Commit Graph

9721 Commits

Author SHA1 Message Date
Sebastiaan van Stijn aec7ec7f61
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
full diff: 4046ae5e2f...92884c25b3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:57:38 +01:00
Sebastiaan van Stijn 0a3a16d2b4
vendor: github.com/containerd/containerd v1.7.11
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:14 +01:00
Sebastiaan van Stijn 54c103aff4
vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:08 +01:00
Sebastiaan van Stijn d49970590c
vendor: github.com/felixge/httpsnoop v1.0.4
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:22:47 +01:00
Sebastiaan van Stijn 7af509c7f1
cli/command: merge DockerCliOption and InitializeOpt types
The cli/command package defined two option-types with the same signature.

This patch creates a new type instead (CLIOption), and makes the existing
types an alias for this (deprecating their old names).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 15:01:36 +01:00
Sebastiaan van Stijn 7d92573852
Merge pull request #4599 from laurazard/plugin-signal-handling
cli-plugins: terminate plugin when CLI exits
2023-12-12 14:58:04 +01:00
Laura Brehm 1554ac3b5f
cli-plugins: terminate plugin when CLI exits
Previously, long lived CLI plugin processes weren't
properly handled
(see: https://github.com/docker/cli/issues/4402)
resulting in plugin processes being left behind
running, after the CLI process exits.

This commit changes the plugin handling code to open
an abstract unix socket before running the plugin and
passing it to the plugin process, and changes the
signal handling on the CLI side to close this socket
which tells the plugin that it should exit.

This implementation makes use of sockets instead of
simply setting PDEATHSIG on the plugin process
so that it will work on both BSDs, assorted UNIXes
and Windows.

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2023-12-12 13:54:30 +00:00
David Karlsson 2e394eb5f4 docs: rewrite section on working directory
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:45:40 +01:00
David Karlsson 4a84514552 docs: rewrite section on setting user id
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 259aa90059 docs: rewrite section on filesystem mounts
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 52716c813b docs: move --tmpfs to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 5ede4c82ac docs: minor improvements to the healthcheck section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 7585d66a07 docs: rewrite section on overriding environment variables
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:07 +01:00
David Karlsson 3eeac20593 docs: rewrite section on exposing ports
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-12 10:44:01 +01:00
Sebastiaan van Stijn ce6832a355
Merge pull request #4707 from thaJeztah/fix_overlay_typo
docs: fix typo in "network create" docs
2023-12-11 22:48:02 +01:00
Sebastiaan van Stijn 0a94d85cd6
docs: fix typo in "network create" docs
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 22:33:52 +01:00
David Karlsson b01e287527 docs: rewrite section on default entrypoint
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:53 +01:00
David Karlsson c695ad9d74 docs: rewrite section on overriding image defaults
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:53 +01:00
David Karlsson 4a6cde8859 docs: move --log-driver to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:18:51 +01:00
David Karlsson 72df1960e1 docs: move --cgroup-parent to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 9e75a4cf61 docs: move --init to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 92c664b0dc docs: move info about --security-opt to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson f98444490f docs: move --rm to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 32189ca273 docs: improve description about container exit codes
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson dbffa0d121 docs: move --restart to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 73620975d0 docs: simplify container networking intro
Create an easier to digest introduction to container networking,
move the bulk of information to the networking overview page.

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 5dd6e9a4d4 docs: move --ipc to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson ff62bf47b0 docs: move --uts to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson d66fe78810 docs: move --pid to docker run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 03dc8832ed docs: improve docs on container identification
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson fad227d3fd docs: move info about fg/bg flags to run reference
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
David Karlsson 2f48f41fcb docs: improve introduction to docker run
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-11 22:17:21 +01:00
Sebastiaan van Stijn 4dd5c23d6e
Merge pull request #4663 from robmry/4648-clearer_ipv6_in_add-host
Permit '=' separator and '[ipv6]' in --add-host
2023-12-11 16:40:58 +01:00
Sebastiaan van Stijn 623d9b1f68
Merge pull request #4703 from thaJeztah/update_deprecations
docs/deprecated.md: add missing versions for  "-g / --graph" and devicemapper removal to table
2023-12-08 13:02:52 +01:00
Sebastiaan van Stijn 3f519b8241
docs/deprecated.md: add version for "-g" / "--graph" removal
commit 304c100ed2 updated the deprecation
status for these options, but forgot to update the status in the table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-07 22:34:38 +01:00
Sebastiaan van Stijn 6dc92b6678
docs/deprecate.md: add version for devicemapper removal to table
commit 5d6612798a updated the deprecation
status for devicemapper to "removed", but forgot to update the status
in the table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-07 22:30:28 +01:00
robmry a682b8e655 Permit '=' separator and '[ipv6]' in --add-host
Fixes #4648

Make it easier to specify IPv6 addresses in the '--add-host' option by
permitting 'host=ip' in addition to 'host:ip', and allowing square
brackets around the address.

For example:

    --add-host=my-hostname:127.0.0.1
    --add-host=my-hostname:::1
    --add-host=my-hostname=::1
    --add-host=my-hostname:[::1]

To avoid compatibility problems, the CLI will replace an '=' separator
with ':', and strip brackets, before sending the request to the API.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2023-12-07 18:29:19 +00:00
Sebastiaan van Stijn af23916995
Merge pull request #4701 from docker/dependabot/github_actions/actions/setup-go-5
build(deps): bump actions/setup-go from 4 to 5
2023-12-07 17:42:18 +01:00
dependabot[bot] 626e64ccfd
build(deps): bump actions/setup-go from 4 to 5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 08:17:34 +00:00
Sebastiaan van Stijn 73ef44fbdb
Merge pull request #4697 from thaJeztah/bump_engine
vendor: github.com/docker/docker 4046ae5e2fd4 (v25.0.0-dev)
2023-12-06 15:00:48 +01:00
Sebastiaan van Stijn 0cf7bff0be
vendor: github.com/docker/docker 4046ae5e2fd4 (v25.0.0-dev)
full diff: 029519a149...4046ae5e2f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-06 02:06:38 +01:00
Sebastiaan van Stijn cddd1869a8
Merge pull request #4694 from thaJeztah/update_golang_1.21.5
update to go1.21.5
2023-12-06 00:41:55 +01:00
Sebastiaan van Stijn c47141bde0
Merge pull request #4684 from dvdksn/fix-build-prune-cache-warn
prune: fix build cache prune warning
2023-12-06 00:18:19 +01:00
Sebastiaan van Stijn bdb45a9c2d
update to go1.21.5
go1.21.5 (released 2023-12-05) includes security fixes to the go command,
and the net/http and path/filepath packages, as well as bug fixes to the
compiler, the go command, the runtime, and the crypto/rand, net, os, and
syscall packages. See the Go 1.21.5 milestone on our issue tracker for
details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.5...go1.21.5

from the security mailing:

[security] Go 1.21.5 and Go 1.20.12 are released

Hello gophers,

We have just released Go versions 1.21.5 and 1.20.12, minor point releases.

These minor releases include 3 security fixes following the security policy:

- net/http: limit chunked data overhead

  A malicious HTTP sender can use chunk extensions to cause a receiver
  reading from a request or response body to read many more bytes from
  the network than are in the body.

  A malicious HTTP client can further exploit this to cause a server to
  automatically read a large amount of data (up to about 1GiB) when a
  handler fails to read the entire body of a request.

  Chunk extensions are a little-used HTTP feature which permit including
  additional metadata in a request or response body sent using the chunked
  encoding. The net/http chunked encoding reader discards this metadata.
  A sender can exploit this by inserting a large metadata segment with
  each byte transferred. The chunk reader now produces an error if the
  ratio of real body to encoded bytes grows too small.

  Thanks to Bartek Nowotarski for reporting this issue.

  This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.

- cmd/go: go get may unexpectedly fallback to insecure git

  Using go get to fetch a module with the ".git" suffix may unexpectedly
  fallback to the insecure "git://" protocol if the module is unavailable
  via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
  is not set for said module. This only affects users who are not using
  the module proxy and are fetching modules directly (i.e. GOPROXY=off).

  Thanks to David Leadbeater for reporting this issue.

  This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.

- path/filepath: retain trailing \ when cleaning paths like \\?\c:\

  Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the
  volume name in Windows paths starting with \\?\, resulting in
  filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among
  other effects). The previous behavior has been restored.

  This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-05 23:53:29 +01:00
Sebastiaan van Stijn afc62d8d1c
update to go1.21.4
Reverts "update to go1.21.4" due to regressions / breaking changes."

This reverts commit 4cf1c50ad1.
This re-applies commit 6472dabe4c.

----

update to go1.21.4

go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. See the Go 1.21.4 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.3...go1.21.4

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-05 23:52:56 +01:00
David Karlsson 8bbc97c867 prune: fix build cache prune warning
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-12-05 20:11:15 +01:00
Sebastiaan van Stijn 0acee94354
Merge pull request #4687 from TheRealGramdalf/dockerd-ref-patch
Fix typo in dockerd reference documentation
2023-12-03 14:50:41 +01:00
TheRealGramdalf e93ec2f6a6 Fix typo in dockerd reference documentation
Signed-off-by: Graeme Wiebe <graeme.wiebe@gmail.com>
2023-12-02 15:18:27 -08:00
Sebastiaan van Stijn ecf9bd3870
Merge pull request #4686 from thaJeztah/update_engine2
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
2023-12-01 16:45:05 +01:00
Sebastiaan van Stijn f807c9494b
Merge pull request #4690 from thaJeztah/bump_mux
vendor: github.com/gorilla/mux v1.8.1
2023-12-01 16:44:41 +01:00