Commit Graph

8811 Commits

Author SHA1 Message Date
Sebastiaan van Stijn e97c765575
vendor: github.com/docker/docker v24.0.5
no changes in vendored files

full diff: https://github.com/docker/docker/compare/d4a26c153000...v24.0.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-25 08:55:10 +02:00
Sebastiaan van Stijn ced0996600
Merge pull request #4450 from vvoland/fix-issue-4414-Danial-Gharib-24
[24.0 backport] configfile: Initialize nil AuthConfigs
2023-07-19 21:44:22 +02:00
Danial 1ee40e2c74
configfile: Initialize nil AuthConfigs
Initialize AuthConfigs map if it's nil before returning it.
This fixes fileStore.Store nil dereference panic when adding a new key
to the map.

Signed-off-by: Danial Gharib <danial.mail.gh@gmail.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ad43df5e86)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-07-19 16:00:16 +02:00
Sebastiaan van Stijn 40cc1d8eae
Merge pull request #4445 from thaJeztah/24.0_backport_buildx_0.11.2
[24.0 backport Dockerfile: update buildx to v0.11.2
2023-07-19 00:59:56 +02:00
Sebastiaan van Stijn 3c2278afae
Merge pull request #4443 from thaJeztah/24.0_update_engine2
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000
2023-07-19 00:27:09 +02:00
Sebastiaan van Stijn 3bd6d6902e
Dockerfile: update buildx to v0.11.2
release notes: https://github.com/docker/buildx/releases/tag/v0.11.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 00870d68fc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 00:25:33 +02:00
Sebastiaan van Stijn 05bf7fbcc8
vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000
full diff: 8443a06149...d4a26c1530

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 00:17:46 +02:00
Sebastiaan van Stijn c6d7c0bb21
Merge pull request #4438 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
2023-07-17 11:58:29 +02:00
Sebastiaan van Stijn dd08d44044
Merge pull request #4425 from thaJeztah/24.0_backport_credential-store-improvements
[24.0 backport] docs: rephrase section on credential stores for docker login
2023-07-17 11:39:07 +02:00
Sebastiaan van Stijn 809975d8bd
Merge pull request #4423 from thaJeztah/24.0_backport_dont-ignore-volume-parse-err
[24.0 backport] cli/container: Don't ignore error when parsing volume spec
2023-07-17 11:38:35 +02:00
Sebastiaan van Stijn 8b5023dd2e
vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
tip of the v24.0 branch

full diff: 36e9e796c6...8443a06149

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 09:30:01 +02:00
Sebastiaan van Stijn 9edd9a1f2f
Merge pull request #4430 from thaJeztah/24.0_backport_update_buildx
[24.0 backport] Dockerfile: update buildx to v0.11.1
2023-07-15 15:16:33 +02:00
Sebastiaan van Stijn e93cdb6ca5
Merge pull request #4428 from thaJeztah/24.0_backport_update_go_1.20.6
[24.0 backport] update go to go1.20.6
2023-07-15 15:08:38 +02:00
Sebastiaan van Stijn 2a6348d1b2
Dockerfile: update buildx to v0.11.1
update the version we use in the dev-container;

- Fix a regression for bake where services in profiles would not be loaded.
- Fix a regression where --cgroup-parent option had no effect during build.
- Fix a regression where valid docker contexts could fail buildx builder name validation.
- Fix an issue where the host-gateway special address could not be used as an argument to --add-host.
- Fix a possible panic when terminal is resized during the build.

release notes: https://github.com/docker/buildx/releases/tag/v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ff9f1be19e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 15:03:54 +02:00
Sebastiaan van Stijn f4782b3250
update go to go1.20.6
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 680fafdc9c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 14:49:10 +02:00
Sebastiaan van Stijn a5024666e7
Merge pull request #4424 from thaJeztah/24.0_backport_update-xx
[24.0 backport] Dockerfile: update to xx 1.2.1
2023-07-15 14:46:32 +02:00
Sebastiaan van Stijn 39b2a6cc6a
Merge pull request #4426 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
2023-07-15 13:02:13 +02:00
Sebastiaan van Stijn 7d06f6b2f7
vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
full diff: https://github.com/docker/docker/compare/v24.0.4...36e9e796c6fc84202c32a852f6cdcd6ed175f96b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:23:53 +02:00
David Karlsson 1447974b83
docs: rephrase section on credential stores for docker login
Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 9828575314)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:13:51 +02:00
CrazyMax 46293e97f7
Dockerfile: update to xx 1.2.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit fca67dd817)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:09:59 +02:00
Paweł Gronowski bfe2ff8208
cli/container: Don't ignore error when parsing volume spec
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit fe7afb700f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:06:57 +02:00
Sebastiaan van Stijn 380eb72940
Merge pull request #4407 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.4
2023-07-13 16:56:44 +02:00
Sebastiaan van Stijn b407429628
vendor: github.com/docker/docker v24.0.4
full diff: https://github.com/docker/docker/compare/v24.0.2...v24.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-10 09:48:09 +02:00
Sebastiaan van Stijn 79c42c0b97
vendor: golang.org/x/net v0.10.0
full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:07:19 +02:00
Sebastiaan van Stijn a96d0a526c
vendor: golang.org/x/text v0.9.0
no changes in vendored files

full diff: https://github.com/golang/text/compare/v0.8.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:06:32 +02:00
Sebastiaan van Stijn 5c5c50d717
vendor: golang.org/x/term v0.8.0
no changes in vendored files

full diff: https://github.com/golang/term/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:05:12 +02:00
Sebastiaan van Stijn 4bf11b7562
vendor: golang.org/x/sys v0.8.0
full diff: https://github.com/golang/sys/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:03:50 +02:00
Sebastiaan van Stijn 224c7dbec4
vendor: github.com/sirupsen/logrus v1.9.3
full diff: https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:00:12 +02:00
Sebastiaan van Stijn e25d5c64c5
vendor: github.com/opencontainers/image-spec v1.1.0-rc3
full diff: https://github.com/opencontainers/image-spec/compare/3a7f492d3f1b...v1.1.0-rc3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:58:46 +02:00
Sebastiaan van Stijn 419e94df4a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230531205928-01bb7a41396b
no changes in vendored files

full diff: 75e92ce14f...01bb7a4139

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:56:34 +02:00
Bjorn Neergaard 3713ee1eea
Merge pull request #4395 from thaJeztah/24.0_backport_fix-connhelper-docker-example
[24.0 backport] ssh: fix error on commandconn close, add ping and default timeout
2023-06-30 11:55:44 -06:00
Laura Brehm 2d5f041bde
commandconn: return original error while closing
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.

Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit d5f564adaa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:36 +02:00
Laura Brehm 520e3600ee
commandconn: don't return error if command closed successfully
---
commandconn: fix race on `Close()`

During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.

However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`

---
Add CLI init timeout to SSH connections

---
connhelper: add 30s ssh default dialer timeout

(same as non-ssh dialer)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit a5ebe2282a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:12 +02:00
Sebastiaan van Stijn fad718c7ea
Merge pull request #4393 from thaJeztah/24.0_backport_debug_relax
[24.0 backport] docker info: fix condition for printing debug information
2023-06-30 15:38:59 +02:00
Sebastiaan van Stijn cd68c8f003
docker info: fix condition for printing debug information
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.

We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 92d7a234dd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 15:15:38 +02:00
Bjorn Neergaard 05fabe63ba
Merge pull request #4368 from thaJeztah/24.0_backport_update_buildx_0.11
[24.0 backport] Dockerfile: update gotestsum to v1.10.0, buildx v0.11.0
2023-06-28 06:22:26 -06:00
Sebastiaan van Stijn 0a2dcdb446
Merge pull request #4381 from thaJeztah/24.0_backport_update-link-overlay-driver
[24.0 backport] docs: update link location for the overlay driver
2023-06-27 12:35:42 +02:00
David Karlsson a78fd6ca69
docs: update link location for the overlay driver
File location changes in docker/docs#17176

Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 035e26fb0b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-27 09:28:19 +02:00
Sebastiaan van Stijn ddb9220abf
Merge pull request #4375 from dvdksn/24.0_backport_fix-staticip-example
[24.0 Backport] Fix static ip example (docker run)
2023-06-26 17:22:57 +02:00
David Karlsson 9cd335d44b docs: fix static ip example, network needs a subnet
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 5936fd2a86)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 17:04:24 +02:00
Sebastiaan van Stijn bcc889f6cf
Merge pull request #4373 from dvdksn/24.0_backport_dockerd-fix-alternative-runtimes-link
[24.0 Backport] Fix broken link in dockerd cli reference
2023-06-26 16:19:10 +02:00
David Karlsson d61e4fe879 docs: fix broken link
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit b85d6a8f9e)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 15:11:55 +02:00
Sebastiaan van Stijn ee62dcd8dc
Merge pull request #4369 from thaJeztah/24.0_backport_dockerd-runtimes-refresh
[24.0 backport] docs: update the runtime configuration section
2023-06-26 14:27:36 +02:00
Bjorn Neergaard b3750a8461
Merge pull request #4371 from thaJeztah/24.0_backport_no_homedir
[24.0 backport] cli/command/context: don't use pkg/homedir in test
2023-06-26 06:12:01 -06:00
Sebastiaan van Stijn 8e3a2942a5
cli/command/context: don't use pkg/homedir in test
I'm considering deprecating the "Key()" utility, as it was only
used in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 79ff64f06d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 13:37:34 +02:00
David Karlsson c3ef1ceadf
docs: update the runtime configuration section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 6c7d17fa01)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:46:56 +02:00
Sebastiaan van Stijn 44eebb8bc1
Dockerfile: update buildx to v0.11.0
Update the version of buildx we use in the dev-container to v0.11.0;
https://github.com/docker/buildx/releases/tag/v0.11.0

Full diff: https://github.com/docker/buildx/compare/v0.10.4..v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf5d1ce973)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:36 +02:00
Sebastiaan van Stijn 7ecfa2e7fd
Dockerfile: update gotestsum to v1.10.0
full diff: https://github.com/gotestyourself/gotestsum/compare/v1.8.2...v1.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9c2694d2b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:33 +02:00
Sebastiaan van Stijn 751bb353fe
Merge pull request #4351 from thaJeztah/24.0_backport_update_go_1.20.5
[24.0 backport] update go to go1.20.5, alpine 3.17
2023-06-21 10:55:21 +02:00
Sebastiaan van Stijn f11f309090
update go to go1.20.5
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and
runtime packages, as well as bug fixes to the compiler, the go command, the
runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.4...go1.20.5

These minor releases include 3 security fixes following the security policy:

- cmd/go: cgo code injection
  The go command may generate unexpected code at build time when using cgo. This
  may result in unexpected behavior when running a go program which uses cgo.

  This may occur when running an untrusted module which contains directories with
  newline characters in their names. Modules which are retrieved using the go command,
  i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e.
  GO111MODULE=off, may be affected).

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.

- runtime: unexpected behavior of setuid/setgid binaries

  The Go runtime didn't act any differently when a binary had the setuid/setgid
  bit set. On Unix platforms, if a setuid/setgid binary was executed with standard
  I/O file descriptors closed, opening any files could result in unexpected
  content being read/written with elevated prilieges. Similarly if a setuid/setgid
  program was terminated, either via panic or signal, it could leak the contents
  of its registers.

  Thanks to Vincent Dehors from Synacktiv for reporting this issue.

  This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.

- cmd/go: improper sanitization of LDFLAGS

  The go command may execute arbitrary code at build time when using cgo. This may
  occur when running "go get" on a malicious module, or when running any other
  command which builds untrusted code. This is can by triggered by linker flags,
  specified via a "#cgo LDFLAGS" directive.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b8d5da66b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 21:37:48 +02:00