vendor: github.com/docker/distribution v2.8.2

CI - Dockerfile: fix filenames of artifacts Bugfixes - Fix panic in inmemory driver - Add code to handle pagination of parts. Fixes max layer size of 10GB bug - Parse http forbidden as denied - Revert "registry/client: set Accept: identity header when getting layers Runtime - Update to go1.19.9 - Dockerfile: update xx to v1.2.1 ([#3907](https://github.com/distribution/distribution/pull/3907)) Security - Fix [CVE-2022-28391](https://www.cve.org/CVERecord?id=CVE-2022-28391) by bumping alpine from 3.14 to 3.16 - Fix [CVE-2023-2253](https://www.cve.org/CVERecord?id=CVE-2023-2253) runaway allocation on /v2/_catalog [`521ea3d9`](521ea3d973) full diff: https://github.com/docker/distribution/compare/v2.8.1...v2.8.2-beta.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 353e0a942d) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-11 19:13:41 +02:00 · 2023-05-11 19:13:41 +02:00 · a98af2b396
parent 254f611800
commit a98af2b396
15 changed files with 100 additions and 64 deletions
--- a/vendor.mod
+++ b/vendor.mod
@ -9,7 +9,7 @@ go 1.18
 require (
 	github.com/containerd/containerd v1.6.19
 	github.com/creack/pty v1.1.11
-	github.com/docker/distribution v2.8.1+incompatible
+	github.com/docker/distribution v2.8.2+incompatible
 	github.com/docker/docker v23.0.5+incompatible
 	github.com/docker/docker-credential-helpers v0.7.0
 	github.com/docker/go-connections v0.4.0
--- a/vendor.sum
+++ b/vendor.sum
@ -99,8 +99,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
 github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
--- a/vendor/github.com/docker/distribution/.dockerignore
+++ b/vendor/github.com/docker/distribution/.dockerignore
@ -0,0 +1 @@
 bin/
--- a/vendor/github.com/docker/distribution/.golangci.yml
+++ b/vendor/github.com/docker/distribution/.golangci.yml
@ -18,3 +18,10 @@ run:
  deadline: 2m
  skip-dirs:
    - vendor
 issues:
  exclude-rules:
    # io/ioutil is deprecated, but won't be removed until Go v2. It's safe to ignore for the release/2.8 branch.
    - text: "SA1019: \"io/ioutil\" has been deprecated since Go 1.16"
      linters:
        - staticcheck
--- a/vendor/github.com/docker/distribution/.mailmap
+++ b/vendor/github.com/docker/distribution/.mailmap
@ -44,6 +44,8 @@ Thomas Berger <loki@lokis-chaos.de> Thomas Berger <tbe@users.noreply.github.com>
 Samuel Karp <skarp@amazon.com> Samuel Karp <samuelkarp@users.noreply.github.com>
 Justin Cormack <justin.cormack@docker.com>
 sayboras <sayboras@yahoo.com>
 CrazyMax <github@crazymax.dev>
 CrazyMax <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com>
-CrazyMax <github@crazymax.dev> <crazy-max@users.noreply.github.com>
+Hayley Swimelar <hswimelar@gmail.com>
 Jose D. Gomez R <jose.gomez@suse.com>
 Shengjing Zhu <zhsj@debian.org>
 Silvin Lubecki <31478878+silvin-lubecki@users.noreply.github.com>
--- a/vendor/github.com/docker/distribution/Dockerfile
+++ b/vendor/github.com/docker/distribution/Dockerfile
@ -1,49 +1,59 @@
-# syntax=docker/dockerfile:1.3
+# syntax=docker/dockerfile:1
-ARG GO_VERSION=1.16.15
+ARG GO_VERSION=1.19.9
-ARG GORELEASER_XX_VERSION=1.2.5
+ARG ALPINE_VERSION=3.16
 ARG XX_VERSION=1.2.1
-FROM --platform=$BUILDPLATFORM crazymax/goreleaser-xx:${GORELEASER_XX_VERSION} AS goreleaser-xx
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
-COPY --from=goreleaser-xx / /
+COPY --from=xx / /
-RUN apk add --no-cache file git
+RUN apk add --no-cache bash coreutils file git
 WORKDIR /go/src/github.com/docker/distribution
 FROM base AS build
 ENV GO111MODULE=auto
 ENV CGO_ENABLED=0
-# GIT_REF is used by goreleaser-xx to handle the proper git ref when available.
+WORKDIR /go/src/github.com/docker/distribution
 # It will fallback to the working tree info if empty and use "git tag --points-at"
 # or "git describe" to define the version info.
 ARG GIT_REF
 ARG TARGETPLATFORM
 ARG PKG="github.com/distribution/distribution"
 ARG BUILDTAGS="include_oss include_gcs"
 RUN --mount=type=bind,rw \
  --mount=type=cache,target=/root/.cache/go-build \
  --mount=target=/go/pkg/mod,type=cache \
  goreleaser-xx --debug \
    --name="registry" \
    --dist="/out" \
    --main="./cmd/registry" \
    --flags="-v" \
    --ldflags="-s -w -X '$PKG/version.Version={{.Version}}' -X '$PKG/version.Revision={{.Commit}}' -X '$PKG/version.Package=$PKG'" \
    --tags="$BUILDTAGS" \
    --files="LICENSE" \
    --files="README.md"
-FROM scratch AS artifact
+FROM base AS version
-COPY --from=build /out/*.tar.gz /
+ARG PKG="github.com/docker/distribution"
-COPY --from=build /out/*.zip /
+RUN --mount=target=. \
-COPY --from=build /out/*.sha256 /
+  VERSION=$(git describe --match 'v[0-9]*' --dirty='.m' --always --tags) REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi); \
  echo "-X ${PKG}/version.Version=${VERSION#v} -X ${PKG}/version.Revision=${REVISION} -X ${PKG}/version.Package=${PKG}" | tee /tmp/.ldflags; \
  echo -n "${VERSION}" | tee /tmp/.version;
 FROM base AS build
 ARG TARGETPLATFORM
 ARG LDFLAGS="-s -w"
 ARG BUILDTAGS="include_oss include_gcs"
 RUN --mount=type=bind,target=/go/src/github.com/docker/distribution,rw \
    --mount=type=cache,target=/root/.cache/go-build \
    --mount=target=/go/pkg/mod,type=cache \
    --mount=type=bind,source=/tmp/.ldflags,target=/tmp/.ldflags,from=version \
      set -x ; xx-go build -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
      && xx-verify --static /usr/bin/registry
 FROM scratch AS binary
-COPY --from=build /usr/local/bin/registry* /
+COPY --from=build /usr/bin/registry /
-FROM alpine:3.14
+FROM base AS releaser
 ARG TARGETOS
 ARG TARGETARCH
 ARG TARGETVARIANT
 WORKDIR /work
 RUN --mount=from=binary,target=/build \
    --mount=type=bind,target=/src \
    --mount=type=bind,source=/tmp/.version,target=/tmp/.version,from=version \
      VERSION=$(cat /tmp/.version) \
      && mkdir -p /out \
      && cp /build/registry /src/README.md /src/LICENSE . \
      && tar -czvf "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz" * \
      && sha256sum -z "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz" | awk '{ print $1 }' > "/out/registry_${VERSION#v}_${TARGETOS}_${TARGETARCH}${TARGETVARIANT}.tar.gz.sha256"
 FROM scratch AS artifact
 COPY --from=releaser /out /
 FROM alpine:${ALPINE_VERSION}
 RUN apk add --no-cache ca-certificates
 COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml
-COPY --from=build /usr/local/bin/registry /bin/registry
+COPY --from=binary /registry /bin/registry
 VOLUME ["/var/lib/registry"]
 EXPOSE 5000
 ENTRYPOINT ["registry"]
--- a/vendor/github.com/docker/distribution/Makefile
+++ b/vendor/github.com/docker/distribution/Makefile
@ -50,7 +50,7 @@ version/version.go:
 check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
 	@echo "$(WHALE) $@"
-	golangci-lint run
+	@GO111MODULE=off golangci-lint run
 test: ## run tests, except integration test with test.short
 	@echo "$(WHALE) $@"
--- a/vendor/github.com/docker/distribution/docker-bake.hcl
+++ b/vendor/github.com/docker/distribution/docker-bake.hcl
@ -1,15 +1,3 @@
 // GITHUB_REF is the actual ref that triggers the workflow
 // https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
 variable "GITHUB_REF" {
  default = ""
 }
 target "_common" {
  args = {
    GIT_REF = GITHUB_REF
  }
 }
 group "default" {
  targets = ["image-local"]
 }
@ -20,13 +8,11 @@ target "docker-metadata-action" {
 }
 target "binary" {
  inherits = ["_common"]
  target = "binary"
  output = ["./bin"]
 }
 target "artifact" {
  inherits = ["_common"]
  target = "artifact"
  output = ["./bin"]
 }
@ -43,8 +29,13 @@ target "artifact-all" {
  ]
 }
 // Special target: https://github.com/docker/metadata-action#bake-definition
 target "docker-metadata-action" {
  tags = ["registry:local"]
 }
 target "image" {
-  inherits = ["_common", "docker-metadata-action"]
+  inherits = ["docker-metadata-action"]
 }
 target "image-local" {
--- a/vendor/github.com/docker/distribution/reference/reference.go
+++ b/vendor/github.com/docker/distribution/reference/reference.go
@ -3,13 +3,13 @@
 //
 // Grammar
 //
-// 	reference                       := name [ ":" tag ] [ "@" digest ]
+//	reference                       := name [ ":" tag ] [ "@" digest ]
 //	name                            := [domain '/'] path-component ['/' path-component]*
 //	domain                          := domain-component ['.' domain-component]* [':' port-number]
 //	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
 //	port-number                     := /[0-9]+/
 //	path-component                  := alpha-numeric [separator alpha-numeric]*
-// 	alpha-numeric                   := /[a-z0-9]+/
+//	alpha-numeric                   := /[a-z0-9]+/
 //	separator                       := /[_.]|__|[-]*/
 //
 //	tag                             := /[\w][\w.-]{0,127}/
--- a/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
@ -134,6 +134,19 @@ var (
 		},
 	}
 	invalidPaginationResponseDescriptor = ResponseDescriptor{
 		Name:        "Invalid pagination number",
 		Description: "The received parameter n was invalid in some way, as described by the error code. The client should resolve the issue and retry the request.",
 		StatusCode:  http.StatusBadRequest,
 		Body: BodyDescriptor{
 			ContentType: "application/json",
 			Format:      errorsBody,
 		},
 		ErrorCodes: []errcode.ErrorCode{
 			ErrorCodePaginationNumberInvalid,
 		},
 	}
 	repositoryNotFoundResponseDescriptor = ResponseDescriptor{
 		Name:        "No Such Repository Error",
 		StatusCode:  http.StatusNotFound,
@ -490,6 +503,7 @@ var routeDescriptors = []RouteDescriptor{
 							},
 						},
 						Failures: []ResponseDescriptor{
 							invalidPaginationResponseDescriptor,
 							unauthorizedResponseDescriptor,
 							repositoryNotFoundResponseDescriptor,
 							deniedResponseDescriptor,
@ -1578,6 +1592,9 @@ var routeDescriptors = []RouteDescriptor{
 								},
 							},
 						},
 						Failures: []ResponseDescriptor{
 							invalidPaginationResponseDescriptor,
 						},
 					},
 				},
 			},
--- a/vendor/github.com/docker/distribution/registry/api/v2/errors.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/errors.go
@ -133,4 +133,13 @@ var (
 		longer proceed.`,
 		HTTPStatusCode: http.StatusNotFound,
 	})
 	ErrorCodePaginationNumberInvalid = errcode.Register(errGroup, errcode.ErrorDescriptor{
 		Value:   "PAGINATION_NUMBER_INVALID",
 		Message: "invalid number of results requested",
 		Description: `Returned when the "n" parameter (number of results
 		to return) is not an integer, "n" is negative or "n" is bigger than
 		the maximum allowed.`,
 		HTTPStatusCode: http.StatusBadRequest,
 	})
 )
--- a/vendor/github.com/docker/distribution/registry/client/errors.go
+++ b/vendor/github.com/docker/distribution/registry/client/errors.go
@ -55,6 +55,8 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 		switch statusCode {
 		case http.StatusUnauthorized:
 			return errcode.ErrorCodeUnauthorized.WithMessage(detailsErr.Details)
 		case http.StatusForbidden:
 			return errcode.ErrorCodeDenied.WithMessage(detailsErr.Details)
 		case http.StatusTooManyRequests:
 			return errcode.ErrorCodeTooManyRequests.WithMessage(detailsErr.Details)
 		default:
--- a/vendor/github.com/docker/distribution/registry/client/repository.go
+++ b/vendor/github.com/docker/distribution/registry/client/repository.go
@ -114,9 +114,7 @@ func (r *registry) Repositories(ctx context.Context, entries []string, last stri
 			return 0, err
 		}
-		for cnt := range ctlg.Repositories {
+		copy(entries, ctlg.Repositories)
 			entries[cnt] = ctlg.Repositories[cnt]
 		}
 		numFilled = len(ctlg.Repositories)
 		link := resp.Header.Get("Link")
--- a/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
+++ b/vendor/github.com/docker/distribution/registry/client/transport/http_reader.go
@ -180,7 +180,6 @@ func (hrs *httpReadSeeker) reader() (io.Reader, error) {
 		// context.GetLogger(hrs.context).Infof("Range: %s", req.Header.Get("Range"))
 	}
 	req.Header.Add("Accept-Encoding", "identity")
 	resp, err := hrs.client.Do(req)
 	if err != nil {
 		return nil, err
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -21,7 +21,7 @@ github.com/containerd/containerd/platforms
 # github.com/creack/pty v1.1.11
 ## explicit; go 1.13
 github.com/creack/pty
-# github.com/docker/distribution v2.8.1+incompatible
+# github.com/docker/distribution v2.8.2+incompatible
 ## explicit
 github.com/docker/distribution
 github.com/docker/distribution/digestset