTarStream(io.TeeReader(uncompressed, uncompressedWriter), metadata, storage.NewDiscardFilePutter())
-	if err != nil {
-		return -1, err
-	}
-	options := drivers.ApplyDiffOpts{
-		Diff:       payload,
-		Mappings:   r.layerMappings(layer),
-		MountLabel: layer.MountLabel,
-	}
-	size, err = r.driver.ApplyDiff(layer.ID, layer.Parent, options)
-	if err != nil {
-		return -1, err
-	}
-	compressor.Close()
+
 	if err := os.MkdirAll(filepath.Dir(r.tspath(layer.ID)), 0o700); err != nil {
 		return -1, err
 	}

vendor/github.com/containers/storage/pkg/regexp/regexp.go

@@ -10,26 +10,26 @@ import (
 // used as global variables. Using this structure helps speed the startup time
 // of apps that want to use global regex variables. This library initializes them on
 // first use as opposed to the start of the executable.
-type Regexp struct {
-	once   *sync.Once
+type Regexp = *regexpStruct
+
+type regexpStruct struct {
+	_      noCopy
+	once   sync.Once
 	regexp *regexp.Regexp
 	val    string
 }
 
 func Delayed(val string) Regexp {
-	re := Regexp{
+	re := &regexpStruct{
 		val: val,
 	}
 	if precompile {
 		re.regexp = regexp.MustCompile(re.val)
-	} else {
-		re.once = &sync.Once{}
 	}
-
 	return re
 }
 
-func (re *Regexp) compile() {
+func (re *regexpStruct) compile() {
 	if precompile {
 		return
 	}
@@ -38,182 +38,195 @@ func (re *Regexp) compile() {
 	})
 }
 
-func (re *Regexp) Expand(dst []byte, template []byte, src []byte, match []int) []byte {
+func (re *regexpStruct) Expand(dst []byte, template []byte, src []byte, match []int) []byte {
 	re.compile()
 	return re.regexp.Expand(dst, template, src, match)
 }
 
-func (re *Regexp) ExpandString(dst []byte, template string, src string, match []int) []byte {
+func (re *regexpStruct) ExpandString(dst []byte, template string, src string, match []int) []byte {
 	re.compile()
 	return re.regexp.ExpandString(dst, template, src, match)
 }
 
-func (re *Regexp) Find(b []byte) []byte {
+func (re *regexpStruct) Find(b []byte) []byte {
 	re.compile()
 	return re.regexp.Find(b)
 }
 
-func (re *Regexp) FindAll(b []byte, n int) [][]byte {
+func (re *regexpStruct) FindAll(b []byte, n int) [][]byte {
 	re.compile()
 	return re.regexp.FindAll(b, n)
 }
 
-func (re *Regexp) FindAllIndex(b []byte, n int) [][]int {
+func (re *regexpStruct) FindAllIndex(b []byte, n int) [][]int {
 	re.compile()
 	return re.regexp.FindAllIndex(b, n)
 }
 
-func (re *Regexp) FindAllString(s string, n int) []string {
+func (re *regexpStruct) FindAllString(s string, n int) []string {
 	re.compile()
 	return re.regexp.FindAllString(s, n)
 }
 
-func (re *Regexp) FindAllStringIndex(s string, n int) [][]int {
+func (re *regexpStruct) FindAllStringIndex(s string, n int) [][]int {
 	re.compile()
 	return re.regexp.FindAllStringIndex(s, n)
 }
 
-func (re *Regexp) FindAllStringSubmatch(s string, n int) [][]string {
+func (re *regexpStruct) FindAllStringSubmatch(s string, n int) [][]string {
 	re.compile()
 	return re.regexp.FindAllStringSubmatch(s, n)
 }
 
-func (re *Regexp) FindAllStringSubmatchIndex(s string, n int) [][]int {
+func (re *regexpStruct) FindAllStringSubmatchIndex(s string, n int) [][]int {
 	re.compile()
 	return re.regexp.FindAllStringSubmatchIndex(s, n)
 }
 
-func (re *Regexp) FindAllSubmatch(b []byte, n int) [][][]byte {
+func (re *regexpStruct) FindAllSubmatch(b []byte, n int) [][][]byte {
 	re.compile()
 	return re.regexp.FindAllSubmatch(b, n)
 }
 
-func (re *Regexp) FindAllSubmatchIndex(b []byte, n int) [][]int {
+func (re *regexpStruct) FindAllSubmatchIndex(b []byte, n int) [][]int {
 	re.compile()
 	return re.regexp.FindAllSubmatchIndex(b, n)
 }
 
-func (re *Regexp) FindIndex(b []byte) (loc []int) {
+func (re *regexpStruct) FindIndex(b []byte) (loc []int) {
 	re.compile()
 	return re.regexp.FindIndex(b)
 }
 
-func (re *Regexp) FindReaderIndex(r io.RuneReader) (loc []int) {
+func (re *regexpStruct) FindReaderIndex(r io.RuneReader) (loc []int) {
 	re.compile()
 	return re.regexp.FindReaderIndex(r)
 }
 
-func (re *Regexp) FindReaderSubmatchIndex(r io.RuneReader) []int {
+func (re *regexpStruct) FindReaderSubmatchIndex(r io.RuneReader) []int {
 	re.compile()
 	return re.regexp.FindReaderSubmatchIndex(r)
 }
 
-func (re *Regexp) FindString(s string) string {
+func (re *regexpStruct) FindString(s string) string {
 	re.compile()
 	return re.regexp.FindString(s)
 }
 
-func (re *Regexp) FindStringIndex(s string) (loc []int) {
+func (re *regexpStruct) FindStringIndex(s string) (loc []int) {
 	re.compile()
 	return re.regexp.FindStringIndex(s)
 }
 
-func (re *Regexp) FindStringSubmatch(s string) []string {
+func (re *regexpStruct) FindStringSubmatch(s string) []string {
 	re.compile()
 	return re.regexp.FindStringSubmatch(s)
 }
 
-func (re *Regexp) FindStringSubmatchIndex(s string) []int {
+func (re *regexpStruct) FindStringSubmatchIndex(s string) []int {
 	re.compile()
 	return re.regexp.FindStringSubmatchIndex(s)
 }
 
-func (re *Regexp) FindSubmatch(b []byte) [][]byte {
+func (re *regexpStruct) FindSubmatch(b []byte) [][]byte {
 	re.compile()
 	return re.regexp.FindSubmatch(b)
 }
 
-func (re *Regexp) FindSubmatchIndex(b []byte) []int {
+func (re *regexpStruct) FindSubmatchIndex(b []byte) []int {
 	re.compile()
 	return re.regexp.FindSubmatchIndex(b)
 }
 
-func (re *Regexp) LiteralPrefix() (prefix string, complete bool) {
+func (re *regexpStruct) LiteralPrefix() (prefix string, complete bool) {
 	re.compile()
 	return re.regexp.LiteralPrefix()
 }
 
-func (re *Regexp) Longest() {
+func (re *regexpStruct) Longest() {
 	re.compile()
 	re.regexp.Longest()
 }
 
-func (re *Regexp) Match(b []byte) bool {
+func (re *regexpStruct) Match(b []byte) bool {
 	re.compile()
 	return re.regexp.Match(b)
 }
 
-func (re *Regexp) MatchReader(r io.RuneReader) bool {
+func (re *regexpStruct) MatchReader(r io.RuneReader) bool {
 	re.compile()
 	return re.regexp.MatchReader(r)
 }
 
-func (re *Regexp) MatchString(s string) bool {
+func (re *regexpStruct) MatchString(s string) bool {
 	re.compile()
 	return re.regexp.MatchString(s)
 }
 
-func (re *Regexp) NumSubexp() int {
+func (re *regexpStruct) NumSubexp() int {
 	re.compile()
 	return re.regexp.NumSubexp()
 }
 
-func (re *Regexp) ReplaceAll(src, repl []byte) []byte {
+func (re *regexpStruct) ReplaceAll(src, repl []byte) []byte {
 	re.compile()
 	return re.regexp.ReplaceAll(src, repl)
 }
 
-func (re *Regexp) ReplaceAllFunc(src []byte, repl func([]byte) []byte) []byte {
+func (re *regexpStruct) ReplaceAllFunc(src []byte, repl func([]byte) []byte) []byte {
 	re.compile()
 	return re.regexp.ReplaceAllFunc(src, repl)
 }
 
-func (re *Regexp) ReplaceAllLiteral(src, repl []byte) []byte {
+func (re *regexpStruct) ReplaceAllLiteral(src, repl []byte) []byte {
 	re.compile()
 	return re.regexp.ReplaceAllLiteral(src, repl)
 }
 
-func (re *Regexp) ReplaceAllLiteralString(src, repl string) string {
+func (re *regexpStruct) ReplaceAllLiteralString(src, repl string) string {
 	re.compile()
 	return re.regexp.ReplaceAllLiteralString(src, repl)
 }
 
-func (re *Regexp) ReplaceAllString(src, repl string) string {
+func (re *regexpStruct) ReplaceAllString(src, repl string) string {
 	re.compile()
 	return re.regexp.ReplaceAllString(src, repl)
 }
 
-func (re *Regexp) ReplaceAllStringFunc(src string, repl func(string) string) string {
+func (re *regexpStruct) ReplaceAllStringFunc(src string, repl func(string) string) string {
 	re.compile()
 	return re.regexp.ReplaceAllStringFunc(src, repl)
 }
 
-func (re *Regexp) Split(s string, n int) []string {
+func (re *regexpStruct) Split(s string, n int) []string {
 	re.compile()
 	return re.regexp.Split(s, n)
 }
 
-func (re *Regexp) String() string {
+func (re *regexpStruct) String() string {
 	re.compile()
 	return re.regexp.String()
 }
 
-func (re *Regexp) SubexpIndex(name string) int {
+func (re *regexpStruct) SubexpIndex(name string) int {
 	re.compile()
 	return re.regexp.SubexpIndex(name)
 }
 
-func (re *Regexp) SubexpNames() []string {
+func (re *regexpStruct) SubexpNames() []string {
 	re.compile()
 	return re.regexp.SubexpNames()
 }
+
+// noCopy may be added to structs which must not be copied
+// after the first use.
+//
+// See https://golang.org/issues/8005#issuecomment-190753527
+// for details.
+//
+// Note that it must not be embedded, due to the Lock and Unlock methods.
+type noCopy struct{}
+
+// Lock is a no-op used by -copylocks checker from `go vet`.
+func (*noCopy) Lock()   {}
+func (*noCopy) Unlock() {}

vendor/github.com/containers/storage/types/options.go

@@ -10,8 +10,6 @@ import (
 	"time"
 
 	"github.com/BurntSushi/toml"
-	drivers "github.com/containers/storage/drivers"
-	_ "github.com/containers/storage/drivers/register"
 	cfg "github.com/containers/storage/pkg/config"
 	"github.com/containers/storage/pkg/idtools"
 	"github.com/sirupsen/logrus"
@@ -312,12 +310,13 @@ func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOpti
 	}
 	if opts.GraphDriverName == "" {
 		if len(systemOpts.GraphDriverPriority) == 0 {
-			driversMap := drivers.ScanPriorDrivers(opts.GraphRoot)
-
-			for _, name := range drivers.Priority {
-				if _, prior := driversMap[name]; prior {
-					opts.GraphDriverName = name
-					break
+			dirEntries, err := os.ReadDir(opts.GraphRoot)
+			if err == nil {
+				for _, entry := range dirEntries {
+					if strings.HasSuffix(entry.Name(), "-images") {
+						opts.GraphDriverName = strings.TrimSuffix(entry.Name(), "-images")
+						break
+					}
 				}
 			}
 

vendor/github.com/go-openapi/swag/util.go

@@ -341,12 +341,21 @@ type zeroable interface {
 // IsZero returns true when the value passed into the function is a zero value.
 // This allows for safer checking of interface values.
 func IsZero(data interface{}) bool {
+	v := reflect.ValueOf(data)
+	// check for nil data
+	switch v.Kind() {
+	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
+		if v.IsNil() {
+			return true
+		}
+	}
+
 	// check for things that have an IsZero method instead
 	if vv, ok := data.(zeroable); ok {
 		return vv.IsZero()
 	}
+
 	// continue with slightly more complex reflection
-	v := reflect.ValueOf(data)
 	switch v.Kind() {
 	case reflect.String:
 		return v.Len() == 0
@@ -358,14 +367,13 @@ func IsZero(data interface{}) bool {
 		return v.Uint() == 0
 	case reflect.Float32, reflect.Float64:
 		return v.Float() == 0
-	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-		return v.IsNil()
 	case reflect.Struct, reflect.Array:
 		return reflect.DeepEqual(data, reflect.Zero(v.Type()).Interface())
 	case reflect.Invalid:
 		return true
+	default:
+		return false
 	}
-	return false
 }
 
 // AddInitialisms add additional initialisms

vendor/github.com/klauspost/compress/README.md

@@ -16,6 +16,10 @@ This package provides various compression algorithms.
 
 # changelog
 
+* Apr 16, 2023 - [v1.16.5](https://github.com/klauspost/compress/releases/tag/v1.16.5)
+	* zstd: readByte needs to use io.ReadFull by @jnoxon in https://github.com/klauspost/compress/pull/802
+	* gzip: Fix WriterTo after initial read https://github.com/klauspost/compress/pull/804
+
 * Apr 5, 2023 - [v1.16.4](https://github.com/klauspost/compress/releases/tag/v1.16.4)
 	* zstd: Improve zstd best efficiency by @greatroar and @klauspost in https://github.com/klauspost/compress/pull/784
 	* zstd: Respect WithAllLitEntropyCompression https://github.com/klauspost/compress/pull/792

vendor/github.com/klauspost/compress/SECURITY.md

@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are applied only to the latest release.
+
+## Vulnerability Definition
+
+A security vulnerability is a bug that with certain input triggers a crash or an infinite loop. Most calls will have varying execution time and only in rare cases will slow operation be considered a security vulnerability.
+
+Corrupted output generally is not considered a security vulnerability, unless independent operations are able to affect each other. Note that not all functionality is re-entrant and safe to use concurrently.
+
+Out-of-memory crashes only applies if the en/decoder uses an abnormal amount of memory, with appropriate options applied, to limit maximum window size, concurrency, etc. However, if you are in doubt you are welcome to file a security issue.
+
+It is assumed that all callers are trusted, meaning internal data exposed through reflection or inspection of returned data structures is not considered a vulnerability.
+
+Vulnerabilities resulting from compiler/assembler errors should be reported upstream. Depending on the severity this package may or may not implement a workaround.
+
+## Reporting a Vulnerability
+
+If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
+
+Please disclose it at [security advisory](https://github.com/klaupost/compress/security/advisories/new). If possible please provide a minimal reproducer. If the issue only applies to a single platform, it would be helpful to provide access to that.
+
+This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.

vendor/github.com/klauspost/compress/flate/deflate.go

@@ -90,9 +90,8 @@ type advancedState struct {
 	ii uint16 // position of last match, intended to overflow to reset.
 
 	// input window: unprocessed data is window[index:windowEnd]
-	index          int
-	estBitsPerByte int
-	hashMatch      [maxMatchLength + minMatchLength]uint32
+	index     int
+	hashMatch [maxMatchLength + minMatchLength]uint32
 
 	// Input hash chains
 	// hashHead[hashValue] contains the largest inputIndex with the specified hash value

vendor/github.com/klauspost/compress/flate/huffman_bit_writer.go

@@ -34,11 +34,6 @@ const (
 	// Should preferably be a multiple of 6, since
 	// we accumulate 6 bytes between writes to the buffer.
 	bufferFlushSize = 246
-
-	// bufferSize is the actual output byte buffer size.
-	// It must have additional headroom for a flush
-	// which can contain up to 8 bytes.
-	bufferSize = bufferFlushSize + 8
 )
 
 // Minimum length code that emits bits.

vendor/github.com/klauspost/compress/flate/huffman_sortByFreq.go

@@ -42,25 +42,6 @@ func quickSortByFreq(data []literalNode, a, b, maxDepth int) {
 	}
 }
 
-// siftDownByFreq implements the heap property on data[lo, hi).
-// first is an offset into the array where the root of the heap lies.
-func siftDownByFreq(data []literalNode, lo, hi, first int) {
-	root := lo
-	for {
-		child := 2*root + 1
-		if child >= hi {
-			break
-		}
-		if child+1 < hi && (data[first+child].freq == data[first+child+1].freq && data[first+child].literal < data[first+child+1].literal || data[first+child].freq < data[first+child+1].freq) {
-			child++
-		}
-		if data[first+root].freq == data[first+child].freq && data[first+root].literal > data[first+child].literal || data[first+root].freq > data[first+child].freq {
-			return
-		}
-		data[first+root], data[first+child] = data[first+child], data[first+root]
-		root = child
-	}
-}
 func doPivotByFreq(data []literalNode, lo, hi int) (midlo, midhi int) {
 	m := int(uint(lo+hi) >> 1) // Written like this to avoid integer overflow.
 	if hi-lo > 40 {

vendor/github.com/klauspost/compress/huff0/bitwriter.go

@@ -13,14 +13,6 @@ type bitWriter struct {
 	out          []byte
 }
 
-// bitMask16 is bitmasks. Has extra to avoid bounds check.
-var bitMask16 = [32]uint16{
-	0, 1, 3, 7, 0xF, 0x1F,
-	0x3F, 0x7F, 0xFF, 0x1FF, 0x3FF, 0x7FF,
-	0xFFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF, 0xFFFF,
-	0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF,
-	0xFFFF, 0xFFFF} /* up to 16 bits */
-
 // addBits16Clean will add up to 16 bits. value may not contain more set bits than indicated.
 // It will not check if there is space for them, so the caller must ensure that it has flushed recently.
 func (b *bitWriter) addBits16Clean(value uint16, bits uint8) {

vendor/github.com/klauspost/compress/huff0/decompress.go

@@ -253,7 +253,7 @@ func (d *Decoder) decompress1X8Bit(dst, src []byte) ([]byte, error) {
 
 	switch d.actualTableLog {
 	case 8:
-		const shift = 8 - 8
+		const shift = 0
 		for br.off >= 4 {
 			br.fillFast()
 			v := dt[uint8(br.value>>(56+shift))]

vendor/github.com/klauspost/compress/internal/snapref/encode_other.go

@@ -87,18 +87,6 @@ func emitCopy(dst []byte, offset, length int) int {
 	return i + 2
 }
 
-// extendMatch returns the largest k such that k <= len(src) and that
-// src[i:i+k-j] and src[j:k] have the same contents.
-//
-// It assumes that:
-//
-//	0 <= i && i < j && j <= len(src)
-func extendMatch(src []byte, i, j int) int {
-	for ; j < len(src) && src[i] == src[j]; i, j = i+1, j+1 {
-	}
-	return j
-}
-
 func hash(u, shift uint32) uint32 {
 	return (u * 0x1e35a7bd) >> shift
 }

vendor/github.com/klauspost/compress/zstd/README.md

@@ -304,7 +304,7 @@ import "github.com/klauspost/compress/zstd"
 
 // Create a reader that caches decompressors.
 // For this operation type we supply a nil Reader.
-var decoder, _ = zstd.NewReader(nil, WithDecoderConcurrency(0))
+var decoder, _ = zstd.NewReader(nil, zstd.WithDecoderConcurrency(0))
 
 // Decompress a buffer. We don't supply a destination buffer,
 // so it will be allocated by the decoder.

vendor/github.com/klauspost/compress/zstd/blockdec.go

@@ -592,7 +592,7 @@ func (b *blockDec) prepareSequences(in []byte, hist *history) (err error) {
 				}
 				seq.fse.setRLE(symb)
 				if debugDecoder {
-					printf("RLE set to %+v, code: %v", symb, v)
+					printf("RLE set to 0x%x, code: %v", symb, v)
 				}
 			case compModeFSE:
 				println("Reading table for", tableIndex(i))

vendor/github.com/klauspost/compress/zstd/decoder_options.go

@@ -107,7 +107,7 @@ func WithDecoderDicts(dicts ...[]byte) DOption {
 	}
 }
 
-// WithEncoderDictRaw registers a dictionary that may be used by the decoder.
+// WithDecoderDictRaw registers a dictionary that may be used by the decoder.
 // The slice content can be arbitrary data.
 func WithDecoderDictRaw(id uint32, content []byte) DOption {
 	return func(o *decoderOptions) error {

vendor/github.com/klauspost/compress/zstd/enc_fast.go

@@ -133,8 +133,7 @@ encodeLoop:
 			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
 				// Consider history as well.
 				var seq seq
-				var length int32
-				length = 4 + e.matchlen(s+6, repIndex+4, src)
+				length := 4 + e.matchlen(s+6, repIndex+4, src)
 				seq.matchLen = uint32(length - zstdMinMatch)
 
 				// We might be able to match backwards.
@@ -645,8 +644,7 @@ encodeLoop:
 			if canRepeat && repIndex >= 0 && load3232(src, repIndex) == uint32(cv>>16) {
 				// Consider history as well.
 				var seq seq
-				var length int32
-				length = 4 + e.matchlen(s+6, repIndex+4, src)
+				length := 4 + e.matchlen(s+6, repIndex+4, src)
 
 				seq.matchLen = uint32(length - zstdMinMatch)
 

vendor/github.com/klauspost/compress/zstd/encoder_options.go

@@ -129,7 +129,7 @@ func WithEncoderPadding(n int) EOption {
 		}
 		// No need to waste our time.
 		if n == 1 {
-			o.pad = 0
+			n = 0
 		}
 		if n > 1<<30 {
 			return fmt.Errorf("padding must less than 1GB (1<<30 bytes) ")

vendor/github.com/klauspost/compress/zstd/framedec.go

@@ -73,20 +73,20 @@ func (d *frameDec) reset(br byteBuffer) error {
 		switch err {
 		case io.EOF, io.ErrUnexpectedEOF:
 			return io.EOF
-		default:
-			return err
 		case nil:
 			signature[0] = b[0]
+		default:
+			return err
 		}
 		// Read the rest, don't allow io.ErrUnexpectedEOF
 		b, err = br.readSmall(3)
 		switch err {
 		case io.EOF:
 			return io.EOF
-		default:
-			return err
 		case nil:
 			copy(signature[1:], b)
+		default:
+			return err
 		}
 
 		if string(signature[1:4]) != skippableFrameMagic || signature[0]&0xf0 != 0x50 {

vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go

@@ -0,0 +1,16 @@
+//go:build amd64 && !appengine && !noasm && gc
+// +build amd64,!appengine,!noasm,gc
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package zstd
+
+// matchLen returns how many bytes match in a and b
+//
+// It assumes that:
+//
+//	len(a) <= len(b) and len(a) > 0
+//
+//go:noescape
+func matchLen(a []byte, b []byte) int

vendor/github.com/klauspost/compress/zstd/matchlen_amd64.s

@@ -0,0 +1,68 @@
+// Copied from S2 implementation.
+
+//go:build !appengine && !noasm && gc && !noasm
+
+#include "textflag.h"
+
+// func matchLen(a []byte, b []byte) int
+// Requires: BMI
+TEXT ·matchLen(SB), NOSPLIT, $0-56
+	MOVQ a_base+0(FP), AX
+	MOVQ b_base+24(FP), CX
+	MOVQ a_len+8(FP), DX
+
+	// matchLen
+	XORL SI, SI
+	CMPL DX, $0x08
+	JB   matchlen_match4_standalone
+
+matchlen_loopback_standalone:
+	MOVQ  (AX)(SI*1), BX
+	XORQ  (CX)(SI*1), BX
+	TESTQ BX, BX
+	JZ    matchlen_loop_standalone
+
+#ifdef GOAMD64_v3
+	TZCNTQ BX, BX
+#else
+	BSFQ BX, BX
+#endif
+	SARQ $0x03, BX
+	LEAL (SI)(BX*1), SI
+	JMP  gen_match_len_end
+
+matchlen_loop_standalone:
+	LEAL -8(DX), DX
+	LEAL 8(SI), SI
+	CMPL DX, $0x08
+	JAE  matchlen_loopback_standalone
+
+matchlen_match4_standalone:
+	CMPL DX, $0x04
+	JB   matchlen_match2_standalone
+	MOVL (AX)(SI*1), BX
+	CMPL (CX)(SI*1), BX
+	JNE  matchlen_match2_standalone
+	LEAL -4(DX), DX
+	LEAL 4(SI), SI
+
+matchlen_match2_standalone:
+	CMPL DX, $0x02
+	JB   matchlen_match1_standalone
+	MOVW (AX)(SI*1), BX
+	CMPW (CX)(SI*1), BX
+	JNE  matchlen_match1_standalone
+	LEAL -2(DX), DX
+	LEAL 2(SI), SI
+
+matchlen_match1_standalone:
+	CMPL DX, $0x01
+	JB   gen_match_len_end
+	MOVB (AX)(SI*1), BL
+	CMPB (CX)(SI*1), BL
+	JNE  gen_match_len_end
+	INCL SI
+
+gen_match_len_end:
+	MOVQ SI, ret+48(FP)
+	RET

vendor/github.com/klauspost/compress/zstd/matchlen_generic.go

@@ -0,0 +1,33 @@
+//go:build !amd64 || appengine || !gc || noasm
+// +build !amd64 appengine !gc noasm
+
+// Copyright 2019+ Klaus Post. All rights reserved.
+// License information can be found in the LICENSE file.
+
+package zstd
+
+import (
+	"encoding/binary"
+	"math/bits"
+)
+
+// matchLen returns the maximum common prefix length of a and b.
+// a must be the shortest of the two.
+func matchLen(a, b []byte) (n int) {
+	for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
+		diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
+		if diff != 0 {
+			return n + bits.TrailingZeros64(diff)>>3
+		}
+		n += 8
+	}
+
+	for i := range a {
+		if a[i] != b[i] {
+			break
+		}
+		n++
+	}
+	return n
+
+}

vendor/github.com/klauspost/compress/zstd/zstd.go

@@ -9,7 +9,6 @@ import (
 	"errors"
 	"log"
 	"math"
-	"math/bits"
 )
 
 // enable debug printing
@@ -106,27 +105,6 @@ func printf(format string, a ...interface{}) {
 	}
 }
 
-// matchLen returns the maximum common prefix length of a and b.
-// a must be the shortest of the two.
-func matchLen(a, b []byte) (n int) {
-	for ; len(a) >= 8 && len(b) >= 8; a, b = a[8:], b[8:] {
-		diff := binary.LittleEndian.Uint64(a) ^ binary.LittleEndian.Uint64(b)
-		if diff != 0 {
-			return n + bits.TrailingZeros64(diff)>>3
-		}
-		n += 8
-	}
-
-	for i := range a {
-		if a[i] != b[i] {
-			break
-		}
-		n++
-	}
-	return n
-
-}
-
 func load3232(b []byte, i int32) uint32 {
 	return binary.LittleEndian.Uint32(b[:len(b):len(b)][i:])
 }

vendor/github.com/opencontainers/runtime-spec/specs-go/config.go

@@ -33,6 +33,34 @@ type Spec struct {
 	ZOS *ZOS `json:"zos,omitempty" platform:"zos"`
 }
 
+// Scheduler represents the scheduling attributes for a process. It is based on
+// the Linux sched_setattr(2) syscall.
+type Scheduler struct {
+	// Policy represents the scheduling policy (e.g., SCHED_FIFO, SCHED_RR, SCHED_OTHER).
+	Policy LinuxSchedulerPolicy `json:"policy"`
+
+	// Nice is the nice value for the process, which affects its priority.
+	Nice int32 `json:"nice,omitempty"`
+
+	// Priority represents the static priority of the process.
+	Priority int32 `json:"priority,omitempty"`
+
+	// Flags is an array of scheduling flags.
+	Flags []LinuxSchedulerFlag `json:"flags,omitempty"`
+
+	// The following ones are used by the DEADLINE scheduler.
+
+	// Runtime is the amount of time in nanoseconds during which the process
+	// is allowed to run in a given period.
+	Runtime uint64 `json:"runtime,omitempty"`
+
+	// Deadline is the absolute deadline for the process to complete its execution.
+	Deadline uint64 `json:"deadline,omitempty"`
+
+	// Period is the length of the period in nanoseconds used for determining the process runtime.
+	Period uint64 `json:"period,omitempty"`
+}
+
 // Process contains information to start a specific application inside the container.
 type Process struct {
 	// Terminal creates an interactive terminal for the container.
@@ -60,8 +88,12 @@ type Process struct {
 	ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
 	// Specify an oom_score_adj for the container.
 	OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"`
+	// Scheduler specifies the scheduling attributes for a process
+	Scheduler *Scheduler `json:"scheduler,omitempty" platform:"linux"`
 	// SelinuxLabel specifies the selinux context that the container process is run as.
 	SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
+	// IOPriority contains the I/O priority settings for the cgroup.
+	IOPriority *LinuxIOPriority `json:"ioPriority,omitempty" platform:"linux"`
 }
 
 // LinuxCapabilities specifies the list of allowed capabilities that are kept for a process.
@@ -79,6 +111,22 @@ type LinuxCapabilities struct {
 	Ambient []string `json:"ambient,omitempty" platform:"linux"`
 }
 
+// IOPriority represents I/O priority settings for the container's processes within the process group.
+type LinuxIOPriority struct {
+	Class    IOPriorityClass `json:"class"`
+	Priority int             `json:"priority"`
+}
+
+// IOPriorityClass represents an I/O scheduling class.
+type IOPriorityClass string
+
+// Possible values for IOPriorityClass.
+const (
+	IOPRIO_CLASS_RT   IOPriorityClass = "IOPRIO_CLASS_RT"
+	IOPRIO_CLASS_BE   IOPriorityClass = "IOPRIO_CLASS_BE"
+	IOPRIO_CLASS_IDLE IOPriorityClass = "IOPRIO_CLASS_IDLE"
+)
+
 // Box specifies dimensions of a rectangle. Used for specifying the size of a console.
 type Box struct {
 	// Height is the vertical dimension of a box.
@@ -789,3 +837,43 @@ type ZOSDevice struct {
 	// Gid of the device.
 	GID *uint32 `json:"gid,omitempty"`
 }
+
+// LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler
+type LinuxSchedulerPolicy string
+
+const (
+	// SchedOther is the default scheduling policy
+	SchedOther LinuxSchedulerPolicy = "SCHED_OTHER"
+	// SchedFIFO is the First-In-First-Out scheduling policy
+	SchedFIFO LinuxSchedulerPolicy = "SCHED_FIFO"
+	// SchedRR is the Round-Robin scheduling policy
+	SchedRR LinuxSchedulerPolicy = "SCHED_RR"
+	// SchedBatch is the Batch scheduling policy
+	SchedBatch LinuxSchedulerPolicy = "SCHED_BATCH"
+	// SchedISO is the Isolation scheduling policy
+	SchedISO LinuxSchedulerPolicy = "SCHED_ISO"
+	// SchedIdle is the Idle scheduling policy
+	SchedIdle LinuxSchedulerPolicy = "SCHED_IDLE"
+	// SchedDeadline is the Deadline scheduling policy
+	SchedDeadline LinuxSchedulerPolicy = "SCHED_DEADLINE"
+)
+
+// LinuxSchedulerFlag represents the flags used by the Linux Scheduler.
+type LinuxSchedulerFlag string
+
+const (
+	// SchedFlagResetOnFork represents the reset on fork scheduling flag
+	SchedFlagResetOnFork LinuxSchedulerFlag = "SCHED_FLAG_RESET_ON_FORK"
+	// SchedFlagReclaim represents the reclaim scheduling flag
+	SchedFlagReclaim LinuxSchedulerFlag = "SCHED_FLAG_RECLAIM"
+	// SchedFlagDLOverrun represents the deadline overrun scheduling flag
+	SchedFlagDLOverrun LinuxSchedulerFlag = "SCHED_FLAG_DL_OVERRUN"
+	// SchedFlagKeepPolicy represents the keep policy scheduling flag
+	SchedFlagKeepPolicy LinuxSchedulerFlag = "SCHED_FLAG_KEEP_POLICY"
+	// SchedFlagKeepParams represents the keep parameters scheduling flag
+	SchedFlagKeepParams LinuxSchedulerFlag = "SCHED_FLAG_KEEP_PARAMS"
+	// SchedFlagUtilClampMin represents the utilization clamp minimum scheduling flag
+	SchedFlagUtilClampMin LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MIN"
+	// SchedFlagUtilClampMin represents the utilization clamp maximum scheduling flag
+	SchedFlagUtilClampMax LinuxSchedulerFlag = "SCHED_FLAG_UTIL_CLAMP_MAX"
+)

vendor/github.com/opencontainers/runtime-spec/specs-go/version.go

@@ -11,7 +11,7 @@ const (
 	VersionPatch = 0
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-rc.2"
+	VersionDev = "-rc.3"
 )
 
 // Version is the specification version that the package types support.

vendor/modules.txt

@@ -125,7 +125,7 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.53.1-0.20230608150349-2c1849f43e14
+# github.com/containers/common v0.53.1-0.20230613082804-74f276a3624f
 ## explicit; go 1.18
 github.com/containers/common/libimage
 github.com/containers/common/libimage/define
@@ -179,7 +179,7 @@ github.com/containers/common/version
 # github.com/containers/conmon v2.0.20+incompatible
 ## explicit
 github.com/containers/conmon/runner/config
-# github.com/containers/image/v5 v5.25.1-0.20230608153337-8ad019310ff2
+# github.com/containers/image/v5 v5.25.1-0.20230613062531-9e44c062ca20
 ## explicit; go 1.18
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory
@@ -286,7 +286,7 @@ github.com/containers/psgo/internal/dev
 github.com/containers/psgo/internal/host
 github.com/containers/psgo/internal/proc
 github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.46.2-0.20230530174214-1dc289a244ce
+# github.com/containers/storage v1.46.2-0.20230613134951-e424b6649be3
 ## explicit; go 1.19
 github.com/containers/storage
 github.com/containers/storage/drivers
@@ -501,7 +501,7 @@ github.com/go-openapi/spec
 # github.com/go-openapi/strfmt v0.21.7
 ## explicit; go 1.19
 github.com/go-openapi/strfmt
-# github.com/go-openapi/swag v0.22.3
+# github.com/go-openapi/swag v0.22.4
 ## explicit; go 1.18
 github.com/go-openapi/swag
 # github.com/go-openapi/validate v0.22.1
@@ -591,7 +591,7 @@ github.com/josharian/intern
 # github.com/json-iterator/go v1.1.12
 ## explicit; go 1.12
 github.com/json-iterator/go
-# github.com/klauspost/compress v1.16.5
+# github.com/klauspost/compress v1.16.6
 ## explicit; go 1.18
 github.com/klauspost/compress
 github.com/klauspost/compress/flate
@@ -732,7 +732,7 @@ github.com/opencontainers/runc/libcontainer/devices
 github.com/opencontainers/runc/libcontainer/user
 github.com/opencontainers/runc/libcontainer/userns
 github.com/opencontainers/runc/libcontainer/utils
-# github.com/opencontainers/runtime-spec v1.1.0-rc.2
+# github.com/opencontainers/runtime-spec v1.1.0-rc.3
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/runtime-tools v0.9.1-0.20230317050512-e931285f4b69