Commit Graph

8902 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 809975d8bd
Merge pull request #4423 from thaJeztah/24.0_backport_dont-ignore-volume-parse-err
[24.0 backport] cli/container: Don't ignore error when parsing volume spec
2023-07-17 11:38:35 +02:00
Sebastiaan van Stijn 8b5023dd2e
vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
tip of the v24.0 branch

full diff: 36e9e796c6...8443a06149

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 09:30:01 +02:00
Sebastiaan van Stijn 9edd9a1f2f
Merge pull request #4430 from thaJeztah/24.0_backport_update_buildx
[24.0 backport] Dockerfile: update buildx to v0.11.1
2023-07-15 15:16:33 +02:00
Sebastiaan van Stijn e93cdb6ca5
Merge pull request #4428 from thaJeztah/24.0_backport_update_go_1.20.6
[24.0 backport] update go to go1.20.6
2023-07-15 15:08:38 +02:00
Sebastiaan van Stijn 2a6348d1b2
Dockerfile: update buildx to v0.11.1
update the version we use in the dev-container;

- Fix a regression for bake where services in profiles would not be loaded.
- Fix a regression where --cgroup-parent option had no effect during build.
- Fix a regression where valid docker contexts could fail buildx builder name validation.
- Fix an issue where the host-gateway special address could not be used as an argument to --add-host.
- Fix a possible panic when terminal is resized during the build.

release notes: https://github.com/docker/buildx/releases/tag/v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ff9f1be19e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 15:03:54 +02:00
Sebastiaan van Stijn f4782b3250
update go to go1.20.6
go1.20.6 (released 2023-07-11) includes a security fix to the net/http package,
as well as bug fixes to the compiler, cgo, the cover tool, the go command,
the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template
packages. See the Go 1.20.6 milestone on our issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6

These minor releases include 1 security fixes following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header.
A maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an
invalid Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for [CVE-2023-29406 ][1] and Go issue https://go.dev/issue/60374

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 680fafdc9c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 14:49:10 +02:00
Sebastiaan van Stijn a5024666e7
Merge pull request #4424 from thaJeztah/24.0_backport_update-xx
[24.0 backport] Dockerfile: update to xx 1.2.1
2023-07-15 14:46:32 +02:00
Sebastiaan van Stijn 39b2a6cc6a
Merge pull request #4426 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
2023-07-15 13:02:13 +02:00
Sebastiaan van Stijn 7d06f6b2f7
vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
full diff: https://github.com/docker/docker/compare/v24.0.4...36e9e796c6fc84202c32a852f6cdcd6ed175f96b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:23:53 +02:00
David Karlsson 1447974b83
docs: rephrase section on credential stores for docker login
Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 9828575314)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:13:51 +02:00
CrazyMax 46293e97f7
Dockerfile: update to xx 1.2.1
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit fca67dd817)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:09:59 +02:00
Paweł Gronowski bfe2ff8208
cli/container: Don't ignore error when parsing volume spec
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit fe7afb700f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 00:06:57 +02:00
Sebastiaan van Stijn 380eb72940
Merge pull request #4407 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.4
2023-07-13 16:56:44 +02:00
Sebastiaan van Stijn b407429628
vendor: github.com/docker/docker v24.0.4
full diff: https://github.com/docker/docker/compare/v24.0.2...v24.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-10 09:48:09 +02:00
Sebastiaan van Stijn 79c42c0b97
vendor: golang.org/x/net v0.10.0
full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:07:19 +02:00
Sebastiaan van Stijn a96d0a526c
vendor: golang.org/x/text v0.9.0
no changes in vendored files

full diff: https://github.com/golang/text/compare/v0.8.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:06:32 +02:00
Sebastiaan van Stijn 5c5c50d717
vendor: golang.org/x/term v0.8.0
no changes in vendored files

full diff: https://github.com/golang/term/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:05:12 +02:00
Sebastiaan van Stijn 4bf11b7562
vendor: golang.org/x/sys v0.8.0
full diff: https://github.com/golang/sys/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:03:50 +02:00
Sebastiaan van Stijn 224c7dbec4
vendor: github.com/sirupsen/logrus v1.9.3
full diff: https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:00:12 +02:00
Sebastiaan van Stijn e25d5c64c5
vendor: github.com/opencontainers/image-spec v1.1.0-rc3
full diff: https://github.com/opencontainers/image-spec/compare/3a7f492d3f1b...v1.1.0-rc3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:58:46 +02:00
Sebastiaan van Stijn 419e94df4a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230531205928-01bb7a41396b
no changes in vendored files

full diff: 75e92ce14f...01bb7a4139

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:56:34 +02:00
Bjorn Neergaard 3713ee1eea
Merge pull request #4395 from thaJeztah/24.0_backport_fix-connhelper-docker-example
[24.0 backport] ssh: fix error on commandconn close, add ping and default timeout
2023-06-30 11:55:44 -06:00
Laura Brehm 2d5f041bde
commandconn: return original error while closing
Changes the `Read` and `Write` error handling
logic to return the original error while closing
the connection. We still skip calling `handleEOF`
if already closing the connection.

Fixes the flaky `TestCloseWhileWriting` and
`TestCloseWhileReading` tests.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit d5f564adaa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:36 +02:00
Laura Brehm 520e3600ee
commandconn: don't return error if command closed successfully
---
commandconn: fix race on `Close()`

During normal operation, if a `Read()` or `Write()` call results
in an EOF, we call `onEOF()` to handle the terminating command,
and store it's exit value.

However, if a Read/Write call was blocked while `Close()` is called
the in/out pipes are immediately closed which causes an EOF to be
returned. Here, we shouldn't call `onEOF()`, since the reason why
we got an EOF is because we're already terminating the connection.
This also prevents a race between two calls to the commands `Wait()`,
in the `Close()` call and `onEOF()`

---
Add CLI init timeout to SSH connections

---
connhelper: add 30s ssh default dialer timeout

(same as non-ssh dialer)

Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit a5ebe2282a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 19:23:12 +02:00
Sebastiaan van Stijn fad718c7ea
Merge pull request #4393 from thaJeztah/24.0_backport_debug_relax
[24.0 backport] docker info: fix condition for printing debug information
2023-06-30 15:38:59 +02:00
Sebastiaan van Stijn cd68c8f003
docker info: fix condition for printing debug information
The daemon collects this information regardless if "debug" is
enabled. Print the debugging information if either the daemon,
or the client has debug enabled.

We should probably improve this logic and print any of these if
set (but some special rules are needed for file-descriptors, which
may use "-1".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 92d7a234dd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-30 15:15:38 +02:00
Bjorn Neergaard 05fabe63ba
Merge pull request #4368 from thaJeztah/24.0_backport_update_buildx_0.11
[24.0 backport] Dockerfile: update gotestsum to v1.10.0, buildx v0.11.0
2023-06-28 06:22:26 -06:00
Sebastiaan van Stijn 0a2dcdb446
Merge pull request #4381 from thaJeztah/24.0_backport_update-link-overlay-driver
[24.0 backport] docs: update link location for the overlay driver
2023-06-27 12:35:42 +02:00
David Karlsson a78fd6ca69
docs: update link location for the overlay driver
File location changes in docker/docs#17176

Signed-off-by: David Karlsson <david.karlsson@docker.com>
(cherry picked from commit 035e26fb0b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-27 09:28:19 +02:00
Sebastiaan van Stijn ddb9220abf
Merge pull request #4375 from dvdksn/24.0_backport_fix-staticip-example
[24.0 Backport] Fix static ip example (docker run)
2023-06-26 17:22:57 +02:00
David Karlsson 9cd335d44b docs: fix static ip example, network needs a subnet
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 5936fd2a86)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 17:04:24 +02:00
Sebastiaan van Stijn bcc889f6cf
Merge pull request #4373 from dvdksn/24.0_backport_dockerd-fix-alternative-runtimes-link
[24.0 Backport] Fix broken link in dockerd cli reference
2023-06-26 16:19:10 +02:00
David Karlsson d61e4fe879 docs: fix broken link
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit b85d6a8f9e)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-06-26 15:11:55 +02:00
Sebastiaan van Stijn ee62dcd8dc
Merge pull request #4369 from thaJeztah/24.0_backport_dockerd-runtimes-refresh
[24.0 backport] docs: update the runtime configuration section
2023-06-26 14:27:36 +02:00
Bjorn Neergaard b3750a8461
Merge pull request #4371 from thaJeztah/24.0_backport_no_homedir
[24.0 backport] cli/command/context: don't use pkg/homedir in test
2023-06-26 06:12:01 -06:00
Sebastiaan van Stijn 8e3a2942a5
cli/command/context: don't use pkg/homedir in test
I'm considering deprecating the "Key()" utility, as it was only
used in tests.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 79ff64f06d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 13:37:34 +02:00
David Karlsson c3ef1ceadf
docs: update the runtime configuration section
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 6c7d17fa01)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:46:56 +02:00
Sebastiaan van Stijn 44eebb8bc1
Dockerfile: update buildx to v0.11.0
Update the version of buildx we use in the dev-container to v0.11.0;
https://github.com/docker/buildx/releases/tag/v0.11.0

Full diff: https://github.com/docker/buildx/compare/v0.10.4..v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bf5d1ce973)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:36 +02:00
Sebastiaan van Stijn 7ecfa2e7fd
Dockerfile: update gotestsum to v1.10.0
full diff: https://github.com/gotestyourself/gotestsum/compare/v1.8.2...v1.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9c2694d2b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-26 12:17:33 +02:00
Sebastiaan van Stijn 751bb353fe
Merge pull request #4351 from thaJeztah/24.0_backport_update_go_1.20.5
[24.0 backport] update go to go1.20.5, alpine 3.17
2023-06-21 10:55:21 +02:00
Sebastiaan van Stijn f11f309090
update go to go1.20.5
go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and
runtime packages, as well as bug fixes to the compiler, the go command, the
runtime, and the crypto/rsa, net, and os packages. See the Go 1.20.5 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.5+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.4...go1.20.5

These minor releases include 3 security fixes following the security policy:

- cmd/go: cgo code injection
  The go command may generate unexpected code at build time when using cgo. This
  may result in unexpected behavior when running a go program which uses cgo.

  This may occur when running an untrusted module which contains directories with
  newline characters in their names. Modules which are retrieved using the go command,
  i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e.
  GO111MODULE=off, may be affected).

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.

- runtime: unexpected behavior of setuid/setgid binaries

  The Go runtime didn't act any differently when a binary had the setuid/setgid
  bit set. On Unix platforms, if a setuid/setgid binary was executed with standard
  I/O file descriptors closed, opening any files could result in unexpected
  content being read/written with elevated prilieges. Similarly if a setuid/setgid
  program was terminated, either via panic or signal, it could leak the contents
  of its registers.

  Thanks to Vincent Dehors from Synacktiv for reporting this issue.

  This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.

- cmd/go: improper sanitization of LDFLAGS

  The go command may execute arbitrary code at build time when using cgo. This may
  occur when running "go get" on a malicious module, or when running any other
  command which builds untrusted code. This is can by triggered by linker flags,
  specified via a "#cgo LDFLAGS" directive.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-29404 and CVE-2023-29405 and Go issues https://go.dev/issue/60305 and https://go.dev/issue/60306.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b8d5da66b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 21:37:48 +02:00
Sebastiaan van Stijn 3a6c11773d
Dockerfile: update ALPINE_VERSION to 3.17
Official Golang images are now only available for 3.18 and 3.17;
3.18 doesn't look to play well with gotestsum, so sticking to
an older version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit acb248f8d5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-14 21:37:46 +02:00
Sebastiaan van Stijn 0823df7daa
Merge pull request #4339 from thaJeztah/24.0_backport_move_attach_keys
[24.0 backport] docs: move "--detach-keys" example to examples section, add to "docker run" as well
2023-06-12 21:37:14 +02:00
Sebastiaan van Stijn 11af1189d7
docs: add "--detach-keys" example to docker run reference
This is a copy of the section we have on the "docker attach" reference page.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 47951ff446)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 10:07:19 +02:00
Sebastiaan van Stijn f118c05e87
docs: move "--detach-keys" example to examples section
Also adds a named anchor, so that the section gets linked from the
options table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c17b0df2a5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-09 10:07:19 +02:00
Sebastiaan van Stijn be0e76bf84
Merge pull request #4326 from thaJeztah/24.0_backport_fix_context_godoc
[24.0 backport] cli/command: fix GoDoc referencing wrong const
2023-06-02 14:20:15 +02:00
Sebastiaan van Stijn f66f7ed7ff
cli/command: fix GoDoc referencing wrong const
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0692d762ac)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-02 14:13:14 +02:00
Sebastiaan van Stijn ec621aae2d
Merge pull request #4328 from thaJeztah/24.0_backport_dockerfile_goproxy
[24.0 backport] Dockerfile.vendor: update GOPROXY to use default with fallback
2023-06-02 14:08:51 +02:00
Sebastiaan van Stijn 2814c01b09
Dockerfile.vendor: update GOPROXY to use default with fallback
Use the default proxy, to assist with vanity domains mis-behaving, but keep
a fallback for situations where we need to get modules from GitHub directly.

This should hopefully help with the gopkg.in/yaml.v2 domain often going AWOL;

    #14 245.9 	gopkg.in/yaml.v2@v2.4.0: unrecognized import path "gopkg.in/yaml.v2": reading https://gopkg.in/yaml.v2?go-get=1: 502 Bad Gateway
    #14 245.9 	server response: Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe

    curl 'https://gopkg.in/yaml.v2?go-get=1'
    Cannot obtain refs from GitHub: cannot talk to GitHub: Get https://github.com/go-yaml/yaml.git/info/refs?service=git-upload-pack: write tcp 10.131.9.188:60820->140.82.121.3:443: write: broken pipe

From the Go documentation; https://go.dev/ref/mod#goproxy-protocol

> List elements may be separated by commas (,) or pipes (|), which determine error
> fallback behavior. When a URL is followed by a comma, the go command falls back
> to later sources only after a 404 (Not Found) or 410 (Gone) response. When a URL
> is followed by a pipe, the go command falls back to later sources after any error,
> including non-HTTP errors such as timeouts. This error handling behavior lets a
> proxy act as a gatekeeper for unknown modules. For example, a proxy could respond
> with error 403 (Forbidden) for modules not on an approved list (see Private proxy
> serving private modules).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6458dcbe51)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-02 13:15:18 +02:00
Sebastiaan van Stijn 4dc5ea0e80
Merge pull request #4320 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.2
2023-06-01 14:38:31 +02:00