full diff: 69ecbb4d6d...2aa609cf4a
The cherry-pick didn't apply cleanly, so I took the single 'golang.org/x/crypto'
change in vendor.conf and re-ran vndr.
The motivation behind this is to address the input regression on Windows caused by:
6d4e4cb37c
.. and addressed in:
ecb85df213
(cherry picked from commit 37d184fe16)
Signed-off-by: Shane Jarych <sjarych@mirantis.com>
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 27d9aa2d9f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.
$ eval $(ssh-agent)
$ ssh-add ~/.ssh/id_rsa
(Input your passphrase here)
$ docker build --ssh default=$SSH_AUTH_SOCK ...
This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .
Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.
However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".
The Dockerfile for the Dockerfile frontend is available at github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .
An example Dockerfile with `RUN --mount=type=ssh`:
# syntax = tonistiigi/dockerfile:ssh20181002
FROM alpine
RUN apk add --no-cache openssh-client
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
# "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here
More info available at moby/buildkit#608, moby/buildkit#655
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Bring in:
- moby 36517 ensure hijackedConn implements CloseWrite function
- moby 36489 (fixes `errdefs.ErrSystem` interface)
- moby 36506 pkg/mount: use sort.Slice
- moby 36451 Windows: Report Version and UBR
Also update moby dependencies to keep them in sync
- golang.org/x/sync (no code changes)
- Bump runc to 4fc53a81fb7c994640722ac585fa9ca548971871
- Bump swarmkit to 49a9d7f6ba3c1925262641e694c18eb43575f74b
no local code changes
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add support for kubernetes for docker stack command
- Update to go 1.9
- Add kubernetes to vendors
- Print orchestrator in docker version command
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
updates to the same version as is currently used
on moby/moby; this bump contains fixes for ppc64le.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Shane Jarych
Sebastiaan van Stijn
Tibor Vass
Jérémie Drouet
Akihiro Suda
Vincent Demeester
Mathieu Champlon
Chao Wang
Riyaz Faizullabhoy
Andrew Hsu
Simon Ferquel
Vincent Demeester
Tonis Tiigi
Daniel Nephin