Commit Graph

84 Commits

Author SHA1 Message Date
Sebastiaan van Stijn fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn eaf6461ee6
vendor: golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
full diff: 3c1f35247d...c680a09ffe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 15:58:05 +02:00
Sebastiaan van Stijn 649aa6175b
vendor: golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10
full diff: bc2c85ada1...3c1f35247d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-20 17:04:20 +02:00
Sebastiaan van Stijn 65d45664b1
vendor: golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
full diff: 33da011f77...bc2c85ada1

notable changes;

- unix: use ByteSliceFromString in (*Ifreq).Name
- unix: update openbsd Statfs_t fields

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:32:13 +02:00
Sebastiaan van Stijn 05279c7c6a
vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

full diff: 1e041c57c4...33da011f77

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 14:33:05 +02:00
Sebastiaan van Stijn acf6aee911
vendor: golang.org/x/sys v0.0.0-20220405210540-1e041c57c461
full diff: da31bd327a...1e041c57c4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-30 12:01:42 +02:00
Sebastiaan van Stijn f3a05eb800
vendor dependencies with go1.17
Some warnings about go1.16 compatibility, so including them here:

     + go mod tidy -modfile=vendor.mod
     github.com/docker/cli/cli/registry/client imports
           github.com/docker/distribution/registry/api/v2 imports
           github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0,
        but go 1.16 would select v1.8.0
     github.com/docker/cli/cli/compose/loader imports
        gopkg.in/yaml.v2 tested by
        gopkg.in/yaml.v2.test imports
        gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f,
        but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d,
        but go 1.16 would select v0.0.0-20171204204709-577dee27f20d
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0,
        but go 1.16 would select v1.3.1
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0,
        but go 1.16 would select v1.1.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0,
        but go 1.16 would select v1.56.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero imports
        github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2

     To upgrade to the versions selected by go 1.16:
        go mod tidy -go=1.16 && go mod tidy -go=1.17
     If reproducibility with go 1.16 is not needed:
        go mod tidy -compat=1.17
     For other options, see:
        https://golang.org/doc/modules/pruning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 19:48:14 +01:00
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00
Sebastiaan van Stijn bc54802f5e
vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
full diff: 7de9c90e9d...6886f2dfbf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:24:03 +01:00
Sebastiaan van Stijn 1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
intermediate bump for easier review

full diff: e18ecbb051...fe4d628211

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Sebastiaan van Stijn 576e4dce44
vendor: golang.org/x/text v0.3.7
full diff: https://github.com/golang/text/compare/v0.3.4...v0.3.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:13 +01:00
Sebastiaan van Stijn 7880acb052
vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
full diff: 69cdffdb93...da31bd327a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:12 +01:00
Sebastiaan van Stijn 58747a6316
vendor: github.com/google/go-cmp v0.5.5
it was downgraded to v0.2.0, but should be safe to upgrade

full diff: https://github.com/google/go-cmp/compare/v0.2.0...v0.5.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 16:34:33 +01:00
Sebastiaan van Stijn a26de1de0f
vendor: golang.org/x/text v0.3.4
remove the replace rule to update it to the actual version specified:

full diff: https://github.com/golang/text/compare/v0.3.3...v0.3.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:40:16 +01:00
Sebastiaan van Stijn 7917946a5c
vendor: golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
remove the replace rule to use the actual version (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:37:48 +01:00
Sebastiaan van Stijn 109cc4ea4f
vendor: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
remove the replace rule to update it to the actual version specified:

full diff: 63515b42dc...69cdffdb93

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:35:55 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 7e560ae76f
vendor with go mod
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00
Sebastiaan van Stijn 61a1775adb
vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8,
2021) or later, see https://github.com/golang/go/issues/45702. While this seems
to affect macOS only, let's update to the latest version.

full diff: d19ff857e8...63515b42dc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 18:10:31 +02:00
Sebastiaan van Stijn 6d25af0cd7
vendor: golang.org/x/time 3af7569d3a1e776fc2a3c1cec133b43105ea9c2e
full diff: 555d28b269...3af7569d3a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:38 +02:00
Sebastiaan van Stijn 8ebe404dfc
vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
full diff: 134d130e1a...d19ff857e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:34 +02:00
Sebastiaan van Stijn af1687406b
vendor: golang.org/x/sync 036812b2e83c0ddf193dd5a34e034151da389d09
full diff: cd5d95a43a...036812b2e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:32 +02:00
Sebastiaan van Stijn dea9976143
vendor: golang.org/x/net e18ecbb051101a46fc263334b127c89bc7bff7ea
full diff: ab34263943...e18ecbb051

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:30 +02:00
Sebastiaan van Stijn 716291337b
vendor: golang.org/x/crypto 0c34fe9e7dc2486962ef9867e3edb3503537209f
full diff: c1f2f97bff...0c34fe9e7d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:28 +02:00
Tonis Tiigi e50cf79579 vendor: update x/sys to 134d130e
Makes possible to build for windows/arm64

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-03-03 23:32:34 -08:00
Tibor Vass 7bef248765 vendor docker, docker-credential-helpers and golang/sys for execabs package
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Sebastiaan van Stijn 9a0a071d55 vendor: buildkit v0.8.0-rc2, docker
diffs:

- full diff: af34b94a78...6c0a036dce
- full diff: 4d1f260e84...v0.8.0-rc2

New dependencies:

- go.opencensus.io v0.22.3
- github.com/containerd/typeurl v1.0.1
- github.com/golang/groupcache 869f871628b6baa9cfbc11732cdf6546b17c1298

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 0e96d92567 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
full diff: 75b288015a...c1f2f97bff

relevant changes:

- pkcs12: document that we use the wrong PEM type
- pkcs12: drop PKCS#12 attributes with unknown OIDs
- ocsp: Improve documentation for ParseResponse and ParseResponseForCert

other changes (not in vendor);

- ssh: improve error message for KeyboardInteractiveChallenge
- ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
- ssh/terminal: replace with a golang.org/x/term wrapper
    - Deprecates ssh/terminal in favor of golang.org/x/term
- ssh/terminal: add support for zos
- ssh/terminal: bump x/term dependency to fix js/nacl
- nacl/auth: use Size instead of KeySize for Sum output
- sha3: remove go:nocheckptr annotation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 32d8f358df
vendor: github.com/moby/term 7f0af18e79f2784809e9cef63d0df5aa2c79d76e
full diff: 73f35e472e...7f0af18e79

- update gotest.tools to v3
- Use unix.Ioctl{Get,Set}Termios on all unix platforms
- Make Termios type alias, remove casts

vendor: golang.org/x/sys eeed37f84f13f52d35e095e8023ba65671ff86a1

ed371f2e16...eeed37f84f

- all: add GOOS=ios
- unix: add back IoctlCtlInfo on darwin
- windows: add SetConsoleCursorPosition
- unix: update Dockerfile to Linux 5.9 and Go 1.15.2 (adds `CAP_CHECKPOINT_RESTORE`)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-03 17:40:01 +01:00
Sebastiaan van Stijn dbe2f594ed
vendor: golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
full diff: 85ca7c5b95...ed371f2e16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:54 +02:00
Sebastiaan van Stijn e70e756053
vendor golang.org/x/net v0.0.0-20200707034311-ab3426394381
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:52 +02:00
Sebastiaan van Stijn 1c3a97b0ff
vendor golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:50 +02:00
Sebastiaan van Stijn 668aea3f13
vendor: golang.org/x/text v0.3.3
full diff: https://github.com/golang/text/compare/v0.3.2...v0.3.3

includes a fix for [CVE-2020-14040][1]

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-17 13:22:37 +02:00
Sebastiaan van Stijn d10e2b9a6d
vendor: golang.org/x/sys 85ca7c5b95cdf1e557abb38a283d1e61a5959c31
full diff: d5e6a3e2c0...85ca7c5b95

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-09 17:26:23 +02:00
Sebastiaan van Stijn edf70dc308
vendor: golang.org/x/oauth2 bf48bf16ab8d622ce64ec6ce98d2c98f916b6303
full diff: ef147856a6...bf48bf16ab

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:04 +02:00
Sebastiaan van Stijn 9a41e375b5
vendor: golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82
full diff: fbb02b2291...555d28b269

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:02 +02:00
Sebastiaan van Stijn 37d184fe16
vendor: golang.org/x/crypto 2aa609cf4a9d7d1126360de73b55b6002f9e052a
full diff: bac4c82f69...2aa609cf4a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:00 +02:00
Sebastiaan van Stijn 7b9012ddde
vendor: golang.org/x/sys d5e6a3e2c0ae16fc7480523ebcb7fd4dd3215489
full diff: 6d18c012ae...d5e6a3e2c0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:56 +02:00
Sebastiaan van Stijn 3aab460ee1
vendor: golang.org/x/net 0de0cce0169b09b364e001f108dc0399ea8630b3
full diff: f3200d17e0...0de0cce016

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:55 +02:00
Sebastiaan van Stijn e32fe12ae3
vendor: golang.org/x/text v0.3.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:53 +02:00
Sebastiaan van Stijn 0dc9d17a2e
vendor: github.com/moby/buildkit ae7ff7174f73bcb4df89b97e1623b3fb0bfb0a0c
full diff: 4f4e030675...ae7ff7174f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:42 +02:00
Sebastiaan van Stijn 1edb10fe30
vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)
full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 21:20:47 +01:00
Sebastiaan van Stijn c485dab603
vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382
full diff: 69ecbb4d6d...1d94cc7ab1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-19 12:37:32 +01:00
Sebastiaan van Stijn 27d9aa2d9f
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919)
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:

- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:25:09 +01:00
Sebastiaan van Stijn 268cc5df24
vendor: bump golang.org/x/sys 6d18c012aee9febd81bbf9806760c8c4480e870d
full diff: 9eafafc0a8...6d18c012ae

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:26:26 +01:00
CarlosEDP 778052b066 bump x/sys to fix riscv64 epoll
Signed-off-by: CarlosEDP <me@carlosedp.com>
2019-08-12 13:13:08 -03:00
Tonis Tiigi 668a9ff8ef vendor: update net and sys
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-06-02 00:39:23 -07:00
Sebastiaan van Stijn 909b85460c
bump LK4D4/vndr v0.0.3 and revendor
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-14 16:13:27 -07:00