Commit Graph

9684 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 8bbdb93cf9
golangci-lint: enable nilerr linter
cli/command/idresolver/idresolver.go:33:4: error is not nil (line 31) but it returns nil (nilerr)
    			return id, nil
    			^
    cli/command/idresolver/idresolver.go:45:4: error is not nil (line 43) but it returns nil (nilerr)
    			return id, nil
    			^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 7e9d2c78c6
golangci-lint: enable dupword linter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 2d61f70f00
golangci-lint: govet: enable shadow check
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:18 +01:00
Sebastiaan van Stijn 606cbd60a1
golangci-lint: enable predeclared linter
cli/command/utils.go:190:35: param new has same name as predeclared identifier (predeclared)
    func StringSliceReplaceAt(s, old, new []string, requireIndex int) ([]string, bool) {
                                      ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 8661552e7a
golangci-lint: enable thelper linter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 8e98c765f8
cli/command/system: fix deprecated comments (gocritic)
cli/command/system/info.go:470:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
    // DEPRECATED: warnings are now generated by the daemon, and returned in
    ^
    cli/command/system/info.go:492:1: deprecatedComment: use `Deprecated: ` (note the casing) instead of `DEPRECATED: ` (gocritic)
    // DEPRECATED: warnings are now generated by the daemon, and returned in
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 9d7e21be21
cli/command/manifest: rename vars that collided with import
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn 3f0c189e48
linting: address slice-append issues found by gocritic
cli/command/trust/inspect.go:74:33: appendAssign: append result not assigned to the same slice (gocritic)
    			signatureRows[idx].Signers = append(sig.Signers, releasedRoleName)
    			                             ^
    cli/command/task/print.go:92:7: appendAssign: append result not assigned to the same slice (gocritic)
    	t := append(tasks[:0:0], tasks...)
    	     ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:17 +01:00
Sebastiaan van Stijn a2c9f3c6ce
linting: address else/if/elseif statements found by gocritic
cli/command/formatter/tabwriter/tabwriter.go:579:10: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
              } else {
                     ^
    cli/connhelper/connhelper.go:43:2: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    	switch scheme := u.Scheme; scheme {
    	^
    cli/compose/loader/loader.go:666:10: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    		} else {
    		       ^
    opts/hosts_test.go:173:10: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    		} else {
    		       ^
    cli-plugins/manager/candidate_test.go:78:4: ifElseChain: rewrite if-else to switch statement (gocritic)
    			if tc.err != "" {
    			^
    cli/command/checkpoint/formatter.go:15:2: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    	switch source {
    	^
    cli/command/image/formatter_history.go:25:2: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    	switch source {
    	^
    cli/command/service/scale.go:107:2: ifElseChain: rewrite if-else to switch statement (gocritic)
    	if serviceMode.Replicated != nil {
    	^
    cli/command/service/update.go:804:9: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    	} else {
    	       ^
    cli/command/service/update.go:222:2: ifElseChain: rewrite if-else to switch statement (gocritic)
    	if sendAuth {
    	^
    cli/command/container/formatter_diff.go:17:2: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    	switch source {
    	^
    cli/command/container/start.go:79:2: ifElseChain: rewrite if-else to switch statement (gocritic)
    	if opts.Attach || opts.OpenStdin {
    	^
    cli/command/container/utils.go:84:11: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    			} else {
    			       ^
    cli/command/container/exec_test.go:200:11: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    			} else {
    			       ^
    cli/command/container/logs_test.go:52:11: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    			} else {
    			       ^
    cli/command/container/opts_test.go:1014:10: elseif: can replace 'else {if cond {}}' with 'else if cond {}' (gocritic)
    		} else {
    		       ^
    cli/command/system/info.go:297:7: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    						switch o.Key {
    						^
    cli/command/system/version.go:164:4: singleCaseSwitch: should rewrite switch statement to if statement (gocritic)
    			switch component.Name {
    			^
    cli/command/system/info_test.go:478:4: ifElseChain: rewrite if-else to switch statement (gocritic)
    			if tc.expectedOut != "" {
    			^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:16 +01:00
Sebastiaan van Stijn 888df09879
linting: address assorted issues found by gocritic
internal/test/builders/config.go:36:15: captLocal: `ID' should not be capitalized (gocritic)
    func ConfigID(ID string) func(config *swarm.Config) {
                  ^
    internal/test/builders/secret.go:45:15: captLocal: `ID' should not be capitalized (gocritic)
    func SecretID(ID string) func(secret *swarm.Secret) {
                  ^
    internal/test/builders/service.go:21:16: captLocal: `ID' should not be capitalized (gocritic)
    func ServiceID(ID string) func(*swarm.Service) {
                   ^
    cli/command/image/formatter_history.go💯15: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.h.CreatedBy, "\t", " ", -1)` (gocritic)
        createdBy := strings.Replace(c.h.CreatedBy, "\t", " ", -1)
                     ^
    e2e/image/push_test.go:246:34: badCall: suspicious Join on 1 argument (gocritic)
        assert.NilError(t, os.RemoveAll(filepath.Join(dir.Join("trust"))))
                                        ^
    e2e/image/push_test.go:313:34: badCall: suspicious Join on 1 argument (gocritic)
        assert.NilError(t, os.RemoveAll(filepath.Join(dir.Join("trust"))))
                                        ^
    cli/config/configfile/file_test.go:185:2: assignOp: replace `c.GetAllCallCount = c.GetAllCallCount + 1` with `c.GetAllCallCount++` (gocritic)
        c.GetAllCallCount = c.GetAllCallCount + 1
        ^
    cli/command/context/inspect_test.go:20:58: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(si.MetadataPath, `\`, `\\`, -1)` (gocritic)
        expected = strings.Replace(expected, "<METADATA_PATH>", strings.Replace(si.MetadataPath, `\`, `\\`, -1), 1)
                                                                ^
    cli/command/context/inspect_test.go:21:53: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(si.TLSPath, `\`, `\\`, -1)` (gocritic)
        expected = strings.Replace(expected, "<TLS_PATH>", strings.Replace(si.TLSPath, `\`, `\\`, -1), 1)
                                                           ^
    cli/command/container/formatter_stats.go:119:46: captLocal: `Stats' should not be capitalized (gocritic)
    func statsFormatWrite(ctx formatter.Context, Stats []StatsEntry, osType string, trunc bool) error {
                                                 ^
    cli/command/container/stats_helpers.go:209:4: assignOp: replace `blkRead = blkRead + bioEntry.Value` with `blkRead += bioEntry.Value` (gocritic)
                blkRead = blkRead + bioEntry.Value
                ^
    cli/command/container/stats_helpers.go:211:4: assignOp: replace `blkWrite = blkWrite + bioEntry.Value` with `blkWrite += bioEntry.Value` (gocritic)
                blkWrite = blkWrite + bioEntry.Value
                ^
    cli/command/registry/formatter_search.go:67:10: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.s.Description, "\n", " ", -1)` (gocritic)
        desc := strings.Replace(c.s.Description, "\n", " ", -1)
                ^
    cli/command/registry/formatter_search.go:68:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(desc, "\r", " ", -1)` (gocritic)
        desc = strings.Replace(desc, "\r", " ", -1)
               ^
    cli/command/service/list_test.go:164:5: assignOp: replace `tc.doc = tc.doc + " with quiet"` with `tc.doc += " with quiet"` (gocritic)
                    tc.doc = tc.doc + " with quiet"
                    ^
    cli/command/service/progress/progress.go:274:11: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(errMsg, "\n", " ", -1)` (gocritic)
        errMsg = strings.Replace(errMsg, "\n", " ", -1)
                 ^
    cli/manifest/store/store.go:153:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(fileName, "/", "_", -1)` (gocritic)
        return strings.Replace(fileName, "/", "_", -1)
               ^
    cli/manifest/store/store.go:152:14: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(ref, ":", "-", -1)` (gocritic)
        fileName := strings.Replace(ref, ":", "-", -1)
                    ^
    cli/command/plugin/formatter.go:79:10: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(c.p.Config.Description, "\n", "", -1)` (gocritic)
        desc := strings.Replace(c.p.Config.Description, "\n", "", -1)
                ^
    cli/command/plugin/formatter.go:80:9: wrapperFunc: use strings.ReplaceAll method in `strings.Replace(desc, "\r", "", -1)` (gocritic)
        desc = strings.Replace(desc, "\r", "", -1)
               ^
    cli/compose/convert/service.go:642:23: captLocal: `DNS' should not be capitalized (gocritic)
    func convertDNSConfig(DNS []string, DNSSearch []string) *swarm.DNSConfig {
                          ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:16 +01:00
Sebastiaan van Stijn d0dee3cebe
linting: Consider pre-allocating sliceVar (prealloc)
While updating, also addressed some redundant fmt.Sprintf()

    opts/throttledevice.go:86:2: Consider pre-allocating `out` (prealloc)
        var out []string
        ^
    opts/ulimit.go:37:2: Consider pre-allocating `out` (prealloc)
        var out []string
        ^
    opts/ulimit.go:47:2: Consider pre-allocating `ulimits` (prealloc)
        var ulimits []*units.Ulimit
        ^
    opts/weightdevice.go:68:2: Consider pre-allocating `out` (prealloc)
        var out []string
        ^
    cli/context/store/metadatastore.go:96:2: Consider pre-allocating `res` (prealloc)
        var res []Metadata
        ^
    cli/context/store/store.go:127:2: Consider pre-allocating `names` (prealloc)
        var names []string
        ^
    cli/compose/loader/loader.go:223:2: Consider pre-allocating `keys` (prealloc)
        var keys []string
        ^
    cli/compose/loader/loader.go:397:2: Consider pre-allocating `services` (prealloc)
        var services []types.ServiceConfig
        ^
    cli/command/stack/loader/loader.go:63:2: Consider pre-allocating `msgs` (prealloc)
        var msgs []string
        ^
    cli/command/stack/loader/loader.go:118:2: Consider pre-allocating `configFiles` (prealloc)
        var configFiles []composetypes.ConfigFile
        ^
    cli/command/formatter/container.go:245:2: Consider pre-allocating `joinLabels` (prealloc)
        var joinLabels []string
        ^
    cli/command/formatter/container.go:265:2: Consider pre-allocating `mounts` (prealloc)
        var mounts []string
        ^
    cli/command/formatter/container.go:316:2: Consider pre-allocating `result` (prealloc)
        var result []string
        ^
    cli/command/formatter/displayutils.go:43:2: Consider pre-allocating `display` (prealloc)
        var (
        ^
    cli/command/formatter/volume.go:103:2: Consider pre-allocating `joinLabels` (prealloc)
        var joinLabels []string
        ^
    cli-plugins/manager/manager_test.go:49:2: Consider pre-allocating `dirs` (prealloc)
        var dirs []string
        ^
    cli/command/swarm/init.go:69:2: Consider pre-allocating `defaultAddrPool` (prealloc)
        var defaultAddrPool []string
        ^
    cli/command/manifest/push.go:195:2: Consider pre-allocating `blobReqs` (prealloc)
        var blobReqs []manifestBlob
        ^
    cli/command/secret/formatter.go:111:2: Consider pre-allocating `joinLabels` (prealloc)
        var joinLabels []string
        ^
    cli/command/network/formatter.go:104:2: Consider pre-allocating `joinLabels` (prealloc)
        var joinLabels []string
        ^
    cli/command/context/list.go:52:2: Consider pre-allocating `contexts` (prealloc)
        var contexts []*formatter.ClientContext
        ^
    cli/command/config/formatter.go:104:2: Consider pre-allocating `joinLabels` (prealloc)
        var joinLabels []string
        ^
    cli/command/trust/common_test.go:23:2: Consider pre-allocating `targetNames` (prealloc)
        var targetNames []string
        ^
    cli/command/service/generic_resource_opts.go:55:2: Consider pre-allocating `generic` (prealloc)
        var generic []swarm.GenericResource
        ^
    cli/command/service/generic_resource_opts.go:98:2: Consider pre-allocating `l` (prealloc)
        var l []swarm.GenericResource
        ^
    cli/command/service/opts.go:378:2: Consider pre-allocating `netAttach` (prealloc)
        var netAttach []swarm.NetworkAttachmentConfig
        ^
    cli/command/service/update.go:731:2: Consider pre-allocating `limits` (prealloc)
        var limits []*units.Ulimit
        ^
    cli/command/service/update.go:1315:2: Consider pre-allocating `newNetworks` (prealloc)
        var newNetworks []swarm.NetworkAttachmentConfig
        ^
    cli/command/service/update.go:1514:2: Consider pre-allocating `out` (prealloc)
        var out []string
        ^
    cli/compose/convert/service.go:713:2: Consider pre-allocating `ulimits` (prealloc)
        var ulimits []*units.Ulimit
        ^
    cli/compose/convert/volume.go:13:2: Consider pre-allocating `mounts` (prealloc)
        var mounts []mount.Mount
        ^
    cli/command/stack/swarm/list.go:39:2: Consider pre-allocating `stacks` (prealloc)
        var stacks []*formatter.Stack
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 16:02:16 +01:00
Sebastiaan van Stijn efbcdce9b9
linting: cli/command/trust: unusedwrite: unused write to field Hashes (govet)
cli/command/trust/sign_test.go:211:9: unusedwrite: unused write to field Hashes (govet)
        target.Hashes, target.Length, err = getSignedManifestHashAndSize(notaryRepo, "test")
               ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 15:59:39 +01:00
Sebastiaan van Stijn 580ebf41a0
dockerfiles: update golangci-lint to v1.55.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 10:04:36 +01:00
Sebastiaan van Stijn 45f62dba0e
Merge pull request #4661 from thaJeztah/update_authors
update authors and mailmap
2023-11-15 23:48:12 +01:00
Sebastiaan van Stijn a6114fc424
Merge pull request #4606 from AkihiroSuda/rro
docs: add `bind-recursive` mount option
2023-11-14 14:10:57 +01:00
Sebastiaan van Stijn 8642b3c35f
update authors and mailmap
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-13 22:32:27 +01:00
Sebastiaan van Stijn 2b521e490c
Merge pull request #4655 from StealthyCoder/4653-fix-credential-helper
Fix setting ServerAddress property in NativeStore
2023-11-13 16:51:21 +01:00
Sebastiaan van Stijn 1862725b5c
Merge pull request #4638 from thaJeztah/ForwardAllSignals_no_cli
cli/command/container: ForwardAllSignals: rewrite to use ContainerAPIClient
2023-11-13 15:49:51 +01:00
Sebastiaan van Stijn 6424018b32
Merge pull request #4660 from thaJeztah/bump_engine
vendor: github.com/docker/docker 34e923e3e31b (v25.0-dev)
2023-11-13 15:48:26 +01:00
Sebastiaan van Stijn b1a124ccbf
Merge pull request #4622 from thaJeztah/update_engine_step2
cli/command/network: runCreate: inline types.NetworkCreate
2023-11-13 15:47:51 +01:00
Sebastiaan van Stijn 685d1baa03
vendor: github.com/docker/docker 34e923e3e31b (v25.0-dev)
No code-changes in vendored files.

full diff: c14694a424...34e923e3e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-13 14:42:08 +01:00
Sebastiaan van Stijn f19d27e7ef
Merge pull request #4657 from thaJeztah/improve_ValidateIPAddress
opts: ValidateIPAddress: improve error, godoc, and tests
2023-11-13 12:28:04 +01:00
Sebastiaan van Stijn d9b64811fd
Merge pull request #4658 from thaJeztah/remove_ipopt
opts: remove unused IPOpt option
2023-11-13 12:27:40 +01:00
Sebastiaan van Stijn fe0bd7b180
Merge pull request #4652 from ndeloof/ndeloof_maintainer
not actually a maintainer
2023-11-12 08:45:15 +01:00
Sebastiaan van Stijn f0816bf679
opts: remove unused IPOpt option
This option was created Moby [6d59a566759da5729d7eb89a8e1888fc612f03cf], and
used for the daemon config [353b7c8ec77b30fa83dac5ec0778193f6de8b437]. It was
migrated from the Moby repository in f34ca0a354,
but was never used by the CLI, and there are no external consumers.

If we would need an IP-address option, spf13/pflags now provides those, so
there's no need to implement this ourselves.

[6d59a566759da5729d7eb89a8e1888fc612f03cf]: 6d59a56675
[353b7c8ec77b30fa83dac5ec0778193f6de8b437]: 353b7c8ec7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 15:05:31 +01:00
Sebastiaan van Stijn b0ee27d653
opts: ValidateIPAddress: improve error, godoc, and tests
- document accepted values
- add test-coverage for the function's behavior (including whitespace handling),
  and use sub-tests.
- improve error-message to use uppercase for "IP", and to use a common prefix.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-11 14:50:28 +01:00
Eric Bode b24e7f85a4
Fix setting ServerAddress property in NativeStore
This will return the ServerAddress property when using the NativeStore.
This happens when you use docker credential helpers, not the credential
store.

The reason this fix is needed is because it needs to be propagated
properly down towards `moby/moby` project in the following logic:

```golang
func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt {
	cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
	if cfgHost == "" || cfgHost == registry.IndexHostname {
		cfgHost = registry.DefaultRegistryHost
	}

	return docker.WithAuthCreds(func(host string) (string, string, error) {
		if cfgHost != host {
			logrus.WithFields(logrus.Fields{
				"host":    host,
				"cfgHost": cfgHost,
			}).Warn("Host doesn't match")
			return "", "", nil
		}
		if authConfig.IdentityToken != "" {
			return "", authConfig.IdentityToken, nil
		}
		return authConfig.Username, authConfig.Password, nil
	})
}
```
This logic resides in the following file :
`daemon/containerd/resolver.go` .

In the case when using the containerd storage feature when setting the
`cfgHost` variable from the `authConfig.ServerAddress` it will always be
empty. Since it will never be returned from the NativeStore currently.
Therefore Docker Hub images will work fine, but anything else will fail
since the `cfgHost` will always be the `registry.DefaultRegistryHost`.

Signed-off-by: Eric Bode <eric.bode@foundries.io>
2023-11-11 14:22:23 +01:00
Sebastiaan van Stijn 79c5d4a329
Merge pull request #4654 from thaJeztah/bump_go_connections
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
2023-11-10 22:58:26 +01:00
Sebastiaan van Stijn f65d4a4796
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
0b8c1f4e07...fa09c952e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 22:46:47 +01:00
Sebastiaan van Stijn a9ae9b3cc6
Merge pull request #4651 from thaJeztah/bump_go_connections
vendor: update go-connections for TLS 1.3 support
2023-11-10 21:51:14 +01:00
Nicolas De Loof b7c31c36fa
not actually a maintainer
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-10 21:35:15 +01:00
Sebastiaan van Stijn f9622b659f
vendor: update go-connections for TLS 1.3 support
full diff: https://github.com/docker/go-connections/compare/v0.4.0...0b8c1f4e07a0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 15:56:11 +01:00
Sebastiaan van Stijn b90a3d4443
Merge pull request #4649 from thaJeztah/revert_update_golang_1.21.4
Revert "update to go1.21.4" due to regressions / breaking changes.
2023-11-09 13:04:11 +01:00
Sebastiaan van Stijn 4cf1c50ad1
Revert "update to go1.21.4" due to regressions / breaking changes.
Unfortunately, the go1.21.4 security update exposed some regressions / breaking
changes in moby (docker engine) and containerd. These issues are looked into,
but in the meantime we should revert this patch.

This temporarily reintroduces CVE-2023-45284 and CVE-2023-45283.

This reverts commit 6472dabe4c.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-09 10:54:54 +01:00
Sebastiaan van Stijn ed1c8c1107
Merge pull request #4647 from thaJeztah/update_golang_1.21.4
update to go1.21.4
2023-11-08 18:48:45 +01:00
Sebastiaan van Stijn 6472dabe4c
update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 18:39:54 +01:00
Sebastiaan van Stijn 3cd77c9d54
cli/command/container: ForwardAllSignals: rewrite to use ContainerAPIClient
This function only needed the ContainerAPIClient, and not the whole CLI. This
patch refactors it to use the shallower interface.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 15:15:09 +01:00
Sebastiaan van Stijn ad861cdb39
Merge pull request #4637 from ndeloof/RunExecWithContextb
make runAttach public and allow passing context
2023-11-08 14:44:24 +01:00
Nicolas De Loof a2ec50a461
make `container` an explicit, required parameter
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:32:55 +01:00
Nicolas De Loof a4abe42cbd
make runAttach public and allow passing context
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:24:58 +01:00
Sebastiaan van Stijn 1598586c58
Merge pull request #4646 from akerouanton/followup-macaddress
TestParseWithMacAddress: check endpoint-scoped MacAddress field
2023-11-08 13:54:01 +01:00
Albin Kerouanton 2b1f5a2e38
TestParseWithMacAddress: check endpoint-specific MacAddress field
This is a follow-up of https://github.com/docker/cli/pull/4419. That PR
leveraged the fact that EndpointSettings.MacAddress is already
available, although not used by the CreateNetwork endpoint.

TestParseWithMacAddress was testing whether the container-wide
MacAddress field is set, and we still need to test that to ensure
backward compatibility. But we now also need to test whether the
endpoint-specific MacAddress is set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:46:19 +01:00
Albin Kerouanton 8f59f841ae
cli/command/container: mustParse: return network.NetworkingConfig
Next commit will need this change to test whether the endpoint-specific
MacAddress is correctly set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:44:18 +01:00
Sebastiaan van Stijn 00532f908c
Merge pull request #4644 from thaJeztah/bump_engine2
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
2023-11-08 00:13:25 +01:00
Sebastiaan van Stijn d46de7087c
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
full diff: ed1a61dcb7...c14694a424

Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-07 23:41:34 +01:00
Sebastiaan van Stijn 5ec9eec63d
Merge pull request #4640 from thaJeztah/bump_cobra2
vendor: github.com/spf13/cobra v1.8.0
2023-11-07 13:20:43 +01:00
Sebastiaan van Stijn fefadb9be6
Merge pull request #4642 from desmond3th/docFix
Updated docs for --env-file comments handling
2023-11-07 10:39:09 +01:00
Sebastiaan van Stijn 0ef1269630
Merge pull request #4641 from thaJeztah/fix_redirects
docs: update redirect metadata for hugo
2023-11-07 09:56:00 +01:00
saurabh efc9236794 --env-file about comments doc updated
Signed-off-by: Saurabh Kumar <saurabhkumar0184@gmail.com>
2023-11-07 01:44:47 +05:30
Sebastiaan van Stijn 07338fe965
docs: update redirect metadata for hugo
docs.docker.com switched from Jekyll to Hugo, which uses "aliases"
instead of "redirect_from".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 18:25:49 +01:00