full diff: 26c1120b8d...efbc4488d8
Relevant changes:
- sysx/xattr: fix and improve
- fix getxattrAll: change initial buffer size to 128 to prevent unneeded
iterations and change the logic to get the real size in case we get ERANGE
rather than doubling the buffer)
- improve listxattrAll; refactor for readability, prevent calling `listxattr()`
twice. Handle condition when attributes size is changed in between the two
calls to listxattr().
- Remove Windows' Readlink fork
- Drops support for Go 1.12 and under
- Fix sameFile() to recognize empty files as the same
- fixes "Empty files can diff as "modified" even when they're not"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: c2c7d7b0e1...ae3a8d7530
Relevant changes
- Update dependencies
- update docker/docker to current master
- update opencontainers/runc to v1.0.0-rc10
- update pkg/errors to v0.9.1 to support Go 1.13 errors
- update stretchr/testify to the latest version
- Drop support for go1.12, and use errors.Is() for error-detection
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: aaf470eca7...78e6ffd279
- Add DefaultAddressPools to Info
- Configure shims from runtime config
- pkg/archive: use containerd/sys to detect UserNamespaces
- removes github.com/opencontainers/runc/libcontainer/system dependency
- pkg/archive: Don't use init() to set unpigz path
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Both libaries provide similar functionality. We're currently using
Google Shlex in more places, so prefering that one for now, but we
could decide to switch to mattn/go-shellwords in future if that
library is considered better (it looks to be more actively maintained,
but that may be related to it providing "more features").
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/xeipuuv/gojsonschema/compare/v1.1.0...v1.2.0
- Fix a race condition when registering new formats.
- Improve the performance of uniqueItems.
- Fix an issue where integers would be shown as a fraction
- Require format to be of type string and formats can now be registered after a schema is parsed.
- Improve the handling of true and false schema.
- Fix an issue where an invalid schema would cause a panic.
- Properly handle file URIs that contain spaces.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/mitchellh/mapstructure/compare/v1.0.0...v1.3.2
v1.3.2
- Decode into interface type with a struct value is supported
v1.3.1
- Squash should only squash embedded structs.
v1.3.0
- Added `",omitempty"` support. This will ignore zero values in the source
structure when encoding.
v1.2.3
- Fix duplicate entries in Keys list with pointer values.
v1.2.2
- Do not add unsettable (unexported) values to the unused metadata key
or "remain" value.
v1.2.1
- Go modules checksum mismatch fix
v1.2.0
- Added support to capture unused values in a field using the `",remain"` value
in the mapstructure tag. There is an example to showcase usage.
- Added `DecoderConfig` option to always squash embedded structs
- `json.Number` can decode into `uint` types
- Empty slices are preserved and not replaced with nil slices
- Fix panic that can occur in when decoding a map into a nil slice of structs
- Improved package documentation for godoc
v1.1.2
- Fix error when decode hook decodes interface implementation into interface
type.
v1.1.1
- Fix panic that can happen in `decodePtr`
v1.1.0
- Added `StringToIPHookFunc` to convert `string` to `net.IP` and `net.IPNet`
- Support struct to struct decoding
- If source map value is nil, then destination map value is nil (instead of empty)
- If source slice value is nil, then destination slice value is nil (instead of empty)
- If source pointer is nil, then destination pointer is set to nil (instead of
allocated zero value of type)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/gorilla/mux/compare/v1.7.3...v1.7.4
v1.7.4 addresses a number of performance improvements, bugs, and documentation
improvements.
- Reduce allocations in (*routeRegexp).getURLQuery
- Fixed golint warnings
- fix headers regexp test case
- Fix the CORSMethodMiddleware bug with subrouters
- Remove/cleanup request context helpers
- Guess the scheme if r.URL.Scheme is unset
- Added capacity to slice creation, when capacity is known
- Modified http status codes, using constants provided by the http package
- bugfix/subrouter custom methodNotAllowed handler returning 404
- Update README (self-host logo)
- Remove TravisCI badge
- Add documentation for using mux to serve a SPA
- Simplify code
- Avoid unnecessary conversion
- Update config.yml (#495) @elithrar
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
we were only one commit behind v1.0.0, so updating to that
version; we can do a follow-up to update to the latest minor
release (v1.3.0)
full diff: f15292f7a6...v1.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Temporarily vendoring tip of the release-1.x branch, to address
docker context inspect being slow on Windows because this package
performs user lookup through `os.Current()` during `init()`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/spf13/cobra/compare/v0.0.3...v1.0.0
Notable Changes
- Fish completion (including support for Go custom completion)
- API (urgent): Rename BashCompDirectives to ShellCompDirectives
- Remove/replace SetOutput on Command - deprecated
- Custom completions coded in Go (instead of Bash)
- Partial Revert of 922
- Correct documentation for InOrStdin
- Apply formatting to templates
- Revert change so help is printed on stdout again
- Update md2man to v2.0.0
- update viper to v1.4.0
- Update cmd/root.go example in README.md
vendor: update cpuguy83/go-md2man v2.0.0
full diff: https://github.com/cpuguy83/go-md2man/compare/v1.0.8...v2.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/sirupsen/logrus/compare/v1.5.0...v1.6.0
- Add flag to disable quotes in TextFormatter
- Revert "fix race conditions on entry"
- fixes Deadlock during Entry.Infof after upgrade to v1.5.0
- fixes Deadlock when using WithField inside of hook
- fixes Overly-aggressive mutex locks
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/sirupsen/logrus/compare/v1.4.2...v1.5.0
- Ability to DisableHTMLEscape when using the JSON formatter
- Support/fixes for go 1.14
- Many many bugfixes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These packages are now living in their own repository. Updating
docker/docker to replace the dependencies.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- relates to moby/buildkit 1111
- relates to moby/buildkit 1079
- relates to docker/buildx 129
full diff: 9461782956...e31b211e4f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 1d94cc7ab1...bac4c82f69
Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.
An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.
This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 7f9f9232dd...0f039a052c
- tonistiigi/fsutil#69 receive: use filter on receive diff
- prevents incremental transfers with userns because the metadata
on disk is always different than the one being transferred.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This dependency is references in the hcsshim package, but
was not added when hcsshim was updated in dff269b5e4
The missing dependency was printed as a warning by vndr:
WARNING: dependency is not vendored: github.com/containerd/cgroups/stats/v1
But somehow didn't get noticed in CI (possibly because our "make cross" builds
multiple targets, and a single failure isn't noticed?)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/go-yaml/yaml/compare/v2.2.3...v2.2.8
includes:
- go-yaml/yaml 515 Improve heuristics preventing CPU/memory abuse
- go-yaml/yaml@f90ceb4f40 Fix check for non-map alias merging in v2
- fix for "yaml.Unmarshal crashes on "assignment to entry in nil map""
- go-yaml/yaml 543 Port stale simple_keys fix to v2
- go-yaml/yaml@1f64d6156d Fix issue in simple_keys improvements
- fixes "Invalid simple_keys now cause panics later in decode"
- go-yaml/yaml 555 Optimize cases with long potential simple_keys
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: a09e6e323e...a9507c6f76
Includes:
- moby/moby#40077 Update "auto-generate" comments to improve detection by linters
- moby/moby#40143 registry: add a critical section to protect authTransport.modReq
- moby/moby#40212 Move DefaultCapabilities() to caps package
- moby/moby#40021 Use newer x/sys/windows SecurityAttributes struct (carry 40017)
- carries moby/moby#40017 Use newer x/sys/windows SecurityAttributes struct
- moby/moby#40135 pkg/system: make OSVersion an alias for hcsshim OSVersion
- follow-up to moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion()
- moby/moby#40250 Bump hcsshim to b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
- moby/moby#40243 Use certs.d from XDG_CONFIG_HOME when in rootless mode
- fixesmoby/moby#40236 Docker rootless dies when unable to read /etc/docker/certs.d
- moby/moby#40283 Fix possible runtime panic in Lgetxattr
- moby/moby#40178 builder/remotecontext: small refactor
- moby/moby#40179 builder/remotecontext: allow ssh:// for remote context URLs
- fixesdocker/cli#2164 Docker build cannot resolve git context with html escapes
- moby/moby#40302 client.ImagePush(): default to ":latest" instead of "all tags"
- relates to docker/cli#2214 [proposal] change "docker push" behavior to default to ":latest" instead of "all tags"
- relates to docker/cli#2220 implement docker push `-a`/ `--all-tags`
- moby/moby#40263 Normalize comment formatting
- moby/moby#40238 Allow client consumers like traefik to compile on illumos
- moby/moby#40108 bump google.golang.org/grpc v1.23.1
- moby/moby#40312 update vendor golang.org/x/sys to 6d18c012aee9febd81bbf9806760c8c4480e870d
- moby/moby#40247 pkg/system: deprecate constants in favor of golang.org/x/sys/windows
- moby/moby#40246 pkg/system: minor cleanups and remove use of deprecated system.GetOSVersion()
- moby/moby#40122 Update buildkit to containerd leases
- vendor: update buildkit to leases support (4f4e03067523b2fc5ca2f17514a5e75ad63e02fb)
- vendor: update containerd to acdcf13d5eaf0dfe0eaeabe7194a82535549bc2b
- vendor: update runc to d736ef14f0288d6993a1845745d6756cfc9ddd5a (v1.0.0-rc9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1
- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
- Before the fix, if the timer to remove a SubConn fires at the
same time NewSubConn cancels the timer, it caused a mutex leak
and deadlock.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 7c1e88399e...v1.3.0
This also adds back containerd/ttrpc as a dependency, which is referenced by the BuildKit client (indirectly)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc8...3e425f80a8c931f88e6d94a8c831b9d5aa481657
- opencontainers/runc#2010 criu image path permission error when checkpoint rootless container
- opencontainers/runc#2028 Update to Go 1.12 and drop obsolete versions
- opencontainers/runc#2029 Update dependencies
- opencontainers/runc#2034 Support for logging from children processes
- opencontainers/runc#2035 specconv: always set "type: bind" in case of MS_BIND
- opencontainers/runc#2038 `r.destroy` can defer exec in `runner.run` method
- opencontainers/runc#2041 Change the permissions of the notify listener socket to rwx for everyone
- opencontainers/runc#2042 libcontainer: intelrdt: add missing destroy handler in defer func
- opencontainers/runc#2047 Move systemd.Manager initialization into a function in that module
- opencontainers/runc#2057 main: not reopen /dev/stderr
- closes opencontainers/runc#2056 Runc + podman|cri-o + systemd issue with stderr
- closes kubernetes/kubernetes#77615 kubelet fails starting CRI-O containers (Ubuntu 18.04 + systemd cgroups driver)
- closes cri-o/cri-o#2368 Joining worker node not starting flannel or kube-proxy / CRI-O error "open /dev/stderr: no such device or address"
- opencontainers/runc#2061 libcontainer: fix TestGetContainerState to check configs.NEWCGROUP
- opencontainers/runc#2065 Fix cgroup hugetlb size prefix for kB
- opencontainers/runc#2067 libcontainer: change seccomp test for clone syscall
- opencontainers/runc#2074 Update dependency libseccomp-golang
- opencontainers/runc#2081 Bump CRIU to 3.12
- opencontainers/runc#2089 doc: First process in container needs `Init: true`
- opencontainers/runc#2094 Skip searching /dev/.udev for device nodes
- closes opencontainers/runc#2093 HostDevices() race with older udevd versions
- opencontainers/runc#2098 man: fix man-pages
- opencontainers/runc#2103 cgroups/fs: check nil pointers in cgroup manager
- opencontainers/runc#2107 Make get devices function public
- opencontainers/runc#2113 libcontainer: initial support for cgroups v2
- opencontainers/runc#2116 Avoid the dependency on cgo through go-systemd/util package
- removes github.com/coreos/pkg as dependency
- opencontainers/runc#2117 Remove libcontainer detection for systemd features
- fixes opencontainers/runc#2117 Cache the systemd detection results
- opencontainers/runc#2119 libcontainer: update masked paths of /proc
- relates to #36368 Add /proc/keys to masked paths
- relates to #38299 Masked /proc/asound
- relates to #37404 Add /proc/acpi to masked paths (CVE-2018-10892)
- opencontainers/runc#2122 nsenter: minor fixes
- opencontainers/runc#2123 Bump x/sys and update syscall for initial Risc-V support
- opencontainers/runc#2125 cgroup: support mount of cgroup2
- opencontainers/runc#2126 libcontainer/nsenter: Don't import C in non-cgo file
- opencontainers/runc#2129 Only allow proc mount if it is procfs
- addresses opencontainers/runc#2129 AppArmor can be bypassed by a malicious image that specifies a volume at /proc (CVE-2019-16884)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These subcommands were created to allow upgrading a Docker Community
engine to Docker Enterprise, but never really took off.
This patch removes the `docker engine` subcommands, as they added
quite some complexity / additional code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: b6684a403c...a09e6e323e
relevant changes:
- moby/moby#39995 Update containerd binary to v1.2.10
- moby/moby#40001 Update runc to v1.0.0-rc8-92-g84373aaa (CVE-2019-16884)
- moby/moby#39999 bump golang 1.13.1 (CVE-2019-16276)
- moby/moby#40102 bump golang 1.13.3 (CVE-2019-17596)
- moby/moby#40134 Revert "homedir: add cgo or osusergo buildtag constraints for unix"
- reverts moby/moby#39994 homedir: add cgo or osusergo buildtag constraints for unix,
in favor of documenting when to set the `osusergo` build tag. The `osusergo`
build-flag must be used when compiling a static binary with `cgo` enabled,
and linking against `glibc`.
- moby/moby#39983 builder: remove legacy build's session handling
This feature was used by docker build --stream and it was kept experimental.
Users of this endpoint should enable BuildKit anyway by setting Version to BuilderBuildKit.
- Related: #2105 build: remove --stream (was experimental)
- moby/moby #40045 Bump logrus 1.4.2, go-shellwords, mergo, flock, creack/pty,
golang/gddo, gorilla/mux
- moby/moby#39713 bump containerd and dependencies to v1.3.0
- moby/moby#39987 Add ability to handle index acknowledgment with splunk log driver
- moby/moby#40070 Use ocischema package instead of custom handler
- relates to moby/moby#39727 Docker 19.03 doesn't support OCI image
- relates to docker/hub-feedback#1871
- relates to docker/distribution#3024
- moby/moby#39231 Add support for sending down service Running and Desired task counts
- moby/moby#39822 daemon: Use short libnetwork ID in exec-root
- moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion()
- updates/requires Microsoft/hscshim@2226e083fc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 672e52e920...2226e083fc
- microsoft/hcsshim#569 Enhancement: add osversion.Build() utility
- relates to moby/moby#39100 Use Microsoft/hcsshim constants and deprecate pkg/system.GetOsVersion()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: ed099d4238...00bdffe0f3
changes included:
- gorilla/mux#477 Improve CORS Method Middleware
- implements gorilla/mux#477 Make CORSMethodMiddleware actually make sense
- gorilla/mux#489 Fix nil panic in authentication middleware example
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>