Commit Graph

8473 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 40694311b4
Merge pull request #3907 from thaJeztah/update_go_1.19.4
update to go1.19.4
2022-12-07 13:21:36 +01:00
Sebastiaan van Stijn 016846e950
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:03:41 +01:00
Sebastiaan van Stijn 0e15d73c65
Dockerfile: update buildx to v0.9.1
This is only used for testing, but saw it was a bit behind.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 14:25:04 +01:00
Sebastiaan van Stijn 65d3f7830d
Merge pull request #3904 from thaJeztah/fix_lazy_evaluate
cmd/docker: make feature detection lazy again
2022-12-06 10:39:06 +01:00
Sebastiaan van Stijn 006c946389
cmd/docker: make feature detection lazy again
Commit 20ba591b7f fixed incorrect feature
detection in the CLI, but introduced a regression; previously the "ping"
would only be executed if needed (see b39739123b),
but by not inlining the call to `ServerInfo()` would now always be called.

This patch inlines the code again to only execute the "ping" conditionally,
which allows it to be executed lazily (and omitted for commands that don't
require a daemon connection).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 10:17:50 +01:00
Sebastiaan van Stijn 8fc1444558
Merge pull request #3901 from thaJeztah/carry_3845
Fix bug where incorrect response is returned [carry 3845]
2022-12-06 09:23:59 +01:00
Adyanth Hosavalike 20ba591b7f
Fix bug where incorrect response is returned
When server is unreachable and docker checkpoint (or any command that
needs to check the server type) is run, incorrect error was returned.

When checking if the daemon had the right OS, we compared the OSType
from the clients ServerInfo(). In situations where the client cannot
connect to the daemon, a "stub" Info is used for this, in which we
assume the daemon has experimental enabled, and is running the latest
API version.

However, we cannot fill in the correct OSType, so this field is empty
in this situation.

This patch only compares the OSType if the field is non-empty, otherwise
assumes the platform matches.

before this:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    docker checkpoint create is only supported on a Docker daemon running on linux, but the Docker daemon is running on

with this patch:

    docker -H unix:///no/such/socket.sock checkpoint create test test
    Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running?

Co-authored-by: Adyanth Hosavalike <ahosavalike@ucsd.edu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 08:55:47 +01:00
Sebastiaan van Stijn f33ef47061
Merge pull request #3903 from thaJeztah/build_test_dummy
cil/command: use dummy client for build-tests
2022-12-06 08:24:13 +01:00
Sebastiaan van Stijn 121c613877
cil/command: use dummy client for build-tests
These tests were using the default client, which would try to make a connection
with the daemon (which isn't running). Some of these test subsequently had
tests that depended on the result of that connection (i.e., "ping" result).

This patch updates the test to use a dummy client, so that the ping result is
predictable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 22:37:40 +01:00
Sebastiaan van Stijn 21e45ff852
cli/command: add WithAPIClient
This allows the cli to be initialized with a (custom) API client.
Currently to be used for unit tests, but could be used for other
scenarios.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 21:40:39 +01:00
Sebastiaan van Stijn 74874cd0c9
Merge pull request #3661 from thaJeztah/update_images
docs: various (minor) changes and rewording
2022-12-05 17:28:34 +01:00
Sebastiaan van Stijn b65bda6890
Merge pull request #3829 from dvdksn/fix-doclink-cli
updated additionalHelp text
2022-12-05 17:23:27 +01:00
Sebastiaan van Stijn 60833d2046
docs/reference: exec: update some examples
Use /bin/sh in the examples, as it's more likely to be present in a
container than bash (some users got confused by this, so using plain
"sh" in the examples could lead to less confusion).

Also added some extra wording around defaults, and how they're inherited
by the exec'd process.

It's definitely not "perfect" yet (lots to do in this document to improve
it), but it's a start :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn cac78c237f
docs/reference: info: update example output
Update the example output to not use deprecated storage drivers or
Windows versions.

Also removes the section about `--debug`, because the `docker info` output
depends on the _daemon_ (not the client) to have debug mode enabled.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 9ba371f665
docs: update examples to not use deprecated images
using latest ubuntu LTS, and alpine for some examples. Also syncing some
wording between the man-pages and online docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 74086bc93b
doc/reference: update attach reference
Some touch-ups in the attach reference and man-page;

- remove uses of old images (ubuntu 14.04)
- adds some more wording about `-i` and `-t` to use the detach sequence.
- use `--filter` instead of `grep` to list the container, to make the
  example more portable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:10:05 +01:00
Sebastiaan van Stijn 82805ad71f
docs/extend: remove note about first supported version
Docker v1.12 is really old, so no need to continue including this
in the docs. Also reformatted a markdown table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-05 17:09:57 +01:00
Sebastiaan van Stijn 37dcee37b6
Merge pull request #3812 from mspiess/3293-fix-replicas-override-0
add ability to override ints in compose files with 0
2022-12-05 16:26:44 +01:00
David Karlsson 3da0e959d3 updated additionalHelp text
Signed-off-by: David Karlsson <david.karlsson@docker.com>
2022-12-05 16:26:31 +01:00
Patrick Daigle e547881e27 Fix ssh process killed when context is done
Signed-off-by: Patrick Daigle <114765035+pdaig@users.noreply.github.com>
2022-12-04 22:09:17 -05:00
Sebastiaan van Stijn 7240f70808
Merge pull request #3896 from thaJeztah/add_alpine_version
Dockerfile: add ALPINE_VERSION build-arg
2022-12-04 18:26:01 +01:00
Sebastiaan van Stijn 1b0d6fc804
Dockerfile: add ALPINE_VERSION build-arg
This allows us to pin to a specific version of Alpine, in case the
golang:alpine image switches to a newer version, which may at times
be incompatible, e.g. see https://github.com/moby/moby/issues/44570

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-04 14:57:43 +01:00
Sam Thibault 64c8976745
Merge pull request #3834 from luismulinari/fix_max_concurrent_downloads_uploads_docs
docs: fix the max-concurrent-downloads and max-concurrent-uploads configs documentation
2022-12-02 22:22:06 +01:00
Sebastiaan van Stijn 4c22ede9ea
Merge pull request #3894 from thaJeztah/update_engine
vendor: docker/docker v20.10.3-0.20221201203946-b21e8f72f254 (v23.0.0-dev)
2022-12-01 23:21:13 +01:00
Sebastiaan van Stijn 60b09ea7fb
vendor: docker/docker v20.10.3-0.20221201203946-b21e8f72f254 (v23.0.0-dev)
full diff: bb2eab21c6...b21e8f72f2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 22:09:01 +01:00
Sebastiaan van Stijn d7e872ed64
Merge pull request #3892 from thaJeztah/port_sort
container port: sort ports before printing
2022-12-01 13:01:17 +01:00
Sebastiaan van Stijn ee599f6422
Merge pull request #3891 from thaJeztah/update_engine
vendor: docker/docker v20.10.3-0.20221201081640-bb2eab21c6db (v23.0.0-dev)
2022-12-01 12:59:43 +01:00
Sebastiaan van Stijn 4bee65ffaa
Merge pull request #3890 from thaJeztah/authors_update
Update mailmap and AUTHORS
2022-12-01 12:59:26 +01:00
Sebastiaan van Stijn 1768240bcd
cli/command/container: runPort: sort ports before printing
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:58:40 +01:00
Sebastiaan van Stijn c5613ac032
cli/command/container: TestNewPortCommandOutput improve test
Make sure that the container has multiple port-mappings to illustrate
that only the given port is matched.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:52:15 +01:00
Sebastiaan van Stijn 58487e088a
cli/command/container: runPort(): slight refactor
- use strings.Cut
- don't use nat.NewPort as we don't accept port ranges
- use an early return if there's no results

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:39:34 +01:00
Sebastiaan van Stijn f0435fd3f3
cli/command/container: runPort(): update godoc, and add todo
We should consider showing all mappings for a given port if no specific
proto was specified.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:20:57 +01:00
Sebastiaan van Stijn f2566760a8
Update AUTHORS header to indicate it's generated
Using both @generated, and using Go's format for generated files,
to match the format we now use on moby/moby.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:05:22 +01:00
Sebastiaan van Stijn b81acd7c4e
Update mailmap and AUTHORS
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 10:04:48 +01:00
Sebastiaan van Stijn 25c06c755c
vendor: docker/docker v20.10.3-0.20221201081640-bb2eab21c6db (v23.0.0-dev)
full diff: a913b5ad7e...bb2eab21c6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-01 09:48:58 +01:00
Sebastiaan van Stijn ab794859fe
Merge pull request #3847 from thaJeztah/context_lazy_evaluate
context: implement lazy loading, and other improvements
2022-11-29 00:22:02 +01:00
Sebastiaan van Stijn 2c9dff1436
cli/command/context: context ls: always show current context
if a context is set (e.g. through DOCKER_CONTEXT or the CLI config file), but
wasn't found, then a "stub" context is added, including an error message that
the context doesn't exist.

    DOCKER_CONTEXT=nosuchcontext docker context ls
    NAME              DESCRIPTION                               DOCKER ENDPOINT               ERROR
    default           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock
    nosuchcontext *                                                                           context "nosuchcontext": context not found: …

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 23:41:29 +01:00
Sebastiaan van Stijn ed4b0a67be
cli/command/context: context ls: add ERROR column, and don't fail early
This updates `docker context ls` to:

- not abort listing contexts when failing one (or more) contexts
- instead, adding an ERROR column to inform the user there was
  an issue loading the context.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:52:02 +01:00
Sebastiaan van Stijn 14f97cc10a
cli/command: DockerCli.ServerInfo() load info lazily
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:52:02 +01:00
Sebastiaan van Stijn 3b7235edca
cli/command: initialize client and load content lazily
This allows commands that don't require a client connection (such as `context use`)
to be functional, but still produces an error when trying to run a command that
needs to connect with the API;

    mkdir -p ~/.docker/ && echo '{"currentContext":"nosuchcontext"}' >  ~/.docker/config.json
    docker version
    Failed to initialize: unable to resolve docker endpoint: load context "nosuchcontext": context does not exist: open /root/.docker/contexts/meta/8bfef2a74c7d06add4bf4c73b0af97d9f79c76fe151ae0e18b9d7e57104c149b/meta.json: no such file or directory

    docker context use default
    default
    Current context is now "default"

    docker version
    Client:
     Version:           22.06.0-dev
     API version:       1.42
     ...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:52:02 +01:00
Sebastiaan van Stijn 2c41bbc49f
cli/command/task: taskContext.Error(): use ellipsis utility
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:29:04 +01:00
Sebastiaan van Stijn 0ed80a3a58
cli/command/formatter: NewClientContextFormat(): unconvert
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:28:47 +01:00
Sebastiaan van Stijn 30a0d0c6d6
cli/command/formatter: define const for error column-headers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 16:28:06 +01:00
Sebastiaan van Stijn 8b1cbfd769
Merge pull request #3887 from thaJeztah/context_lazy_evaluate_step4
context: minor refactoring and fixes
2022-11-28 16:08:07 +01:00
Sebastiaan van Stijn 60987b8d7a
cli/command: DockerCli: keep reference to options for later use
Store a reference to the options in the client, so that they are available
for later use.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 15:14:36 +01:00
Sebastiaan van Stijn 181769f18c
cli/command: remove DockerCli.loadConfigFile()
This makes it more transparent what's happening.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 13:24:07 +01:00
Sebastiaan van Stijn 36441fc5f6
cli: NewTopLevelCommand: don't use unnamed assignments
This prevents unexpected bugs if fields are added/moved.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-28 13:09:35 +01:00
Sebastiaan van Stijn 81c68913e4
Merge pull request #3886 from thaJeztah/context_lazy_evaluate_step3
cli/command/context: "docker context show": don't validate context
2022-11-28 11:52:32 +01:00
Sebastiaan van Stijn ba501a411f
Merge pull request #3849 from thaJeztah/update_term
vendor: update github.com/moby/term to fix interrupt handling
2022-11-28 11:37:06 +01:00
Sebastiaan van Stijn 56580e7d9e
Merge pull request #3885 from thaJeztah/context_lazy_evaluate_step2
cli/command: add Cli.CurrentVersion() function
2022-11-28 11:36:31 +01:00