Commit Graph

141 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 1edb10fe30
vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)
full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 21:20:47 +01:00
Sebastiaan van Stijn c485dab603
vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382
full diff: 69ecbb4d6d...1d94cc7ab1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-19 12:37:32 +01:00
Sebastiaan van Stijn 27d9aa2d9f
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919)
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:

- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
  On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
  functions of golang.org/x/crypto/cryptobyte can lead to a panic.
  The malformed certificate can be delivered via a crypto/tls connection to a
  client, or to a server that accepts client certificates. net/http clients can
  be made to crash by an HTTPS server, while net/http servers that accept client
  certificates will recover the panic and are unaffected.
  Thanks to Project Wycheproof for providing the test cases that led to the
  discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-29 11:25:09 +01:00
Sebastiaan van Stijn 268cc5df24
vendor: bump golang.org/x/sys 6d18c012aee9febd81bbf9806760c8c4480e870d
full diff: 9eafafc0a8...6d18c012ae

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:26:26 +01:00
CarlosEDP 778052b066 bump x/sys to fix riscv64 epoll
Signed-off-by: CarlosEDP <me@carlosedp.com>
2019-08-12 13:13:08 -03:00
Tonis Tiigi 668a9ff8ef vendor: update net and sys
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-06-02 00:39:23 -07:00
Sebastiaan van Stijn 909b85460c
bump LK4D4/vndr v0.0.3 and revendor
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-14 16:13:27 -07:00
Sebastiaan van Stijn 51de9a883a
bump golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 21:49:19 -07:00
Sebastiaan van Stijn c30e94533c
bump golang.org/x/sys 4b34438f7a67ee5f45cc6132e2bad873a20324e9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:42 +02:00
Sebastiaan van Stijn 767fafdb32
bump golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:36 +02:00
Sebastiaan van Stijn b6cee4567c
bump golang.org/x/net eb5bcb51f2a31c7d5141d810b70815c05d9c9146
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:33 +02:00
Sebastiaan van Stijn 34806a8b4c
bump golang.org/x/crypto 38d8ce5564a5b71b2e3a00553993f1b9a7ae852f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:30 +02:00
Tibor Vass 45ec86b10f vendor github.com/docker/docker to bcaa613d823
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-04-03 20:57:18 +00:00
Sebastiaan van Stijn aaffb71746
vendor golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:22:03 +01:00
Sebastiaan van Stijn e06dedf365
bump containerd, runc and dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:22:00 +01:00
Sebastiaan van Stijn 5ccaaef8c1
vendor golang.org/x/sys d455e41777fca6e8a5a79e34a14b8368bc11d9ba
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-19 22:21:54 +01:00
Sebastiaan van Stijn 05fd2a87dc
Update containerd 1.2.4 and dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-03-02 13:44:57 +01:00
Jérémie Drouet 8a634aa578 alias kubernetes api to compose-on-kubernetes implementation
Signed-off-by: Jérémie Drouet <jeremie.drouet@gmail.com>
2018-12-28 15:49:17 +01:00
Akihiro Suda db7399a016 build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`)
Unlike `docker build --secret`, `docker build --ssh` allows the build container to
use SSH keys with passphrases.

  $ eval $(ssh-agent)
  $ ssh-add ~/.ssh/id_rsa
  (Input your passphrase here)
  $ docker build --ssh default=$SSH_AUTH_SOCK ...

This feature requires the daemon with `CapExecMountSSH` build capability (moby/moby#37973) .

Currently, the official Dockerfile frontend does not provide the syntax for using the SSH forwarder.

However, the experimental `RUN --mount=type=ssh` syntax can be enabled by using
the Dockerfile frontend image built with the `BUILDTAGS="dfrunmount dfssh"`, via the `# syntax =` "shebang".

The Dockerfile for the Dockerfile frontend is available at  github.com/moby/buildkit/frontend/dockerfile/cmd/dockerfile-frontend)
The pre-built image is also available as `tonistiigi/dockerfile:ssh20181002` .

An example Dockerfile with `RUN --mount=type=ssh`:

  # syntax = tonistiigi/dockerfile:ssh20181002
  FROM alpine
  RUN apk add --no-cache openssh-client
  RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  RUN --mount=type=ssh ssh git@gitlab.com | tee /hello
  # "Welcome to GitLab, @GITLAB_USERNAME_ASSOCIATED_WITH_SSHKEY" should be printed here

More info available at moby/buildkit#608, moby/buildkit#655

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
2018-10-05 19:56:32 +09:00
Vincent Demeester 8788a4804f
Bump some dependencies to more recent versions (and tagged if available)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-07-25 14:16:41 +02:00
Vincent Demeester c8f0e211b9
Bump kubernetes dependencies to 1.11
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-07-25 11:34:59 +02:00
Vincent Demeester b1065767cd
Bump moby version (and its dependencies)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 11:26:10 +02:00
Vincent Demeester 08d6c18570
Update vndr commit to latest
Some fixes and it also preserves directories with *.c files now.

See a6e196d8b4...1fc68ee0c8

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-05-24 09:39:22 +02:00
Mathieu Champlon 5d54584f03 Bump moby to d37f5c6bdf788a6cb82c07fb707e31a240eff5f9
Also bringing:
. golang.org/x/net 5561cd9b4330353950f399814f427425c0a26fd2
. github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
. github.com/docker/swarmkit bd69f6e8e301645afd344913fa1ede53a0a111fb
. github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
. github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
. github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
. github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
. github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
. github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
. github.com/matttproud/golang_protobuf_extensions v1.0.0

Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2018-05-18 11:44:14 +02:00
Sebastiaan van Stijn b17215c456
Bump moby to ae7016427f8cba4e4d8fcb979d6ba313ee2c0702
Bring in:

- moby 36517 ensure hijackedConn implements CloseWrite function
- moby 36489 (fixes `errdefs.ErrSystem` interface)
- moby 36506 pkg/mount: use sort.Slice
- moby 36451 Windows: Report Version and UBR

Also update moby dependencies to keep them in sync

- golang.org/x/sync (no code changes)
- Bump runc to 4fc53a81fb7c994640722ac585fa9ca548971871
- Bump swarmkit to 49a9d7f6ba3c1925262641e694c18eb43575f74b

no local code changes

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-03-15 01:51:31 +01:00
Sebastiaan van Stijn d9f5fa8124
update golang.org/x/sys for OpenBSD
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-20 17:40:06 +01:00
Vincent Demeester 12c0825a4c Update golang.org/x/net to not panic
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-28 14:40:09 +01:00
Vincent Demeester 61713c42a4 Update vendoring
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-26 11:45:56 +01:00
Vincent Demeester 1ff277ad8f Fix some build failures
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-26 11:22:32 +01:00
Vincent Demeester 8417e49792 Add support for kubernetes in docker cli
- Add support for kubernetes for docker stack command
- Update to go 1.9
- Add kubernetes to vendors
- Print orchestrator in docker version command

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2017-12-26 11:22:32 +01:00
Sebastiaan van Stijn 5735fff6fc
Bump moby to f4d4f5863156b82ef146b6ff1e845f8dcf019f12
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-11-08 17:50:58 +01:00
Chao Wang 926b20fcb5 Refactor stringutils and fix docker search output form when the description has CJK character
Signed-off-by: Chao Wang <wangchao.fnst@cn.fujitsu.com>
2017-10-27 11:15:10 +08:00
Sebastiaan van Stijn e3b7700fb9
revendor logrus and x/crypto
updates to the same version as is currently used
on moby/moby; this bump contains fixes for ppc64le.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-09-29 15:32:42 +02:00
Riyaz Faizullabhoy fb1cbaeb66 vendor: upgrade notary version for docker trust
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-09-25 09:34:52 -07:00
Andrew Hsu 50696bbf72 vndr golang.org/x/sys to 07c1829
To satisfy requirements of the vndr of docker/docker

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
2017-09-12 12:11:18 -07:00
Simon Ferquel a0113c3a44 updated vendoring
Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>
2017-09-01 19:41:06 -04:00
Vincent Demeester 472ce90624 Merge pull request #291 from thaJeztah/bump-swarmkit
Bump swarmkit and dependencies to 79381d0840be27f8b3f5c667b348a4467d866eeb
2017-07-21 11:07:38 +02:00
Sebastiaan van Stijn 3e3c9d69d8
Revendor dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-10 10:56:42 -07:00
Sebastiaan van Stijn 679ae70241
bump golang.org/x/net to 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 17:40:41 -07:00
Tonis Tiigi 4adf701567 vendor: update moby
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-23 11:34:22 -07:00
Daniel Nephin 6686ada6a4 Add vendor
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:12:58 -04:00