Commit Graph

7541 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 86bf1966e2
staticcheck: ignore SA1019: strings.Title is deprecated
This function is deprecated because it has known limitations when using
with multi-byte strings. This limitations are quite "corner case", and
our use (mostly) is for ASCII strings. The suggestion replacement brings
20k+ lines of code, which is a bit too much to fix those corner cases.

    templates/templates.go:23:14: SA1019: strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead. (staticcheck)
        "title":    strings.Title,
                    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf29b40a8c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:58:21 +02:00
Sebastiaan van Stijn b3022b91d1
[20.10] Dockerfile.lint: use go install
"go get@version" is no longer supported on newer versions of go.
Also renaming the build-arg to match what's used in master.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:58:19 +02:00
Sebastiaan van Stijn f14ba9f5d7
[20.10] Dockerfile: use syntax=docker/dockerfile:1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:58:17 +02:00
Sebastiaan van Stijn ae45936575
Merge pull request #3747 from thaJeztah/20.10_update_json_iterator
[20.10] update dependencies for go1.18 compatibility
2022-08-19 16:57:45 +02:00
Sebastiaan van Stijn c189c4dbea
[20.10] vendor: github.com/json-iterator/go v1.1.12 for Go 1.18 compatibility
full diff: 0ff49de124...024077e996

Fixes a nil-pointer exception on go 1.18;

```
=== FAIL: cli/context/kubernetes TestSaveLoadContexts (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x40fcbc]

goroutine 19 [running]:
testing.tRunner.func1.2({0xa7e080, 0x1073930})
	/usr/local/go/src/testing/testing.go:1389 +0x24e
testing.tRunner.func1()
	/usr/local/go/src/testing/testing.go:1392 +0x39f
panic({0xa7e080, 0x1073930})
	/usr/local/go/src/runtime/panic.go:838 +0x207
reflect.mapiternext(0x40?)
	/usr/local/go/src/runtime/map.go:1378 +0x19
github.com/docker/cli/vendor/github.com/modern-go/reflect2.(*UnsafeMapIterator).UnsafeNext(0x8?)
	/go/src/github.com/docker/cli/vendor/github.com/modern-go/reflect2/unsafe_map.go:136 +0x32
github.com/docker/cli/vendor/github.com/json-iterator/go.(*sortKeysMapEncoder).Encode(0xc000478930, 0xc0000ca3a8, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_map.go:293 +0x335
github.com/docker/cli/vendor/github.com/json-iterator/go.(*placeholderEncoder).Encode(0xc00046c898?, 0x95d787?, 0xc0000bae58?)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect.go:327 +0x22
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structFieldEncoder).Encode(0xc000482630, 0xa2790c?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:110 +0x56
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structEncoder).Encode(0xc000482780, 0xb3a599?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:158 +0x652
github.com/docker/cli/vendor/github.com/json-iterator/go.(*placeholderEncoder).Encode(0xc00046ca10?, 0x95d787?, 0xc0000bae58?)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect.go:327 +0x22
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structFieldEncoder).Encode(0xc0004829f0, 0xa0fd11?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:110 +0x56
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structEncoder).Encode(0xc000482a50, 0x40aa15?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:158 +0x652
github.com/docker/cli/vendor/github.com/json-iterator/go.(*sliceEncoder).Encode(0xc00047e198, 0xc0003a83c8, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_slice.go:38 +0x2bb
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structFieldEncoder).Encode(0xc0004837a0, 0xa12e12?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:110 +0x56
github.com/docker/cli/vendor/github.com/json-iterator/go.(*structEncoder).Encode(0xc000483890, 0x0?, 0xc0000bae40)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_struct_encoder.go:158 +0x652
github.com/docker/cli/vendor/github.com/json-iterator/go.(*OptionalEncoder).Encode(0xc0003b6be0?, 0x0?, 0x0?)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect_optional.go:74 +0xa4
github.com/docker/cli/vendor/github.com/json-iterator/go.(*onePtrEncoder).Encode(0xc000471e30, 0xc0003a8370, 0xc000460720?)
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect.go:214 +0x82
github.com/docker/cli/vendor/github.com/json-iterator/go.(*Stream).WriteVal(0xc0000bae40, {0xabe4a0, 0xc0003a8370})
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/reflect.go:93 +0x158
github.com/docker/cli/vendor/github.com/json-iterator/go.(*frozenConfig).Marshal(0xc0003b6be0, {0xabe4a0, 0xc0003a8370})
	/go/src/github.com/docker/cli/vendor/github.com/json-iterator/go/config.go:299 +0xc9
github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime/serializer/json.(*Serializer).Encode(0xc00043aee0?, {0xc375c0?, 0xc0003a8370?}, {0xc339e0, 0xc000460210})
	/go/src/github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime/serializer/json/json.go:310 +0x6d
github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime/serializer/versioning.(*codec).Encode(0xc0000f8480, {0xc37570?, 0xc0000bacc0}, {0xc339e0, 0xc000460210})
	/go/src/github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go:231 +0x926
github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime.Encode({0x7f48b36ce5c0, 0xc0000f8480}, {0xc37570, 0xc0000bacc0})
	/go/src/github.com/docker/cli/vendor/k8s.io/apimachinery/pkg/runtime/codec.go:46 +0x64
github.com/docker/cli/vendor/k8s.io/client-go/tools/clientcmd.Write(...)
	/go/src/github.com/docker/cli/vendor/k8s.io/client-go/tools/clientcmd/loader.go:469
github.com/docker/cli/cli/context/kubernetes.TestSaveLoadContexts(0xc0004561a0?)
	/go/src/github.com/docker/cli/cli/context/kubernetes/endpoint_test.go:75 +0xf0a
testing.tRunner(0xc0004561a0, 0xb89ea0)
	/usr/local/go/src/testing/testing.go:1439 +0x102
created by testing.(*T).Run
	/usr/local/go/src/testing/testing.go:1486 +0x35f
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:12:25 +02:00
Sebastiaan van Stijn 0c46ffc1f9
[20.10] vendor: github.com/modern-go/reflect2 v1.0.2 for Go 1.18 compatibility
full diff: 4b7aa43c67...2b33151c9b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:10:25 +02:00
Sebastiaan van Stijn 6be9ce798e
[20.10] vendor: github.com/google/gofuzz v1.0.0
no local changes, just matching the minimum version for github.com/json-iterator/go

full diff: 24818f796f...f140a6486e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-19 16:06:12 +02:00
Sebastiaan van Stijn c8b7ef1e29
Merge pull request #3743 from thaJeztah/20.10_backport_bump_golangci_lint
[20.10 backport] lint: update golangci-lint to v1.45.2
2022-08-19 12:48:25 +02:00
Sebastiaan van Stijn 779ed309a8
lint: update golangci-lint to v1.45.2
Also removed deprecated linters:

The linter 'interfacer' is deprecated (since v1.38.0) due to: The repository of the linter has been archived by the owner.
The linter 'golint' is deprecated (since v1.41.0) due to: The repository of the linter has been archived by the owner.  Replaced by revive.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3ffe6a3375)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:19:06 +02:00
Sebastiaan van Stijn 2f7e84be65
linting: fix incorrectly formatted errors (revive)
cli/compose/interpolation/interpolation.go:102:4: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                "invalid interpolation format for %s: %#v. You may need to escape any $ with another $.",
                ^

    cli/command/stack/loader/loader.go:30:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return nil, errors.Errorf("Compose file contains unsupported options:\n\n%s\n",
                                          ^

    cli/command/formatter/formatter.go:76:30: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return tmpl, errors.Errorf("Template parsing error: %v\n", err)
                                       ^

    cli/command/formatter/formatter.go:97:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("Template parsing error: %v\n", err)
                                 ^

    cli/command/image/build.go:257:25: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                return errors.Errorf("error checking context: '%s'.", err)
                                     ^

    cli/command/volume/create.go:35:27: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
                        return errors.Errorf("Conflicting options: either specify --name or provide positional arg, not both\n")
                                             ^

    cli/command/container/create.go:160:24: error-strings: error strings should not be capitalized or end with punctuation or a newline (revive)
            return errors.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
                                 ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4ab70bf61e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:48 +02:00
Sebastiaan van Stijn e628209d9b
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7c1fb9112)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:38 +02:00
Sebastiaan van Stijn 80a3add604
cli/command/container: unnecessary use of fmt.Sprintf (gosimple)
cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:184:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^
    cli/command/container/formatter_stats.go:191:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("-- / --")
                   ^
    cli/command/container/formatter_stats.go:201:10: S1039: unnecessary use of fmt.Sprintf (gosimple)
            return fmt.Sprintf("--")
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5a65aadd8d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:29 +02:00
Sebastiaan van Stijn 715cfc4c2f
Merge pull request #3726 from thaJeztah/20.10_bump_golang_1.17.13
[20.10] Update golang to 1.17.13
2022-08-04 11:19:28 +02:00
Sebastiaan van Stijn 80fb0d575e
[20.10] Update golang to 1.17.13
Update Go runtime to 1.17.13 to address CVE-2022-32189.

Full diff: https://github.com/golang/go/compare/go1.17.12...go1.17.13

--------------------------------------------------------

From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10

We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.

These minor releases include 1 security fixes following the security
policy:

encoding/gob & math/big: decoding big.Float and big.Rat can panic

Decoding big.Float and big.Rat types can panic if the encoded message is
too short.

This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.17.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-03 20:20:24 +02:00
Sebastiaan van Stijn 9d28e08a2d
Merge pull request #3707 from thaJeztah/20.10_update_golang_1.17.12
[20.10] update golang to 1.17.12
2022-07-19 21:08:30 +02:00
Sebastiaan van Stijn d72bef2088
[20.10] update golang to 1.17.12
go1.17.12 (released 2022-07-12) includes security fixes to the compress/gzip,
encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath
packages, as well as bug fixes to the compiler, the go command, the runtime,
and the runtime/metrics package. See the Go 1.17.12 milestone on the issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.12+label%3ACherryPickApproved

This update addresses:

CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631,
CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, and CVE-2022-32148.

Full diff: https://github.com/golang/go/compare/go1.17.11...go1.17.12

From the security announcement;
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE

We have just released Go versions 1.18.4 and 1.17.12, minor point releases. These
minor releases include 9 security fixes following the security policy:

- net/http: improper sanitization of Transfer-Encoding header

  The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating
  a "chunked" encoding. This could potentially allow for request smuggling, but
  only if combined with an intermediate server that also improperly failed to
  reject the header as invalid.

  This is CVE-2022-1705 and https://go.dev/issue/53188.

- When `httputil.ReverseProxy.ServeHTTP` was called with a `Request.Header` map
  containing a nil value for the X-Forwarded-For header, ReverseProxy would set
  the client IP as the value of the X-Forwarded-For header, contrary to its
  documentation. In the more usual case where a Director function set the
  X-Forwarded-For header value to nil, ReverseProxy would leave the header
  unmodified as expected.

  This is https://go.dev/issue/53423 and CVE-2022-32148.

  Thanks to Christian Mehlmauer for reporting this issue.

- compress/gzip: stack exhaustion in Reader.Read

  Calling Reader.Read on an archive containing a large number of concatenated
  0-length compressed files can cause a panic due to stack exhaustion.

  This is CVE-2022-30631 and Go issue https://go.dev/issue/53168.

- encoding/xml: stack exhaustion in Unmarshal

  Calling Unmarshal on a XML document into a Go struct which has a nested field
  that uses the any field tag can cause a panic due to stack exhaustion.

  This is CVE-2022-30633 and Go issue https://go.dev/issue/53611.

- encoding/xml: stack exhaustion in Decoder.Skip

  Calling Decoder.Skip when parsing a deeply nested XML document can cause a
  panic due to stack exhaustion. The Go Security team discovered this issue, and
  it was independently reported by Juho Nurminen of Mattermost.

  This is CVE-2022-28131 and Go issue https://go.dev/issue/53614.

- encoding/gob: stack exhaustion in Decoder.Decode

  Calling Decoder.Decode on a message which contains deeply nested structures
  can cause a panic due to stack exhaustion.

  This is CVE-2022-30635 and Go issue https://go.dev/issue/53615.

- path/filepath: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-30632 and Go issue https://go.dev/issue/53416.

- io/fs: stack exhaustion in Glob

  Calling Glob on a path which contains a large number of path separators can
  cause a panic due to stack exhaustion.

  This is CVE-2022-30630 and Go issue https://go.dev/issue/53415.

- go/parser: stack exhaustion in all Parse* functions

  Calling any of the Parse functions on Go source code which contains deeply
  nested types or declarations can cause a panic due to stack exhaustion.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2022-1962 and Go issue https://go.dev/issue/53616.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-13 10:54:57 +02:00
Sebastiaan van Stijn 100c70180f
Merge pull request #3664 from thaJeztah/20.10_backport_fix_link
[20.10 backport] Fix dead external link
2022-06-06 23:36:39 +02:00
Phong Tran 7502d7e560
Fix dead external link
Signed-off-by: Phong Tran <tran.pho@northeastern.edu>
(cherry picked from commit 2585b6a792)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-06 23:15:19 +02:00
Nicolas De loof 4d718932c1
Merge pull request #3648 from thaJeztah/20.10_backport_asterisk_in_zsh_completion 2022-06-02 11:45:35 +02:00
Nicolas De loof 826eaafa6d
Merge pull request #3647 from thaJeztah/20.10_update_golang_1.17.11 2022-06-02 11:45:28 +02:00
Marc Cornellà 308624c3b1
fix: remove asterisk from docker command suggestions
Some commands in the output of `docker` show up with an asterisk, like
app, build, buildx or scan. This tweak removes that so that the
asterisk is not filled in when choosing those commands.

Signed-off-by: Marc Cornellà <hello@mcornella.com>
(cherry picked from commit b1f18b700e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-02 10:07:57 +02:00
Sebastiaan van Stijn de7d866b6a
[20.10] update golang to 1.17.11
go1.17.11 (released 2022-06-01) includes security fixes to the crypto/rand,
crypto/tls, os/exec, and path/filepath packages, as well as bug fixes to the
crypto/tls package. See the Go 1.17.11 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.17.11+label%3ACherryPickApproved

Hello gophers,

We have just released Go versions 1.18.3 and 1.17.11, minor point releases.

These minor releases include 4 security fixes following the security policy:

- crypto/rand: rand.Read hangs with extremely large buffers
  On Windows, rand.Read will hang indefinitely if passed a buffer larger than
  1 << 32 - 1 bytes.

  Thanks to Davis Goodin and Quim Muntal, working at Microsoft on the Go toolset,
  for reporting this issue.

  This is [CVE-2022-30634][CVE-2022-30634] and Go issue https://go.dev/issue/52561.
- crypto/tls: session tickets lack random ticket_age_add
  Session tickets generated by crypto/tls did not contain a randomly generated
  ticket_age_add. This allows an attacker that can observe TLS handshakes to
  correlate successive connections by comparing ticket ages during session
  resumption.

  Thanks to GitHub user nervuri for reporting this.

  This is [CVE-2022-30629][CVE-2022-30629] and Go issue https://go.dev/issue/52814.
- `os/exec`: empty `Cmd.Path` can result in running unintended binary on Windows

  If, on Windows, `Cmd.Run`, `cmd.Start`, `cmd.Output`, or `cmd.CombinedOutput`
  are executed when Cmd.Path is unset and, in the working directory, there are
  binaries named either "..com" or "..exe", they will be executed.

  Thanks to Chris Darroch, brian m. carlson, and Mikhail Shcherbakov for reporting
  this.

  This is [CVE-2022-30580][CVE-2022-30580] and Go issue https://go.dev/issue/52574.
- `path/filepath`: Clean(`.\c:`) returns `c:` on Windows

  On Windows, the `filepath.Clean` function could convert an invalid path to a
  valid, absolute path. For example, Clean(`.\c:`) returned `c:`.

  Thanks to Unrud for reporting this issue.

  This is [CVE-2022-29804][CVE-2022-29804] and Go issue https://go.dev/issue/52476.

[CVE-2022-30634]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30634
[CVE-2022-30629]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629
[CVE-2022-30580]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30580
[CVE-2022-29804]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29804

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-06-02 09:23:24 +02:00
Sebastiaan van Stijn aa7e414fdc
Merge pull request #3601 from thaJeztah/20.10_bump_golang_1.17.10
[20.10] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
2022-05-11 18:22:17 +02:00
Sebastiaan van Stijn 240e4b5501
[20.10] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

full diff: 63515b42dc...33da011f77

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 14:37:09 +02:00
Sebastiaan van Stijn 5d4776bd90
[20.10] update golang to 1.17.10
go1.17.10 (released 2022-05-10) includes security fixes to the syscall package,
as well as bug fixes to the compiler, runtime, and the crypto/x509 and net/http/httptest
packages. See the Go 1.17.10 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.10+label%3ACherryPickApproved

Full diff: http://github.com/golang/go/compare/go1.17.9...go1.17.10

Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 14:35:54 +02:00
Sebastiaan van Stijn 1841277463
Merge pull request #3592 from thaJeztah/20.10_backport_bump_x_sys
[20.10 backport] vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
2022-05-06 10:40:09 +02:00
Sebastiaan van Stijn 49e9c2ae3d vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8,
2021) or later, see https://github.com/golang/go/issues/45702. While this seems
to affect macOS only, let's update to the latest version.

full diff: d19ff857e8...63515b42dc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 61a1775adb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-06 10:08:27 +02:00
Sebastiaan van Stijn 87a3ce2699 vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
full diff: 134d130e1a...d19ff857e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8ebe404dfc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-06 10:07:40 +02:00
Tonis Tiigi 1d8abed17d
vendor: update x/sys to 134d130e
Makes possible to build for windows/arm64

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e50cf79579)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-06 10:06:43 +02:00
Sebastiaan van Stijn fd82621d35
Merge pull request #3563 from thaJeztah/20.10_bump_golang_1.17.9
[20.10] update golang to 1.17.9
2022-04-21 16:44:35 +02:00
Sebastiaan van Stijn e5ca16bda7
Merge pull request #3551 from thaJeztah/20.10_backport_deprecation_add_missing_fluend_option
[20.10 backport] docs: deprecated: add entry for "fluent-async-connect" log-opt
2022-04-21 16:01:02 +02:00
Sebastiaan van Stijn 31dad66f9a
[20.10] update golang to 1.17.9
go1.17.9 (released 2022-04-12) includes security fixes to the crypto/elliptic
and encoding/pem packages, as well as bug fixes to the linker and runtime. See
the Go 1.17.9 milestone on the issue tracker for details:

Includes fixes for:

- CVE-2022-24675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675)
- CVE-2022-28327 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-19 18:20:51 +02:00
Sebastiaan van Stijn 113c5b526a
Merge pull request #3532 from thaJeztah/20.10_update_engine_20.10.14
[20.10] vendor: docker/docker 20.10.14, docker/distribution v2.8.1, image-spec v1.0.2
2022-04-19 17:50:26 +02:00
Sebastiaan van Stijn c73edb36ca
Merge pull request #3556 from thaJeztah/20.10_update_go_1.17
[20.10 backport] update go to 1.17
2022-04-19 17:33:14 +02:00
Sebastiaan van Stijn 80f673bf9e
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a0f0578299)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:46 +02:00
Sebastiaan van Stijn 3d4cc8e699
[20.10] update remaining files to go1.17.8
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:29 +02:00
Tonis Tiigi 30277a8f80
update go to 1.17.8
Removes the platform based switch between different versions.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6119e4ba90)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:35:06 +02:00
Sebastiaan van Stijn 994ed4085b
Merge pull request #3522 from thaJeztah/20.10_backport_json_unmarshal_pointer
[20.10 backport] Fix incorrect pointer inputs to `json.Unmarshal`
2022-04-14 16:16:13 +02:00
Sebastiaan van Stijn b10a23a46f
Merge pull request #3521 from thaJeztah/20.10_backport_dockerfile_update_xx
[20.10 backport] Dockerfile: update xx to 1.1
2022-04-14 16:13:54 +02:00
Silvin Lubecki 26d906094a
Merge pull request #3523 from thaJeztah/20.10_backport_docs_fixes
[20.10 backport] assorted documentation fixes
2022-04-14 14:44:30 +02:00
Silvin Lubecki 9c091c4346
Merge pull request #3526 from thaJeztah/20.10_backport_update_e2e_compose
[20.10 backport] e2e: update docker-compose to 1.29.2
2022-04-14 14:43:04 +02:00
Silvin Lubecki a13500b745
Merge pull request #3527 from thaJeztah/20.10_fix_go_versions
[20.10] update remaining Dockerfiles to go 1.16.15
2022-04-14 14:42:47 +02:00
Sebastiaan van Stijn cfef3a7dc1
docs: deprecated: add entry for "fluent-async-connect" log-opt
This option was deperecated in the upstream fluentd logging driver v1.4.0,
and while we documented it as deprecated in the API changelog, there was
no mention yet in the deprecated docs.

relates to:

- https://github.com/fluent/fluent-logger-golang/pull/56
- https://github.com/moby/moby/pull/39086

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 95b0c43e43)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-10 12:05:30 +02:00
Sebastiaan van Stijn 53426025c3
[20.10] docs: reformat table for compatibility
equivalent of 49a7d75a22 on the master
branch.

My IDE's linter kept complaining:

> For compatibility reasons all table rows should have borders (pipe
> symbols) at the start and at the end.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-10 12:03:20 +02:00
Iain Samuel McLean Elder 573a664639
Describe privileged mode in terms of capabilities
I didn't see where in the page that `--privileged` mode adds all capabilities.

I think this page once did contain that information. I got it from a Stack Overflow answer that seems to have copied from an earlier version of this same document.

> Full container capabilities (--privileged)
>
> The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.

https://stackoverflow.com/a/36441605/111424
Signed-off-by: Iain Samuel McLean Elder <iain@isme.es>
(cherry picked from commit 8b408372f9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 11:37:19 +02:00
Sebastiaan van Stijn cf0ab7ac4c
[20.10] vendor: github.com/docker/distribution v2.8.1
previous commit was a commit from the master/main branch (~ v2.7); this switches
back to using a released version.

full diff: 0d3efadf01..v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 11:31:17 +02:00
Sebastiaan van Stijn d05fd4ffc8
[20.10] vendor: github.com/opencontainers/image-spec v1.0.2
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 11:27:12 +02:00
Sebastiaan van Stijn 870f138250
[20.10] vendor: github.com/docker/docker v20.10.14
no local changes in vendored files.

full diff: https://github.com/docker/docker/compare/v20.10.7...v20.10.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 11:26:41 +02:00
Sebastiaan van Stijn 7ffc243093
Merge pull request #3530 from thaJeztah/20.10_bump_buildx_0.8.2
[20.10] circleci: update buildx to v0.8.2
2022-04-04 10:56:10 +02:00
Sebastiaan van Stijn 198d6b8724
[20.10] circleci: update buildx to v0.8.2
release notes: https://github.com/docker/buildx/releases/tag/v0.8.2

Notable changes:

- Update Compose spec used by buildx bake to v1.2.1 to fix parsing ports definition
- Fix possible crash on handling progress streams from BuildKit v0.10
- Fix parsing groups in buildx bake when already loaded by a parent group

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 10:37:24 +02:00