Commit Graph

9301 Commits

Author SHA1 Message Date
Sebastiaan van Stijn b90a3d4443
Merge pull request #4649 from thaJeztah/revert_update_golang_1.21.4
Revert "update to go1.21.4" due to regressions / breaking changes.
2023-11-09 13:04:11 +01:00
Sebastiaan van Stijn 4cf1c50ad1
Revert "update to go1.21.4" due to regressions / breaking changes.
Unfortunately, the go1.21.4 security update exposed some regressions / breaking
changes in moby (docker engine) and containerd. These issues are looked into,
but in the meantime we should revert this patch.

This temporarily reintroduces CVE-2023-45284 and CVE-2023-45283.

This reverts commit 6472dabe4c.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-09 10:54:54 +01:00
Sebastiaan van Stijn ed1c8c1107
Merge pull request #4647 from thaJeztah/update_golang_1.21.4
update to go1.21.4
2023-11-08 18:48:45 +01:00
Sebastiaan van Stijn 6472dabe4c
update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker, the runtime, the compiler, and
the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone
on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 18:39:54 +01:00
Sebastiaan van Stijn 3cd77c9d54
cli/command/container: ForwardAllSignals: rewrite to use ContainerAPIClient
This function only needed the ContainerAPIClient, and not the whole CLI. This
patch refactors it to use the shallower interface.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 15:15:09 +01:00
Sebastiaan van Stijn ad861cdb39
Merge pull request #4637 from ndeloof/RunExecWithContextb
make runAttach public and allow passing context
2023-11-08 14:44:24 +01:00
Nicolas De Loof a2ec50a461
make `container` an explicit, required parameter
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:32:55 +01:00
Nicolas De Loof a4abe42cbd
make runAttach public and allow passing context
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2023-11-08 14:24:58 +01:00
Sebastiaan van Stijn 1598586c58
Merge pull request #4646 from akerouanton/followup-macaddress
TestParseWithMacAddress: check endpoint-scoped MacAddress field
2023-11-08 13:54:01 +01:00
Albin Kerouanton 2b1f5a2e38
TestParseWithMacAddress: check endpoint-specific MacAddress field
This is a follow-up of https://github.com/docker/cli/pull/4419. That PR
leveraged the fact that EndpointSettings.MacAddress is already
available, although not used by the CreateNetwork endpoint.

TestParseWithMacAddress was testing whether the container-wide
MacAddress field is set, and we still need to test that to ensure
backward compatibility. But we now also need to test whether the
endpoint-specific MacAddress is set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:46:19 +01:00
Albin Kerouanton 8f59f841ae
cli/command/container: mustParse: return network.NetworkingConfig
Next commit will need this change to test whether the endpoint-specific
MacAddress is correctly set.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-11-08 10:44:18 +01:00
Sebastiaan van Stijn 00532f908c
Merge pull request #4644 from thaJeztah/bump_engine2
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
2023-11-08 00:13:25 +01:00
Sebastiaan van Stijn d46de7087c
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
full diff: ed1a61dcb7...c14694a424

Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-07 23:41:34 +01:00
Sebastiaan van Stijn 5ec9eec63d
Merge pull request #4640 from thaJeztah/bump_cobra2
vendor: github.com/spf13/cobra v1.8.0
2023-11-07 13:20:43 +01:00
Sebastiaan van Stijn fefadb9be6
Merge pull request #4642 from desmond3th/docFix
Updated docs for --env-file comments handling
2023-11-07 10:39:09 +01:00
Sebastiaan van Stijn 0ef1269630
Merge pull request #4641 from thaJeztah/fix_redirects
docs: update redirect metadata for hugo
2023-11-07 09:56:00 +01:00
saurabh efc9236794 --env-file about comments doc updated
Signed-off-by: Saurabh Kumar <saurabhkumar0184@gmail.com>
2023-11-07 01:44:47 +05:30
Sebastiaan van Stijn 07338fe965
docs: update redirect metadata for hugo
docs.docker.com switched from Jekyll to Hugo, which uses "aliases"
instead of "redirect_from".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 18:25:49 +01:00
Sebastiaan van Stijn 0239b8fd95
vendor: github.com/spf13/cobra v1.8.0
release notes: https://github.com/spf13/cobra/releases/tag/v1.8.0

full diff: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 16:54:43 +01:00
Sebastiaan van Stijn b33612426a
Merge pull request #4635 from dvdksn/docs-dockerd-default-nw-opt
docs: add default-network-opt daemon option
2023-11-06 12:56:20 +01:00
David Karlsson 848fe622ce docs: add default-network-opt daemon option
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-11-06 10:48:36 +01:00
Sebastiaan van Stijn 9cb175f02a
Merge pull request #4636 from elezar/bump-cdi-dependency
Update container-device-interface to v0.6.2
2023-11-04 13:20:52 +01:00
Evan Lezar 54eee599ba Update container-device-interface to v0.6.2
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:18:41 +01:00
Sebastiaan van Stijn 814f70749a
Merge pull request #4633 from thaJeztah/bump_engine
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
2023-11-03 16:16:03 +01:00
Sebastiaan van Stijn e088660985
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
full diff: fc4d035e7a...ed1a61dcb7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-03 15:14:07 +01:00
Sebastiaan van Stijn 13d34b21ec
vendor: github.com/containerd/containerd v1.7.8
no changes in vendored files

full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:54 +01:00
Sebastiaan van Stijn aa24d611bd
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:00 +01:00
Sebastiaan van Stijn 7841493823
vendor: golang.org/x/tools v0.10.0
full diff: https://github.com/golang/tools/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:06:07 +01:00
Sebastiaan van Stijn 1a0ae8c6b8
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:01:56 +01:00
Sebastiaan van Stijn a6351d0cd3
Merge pull request #4624 from gabriellavengeo/patch-1
Create codeql.yml
2023-10-26 16:51:12 +02:00
Gabriela Georgieva 39b1d37b3d
Update CodeQL workflow
Signed-off-by: Gabriela Georgieva <gabriela.georgieva@docker.com>
2023-10-26 15:25:48 +02:00
Sebastiaan van Stijn 5fc42fc64e
Merge pull request #4625 from thaJeztah/bump_engine
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
2023-10-26 09:40:51 +02:00
Sebastiaan van Stijn 663a89b7ad
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
full diff: cdb3f9fb8d...fc4d035e7a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:44 +02:00
Sebastiaan van Stijn 6891974ee9
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 827c404ca0
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
no changes in vendored files

full diff: 12f0c246fe...f082dd7a0c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 137c495f7b
vendor: github.com/go-logr/logr v1.2.4
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:40 +02:00
Brian Goff dd11de7dbb
Merge pull request #4627 from thaJeztah/bump_compress
vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:41:02 -07:00
Brian Goff 4f0b466b1b
Merge pull request #4626 from thaJeztah/bump_grpc
vendor: google.golang.org/grpc v1.56.3
2023-10-25 17:39:05 -07:00
Sebastiaan van Stijn 6372c6aae6
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:14:23 +02:00
Sebastiaan van Stijn 8073525c00
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00
Sebastiaan van Stijn 39e1de95ab
Merge pull request #4620 from thaJeztah/bump_golangci_lint
update to golangci-lint v1.55.0
2023-10-24 13:34:42 +02:00
Sebastiaan van Stijn b7b5b31a7e
update to golangci-lint v1.55.0
release notes:
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:53 +02:00
Sebastiaan van Stijn 9e1f8d646e
image/build: use "nolint" comment to work around gosec regression
Latest gosec linter has a regression in parsing "nosec" comments;
see https://github.com/securego/gosec/issues/1046

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:51 +02:00
Sebastiaan van Stijn 8bf53ab011
Merge pull request #4619 from thaJeztah/nodot
cli/command: remove dot-imports and unhandled errors, and fix TestSwarmUpdate
2023-10-24 11:10:15 +02:00
Sebastiaan van Stijn 2294b17e7d
cli/command/network: runCreate: inline types.NetworkCreate
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 18:33:26 +02:00
Sebastiaan van Stijn cdba442d00
Merge pull request #4613 from achneerov/feature/937-remove-dead-link
Removed broken link
2023-10-23 16:02:09 +02:00
Sebastiaan van Stijn 594aeb390a
cli/command: remove dot-imports and unhandled errors
Please the linters in preparation of updating golangci-lint;

- remove dot-imports
- add some checks for unhandled errors
- replace some fixed-value variables for consts

    cli/command/image/build/context.go:238:17: G107: Potential HTTP request made with variable url (gosec)
        if resp, err = http.Get(url); err != nil {
                       ^
    cli/command/idresolver/idresolver_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/registry_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/cli/command" // Prevents a circular import with "github.com/docker/cli/internal/test"
        ^
    cli/command/task/print_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/update_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/unlock_key_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/join_token_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/promote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/demote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/node/ps_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/update_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/secret/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/secret/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/network/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/container/list_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/service/list_test.go:12:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/service/client_test.go:6:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/list_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/services_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/ps_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:47 +02:00
Sebastiaan van Stijn b08e34b9f9
swarm: TestSwarmUpdate: remove non-existing "--quiet" flag
The `docker swarm update` copmmand does not have a `--quiet` flag, but this
test was trying to set it.

    docker swarm update --help

    Usage:  docker swarm update [OPTIONS]

    Update the swarm

    Options:
          --autolock                        Change manager autolocking setting (true|false)
          --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
          --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
          --external-ca external-ca         Specifications of one or more certificate signing endpoints
          --max-snapshots uint              Number of additional Raft snapshots to retain
          --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
          --task-history-limit int          Task history retention limit (default 5)

The test didn't catch this issue, because errors when setting the flag were
not handled, so also adding error-handling;

    === Failed
    === FAIL: cli/command/swarm TestSwarmUpdate (0.00s)
        update_test.go:177: assertion failed: error is not nil: no such flag -quiet

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:29 +02:00
Sebastiaan van Stijn 9e54fa48ec
Merge pull request #4616 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.1
2023-10-23 12:04:44 +02:00
Brian Goff 60b5508c94
Merge pull request #4611 from thaJeztah/stack_start_interval_carry
stacks: Add schema 3.12, and add support for start interval
2023-10-20 11:04:47 -07:00