Commit Graph

8491 Commits

Author SHA1 Message Date
Bjorn Neergaard 1810e922ac
docs: drop dated comments about graphdrivers
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit e636747a14)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-23 09:28:27 -07:00
Sebastiaan van Stijn 5051d82a17
update to go1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls,
mime/multipart, net/http, and path/filepath packages, as well as bug fixes to
the go command, the linker, the runtime, and the crypto/x509, net/http, and
time packages. See the Go 1.19.6 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved

From the announcement on the security mailing:

We have just released Go versions 1.20.1 and 1.19.6, minor point releases.

These minor releases include 4 security fixes following the security policy:

- path/filepath: path traversal in filepath.Clean on Windows

  On Windows, the filepath.Clean function could transform an invalid path such
  as a/../c:/b into the valid path c:\b. This transformation of a relative (if
  invalid) path into an absolute path could enable a directory traversal attack.
  The filepath.Clean function will now transform this path into the relative
  (but still invalid) path .\c:\b.

  This is CVE-2022-41722 and Go issue https://go.dev/issue/57274.

- net/http, mime/multipart: denial of service from excessive resource
  consumption

  Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely
  unlimited amounts of memory and disk files. This also affects form parsing in
  the net/http package with the Request methods FormFile, FormValue,
  ParseMultipartForm, and PostFormValue.

  ReadForm takes a maxMemory parameter, and is documented as storing "up to
  maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts
  which cannot be stored in memory are stored on disk in temporary files. The
  unconfigurable 10MB reserved for non-file parts is excessively large and can
  potentially open a denial of service vector on its own. However, ReadForm did
  not properly account for all memory consumed by a parsed form, such as map
  ntry overhead, part names, and MIME headers, permitting a maliciously crafted
  form to consume well over 10MB. In addition, ReadForm contained no limit on
  the number of disk files created, permitting a relatively small request body
  to create a large number of disk temporary files.

  ReadForm now properly accounts for various forms of memory overhead, and
  should now stay within its documented limit of 10MB + maxMemory bytes of
  memory consumption. Users should still be aware that this limit is high and
  may still be hazardous.

  ReadForm now creates at most one on-disk temporary file, combining multiple
  form parts into a single temporary file. The mime/multipart.File interface
  type's documentation states, "If stored on disk, the File's underlying
  concrete type will be an *os.File.". This is no longer the case when a form
  contains more than one file part, due to this coalescing of parts into a
  single file. The previous behavior of using distinct files for each form part
  may be reenabled with the environment variable
  GODEBUG=multipartfiles=distinct.

  Users should be aware that multipart.ReadForm and the http.Request methods
  that call it do not limit the amount of disk consumed by temporary files.
  Callers can limit the size of form data with http.MaxBytesReader.

  This is CVE-2022-41725 and Go issue https://go.dev/issue/58006.

- crypto/tls: large handshake records may cause panics

  Both clients and servers may send large TLS handshake records which cause
  servers and clients, respectively, to panic when attempting to construct
  responses.

  This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable
  session resumption (by setting Config.ClientSessionCache to a non-nil value),
  and TLS 1.3 servers which request client certificates (by setting
  Config.ClientAuth
  > = RequestClientCert).

  This is CVE-2022-41724 and Go issue https://go.dev/issue/58001.

- net/http: avoid quadratic complexity in HPACK decoding

  A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
  in the HPACK decoder, sufficient to cause a denial of service from a small
  number of small requests.

  This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
  configuring HTTP/2.

  This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e921e103a4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-17 01:11:03 +01:00
Aslam Ahemad 7f4e3ead75
changed the container name in docker stats page
Signed-off-by: Aslam Ahemad <aslamahemad@gmail.com>
(cherry picked from commit d2f726d5ad)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-15 11:53:36 +01:00
Sebastiaan van Stijn a5ee5b1dfc
Merge pull request #4018 from thaJeztah/23.0_backport_fix_ci_events
[23.0 backport] ci: fix branch filter pattern
2023-02-09 20:15:59 +01:00
CrazyMax 27b19a6acf
ci: fix branch filter pattern
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 0f39598687)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-09 19:55:03 +01:00
Brian Goff ab4ef4aed4
Merge pull request #4004 from thaJeztah/23.0_backports
[23.0 backports] assorted backports
2023-02-06 11:38:55 -08:00
Sebastiaan van Stijn 14aac2c232
vendor: github.com/docker/docker v23.0.0
- client: improve error messaging on crash

full diff: https://github.com/docker/docker/compare/v23.0.0-rc.3...v23.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bbebebaedf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Sebastiaan van Stijn 0cd15abfde
vendor: github.com/containerd/containerd v1.6.16
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5195db1ff5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Cory Snider 168f1b55e2
cli/command/container: exit 126 on EISDIR error
The error returned from "os/exec".Command when attempting to execute a
directory has been changed from syscall.EACCESS to syscall.EISDIR on
Go 1.20. 2b8f214094
Consequently, any runc runtime built against Go 1.20 will return an
error containing 'is a directory' and not 'permission denied'. Update
the string matching so the CLI exits with status code 126 on 'is a
directory' errors (EISDIR) in addition to 'permission denied' (EACCESS).

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit 9b5ceb52b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:36 +01:00
Albin Kerouanton 53ed25d9b6
Fix bad ThrottleDevice path
Fixes moby/moby#44904.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit 56051b84b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 14:47:33 +01:00
Sebastiaan van Stijn e92dd87c32
Merge pull request #3996 from laurazard/skip-broken-credentials
Fix issue where one bad credential helper causes no credentials to be returned
2023-01-31 17:45:07 +01:00
Laura Brehm 9e3d5d1528
Fix issue where one bad credential helper causes none to be returned
Instead, skip bad credential helpers (and warn the user about the error)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-01-31 17:14:30 +01:00
Sebastiaan van Stijn 3ae101f41e
Merge pull request #3991 from dvdksn/docs/refactor-docs-dir
docs: move doc generation scripts to subdir
2023-01-31 13:27:37 +01:00
Sebastiaan van Stijn 3a118309b8
Merge pull request #3990 from jedevc/manifest-oci
Add OCI support to manifest subcommand
2023-01-31 13:24:39 +01:00
David Karlsson 1e3622c50c docs: move doc generation scripts to subdir
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2023-01-31 06:33:23 +01:00
Sebastiaan van Stijn 4a500f690f
Merge pull request #3986 from AkihiroSuda/docker-container-remove
rm: allow `docker container remove` as an alias
2023-01-30 10:56:34 +01:00
Akihiro Suda 9b54d860cd
rm: allow `docker container remove` as an alias
Fix issue 3985

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-01-29 08:46:08 +09:00
Sebastiaan van Stijn 0288f7f724
Merge pull request #3992 from neersighted/mke_ca_note
docs: add note about MKE CA rotation, which is potentially dangerous
2023-01-27 20:57:34 +01:00
Bjorn Neergaard 00070e6e23
docs: add note about MKE CA rotation, which is potentially dangerous
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-01-27 08:19:27 -07:00
Justin Chadwell 67b9617898 manifest: save raw manifest content on download
This prevents us needing to attempt to reconstruct the exact indentation
registry side, which is not canonical - so may differ.

Signed-off-by: Justin Chadwell <me@jedevc.com>
2023-01-27 13:56:17 +00:00
Justin Chadwell 285e137aa4 manifest: explicitly error if whitespace reconstruction has failed
This behavior should not break any more use cases than before.
Previously, if the mismatch occured, we would actually push a manifest
that we then never referred to in the manifest list! If this was done in
a new repository, the command would fail with an obscure error from the
registry - the content wouldn't exist with the descriptor we expect it
to.

Signed-off-by: Justin Chadwell <me@jedevc.com>
2023-01-27 13:51:57 +00:00
Justin Chadwell 070825bc74 manifest: add support for oci image types
Signed-off-by: Justin Chadwell <me@jedevc.com>
2023-01-27 13:51:57 +00:00
Sebastiaan van Stijn 645395cc77
Merge pull request #3987 from craig-osterhout/fix-exec-doc-typo
Fix typo in reference doc for docker exec
2023-01-24 08:41:29 +01:00
craig-osterhout 551c4e9ab9
Fix typo in reference doc for docker
Signed-off-by: Craig Osterhou <craig.osterhout@docker.com>

Signed-off-by: craig-osterhout <craig.osterhout@docker.com>
2023-01-23 14:05:21 -08:00
Sebastiaan van Stijn 5f9c58ffa0
Merge pull request #3984 from thaJeztah/engine_23.0.0-rc.3
vendor: github.com/docker/docker v23.0.0-rc.3
2023-01-23 13:38:32 +01:00
Sebastiaan van Stijn 8672540f8c
vendor: github.com/docker/docker v23.0.0-rc.3
full diff: https://github.com/docker/docker/compare/v23.0.0-rc.2...v23.0.0-rc.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:16 +01:00
Sebastiaan van Stijn c4fff9da13
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281
full diff: 0da442b278...904c221ac2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:16 +01:00
Sebastiaan van Stijn 526e5e7c95
vendor: golang.org/x/net v0.5.0
full diff: https://github.com/golang/net/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:15 +01:00
Sebastiaan van Stijn d7f21ea9c8
vendor: golang.org/x/term v0.4.0
full diff: https://github.com/golang/term/compare/v0.3.0...v0.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:01 +01:00
Sebastiaan van Stijn ae43eb0e04
vendor: golang.org/x/text v0.6.0
no changes in vendored code

full diff: https://github.com/golang/text/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:48:03 +01:00
Sebastiaan van Stijn caf8b152c6
vendor: golang.org/x/sys v0.4.0
full diff: https://github.com/golang/sys/compare/v0.3.0...v0.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:45:55 +01:00
Sebastiaan van Stijn e1152b2418
Merge pull request #3977 from alirostami01/master
Fix section docker ps --size
2023-01-18 16:46:09 +01:00
Ali Rostami be30cb370e Fix section docker ps --size
Remove the extra item "Size"

Signed-off-by: Ali Rostami <rostami.ali@gmail.com>
2023-01-18 13:17:35 +03:30
Sebastiaan van Stijn f7c322edba
Merge pull request #1900 from yuchengwu/8831-doc-user-restrict
note `--user` args usage restriction
2023-01-17 23:03:07 +01:00
Yucheng Wu 5d04b1c49e
note `--user` args usage restriction
Signed-off-by: Yucheng Wu <wyc123wyc@gmail.com>
2023-01-17 22:45:23 +01:00
Sebastiaan van Stijn 8627a6df16
Merge pull request #3971 from thaJeztah/sync_cobra_streams
cli: pass dockerCLI's in/out/err to cobra cmds
2023-01-17 17:57:03 +01:00
Sebastiaan van Stijn fe694e8219
Merge pull request #3973 from thaJeztah/no_escape
cli: additionalHelp() don't decorate output if it's piped, and add extra newline
2023-01-17 17:56:07 +01:00
Sebastiaan van Stijn 1493806509
Merge pull request #3968 from crazy-max/fix-badges
README: fix badges
2023-01-17 15:57:20 +01:00
Sebastiaan van Stijn 9bb70217f8
Add extra newline after additionalHelp output
The additionalHelp message is printed at the end of the --help output;

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
    PS>

As this message may contain an URL, users may copy/paste the URL to open it
in their browser, but can easily end up copying their prompt (as there's
no whitespace after it), and as a result end up on a broken URL, for example:

    https://docs.docker.com/go/guides/PS

This patch adds an extra newline at the end to provide some whitespace
around the message, making it less error-prone to copy the URL;

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

    PS>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-15 15:23:06 +01:00
Sebastiaan van Stijn 59e74b44ae
cli: additionalHelp() don't decorate output if it's piped
This prevents the escape-characters being included when piping the
output, e.g. `docker --help > output.txt`, or `docker --help | something`.
These control-characters could cause issues if users copy/pasted the URL
from the output, resulting in them becoming part of the URL they tried
to visit, which would fail, e.g. when copying the output from:

    To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

Users ended up on URLs like;

    https://docs.docker.com/go/guides/ESC
    https://docs.docker.com/go/guides/%1B[0m

Before this patch, control characters ("bold") would be printed, even if
no TTY was attached;

    docker --help > output.txt
    cat output.txt | grep 'For more help' | od -c
    0000000 033   [   1   m   F   o   r       m   o   r   e       h   e   l
    0000020   p       o   n       h   o   w       t   o       u   s   e
    0000040   D   o   c   k   e   r   ,       h   e   a   d       t   o
    0000060   h   t   t   p   s   :   /   /   d   o   c   s   .   d   o   c
    0000100   k   e   r   .   c   o   m   /   g   o   /   g   u   i   d   e
    0000120   s   / 033   [   0   m  \n
    0000127

    docker --help | grep 'For more help' | od -c
    0000000 033   [   1   m   F   o   r       m   o   r   e       h   e   l
    0000020   p       o   n       h   o   w       t   o       u   s   e
    0000040   D   o   c   k   e   r   ,       h   e   a   d       t   o
    0000060   h   t   t   p   s   :   /   /   d   o   c   s   .   d   o   c
    0000100   k   e   r   .   c   o   m   /   g   o   /   g   u   i   d   e
    0000120   s   / 033   [   0   m  \n
    0000127

With this patch, no control characters are included:

    docker --help > output.txt
    cat output.txt | grep 'For more help' | od -c
    0000000   F   o   r       m   o   r   e       h   e   l   p       o   n
    0000020       h   o   w       t   o       u   s   e       D   o   c   k
    0000040   e   r   ,       h   e   a   d       t   o       h   t   t   p
    0000060   s   :   /   /   d   o   c   s   .   d   o   c   k   e   r   .
    0000100   c   o   m   /   g   o   /   g   u   i   d   e   s   /  \n
    0000117

    docker --help | grep 'For more help' | od -c
    0000000   F   o   r       m   o   r   e       h   e   l   p       o   n
    0000020       h   o   w       t   o       u   s   e       D   o   c   k
    0000040   e   r   ,       h   e   a   d       t   o       h   t   t   p
    0000060   s   :   /   /   d   o   c   s   .   d   o   c   k   e   r   .
    0000100   c   o   m   /   g   o   /   g   u   i   d   e   s   /  \n
    0000117

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-15 15:14:57 +01:00
Sebastiaan van Stijn fc6be6ad30
cli: pass dockerCLI's in/out/err to cobra cmds
Both the DockerCLI and Cobra Commands provide accessors for Input, Output,
and Error streams (usually STDIN, STDOUT, STDERR). While we were already
passing DockerCLI's Output to Cobra, we were not doing so for the other
streams (and were passing none for plugin commands), potentially resulting
in DockerCLI output/input to mean something else than a Cobra Command's
intput/output/error.

This patch sets them to the same streams when constructing the Cobra
command.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-15 13:44:33 +01:00
CrazyMax d347678cde
README: fix badges
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-01-13 19:18:26 +01:00
Sebastiaan van Stijn d0a4b6f497
Merge pull request #3966 from crazy-max/fix-docs-anchore
docs: fix duplicated format anchor in plugin_ls
2023-01-13 18:15:32 +01:00
CrazyMax e04f3dd0df
docs: fix duplicated format anchor in plugin_ls
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-01-13 16:22:26 +01:00
Sebastiaan van Stijn 1af9f22c7e
Merge pull request #2998 from pseyfert/completion/zsh/volume
[completion/zsh] add volume completion
2023-01-13 12:22:14 +01:00
Sebastiaan van Stijn f1f12a3332
Merge pull request #3963 from thaJeztah/engine_23.0_rc2
vendor: github.com/docker/docker v23.0.0-rc.2
2023-01-12 14:08:40 +01:00
Sebastiaan van Stijn c453cc6873
vendor: github.com/docker/docker v23.0.0-rc.2
full diff: https://github.com/docker/docker/compare/v23.0.0-rc.1...v23.0.0-rc.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-12 13:45:27 +01:00
Sebastiaan van Stijn 0d16330dd2
vendor: github.com/containerd/containerd v1.6.15
no changes to vendored code

full diff: https://github.com/conainerd/containerd/compare/v1.6.14...v1.6.15

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-12 13:43:35 +01:00
Sebastiaan van Stijn 257ff41304
Merge pull request #3958 from thaJeztah/bump_go_1.19.5
update to go1.19.5
2023-01-11 14:45:52 +01:00
Sebastiaan van Stijn b9e1ad3d19
update to go1.19.5
go1.19.5 (released 2023-01-10) includes fixes to the compiler, the linker,
and the crypto/x509, net/http, sync/atomic, and syscall packages. See the
Go 1.19.5 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.19.5+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.19.4...go1.19.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-11 00:41:55 +01:00