bump google.golang.org/grpc v1.23.0 (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515)

[thaJeztah]

full diff: grpc/grpc-go@v1.20.1...v1.23.0

This update contains security fixes:

• transport: block reading frames when too many transport control frames are queued (transport: block reading frames when too many transport control frames are queued grpc/grpc-go#2970)
  • Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).

Other changes can be found in the release notes:
https://github.com/grpc/grpc-go/releases/tag/v1.23.0

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 7m 39s (non-voting)

[thaJeztah]

Fails with TRAVIS_CGO_ENABLED=1 😞

INFO[0000] start to pull seed image                     
1400--- FAIL: TestClientTTRPC_Reconnect (0.00s)
1401    client_ttrpc_test.go:56: assertion failed: error is not nil: no status provided on response
1402--- FAIL: TestCheckpointRestorePTY (0.65s)
1403    container_checkpoint_test.go:84: no status provided on response: unknown
1404--- FAIL: TestCheckpointRestore (0.22s)
1405    container_checkpoint_test.go:199: no status provided on response: unknown
1406--- FAIL: TestCheckpointRestoreNewContainer (0.23s)
1407    container_checkpoint_test.go:287: no status provided on response: unknown
1408--- FAIL: TestCheckpointLeaveRunning (0.20s)
1409    container_checkpoint_test.go:379: no status provided on response: unknown

(and many more similar failures)

Error is coming from ttrpc;

containerd/vendor/github.com/containerd/ttrpc/client.go

Lines 137 to 139 in 3ad49a2

	if cresp.Status == nil {
	return errors.New("no status provided on response")
	}

[thaJeztah]

Possible suspects;

• grpc/grpc-go@5da5b1f (status: avoid allocations when returning an OK status grpc/grpc-go#2929)
  • changed behaviour to no longer return a Status OK if there are no errors
• https://github.com/grpc/grpc-go/blob/5caf962939ae5832ba6611ac9890d9d385d4fb2c/health/client.go#L110-L114 (client: addrConn NewStream and health check cleanup grpc/grpc-go#2848)
  • looks to not check for Status == nil, and unconditionally return connectivity.TransientFailure
• https://github.com/grpc/grpc-go/blob/7cc213310c4952c13ffdb2e25541f368ddbb69df/internal/transport/http2_server.go#L62 (Remove call to proto.Clone() in http2Server.WriteStatus. grpc/grpc-go#2842)
  • some changes in status-code / handling (haven't looked in-depth)

First one looks to be the most plausible cause (at a quick glance)

[thaJeztah]

Quick hack to see if it's indeed in situations where there was no error (thus status being nil)

[thaJeztah]

Ah, booh; I think CI overwrites local changes in the vendor step, because I still get the same error

INFO[0000] start to pull seed image                     
1404--- FAIL: TestClientTTRPC_Reconnect (0.00s)
1405    client_ttrpc_test.go:56: assertion failed: error is not nil: no status provided on response

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 7m 37s (non-voting)

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 8m 33s (non-voting)

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 8m 42s (non-voting)

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 9m 05s (non-voting)

[codecov-io]

Codecov Report

Merging #3581 into master will decrease coverage by 5.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3581      +/-   ##
==========================================
- Coverage   42.26%   37.23%   -5.04%     
==========================================
  Files         126       84      -42     
  Lines       13881    11564    -2317     
==========================================
- Hits         5867     4306    -1561     
+ Misses       7128     6658     -470     
+ Partials      886      600     -286

Flag	Coverage Δ
#linux	?
#windows	37.23% <ø> (ø)	⬆️

Impacted Files	Coverage Δ
archive/tar_opts.go	11.76% <0%> (-47.06%)	⬇️
cio/io.go	1.4% <0%> (-45.08%)	⬇️
snapshots/native/native.go	1.79% <0%> (-41.26%)	⬇️
archive/tar.go	19.18% <0%> (-28.78%)	⬇️
metadata/snapshot.go	23.86% <0%> (-24.05%)	⬇️
content/local/writer.go	57.69% <0%> (-0.97%)	⬇️
gc/scheduler/scheduler.go	66.34% <0%> (-0.97%)	⬇️
oci/spec_opts.go	28.96% <0%> (-0.24%)	⬇️
mount/temp_unix.go
sys/reaper_linux.go
... and 40 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d618c80...2f54a7c. Read the comment docs.

[thaJeztah]

containerd/ttrpc#46 was merged; revendored, and removed "WIP" 🤞

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 8m 28s (non-voting)

[crosbymichael]

LGTM

[fuweid]

LGTM

[fuweid]

@thaJeztah thanks!

[estesp]

@yulianedyalkova see #3587 for release/1.2 plans; and of course 1.3.0 is coming soon as well.