Commit Graph

6749 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 47fd8986ea
Merge pull request #2094 from adrian-plata/experimental-note
Adding experimental feature info
2019-10-01 19:09:12 +02:00
Silvin Lubecki d83cd90464
Merge pull request #2117 from chris-crone/bump-yaml.v2-2.2.3
vendor: Bump gopkg.in/yaml.v2
2019-10-01 14:46:54 +02:00
Christopher Crone 91cf8b04c9 vendor: Bump gopkg.in/yaml.v2
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
2019-10-01 12:24:00 +02:00
Trapier Marshall 86ae871e0a Add bash completion for `builder build`
Signed-off-by: Trapier Marshall <trapier.marshall@docker.com>
2019-09-30 12:04:23 -04:00
Sebastiaan van Stijn ea9ca25ca9
Merge pull request #2112 from thaJeztah/bump_golang_1.12.10
bump golang 1.12.10 (CVE-2019-16276)
2019-09-28 01:54:34 +02:00
Sebastiaan van Stijn 8743e36a45
bump golang 1.12.10 (CVE-2019-16276)
full diff: https://github.com/golang/go/compare/go1.12.9...go1.12.10

```
Hi gophers,

We have just released Go 1.13.1 and Go 1.12.10 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.1).

net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications.

The issue is CVE-2019-16276 and Go issue golang.org/issue/34540.

Thanks to Andrew Stucki, Adam Scarr (99designs.com), and Jan Masarik (masarik.sh) for discovering and reporting this issue.

Downloads are available at https://golang.org/dl for all supported platforms.

Alla prossima,
Filippo on behalf of the Go team
```

From the patch: 6e6f4aaf70

```
net/textproto: don't normalize headers with spaces before the colon

RFC 7230 is clear about headers with a space before the colon, like

X-Answer : 42

being invalid, but we've been accepting and normalizing them for compatibility
purposes since CL 5690059 in 2012.

On the client side, this is harmless and indeed most browsers behave the same
to this day. On the server side, this becomes a security issue when the
behavior doesn't match that of a reverse proxy sitting in front of the server.

For example, if a WAF accepts them without normalizing them, it might be
possible to bypass its filters, because the Go server would interpret the
header differently. Worse, if the reverse proxy coalesces requests onto a
single HTTP/1.1 connection to a Go server, the understanding of the request
boundaries can get out of sync between them, allowing an attacker to tack an
arbitrary method and path onto a request by other clients, including
authentication headers unknown to the attacker.

This was recently presented at multiple security conferences:
https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

net/http servers already reject header keys with invalid characters.
Simply stop normalizing extra spaces in net/textproto, let it return them
unchanged like it does for other invalid headers, and let net/http enforce
RFC 7230, which is HTTP specific. This loses us normalization on the client
side, but there's no right answer on the client side anyway, and hiding the
issue sounds worse than letting the application decide.
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-27 23:30:54 +02:00
Sam ee76ac8f93 fix formatting issue of encoded urlSigned-off-by: Sam <samashah@microsoft.com> 2019-09-25 22:58:04 +00:00
Tibor Vass 7543883244
Merge pull request #2103 from tiborvass/buildkit-vendor
vendor: update buildkit to 10cef0c and fsutil 7f9f923
2019-09-24 19:27:49 -07:00
Tibor Vass 0914f51bc1
Merge pull request #2106 from tiborvass/config-remove-panic-init
config: keep configDir empty when homedir errors
2019-09-24 19:26:07 -07:00
Tibor Vass 47f059db7a config: keep configDir empty when homedir errors
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-24 23:48:59 +00:00
Adrian Plata 031bd2d530 Adding experimental feature info
Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-09-24 14:08:02 -07:00
Tibor Vass 0397c2ca01
Merge pull request #2101 from tiborvass/config-less-deps
cli/config: use os.UserHomeDir instead of github.com/docker/docker/pkg/homedir
2019-09-24 11:44:35 -07:00
Tibor Vass 0df5d6427e vendor: update buildkit to 10cef0c and fsutil 7f9f923
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-24 00:11:38 +00:00
Tibor Vass c2626a8270 cli/config: use os.UserHomeDir instead of github.com/docker/docker/pkg/homedir
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-09-23 23:27:52 +00:00
Sebastiaan van Stijn 83751b9781
Merge pull request #2060 from ulyssessouza/redundant_envfile
Add option to remove `env_file` entry once it's merged in the `environment` section
2019-09-23 18:00:41 +02:00
Ulysses Souza 821f5ecf53 Add option remove `env_file` entry after merged
This avoids having a redundant `env_file` entry
output when rendering the compose file

Signed-off-by: Ulysses Souza <ulysses.souza@docker.com>
2019-09-23 17:40:45 +02:00
Sebastiaan van Stijn f429e4bfd9
Merge pull request #2077 from adrian-plata/docker-config-clarity
Clarifying docker config rules
2019-09-16 21:49:09 +02:00
Adrian Plata 131eefc54f Clarifying docker config rules
Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-09-16 10:22:20 -07:00
Michael Irwin b3a1681fd8
Add clarification when using USER UID:GI
Signed-off-by: Michael Irwin <mikesir87@gmail.com>
2019-09-16 11:41:29 -04:00
Tõnis Tiigi 95327f4e62
Merge pull request #2084 from carlosedp/riscv64-manifest
Add riscv64 to manifest annotation and bash completion
2019-09-13 14:11:41 -07:00
Carlos de Paula 41aa20b6b5 Add riscv64 to manifest annotation and bash completion
Signed-off-by: Carlos de Paula <me@carlosedp.com>
2019-09-10 13:00:23 -03:00
Morten Hekkvang 6ebcc211a7
Move filtering to __docker_complete_services, as suggested by @albers
Signed-off-by: Morten Hekkvang <morten.hekkvang@sbab.se>
2019-09-10 16:08:19 +02:00
Silvin Lubecki 016a323216
Merge pull request #1958 from thaJeztah/bump_gorilla_mux
bump gorilla/mux v1.7.2
2019-09-06 17:36:56 +02:00
Morten Hekkvang b85e1e2efe
Fix substitution of comma to space character, suggested by @albers
Signed-off-by: Morten Hekkvang <morten.hekkvang@sbab.se>
2019-09-06 10:15:19 +02:00
Morten Hekkvang f55c5b6566
Make service completion faster
Signed-off-by: Morten Hekkvang <morten.hekkvang@sbab.se>
2019-09-06 10:11:54 +02:00
Silvin Lubecki 7aa764bba9
Merge pull request #2028 from pszczekutowicz/master
Sort list of services from swarm stacks using natural sorting
2019-09-05 11:47:58 +02:00
Kirill Kolyshkin 07da88c6cd
Merge pull request #2051 from thaJeztah/bump_pkcs11
bump miekg/pkcs11 v1.0.2
2019-09-04 16:18:00 +03:00
Vincent Demeester 4a57770bb0
Merge pull request #2073 from thaJeztah/add_compose_schema_3.9
Add docker-compose schema v3.9
2019-09-03 09:10:47 +02:00
Paweł Szczekutowicz 34447852b5 Sort services from stack from swarm
Signed-off-by: Paweł Szczekutowicz <pszczekutowicz@gmail.com>
2019-09-02 21:19:10 +02:00
Silvin Lubecki adb442f3f9
Merge pull request #2050 from tao12345666333/bump-golang-1.12.9
Bump golang 1.12.9
2019-09-02 17:00:16 +02:00
Sebastiaan van Stijn 2edafa1728
Merge pull request #2066 from sanga/network_fish_completions
add rudimentary fish completions for docker network
2019-08-30 15:26:55 +02:00
Vincent Demeester 5e99c05010
Merge pull request #2069 from knqyf263/fix/pull_test
fix(pull_test): --quiet option
2019-08-30 15:08:39 +02:00
Sebastiaan van Stijn 5bc1f24dfd
Add docker-compose schema v3.9
This is currently just a copy of the v3.8 schema, in preparation
of new features to be added in the new schema.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-30 10:58:05 +02:00
Sebastiaan van Stijn 58153b278e
Merge pull request #2072 from danielartine/patch-1
Updating deprecated command example in search.md
2019-08-29 22:34:19 +02:00
Daniel Artine bba0a4d5ac Updating deprecated command example in search.md
--stars example is deprecated. Changing to --filter=stars=5

Signed-off-by: danielartine <daniel.artine@ufrj.br>
2019-08-29 14:41:05 -03:00
knqyf263 7634872a39 fix(pull_test): for quiet option
Signed-off-by: Teppei Fukuda <knqyf263@gmail.com>
2019-08-27 18:23:24 +09:00
Sebastiaan van Stijn f2163dd6a7
Merge pull request #2053 from odinuge/cgroups-freezer-phrasing
Fix phrasing when referring to the freezer cgroup
2019-08-26 17:08:42 +02:00
Sebastiaan van Stijn ce2fed74d9
Merge pull request #2042 from carlosedp/riscv64
bump x/sys to fix riscv64 epoll
2019-08-26 16:13:24 +02:00
Tim Sampson 2f7b364cb3 add rudimentary fish completions for docker network
Signed-off-by: Tim Sampson <tim@sampson.fi>
2019-08-25 17:00:48 +03:00
Sebastiaan van Stijn 058a4af0bd
Merge pull request #2064 from thaJeztah/update_authors
Update AUTHORS and mailmap
2019-08-24 02:21:26 +02:00
Sebastiaan van Stijn 0d26302d8a
Merge pull request #2059 from ndeloof/issue39654
restore support for env variables to configure proxy
2019-08-22 19:10:27 +02:00
Nicolas De Loof e25e077a20
restore support for env variables to configure proxy
regression introduced by b34f34
close #39654

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2019-08-22 16:39:21 +02:00
Jose J. Escobar 265bee4d57 Update service_create.md
Typo in word propagation.

Signed-off-by: Jose Escobar <joseescobar@JE-MBP15-2017.local>
2019-08-19 18:08:17 -04:00
Odin Ugedal a0dd6e025d
Fix phrasing when referring to the freezer cgroup
Signed-off-by: Odin Ugedal <odin@ugedal.com>
2019-08-18 13:55:20 +02:00
Sebastiaan van Stijn 54428b1f37
bump miekg/pkcs11 v1.0.2
full diff: 6120d95c0e...v1.0.2

relevant changes:

- miekg/pkcs11#110 Fix issue freeing memory on GetOperationState when NOT CK_OK
- miekg/pkcs11#106 Move to go modules
- miekg/pkcs11#104 Expose login API for vendor specific login types

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-16 11:29:02 +02:00
Jintao Zhang d9856049e5 Bump golang 1.12.9
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2019-08-16 10:10:19 +08:00
Sebastiaan van Stijn aa097cf1aa
Merge pull request #1993 from thaJeztah/e2e_remove_dead_code
e2e: remove docker engine testing remnants
2019-08-15 03:01:45 +02:00
Sebastiaan van Stijn 141275429d
Merge pull request #2043 from thaJeztah/bump_golang_1.12.8
Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514)
2019-08-14 17:53:13 +02:00
Sebastiaan van Stijn de1523d221
Adjust tests for changes in Go 1.12.8 / 1.11.13
For now, just verifying that an error is returned, but not checking the
error message itself, because those are not under our control, and may
change with different Go versions.

```
=== Failed
=== FAIL: opts TestParseDockerDaemonHost (0.00s)
    hosts_test.go:87: tcp tcp:a.b.c.d address expected error "Invalid bind address format: tcp:a.b.c.d" return, got "parse tcp://tcp:a.b.c.d: invalid port \":a.b.c.d\" after host" and addr
    hosts_test.go:87: tcp tcp:a.b.c.d/path address expected error "Invalid bind address format: tcp:a.b.c.d/path" return, got "parse tcp://tcp:a.b.c.d/path: invalid port \":a.b.c.d\" after host" and addr

=== FAIL: opts TestParseTCP (0.00s)
    hosts_test.go:129: tcp tcp:a.b.c.d address expected error Invalid bind address format: tcp:a.b.c.d return, got parse tcp://tcp:a.b.c.d: invalid port ":a.b.c.d" after host and addr
    hosts_test.go:129: tcp tcp:a.b.c.d/path address expected error Invalid bind address format: tcp:a.b.c.d/path return, got parse tcp://tcp:a.b.c.d/path: invalid port ":a.b.c.d" after host and addr
```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 10:04:43 +02:00
Sebastiaan van Stijn bbd179f25b
Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514)
go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages.
See the Go 1.12.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.12.8

- net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
  net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted
  clients could be remotely made to allocate an unlimited amount of memory, until the program
  crashes. Servers will now close connections if the send queue accumulates too many control
  messages.
  The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
  Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.
  This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2.
  net/url: parsing validation issue
- url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary
  suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses
  in certain applications. Note that URLs with invalid, not numeric ports will now return an error
  from url.Parse.
  The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
  Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering
  and reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-08-14 02:55:45 +02:00