Commit Graph

9663 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 7fff8a0334
gha: update codeql workflow to go1.22.7
commit d7d56599ca updated this
repository to go1.22, but the codeql action didn't specify a
patch version, and was missed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e1213edcc6)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-10-08 04:07:12 +00:00
Paweł Gronowski 60853f5404
update to go1.22.7
- https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.6...go1.22.7

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for reporting this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 3bf39d25a0)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-10-08 04:05:49 +00:00
Sebastiaan van Stijn 3c827aba41
Merge pull request #5405 from austinvazquez/cherry-pick-go1.22.6-to-26.1
[26.1 backport] update to go 1.22.6
2024-09-09 20:55:54 +02:00
Sebastiaan van Stijn dadb500666
update to go1.22.6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7d56599ca)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-09-05 14:39:45 +00:00
Paweł Gronowski 0c87528068
update to go1.21.13
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.12...go1.21.13

go1.21.13 (released 2024-08-06) includes fixes to the go command, the
covdata command, and the bytes package. See the [Go 1.21.13 milestone](https://github.com/golang/go/issues?q=milestone%3AGo1.21.13+label%3ACherryPickApproved)
on our issue tracker for details.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 434d8b75e8)
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-09-05 14:39:42 +00:00
Paweł Gronowski 4edbb63162
Merge pull request #5396 from thaJeztah/26.1_backport_fix_plugins_CGO_ENABLED
[26.1 backport[] scripts/build/plugins: don't override CGO_ENABLED set by .variables
2024-09-05 13:42:59 +00:00
Sebastiaan van Stijn 8b95529d41
scripts/build/plugins: don't override CGO_ENABLED set by .variables
The `.variables` sets `CGO_ENABLED=1` on arm; b0c41b78d8/scripts/build/.variables (L57-L68)
And if enabled, it sets `-buildmode=pie`; b0c41b78d8/scripts/build/.variables (L79-L88)

But that looks to be conflicting with the hardcoded `CGO_ENABLED=0` in
this script, which causes the build to fail on go1.22;

    > [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*:
    0.127 Building static docker-helloworld
    0.127 + CGO_ENABLED=0
    0.127 + GO111MODULE=auto
    0.127 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=5c123b1" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-02T13:52:17Z" -X "github.com/docker/cli/cli/version.Version=pr-5387" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    0.135 -buildmode=pie requires external (cgo) linking, but cgo is not enabled

This patch sets the CGO_ENABLED variable before sourcing `.variables`,
so that other variables which are conditionally set are handled correctly.

Before this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.123 Building static docker-helloworld
    #18 0.124 + CGO_ENABLED=0
    #18 0.124 + GO111MODULE=auto
    #18 0.124 + go build -o /out/plugins-linux-arm/docker-helloworld -tags ' osusergo' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=c8c402e" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T08:28:25Z" -X "github.com/docker/cli/cli/version.Version=pr-5381" -extldflags -static' -buildmode=pie github.com/docker/cli/cli-plugins/examples/helloworld
    ....

With this PR:

    #18 [build-plugins 1/1] RUN --mount=ro --mount=type=cache,target=/root/.cache     xx-go --wrap &&     TARGET=/out ./scripts/build/plugins e2e/cli-plugins/plugins/*
    #18 0.110 Building static docker-helloworld
    #18 0.110 + GO111MODULE=auto
    #18 0.110 + go build -o /out/plugins-linux-arm/docker-helloworld -tags '' -ldflags ' -X "github.com/docker/cli/cli/version.GitCommit=050d9d6" -X "github.com/docker/cli/cli/version.BuildTime=2024-09-03T09:19:05Z" -X "github.com/docker/cli/cli/version.Version=pr-5387"' github.com/docker/cli/cli-plugins/examples/helloworld
    ....

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9e29967960)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-03 12:57:24 +02:00
Paweł Gronowski dea625ceff
Merge pull request #5340 from thaJeztah/26.1_backport_fix_bps_limit
[26.1 backport] run: fix GetList return empty issue for throttledevice
2024-08-12 11:58:07 +02:00
Jianyong Wu e1246ba4dc
run: fix GetList return empty issue for throttledevice
Test "--device-read-bps" "--device-write-bps" will fail. The root
cause is that GetList helper return empty as its local variable
initialized to zero size.

This patch fix it by setting the related slice size to non-zero.

Signed-off-by: Jianyong Wu <wujianyong@hygon.cn>
Fixes: #5321
(cherry picked from commit 73e78a5822)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-08-09 19:47:41 +02:00
Sebastiaan van Stijn a72d7cdbeb
Merge pull request #5220 from vvoland/v26.1-5218
[26.1 backport] update to go1.21.12
2024-07-03 12:29:49 +02:00
Paweł Gronowski 400f12f7a5
update to go1.21.12
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.11...go1.21.12

These minor releases include 1 security fixes following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.12
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit d73d7d4ed3)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-07-03 12:17:26 +02:00
Paweł Gronowski 6eb67bf572
Merge pull request #5154 from thaJeztah/26.1_backport_goversion
[26.1 backport] cli/command: more go1.19 ("predeclared any")
2024-06-17 10:21:02 +02:00
Nick Sieger 5bab750c2b
cli/command: more go1.19 ("predeclared any")
Signed-off-by: Nick Sieger <nick@nicksieger.com>
(cherry picked from commit d0057db3ac)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-13 23:52:54 +02:00
Sebastiaan van Stijn 5650f9b102
Merge pull request #5116 from thaJeztah/26.1_update_engine
[26.1]  vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)
2024-06-05 12:47:13 +02:00
Sebastiaan van Stijn e8bc27d4ca
vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)
updating to tip of the v26.1 branch, which will be v26.1.4

full diff: https://github.com/docker/docker/compare/v26.1.3...de5c9cf0b96e4e172b96db54abababa4a328462f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:40:27 +02:00
Sebastiaan van Stijn 2acb9c2e8f
vendor: github.com/containerd/containerd v1.7.18
no changes to vendored files

full diff: https://github.com/containerd/containerd/compare/v1.7.17...v1.7.18

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a9ea034815)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:36:57 +02:00
Sebastiaan van Stijn 230d4d0bab
vendor: github.com/containerd/containerd v1.7.17
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.7.15...v1.7.17

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 558a910b85)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:34:30 +02:00
Sebastiaan van Stijn 6d47c06b0d
vendor: tags.cncf.io/container-device-interface v0.7.2
no changes in vendored code

full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.6.2...v0.7.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit be2c284ee2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:34:30 +02:00
Sebastiaan van Stijn a6d757c0e3
vendor: github.com/Microsoft/hcsshim v0.11.5
full diff: https://github.com/Microsoft/hcsshim/compare/v0.11.4...v0.11.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 16c8f4942e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:34:30 +02:00
Sebastiaan van Stijn c463d968fc
vendor: github.com/opencontainers/image-spec v1.1.0
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc5...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b7548ba7f1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-05 12:34:27 +02:00
Sebastiaan van Stijn a61a0c3ac9
Merge pull request #5118 from thaJeztah/26.1_backport_bump_go1.21.11
[26.1 backport] update to go1.21.11, Alpine 3.20
2024-06-05 00:11:37 +02:00
Sebastiaan van Stijn 0576b3dad7
update to go1.21.11
go1.21.11 (released 2024-06-04) includes security fixes to the archive/zip
and net/netip packages, as well as bug fixes to the compiler, the go command,
the runtime, and the os package. See the Go 1.21.11 milestone on our issue
tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.11+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.10...go1.21.11

From the security announcement;

We have just released Go versions 1.22.4 and 1.21.11, minor point releases.
These minor releases include 2 security fixes following the security policy:

- archive/zip: mishandling of corrupt central directory record

  The archive/zip package's handling of certain types of invalid zip files
  differed from the behavior of most zip implementations. This misalignment
  could be exploited to create an zip file with contents that vary depending
  on the implementation reading the file. The archive/zip package now rejects
  files containing these errors.

  Thanks to Yufan You for reporting this issue.

  This is CVE-2024-24789 and Go issue https://go.dev/issue/66869.

- net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

  The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected
  for IPv4-mapped IPv6 addresses, returning false for addresses which would
  return true in their traditional IPv4 forms.

  Thanks to Enze Wang of Alioth and Jianjun Chen of Zhongguancun Lab
  for reporting this issue.

  This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 630e1d3e95)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 23:43:37 +02:00
Sebastiaan van Stijn 60b13f1f80
Dockerfile: update ALPINE_VERSION to 3.20
Update to the current version of Alpine, which is also the default for
the golang:alpine image

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e70f68595d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 23:43:33 +02:00
Laura Brehm 5dab29765f
Merge pull request #5108 from thaJeztah/26.1_backport_use_containerd_platforms
[26.1 backport] migrate to new github.com/containerd/platforms package
2024-06-03 17:04:53 +01:00
Sebastiaan van Stijn b600054c51
migrate to new github.com/containerd/platforms package
The github.com/containerd/containerd/platforms package was moved to a separate
module in preparation of the containerd v2.0 release.

Switch to the new module, which means we also remove containerd as a direct
dependency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7dc271a8be)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 17:45:45 +02:00
Laura Brehm 42912d4d68
Merge pull request #5102 from thaJeztah/26.1_backport_docs
[26.1 backport] assorted docs backports
2024-06-03 16:31:45 +01:00
Laura Brehm 28638aab95
Merge pull request #5103 from thaJeztah/26.1_backport_bump_gowinio
[26.1 backport] vendor: github.com/Microsoft/go-winio v0.6.2
2024-06-03 15:55:36 +01:00
Sebastiaan van Stijn e89982aea9
Merge pull request #5105 from laurazard/update-actions-26.1
[26.1 backport] gha: update to actions/upload-artifact@v4
2024-06-03 16:47:35 +02:00
Sebastiaan van Stijn dafe63b085
gha: update to actions/upload-artifact@v4
v3 is using Node.js 16 which are being deprecated:

    Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/upload-artifact@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

ci: incl. platform pair in artifact name

This fixes an the issue w/ `upload-artifact@v4`.
See: https://github.blog/2024-02-12-get-started-with-v4-of-github-actions-artifacts/#compatibility

Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9cd722595)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 16:41:45 +02:00
Sebastiaan van Stijn 7dfc99c17e
Merge pull request #5104 from thaJeztah/26.1_vendor_engine
[26.1] vendor: github.com/docker/docker v26.1.3
2024-06-03 15:08:09 +02:00
Sebastiaan van Stijn 079107e1bc
[26.1] vendor: github.com/docker/docker v26.1.3
no changes; same commit, but tagged

full diff: https://github.com/docker/docker/compare/8e96db1c328d...v26.1.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 14:06:05 +02:00
Sebastiaan van Stijn 14d7485d98
vendor: github.com/Microsoft/go-winio v0.6.2
- Fix compatibility with go1.22
- fileinfo: internally fix FileBasicInfo memory alignment (fixes compatibility
  with go1.22)
- Switch from syscall to golang.org/x/sys/windows
- Remove golang.org/x/mod as dependency
- Remove golang.org/x/tools as dependency

full diff: https://github.com/Microsoft/go-winio/compare/v0.6.1...v0.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 12aaeae21b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 13:31:46 +02:00
Bjorn Neergaard 50bb59277a
docs: tidy up CDI docs
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
(cherry picked from commit 116db4fc82)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 13:28:38 +02:00
cncal c4767b3141
docs: fix json syntax error
Signed-off-by: cncal <flycalvin@qq.com>
(cherry picked from commit 6a4d38c7f2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 13:28:24 +02:00
Bjorn Neergaard 3f807ede91
Merge pull request #5083 from vvoland/v26.1-5078
[26.1 backport] plugins/hooks: Don't show empty hook messages
2024-05-31 14:08:59 -06:00
Sebastiaan van Stijn 836fc57e2a
Merge pull request #5095 from thaJeztah/26.1_backport_context_type_stub
[26.1 backport] context list: temporarily add ContextType to JSON output
2024-05-31 22:01:29 +02:00
Sebastiaan van Stijn 258e27438f
context list: temporarily add ContextType to JSON output
Docker Desktop currently ships with the "cloud integration" wrapper,
which outputs an additional ContextType field in the JSON output.

While this field is non-standard, it made its way into Visual Studio's
Docker integration, which uses this to exclude "aci" and "eci" context
types that are not supported by Visual Studio.

This patch;

- conditionally adds a ContextType field to the JSON output
- but ONLY when using the default "{{json .}}" or "json" formats
  (which are the formats used by Visual Studio)
- if the context is a "aci" or "eci" context, that type is
  preserved, otherwise the default "moby" type is used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fed9fa0f72)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 14:48:35 +02:00
Sebastiaan van Stijn 29cd8591ee
cli/command/context: list: add test for JSON output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 40a1da8b42)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 14:48:19 +02:00
Sebastiaan van Stijn e23a63eb4c
cli/command/context: test inspecting context with custom metadata
The CLI does not currently expose options to add custom metadata to
contexts, but contexts support them.

- update test-utilities to allow setting custom metadata
- update the inspect test to verify that custom metadata is included
  when inspecting a context.
- update the import/export tests to verify that custom metadata
  is preserved.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2e9eff235d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 14:48:19 +02:00
Sebastiaan van Stijn 1e52a86d42
cli/command/context: add test-utility to create multiple contexts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 54291dd47a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 14:48:16 +02:00
Paweł Gronowski e382a5f225
plugins/hooks: Don't show empty hooks
Don't show `Next steps:` with no messages at all when plugin returns an
unitialized value of `HookMessage` (zero-initialization sets its type to
NextSteps and empty template).

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 296a6f5872)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-05-20 17:58:52 +02:00
Paweł Gronowski b72abbb6f0
Merge pull request #5073 from vvoland/vendor-docker
[26.1] vendor: github.com/docker/docker v26.1.3-dev (8e96db1c328d)
2024-05-16 09:47:24 +02:00
Paweł Gronowski 26e9ff49c8
vendor: github.com/docker/docker v26.1.3-dev (8e96db1c328d)
- full diff: ef1912d8b6...8e96db1c32

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-05-15 13:01:52 +02:00
Paweł Gronowski 4021ee92fe
Merge pull request #5071 from laurazard/backport/5051-26.1
[26.1 backport] Add OTel instrumentation to CLI plugins
2024-05-15 11:24:12 +02:00
Laura Brehm 326c7138bb
OTel: implement missing MeterProvider `ForceFlush`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit 5f4f4f64d3)
2024-05-15 02:00:06 +01:00
Laura Brehm ee359a394b
OTel: add `command.time` metric to plugin commands
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
(cherry picked from commit f07834d185)
2024-05-15 02:00:05 +01:00
Laura Brehm 004e2925d7
Merge pull request #5070 from laurazard/backport/5067-26.1
[26.1 backport] Centralize init of Meter/TracerProviders
2024-05-14 16:52:23 +01:00
Christopher Petito 6691085012
Use funcs on DockerCli to return Meter/TracerProviders, not initialize them. Initialize them during DockerCli struct init
Signed-off-by: Christopher Petito <chrisjpetito@gmail.com>
(cherry picked from commit 02537eac59)
2024-05-14 16:31:06 +01:00
Sebastiaan van Stijn 60f2d38d53
Merge pull request #5068 from dvdksn/26.1_backport_doc-vxlan-listen-addr
[26.1 Backport] docs: clarify that --data-path-addr doesn't restrict access
2024-05-13 20:48:38 +02:00
David Karlsson 81b482ea5e docs: clarify that --data-path-addr doesn't restrict access
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit faf096b25c)
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-05-13 19:01:26 +02:00