Commit Graph

8334 Commits

Author SHA1 Message Date
Jason Hall 0253634f59
cli: hide old CREATED times, instead of "52 years ago"
Signed-off-by: Jason Hall <jason@chainguard.dev>
2022-09-16 10:52:12 -04:00
Sebastiaan van Stijn 9ac8584acf
Merge pull request #3775 from thaJeztah/bump_engine
vendor: docker v20.10.3-0.20220909113731-8af2e62556de (22.06 branch)
2022-09-11 21:44:21 +02:00
Sebastiaan van Stijn beb92650d1
vendor: docker v20.10.3-0.20220909113731-8af2e62556de (22.06 branch)
full diff: b5a0d7a188...8af2e62556

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-10 19:12:42 +02:00
Sebastiaan van Stijn 8771b956ea
vendor: github.com/klauspost/compress v1.15.9
various fixes in zstd compression

- https://github.com/klauspost/compress/releases/tag/v1.15.9
- https://github.com/klauspost/compress/releases/tag/v1.15.8
- https://github.com/klauspost/compress/releases/tag/v1.15.7
- https://github.com/klauspost/compress/releases/tag/v1.15.6
- https://github.com/klauspost/compress/releases/tag/v1.15.5
- https://github.com/klauspost/compress/releases/tag/v1.15.4
- https://github.com/klauspost/compress/releases/tag/v1.15.3
- https://github.com/klauspost/compress/releases/tag/v1.15.2

full diff: https://github.com/klauspost/compress/compare/v1.15.1...v1.15.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-10 18:50:02 +02:00
Sebastiaan van Stijn 813bd79471
Merge pull request #3767 from thaJeztah/bump_go_119
update to golang 1.19.1
2022-09-08 16:14:37 +02:00
Sebastiaan van Stijn 48da8a4b3b
Merge pull request #3764 from thaJeztah/cli_remove_intermediate_var
cli: createContainer() remove intermediate variable
2022-09-08 16:14:20 +02:00
Sebastiaan van Stijn 3a17d8a909
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-08 10:40:08 +02:00
Sebastiaan van Stijn 07ac2d8dc4
update to golang 1.19
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-08 10:40:06 +02:00
Sebastiaan van Stijn 2ae9e21c1a
Merge pull request #3774 from thaJeztah/bump_x_net
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
2022-09-08 10:19:17 +02:00
Sebastiaan van Stijn a76f6405a4
Merge pull request #3772 from thaJeztah/bump_golang_1.18.6
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
2022-09-08 10:18:47 +02:00
Sebastiaan van Stijn fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn 1061f74496
Update to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.18.6 (released 2022-09-06) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the pprof command, the
runtime, and the crypto/tls, encoding/xml, and net packages. See the Go 1.18.6
milestone on the issue tracker for details;

https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 22:11:15 +02:00
Sebastiaan van Stijn e97d5d54c3
Merge pull request #3761 from thaJeztah/newcli_dedup
cli/command: NewDockerCli(): use WithStandardStreams()
2022-09-06 16:48:33 +02:00
Sebastiaan van Stijn 75774356a9
Merge pull request #3769 from thaJeztah/opts_deadcode
opts: remove unused RuntimeOpt
2022-09-06 16:47:08 +02:00
Sebastiaan van Stijn f57200535b
Merge pull request #3766 from thaJeztah/bump_go_units
vendor: github.com/docker/go-units v0.5.0
2022-09-06 16:46:46 +02:00
Sebastiaan van Stijn e59fd19e16
Merge pull request #3768 from thaJeztah/update_golangci_lint
update to golangci-lint v1.49.0 for compatibilty with go1.19
2022-09-06 11:05:51 +02:00
Sebastiaan van Stijn 0dd2c18082
golangci-lint: update to v1.49.0 for compatibilty with go1.19
Remove the "deadcode", "structcheck", and "varcheck" linters, as they are
deprecated:

    WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [linters context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the golangci/golangci-lint#2649.

And ignore gosec G113, which only affects gp < 1.16.14. and go < 1.17.7

    opts/opts.go:398:13: G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) (gosec)
        cpu, ok := new(big.Rat).SetString(value)
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:47 +02:00
Sebastiaan van Stijn 3dfdaa6458
linting: assigned to src, but reassigned without using the value (wastedassign)
cli/command/container/opts.go:928:2: assigned to src, but reassigned without using the value (wastedassign)
        src := ""
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:45 +02:00
Sebastiaan van Stijn 98654202c2
linting: G112: Potential Slowloris Attack
Picking 2 seconds, although that's just a randomly picked timeout;
given that this is only for testing, it's not too important.

    e2e/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:43 +02:00
Sebastiaan van Stijn b58731fa46
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.

    cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
                   ^
    cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
                return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
                                                                                      ^
    cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
            return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
                                                                                  ^
    cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
                   ^
    cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
            return *target, fmt.Errorf("No tag specified")
                            ^
    cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
            return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
                   ^
    cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
                          ^
    cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
            return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
                          ^
    opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", addr)
                       ^
    opts/hosts.go💯14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
                       ^
    opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
                       ^
    opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^
    opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
            return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
                       ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:42 +02:00
Sebastiaan van Stijn b508b0fc31
linting: ST1017: don't use Yoda conditions (stylecheck)
opts/envfile_test.go:157:5: ST1017: don't use Yoda conditions (stylecheck)
        if 1 != len(variables) {
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:40 +02:00
Sebastiaan van Stijn 7cec7101c4
linting: tabwriter: ignore stylecheck
We try to keep this package close to upstream golang's code, so suppress the
linter warning.

    cli/command/formatter/tabwriter/tabwriter.go:200:1: ST1020: comment on exported method Init should be of the form "Init ..." (stylecheck)
    // A Writer must be initialized with a call to Init. The first parameter (output)
    ^
    cli/command/formatter/tabwriter/tabwriter.go:425:1: ST1022: comment on exported const Escape should be of the form "Escape ..." (stylecheck)
    // To escape a text segment, bracket it with Escape characters.
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:39 +02:00
Sebastiaan van Stijn cef858170d
linting: os.Setenv() can be replaced by `t.Setenv()` (tenv)
cli/command/cli_options_test.go:29:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "true")
        ^
    cli/command/cli_options_test.go:31:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "false")
        ^
    cli/command/cli_options_test.go:33:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "invalid")
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:37 +02:00
Sebastiaan van Stijn ce01160e74
linting: ST1019: package is being imported more than once (stylecheck)
cli/command/manifest/inspect_test.go:9:2: ST1019: package "github.com/docker/cli/cli/manifest/types" is being imported more than once (stylecheck)
        "github.com/docker/cli/cli/manifest/types"
        ^
    cli/command/manifest/inspect_test.go:10:2: ST1019(related information): other import of "github.com/docker/cli/cli/manifest/types" (stylecheck)
        manifesttypes "github.com/docker/cli/cli/manifest/types"
        ^
    cli/command/stack/swarm/deploy_composefile.go:14:2: ST1019: package "github.com/docker/docker/client" is being imported more than once (stylecheck)
        apiclient "github.com/docker/docker/client"
        ^
    cli/command/stack/swarm/deploy_composefile.go:15:2: ST1019(related information): other import of "github.com/docker/docker/client" (stylecheck)
        dockerclient "github.com/docker/docker/client"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:36 +02:00
Sebastiaan van Stijn 491407b541
linting: remove unused nolint comments (nolintlint)
cli/context/store/tlsstore.go:46:88: directive `//nolint:unused` is unused for linter "unused" (nolintlint)
    func (s *tlsStore) remove(contextID contextdir, endpointName, filename string) error { //nolint:unused
                                                                                           ^
    cli-plugins/manager/plugin.go:37:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^
    cli/command/image/formatter_history_test.go:189:2: directive `//nolint:lll` is unused for linter "lll" (nolintlint)
        //nolint:lll
        ^
    cli/command/service/list.go:113:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^
    cli/command/stack/swarm/deploy_composefile.go:178:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:34 +02:00
Sebastiaan van Stijn d3d9301d2d
linting: use consts from stdlib (usestdlibvars)
cli/command/image/build/context.go:238:23: "400" can be replaced by http.StatusBadRequest (usestdlibvars)
        if resp.StatusCode < 400 {
                             ^
    cli/trust/trust.go:139:30: "GET" can be replaced by http.MethodGet (usestdlibvars)
        req, err := http.NewRequest("GET", endpointStr, nil)
                                    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 21:25:32 +02:00
Sebastiaan van Stijn c645c99288
opts: remove unused RuntimeOpt
This type was copied from the daemone in 8b725e10e7,
but actually unused on the CLI side, so we can remove it here.

The original code is still present in the daemon at
7b9275c0da/opts/runtime.go

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-03 19:05:16 +02:00
Sebastiaan van Stijn 52b89d7668
Merge pull request #3762 from thaJeztah/no_CanonicalTarNameForPath
build: replace uses of archive.CanonicalTarNameForPath
2022-09-01 22:22:45 +02:00
Sebastiaan van Stijn 0e4f0e4a7e
vendor: github.com/docker/go-units v0.5.0
full diff: https://github.com/docker/go-units/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 19:17:10 +02:00
Sebastiaan van Stijn 67cc8b1fd8
Merge pull request #3763 from thaJeztah/bump_engine
vendor: docker v20.10.3-0.20220831131523-b5a0d7a188ac (22.06 branch)
2022-08-31 18:47:32 +02:00
Sebastiaan van Stijn 67ae2c0976
cli: createContainer() remove intermediate variable
Having the intermediate variable made it difficult to see if it was
possibly mutated and/or something special done with it, so just use
the cli's accessors to get its Err().

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 18:45:25 +02:00
Sebastiaan van Stijn 23a0fb071a
vendor: docker v20.10.3-0.20220831131523-b5a0d7a188ac (22.06 branch)
full diff: d2590dc3cd...b5a0d7a188

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 18:08:53 +02:00
Sebastiaan van Stijn fb0788f18f
build: replace uses of archive.CanonicalTarNameForPath
As it's just an alias for filepath.IsAbs. Also added a normalize step in
TrimBuildFilesFromExcludes, so that callers are not _required_ to first
normalize the path.

We are considering deprecating and/or removing this function in the archive
package, so removing it in the cli code helps transitioning if we decide to
deprecate and/or remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 17:55:03 +02:00
Sebastiaan van Stijn e484243c29
cli/command: NewDockerCli(): use WithStandardStreams()
`NewDockerCli` was configuring the standard streams using local code; this patch
instead uses the available `WithStandardStreams()` option to do the same.

There is slight difference in the order of events;

Previously, user-provided options would be applied first, after which NewDockerCli
would check if any of "in", "out", or "err" were nil, and if so set them to the
default stream (or writer) for that output.

The new code unconditionally sets the defaults _before_ applying user-provided
options. In practive, howver, this makes no difference; the fields set are not
exported, and the only functions updating them are `WithStandardStreams`,
`WithInputStream`, and `WithCombinedStream`, neither of which checks the old
value (so always overrides).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-31 17:10:53 +02:00
Sebastiaan van Stijn 6205b4eae6
Merge pull request #3759 from thaJeztah/bump_x_sys
vendor: golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
2022-08-29 17:50:58 +02:00
Sebastiaan van Stijn b22afeae02
Merge pull request #3755 from thaJeztah/sequential
replace pkg/system Sequential funcs with moby/sys/sequential
2022-08-29 16:04:31 +02:00
Sebastiaan van Stijn eaf6461ee6
vendor: golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
full diff: 3c1f35247d...c680a09ffe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 15:58:05 +02:00
Sebastiaan van Stijn 0e3d54261b
replace pkg/system Sequential funcs with moby/sys/sequential
Migrating these functions to allow them being shared between moby, docker/cli,
and containerd, and to allow using them without importing all of sys / system,
which (in containerd) also depends on hcsshim and more.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 13:27:26 +02:00
Sebastiaan van Stijn d89b5dbb12
Merge pull request #3756 from thaJeztah/update_engine2
vendor: update moby (22.06 branch), swarmkit, buildkit, containerd
2022-08-27 17:32:12 +02:00
Sebastiaan van Stijn 948482b778
vendor: docker v20.10.3-0.20220826112928-d2590dc3cd4f (22.06 branch)
- moby: a60b458179...d2590dc3cd
- swarmkit: 6068d1894d...48dd89375d

The .Parent field for buildcache entries was deprecated, and replaced with a
.Parents (plural) field. This patch updates the code accordingly. Unlike the
change in buildx
9c3be32bc9
we continue to fall back to the old field (which will be set on older API
versions).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-27 16:44:59 +02:00
Sebastiaan van Stijn b105b22f1e
vendor: github.com/moby/buildkit v0.10.4
no local changes

full diff: https://github.com/moby/buildkit/compare/v0.10.3...v0.10.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-27 16:01:00 +02:00
Sebastiaan van Stijn 649aa6175b
vendor: golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10
full diff: bc2c85ada1...3c1f35247d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-20 17:04:20 +02:00
Sebastiaan van Stijn 440fb75c9a
vendor: github.com/containerd/containerd v1.6.8
No local changes.

Full diff: https://github.com/containerd/containerd/compare/v1.6.4...v1.6.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-20 16:55:40 +02:00
Sebastiaan van Stijn 1163b46099
Merge pull request #3744 from crazy-max/update-gha
ci: update github actions
2022-08-20 16:42:33 +02:00
CrazyMax da81c096bd
ci: add concurrency check
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-20 16:01:03 +02:00
CrazyMax fd5590dcd4
chore: dependabot to keep gha up to date
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-20 16:01:03 +02:00
CrazyMax d598646f11
ci: update github actions
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-08-20 16:01:03 +02:00
Sebastiaan van Stijn 90412400cd
Merge pull request #3738 from thaJeztah/update_cli_docs_tool
update cli-docs-tool to v0.5.0
2022-08-20 15:43:47 +02:00
Sebastiaan van Stijn 34e4ba09be
Merge pull request #3739 from thaJeztah/hard_deprecate_graph
complete the "-g" / "--graph" daemon option deprecation
2022-08-18 20:34:08 +02:00
Sebastiaan van Stijn 77806f70b9
Merge pull request #3737 from bsousaa/update_issue_form
Update issues form
2022-08-18 15:39:59 +02:00