Commit Graph

9459 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 06e1305fd7
scripts/build/plugins: don't override CGO_ENABLED set by .variables
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)

But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;

    > [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
    0.127 Building static docker-helloworld
    0.127 + CGO_ENABLED=0
    0.127 + GO111MODULE=auto
    0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled

This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.

Before this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.123 Building static docker-helloworld
    #18 0.124 + CGO_ENABLED=0
    #18 0.124 + GO111MODULE=auto
    #18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    ....

With this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.110 Building static docker-helloworld
    #18 0.110 + GO111MODULE=auto
    #18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
    ....

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e29967960)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 12:57:48 +02:00
Paweł Gronowski 32ac720d7a
Merge pull request #5341 from thaJeztah/25.0_backport_fix_bps_limit
[25.0 backport] run: fix GetList return empty issue for throttledevice
2024-08-12 11:58:10 +02:00
Sebastiaan van Stijn ac68396abb
Merge pull request #5336 from vvoland/5310-25.0
[25.0 backport] gha: set permissions to read-only by default
2024-08-09 20:02:39 +02:00
Jianyong Wu a73610dc4f
run: fix GetList return empty issue for throttledevice
Test "--device-read-bps" "--device-write-bps" will fail. The root
cause is that GetList helper return empty as its local variable
initialized to zero size.

This patch fix it by setting the related slice size to non-zero.

Signed-off-by: Jianyong Wu <wujianyong@hygon.cn>
Fixes: #5321
(cherry picked from commit 73e78a5822)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-09 19:48:04 +02:00
Sebastiaan van Stijn 1924acea45
gha: set permissions to read-only by default
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e4d99b4b60)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-08-09 10:45:58 +02:00
Laura Brehm 32b99dd6a3
Merge pull request #5292 from laurazard/25-backport-flaky-tests
[25.0 backport] fix flaky `connhelper` tests
2024-07-24 12:26:41 +01:00
Laura Brehm 6fb9a5b264
tests: fix other flaky `connhelper` tests
Follow up to cc68c66c95 (there were more
tests with incorrect syntax).

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 4a7388f0dd)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-24 12:15:11 +01:00
Laura Brehm 956c112f16
tests: fix flaxy `TestCloseRunningCommand` test
Looks like this test was failing due to bad syntax on the `while` loop,
which caused it to die after 1 second. If the test took a bit longer,
the process would be dead before the following assertions run, causing
the test to fail/be flaky.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit cc68c66c95)
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2024-07-24 12:12:16 +01:00
Sebastiaan van Stijn 0e8f5236d1
Merge pull request #5279 from austinvazquez/vendor-golang.org-updates-to-25.0
[25.0 backport] vendor: golang.org/x/sys v0.18.0, golang.org/x/term v0.18.0, golang.org/x/crypto v0.21.0, golang.org/x/net v0.23.0
2024-07-23 13:28:37 +02:00
Sebastiaan van Stijn 02b482013c
vendor: golang.org/x/net v0.23.0
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5fcbbde4b9)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 17:01:43 +00:00
Sebastiaan van Stijn e2dad1bd3f
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
full diffs changes relevant to vendored code:

- https://github.com/golang/net/compare/v0.19.0...v0.22.0
    - http2: remove suspicious uint32->v conversion in frame code
    - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
    - (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4745b957d2)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 17:01:43 +00:00
Sebastiaan van Stijn df5d652d99
vendor: golang.org/x/term v0.18.0
no changes in vendored code

full diff: https://github.com/golang/term/compare/v0.15.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c7a50ebb9f)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 17:01:43 +00:00
Sebastiaan van Stijn 82a04c86b3
vendor: golang.org/x/sys v0.18.0
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a2133f2d4)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 17:01:40 +00:00
Sebastiaan van Stijn 4c0e910f61
Merge pull request #5278 from austinvazquez/require-changelog-in-25.0
[25.0 backport] Require changelog in 25.0
2024-07-22 18:04:35 +02:00
Sebastiaan van Stijn 5b9ca94a89
Merge pull request #5277 from austinvazquez/fix-codeql-2.16-in-25.0
[25.0 backport] Fix codeql 2.16 in 25.0
2024-07-22 17:49:10 +02:00
Sebastiaan van Stijn a9126aac28
Merge pull request #5276 from austinvazquez/update-to-go-1.21.12-in-25.0
[25.0 backport] Update to go 1.21.12 in 25.0
2024-07-22 17:19:40 +02:00
Paweł Gronowski 26850c6a89
ci/validate-pr: Use `::error::` command to print errors
This will make Github render the log line as an error.

(copied from moby/moby fb92caf2aa6cf3664e11dc06ee10d114af300826)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit c3243a8cc3)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 15:10:19 +00:00
Paweł Gronowski 73b9f1c0fb
github/ci: Check if backport is opened against the expected branch
(copied from moby/moby 61269e718fbdbbad397b0089105ec910fc0e62ca)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit f92fcdef1b)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 15:10:11 +00:00
Paweł Gronowski de7a473c43
ci: Require changelog description
Any PR that is labeled with any `impact/*` label should have a
description for the changelog and an `area/*` label.

(copied from moby/moby 1d473549e865ef6b90ee936c280f4bda677de39b)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 745704d7b4)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 15:10:02 +00:00
Sebastiaan van Stijn ef3b190da3
ci: set DISABLE_WARN_OUTSIDE_CONTAINER=1 for CodeQL action
CodeQL autobuild uses the makefile, but outside of a container, so let's
set this variable to prevent it having to wait 10 seconds;

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b120b96ac7)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 15:03:53 +00:00
Sebastiaan van Stijn 7e4a7b5477
ci: fix CodeQL 2.16.4 autobuild
CodeQL 2.16.4's auto-build added support for multi-module repositories,
and is trying to be smart by searching for modules in every directory,
including vendor directories. If no module is found, it's creating one
which is ... not what we want, so let's give it a "go.mod".

Here's from a run in CI;

    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/codeql version --format=json
    {
      "productName" : "CodeQL",
      "vendor" : "GitHub",
      "version" : "2.16.4",
      "sha" : "9727ba3cd3d5a26f8b9347bf3c3eb4f565ac077b",
      "branches" : [
        "codeql-cli-2.16.4"
      ],
      "copyright" : "Copyright (C) 2019-2024 GitHub, Inc.",
      "unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql",
      "configFileLocation" : "/home/runner/.config/codeql/config",
      "configFileFound" : false,
      "features" : {
        "analysisSummaryV2Option" : true,
        "buildModeOption" : true,
        "bundleSupportsIncludeDiagnostics" : true,
        "featuresInVersionResult" : true,
        "indirectTracingSupportsStaticBinaries" : false,
        "informsAboutUnsupportedPathFilters" : true,
        "supportsPython312" : true,
        "mrvaPackCreate" : true,
        "threatModelOption" : true,
        "traceCommandUseBuildMode" : true,
        "v2ramSizing" : true,
        "mrvaPackCreateMultipleQueries" : true,
        "setsCodeqlRunnerEnvVar" : true
      }
    }

With 2.16.4, first it is unable to correlate files with the project, considering
them "stray" files;

    Attempting to automatically build go code
    /opt/hostedtoolcache/CodeQL/2.16.4/x64/codeql/go/tools/autobuild.sh
    2024/03/16 15:54:34 Autobuilder was built with go1.22.0, environment has go1.21.8
    2024/03/16 15:54:34 LGTM_SRC is /home/runner/work/cli/cli
    2024/03/16 15:54:34 Found no go.work files in the workspace; looking for go.mod files...
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/cobra_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/client_test.go.
    2024/03/16 15:54:34 Found stray Go source file in cli/command/builder/cmd.go.
    ...

It then tries to build the binary, but in go modules mode, which fails (it also
seems to be doing this for each and every directory);

    Use "make dev" to start an interactive development container,
    use "make -f docker.Makefile " to execute this target
    in a container, or set DISABLE_WARN_OUTSIDE_CONTAINER=1 to
    disable this warning.

    Press Ctrl+C now to abort, or wait for the script to continue..

    ./scripts/build/binary
    Building static docker-linux-amd64
    + go build -o build/docker-linux-amd64 -tags  osusergo pkcs11 -ldflags  -X "github.com/docker/cli/cli/version.GitCommit=38c3ff6" -X "github.com/docker/cli/cli/version.BuildTime=2024-03-16T17:20:38Z" -X "github.com/docker/cli/cli/version.Version=38c3ff6.m" -extldflags -static -buildmode=pie github.com/docker/cli/cmd/docker
    cannot find package "github.com/docker/cli/cmd/docker" in any of:
        /opt/hostedtoolcache/go/1.21.8/x64/src/github.com/docker/cli/cmd/docker (from $GOROOT)
        /home/runner/go/src/github.com/docker/cli/cmd/docker (from $GOPATH)
    make: *** [Makefile:62: binary] Error 1
    2024/03/16 17:20:38 Running /usr/bin/make [make] failed, continuing anyway: exit status 2
    2024/03/16 17:20:38 Build failed, continuing to install dependencies.
    2024/03/16 17:20:38 The code in vendor/gotest.tools/v3/skip seems to be missing a go.mod file. Attempting to initialize one...
    2024/03/16 17:20:38 Import path is 'github.com/docker/cli'

If also seems to be doing this for ... every package?

    cat 0_codeql.log | grep 'you are not in a container' | wc -l
    497

After which it starts to create modules out of every directory;

    The code in internal/test/network seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/notary seems to be missing a go.mod file. Attempting to initialize one...
    The code in internal/test/output seems to be missing a go.mod file. Attempting to initialize one...
    The code in opts seems to be missing a go.mod file. Attempting to initialize one...
    The code in service seems to be missing a go.mod file. Attempting to initialize one...
    The code in service/logs seems to be missing a go.mod file. Attempting to initialize one...
    The code in templates seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat seems to be missing a go.mod file. Attempting to initialize one...
    The code in vendor/dario.cat/mergo seems to be missing a go.mod file. Attempting to initialize one...
    ...
    Skipping dependency package regexp.
    Skipping dependency package github.com/opencontainers/go-digest.
    Skipping dependency package github.com/distribution/reference.
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (1ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)
    Extracting /home/runner/work/cli/cli/cli/command/go.mod
    Done extracting /home/runner/work/cli/cli/cli/command/go.mod (0ms)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 24186d8008)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 15:03:39 +00:00
Paweł Gronowski 0dd60b064f
update to go1.21.12
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.11...go1.21.12

These minor releases include 1 security fixes following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.12
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit d73d7d4ed3)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 14:53:01 +00:00
Sebastiaan van Stijn a90d08534b
Dockerfile: update ALPINE_VERSION to 3.20
Update to the current version of Alpine, which is also the default for
the golang:alpine image

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e70f68595d)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 14:52:15 +00:00
Sebastiaan van Stijn 1fbc90faf7
update to go1.21.11
go1.21.11 (released 2024-06-04) includes security fixes to the archive/zip
and net/netip packages, as well as bug fixes to the compiler, the go command,
the runtime, and the os package. See the Go 1.21.11 milestone on our issue
tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.11+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.10...go1.21.11

From the security announcement;

We have just released Go versions 1.22.4 and 1.21.11, minor point releases.
These minor releases include 2 security fixes following the security policy:

- archive/zip: mishandling of corrupt central directory record

  The archive/zip package's handling of certain types of invalid zip files
  differed from the behavior of most zip implementations. This misalignment
  could be exploited to create an zip file with contents that vary depending
  on the implementation reading the file. The archive/zip package now rejects
  files containing these errors.

  Thanks to Yufan You for reporting this issue.

  This is CVE-2024-24789 and Go issue https://go.dev/issue/66869.

- net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

  The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected
  for IPv4-mapped IPv6 addresses, returning false for addresses which would
  return true in their traditional IPv4 forms.

  Thanks to Enze Wang of Alioth and Jianjun Chen of Zhongguancun Lab
  for reporting this issue.

  This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 630e1d3e95)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 14:44:01 +00:00
Paweł Gronowski c5aee98be7
update to go1.21.10
These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to
usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to
our attention.
This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.9...go1.21.10

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.10
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit eb99994c75)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-07-22 14:41:44 +00:00
Sebastiaan van Stijn bc7a15921e
Merge pull request #5106 from laurazard/update-actions-25.0
[25.0 backport] gha: update to actions/upload-artifact@v4
2024-06-03 16:47:47 +02:00
Sebastiaan van Stijn d379797cec
gha: update to actions/upload-artifact@v4
v3 is using Node.js 16 which are being deprecated:

    Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/upload-artifact@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

ci: incl. platform pair in artifact name

This fixes an the issue w/ `upload-artifact@v4`.
See: https://github.blog/2024-02-12-get-started-with-v4-of-github-actions-artifacts/#compatibility

Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9cd722595)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 16:43:15 +02:00
Laura Brehm 7e7b0ee8e6
Merge pull request #4988 from vvoland/v25.0-4986
[25.0 backport] update to go1.21.9
2024-04-05 15:48:30 +01:00
Paweł Gronowski f2918727a6 update to go1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages. See the Go 1.21.9 milestone on our issue tracker for
details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.9+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.8...go1.21.9

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.9
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 0a5bd6c75b)
2024-04-05 12:45:15 +02:00
Paweł Gronowski 5dc9bcc5b7
Merge pull request #4951 from vvoland/vendor-docker-25.0.5-dev
vendor: github.com/docker/docker e63daec8672d (v25.0.5-dev)
2024-03-19 15:51:10 +01:00
Paweł Gronowski c2be159764
vendor: github.com/docker/docker e63daec8672d (v25.0.5-dev)
full diff: 061aa95809...e63daec867

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-19 15:43:45 +01:00
Bjorn Neergaard 1a576c50a9
Merge pull request #4924 from vvoland/v25.0-4923
[25.0 backport] bake: Add `windows/arm64` target to bin-image-cross
2024-03-06 09:08:42 -07:00
Paweł Gronowski 690b1565fb
bake: Add `windows/arm64` target to bin-image-cross
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit ab9d560570)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-06 16:48:25 +01:00
Sebastiaan van Stijn 03114ec2ca
Merge pull request #4921 from vvoland/vendor-docker
vendor: github.com/docker/docker 061aa95809be396a6
2024-03-06 15:33:35 +01:00
Paweł Gronowski 833128bce5
vendor: github.com/docker/docker 061aa95809be396a6
no change in vendored files

full diff: 9e526bc394...061aa95809

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-06 15:08:04 +01:00
Sebastiaan van Stijn fd4d39aa88
Merge pull request #4920 from vvoland/vendor-docker
[25.0] vendor: github.com/docker/docker 9e526bc3943c
2024-03-05 22:25:25 +01:00
Sebastiaan van Stijn b4b35dedc6
Merge pull request #4919 from vvoland/v25.0-4918
[25.0 backport] update to go1.21.8
2024-03-05 22:24:46 +01:00
Paweł Gronowski ce113a74af
vendor: github.com/docker/docker 9e526bc3943c
no change in vendored files

full diff: 51e876cd96...9e526bc394

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 22:15:37 +01:00
Paweł Gronowski a3b6c9ea7e
update to go1.21.8
go1.21.8 (released 2024-03-05) includes 5 security fixes:

- crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783, https://go.dev/issue/65390)
- net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290, https://go.dev/issue/65383)
- net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289, https://go.dev/issue/65065)
- html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785, https://go.dev/issue/65697)
- net/mail: comments in display names are incorrectly handled (CVE-2024-24784, https://go.dev/issue/65083)

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.8

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.8+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.6...go1.21.8

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3b77477943)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 22:09:26 +01:00
Sebastiaan van Stijn 2bf4225ad2
Merge pull request #4908 from vvoland/vendor-docker
[25.0] vendor: github.com/docker/docker 25.0.4-51e876cd964c4bb1f0a7c1bc24ecab9321b3ff1c
2024-03-05 17:13:10 +01:00
Sebastiaan van Stijn f783e8d58a
Merge pull request #4915 from vvoland/v25.0-4839
[25.0 backport] update CI
2024-03-05 13:01:56 +01:00
Christopher Petito 956d15c723
Cleanup of dockerfiles, compose files and env vars
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
(cherry picked from commit 69ed6588a8)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 09:56:21 +01:00
Christopher Petito 5a942fadcf
Update gha runners and engines used in e2e tests
- gha runners updated to ubuntu 22.04
- e2e now runs against moby 23.0, 24.0 and 25.0
- temporarily skip broken test for moby < 25

Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
(cherry picked from commit 6b67b95493)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 09:56:19 +01:00
Paweł Gronowski 592c146cca
testenv: Add DaemonAPIVersion helper
Allow tests to check the negotiated API version used by the client.

Can be used to skip tests based on API versions, for example:
```go
    skip.If(t, versions.LessThan(environment.DaemonAPIVersion(t), "1.44"))
```

will skip the test if the API version is older than 1.44

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 9831fea4db)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-05 09:56:16 +01:00
Paweł Gronowski 0735e78cc9
vendor: github.com/docker/docker 25.0.4-51e876cd96
full diff: https://github.com/docker/docker/compare/v25.0.3...51e876cd964c4bb1f0a7c1bc24ecab9321b3ff1c

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-04 12:58:21 +01:00
Sebastiaan van Stijn 63a3db4b31
Merge pull request #4914 from vvoland/v25.0-4831
[25.0 backport] Dockerfile: update docker compose to v2.24.3
2024-03-04 12:50:24 +01:00
Sebastiaan van Stijn 0b9bf6a6f4
Merge pull request #4913 from vvoland/v25-4867
[25.0 backport] Test fixes needed for upgrading ci runners and engine
2024-03-04 12:49:50 +01:00
Sebastiaan van Stijn e0dab5ce1e
Dockerfile: update docker compose to v2.24.3
Update the version of compose used in CI to the latest version.

- full diff: https://github.com/docker/compose/compare/v2.24.2...v2.24.3
- release notes: https://github.com/docker/compose/releases/tag/v2.24.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 53e2e54c29)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-04 12:32:16 +01:00
Sebastiaan van Stijn b59204cc43
Merge pull request #4912 from vvoland/v25-4881
[25.0 backport] update to go1.21.7
2024-03-04 12:20:28 +01:00
Sebastiaan van Stijn b8459ce351
Merge pull request #4911 from vvoland/v25-4876
[25.0 backport] Fixed typo in bash completion functions
2024-03-04 12:19:52 +01:00