diff --git a/Dockerfile b/Dockerfile index 9239d5202b..4d47fe5a43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ ARG CROSS="false" ARG SYSTEMD="false" # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored -ARG GO_VERSION=1.13.15 +ARG GO_VERSION=1.16.5 ARG DEBIAN_FRONTEND=noninteractive ARG VPNKIT_VERSION=0.5.0 ARG DOCKER_BUILDTAGS="apparmor seccomp" diff --git a/Dockerfile.e2e b/Dockerfile.e2e index b798c86175..a92bba599d 100644 --- a/Dockerfile.e2e +++ b/Dockerfile.e2e @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.13.15 +ARG GO_VERSION=1.16.5 FROM golang:${GO_VERSION}-alpine AS base ENV GO111MODULE=off diff --git a/Dockerfile.simple b/Dockerfile.simple index a46ff4aa34..85b7cbb5c2 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -ARG GO_VERSION=1.13.15 +ARG GO_VERSION=1.16.5 FROM golang:${GO_VERSION}-buster ENV GO111MODULE=off diff --git a/Dockerfile.windows b/Dockerfile.windows index fa73c52a72..ec40bdd0c1 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -165,7 +165,7 @@ FROM microsoft/windowsservercore # Use PowerShell as the default shell SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ARG GO_VERSION=1.13.15 +ARG GO_VERSION=1.16.5 ARG GOTESTSUM_COMMIT=v0.5.3 # Environment variable notes: diff --git a/patches/0001-archive-tar-do-not-populate-user-group-names.patch b/patches/0001-archive-tar-do-not-populate-user-group-names.patch index 0af43b3fcb..c5599b6102 100644 --- a/patches/0001-archive-tar-do-not-populate-user-group-names.patch +++ b/patches/0001-archive-tar-do-not-populate-user-group-names.patch @@ -23,7 +23,7 @@ index 868105f338..9640ed4bab 100644 @@ -8,10 +8,7 @@ package tar import ( - "os" + "io/fs" - "os/user" "runtime" - "strconv" @@ -39,7 +39,7 @@ index 868105f338..9640ed4bab 100644 -// The downside is that renaming uname or gname by the OS never takes effect. -var userMap, groupMap sync.Map // map[int]string - - func statUnix(fi os.FileInfo, h *Header) error { + func statUnix(fi fs.FileInfo, h *Header) error { sys, ok := fi.Sys().(*syscall.Stat_t) if !ok { @@ -31,22 +24,9 @@ func statUnix(fi os.FileInfo, h *Header) error { diff --git a/vendor/archive/tar/common.go b/vendor/archive/tar/common.go index dee9e47e4a..c667cfc872 100644 --- a/vendor/archive/tar/common.go +++ b/vendor/archive/tar/common.go @@ -13,8 +13,8 @@ package tar import ( "errors" "fmt" + "io/fs" "math" - "os" "path" "reflect" "strconv" @@ -525,12 +525,12 @@ func (h Header) allowedFormats() (format Format, paxHdrs map[string]string, err return format, paxHdrs, err } -// FileInfo returns an os.FileInfo for the Header. -func (h *Header) FileInfo() os.FileInfo { +// FileInfo returns an fs.FileInfo for the Header. +func (h *Header) FileInfo() fs.FileInfo { return headerFileInfo{h} } -// headerFileInfo implements os.FileInfo. +// headerFileInfo implements fs.FileInfo. type headerFileInfo struct { h *Header } @@ -549,57 +549,57 @@ func (fi headerFileInfo) Name() string { } // Mode returns the permission and mode bits for the headerFileInfo. -func (fi headerFileInfo) Mode() (mode os.FileMode) { +func (fi headerFileInfo) Mode() (mode fs.FileMode) { // Set file permission bits. - mode = os.FileMode(fi.h.Mode).Perm() + mode = fs.FileMode(fi.h.Mode).Perm() // Set setuid, setgid and sticky bits. if fi.h.Mode&c_ISUID != 0 { - mode |= os.ModeSetuid + mode |= fs.ModeSetuid } if fi.h.Mode&c_ISGID != 0 { - mode |= os.ModeSetgid + mode |= fs.ModeSetgid } if fi.h.Mode&c_ISVTX != 0 { - mode |= os.ModeSticky + mode |= fs.ModeSticky } // Set file mode bits; clear perm, setuid, setgid, and sticky bits. - switch m := os.FileMode(fi.h.Mode) &^ 07777; m { + switch m := fs.FileMode(fi.h.Mode) &^ 07777; m { case c_ISDIR: - mode |= os.ModeDir + mode |= fs.ModeDir case c_ISFIFO: - mode |= os.ModeNamedPipe + mode |= fs.ModeNamedPipe case c_ISLNK: - mode |= os.ModeSymlink + mode |= fs.ModeSymlink case c_ISBLK: - mode |= os.ModeDevice + mode |= fs.ModeDevice case c_ISCHR: - mode |= os.ModeDevice - mode |= os.ModeCharDevice + mode |= fs.ModeDevice + mode |= fs.ModeCharDevice case c_ISSOCK: - mode |= os.ModeSocket + mode |= fs.ModeSocket } switch fi.h.Typeflag { case TypeSymlink: - mode |= os.ModeSymlink + mode |= fs.ModeSymlink case TypeChar: - mode |= os.ModeDevice - mode |= os.ModeCharDevice + mode |= fs.ModeDevice + mode |= fs.ModeCharDevice case TypeBlock: - mode |= os.ModeDevice + mode |= fs.ModeDevice case TypeDir: - mode |= os.ModeDir + mode |= fs.ModeDir case TypeFifo: - mode |= os.ModeNamedPipe + mode |= fs.ModeNamedPipe } return mode } // sysStat, if non-nil, populates h from system-dependent fields of fi. -var sysStat func(fi os.FileInfo, h *Header) error +var sysStat func(fi fs.FileInfo, h *Header) error const ( // Mode constants from the USTAR spec: @@ -623,10 +623,10 @@ const ( // If fi describes a symlink, FileInfoHeader records link as the link target. // If fi describes a directory, a slash is appended to the name. // -// Since os.FileInfo's Name method only returns the base name of +// Since fs.FileInfo's Name method only returns the base name of // the file it describes, it may be necessary to modify Header.Name // to provide the full path name of the file. -func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) { +func FileInfoHeader(fi fs.FileInfo, link string) (*Header, error) { if fi == nil { return nil, errors.New("archive/tar: FileInfo is nil") } @@ -643,29 +643,29 @@ func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) { case fi.IsDir(): h.Typeflag = TypeDir h.Name += "/" - case fm&os.ModeSymlink != 0: + case fm&fs.ModeSymlink != 0: h.Typeflag = TypeSymlink h.Linkname = link - case fm&os.ModeDevice != 0: - if fm&os.ModeCharDevice != 0 { + case fm&fs.ModeDevice != 0: + if fm&fs.ModeCharDevice != 0 { h.Typeflag = TypeChar } else { h.Typeflag = TypeBlock } - case fm&os.ModeNamedPipe != 0: + case fm&fs.ModeNamedPipe != 0: h.Typeflag = TypeFifo - case fm&os.ModeSocket != 0: + case fm&fs.ModeSocket != 0: return nil, fmt.Errorf("archive/tar: sockets not supported") default: return nil, fmt.Errorf("archive/tar: unknown file mode %v", fm) } - if fm&os.ModeSetuid != 0 { + if fm&fs.ModeSetuid != 0 { h.Mode |= c_ISUID } - if fm&os.ModeSetgid != 0 { + if fm&fs.ModeSetgid != 0 { h.Mode |= c_ISGID } - if fm&os.ModeSticky != 0 { + if fm&fs.ModeSticky != 0 { h.Mode |= c_ISVTX } // If possible, populate additional fields from OS-specific diff --git a/vendor/archive/tar/reader.go b/vendor/archive/tar/reader.go index 3943718517..1b1d5b4689 100644 --- a/vendor/archive/tar/reader.go +++ b/vendor/archive/tar/reader.go @@ -7,7 +7,6 @@ package tar import ( "bytes" "io" - "io/ioutil" "strconv" "strings" "time" @@ -104,7 +103,7 @@ func (tr *Reader) next() (*Header, error) { continue // This is a meta header affecting the next header case TypeGNULongName, TypeGNULongLink: format.mayOnlyBe(FormatGNU) - realname, err := ioutil.ReadAll(tr) + realname, err := io.ReadAll(tr) if err != nil { return nil, err } @@ -294,7 +293,7 @@ func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) { // parsePAX parses PAX headers. // If an extended header (type 'x') is invalid, ErrHeader is returned func parsePAX(r io.Reader) (map[string]string, error) { - buf, err := ioutil.ReadAll(r) + buf, err := io.ReadAll(r) if err != nil { return nil, err } @@ -433,7 +432,7 @@ func (tr *Reader) readHeader() (*Header, *block, error) { // files generated by a pre-Go1.8 toolchain. If the generated file // happened to have a prefix field that parses as valid // atime and ctime fields (e.g., when they are valid octal strings), - // then it is impossible to distinguish between an valid GNU file + // then it is impossible to distinguish between a valid GNU file // and an invalid pre-Go1.8 file. // // See https://golang.org/issues/12594 @@ -850,7 +849,7 @@ func discard(r io.Reader, n int64) error { } } - copySkipped, err := io.CopyN(ioutil.Discard, r, n-seekSkipped) + copySkipped, err := io.CopyN(io.Discard, r, n-seekSkipped) if err == io.EOF && seekSkipped+copySkipped < n { err = io.ErrUnexpectedEOF } diff --git a/vendor/archive/tar/reader_test.go b/vendor/archive/tar/reader_test.go index f153b668de..789ddc1bc0 100644 --- a/vendor/archive/tar/reader_test.go +++ b/vendor/archive/tar/reader_test.go @@ -10,7 +10,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "math" "os" "path" @@ -773,7 +772,7 @@ func TestReadTruncation(t *testing.T) { "testdata/pax-path-hdr.tar", "testdata/sparse-formats.tar", } { - buf, err := ioutil.ReadFile(p) + buf, err := os.ReadFile(p) if err != nil { t.Fatalf("unexpected error: %v", err) } @@ -865,7 +864,7 @@ func TestReadTruncation(t *testing.T) { } cnt++ if s2 == "manual" { - if _, err = tr.writeTo(ioutil.Discard); err != nil { + if _, err = tr.writeTo(io.Discard); err != nil { break } } diff --git a/vendor/archive/tar/stat_unix.go b/vendor/archive/tar/stat_unix.go index 5c346b8d6a..db697f51d0 100644 --- a/vendor/archive/tar/stat_unix.go +++ b/vendor/archive/tar/stat_unix.go @@ -7,7 +7,7 @@ package tar import ( - "os" + "io/fs" "runtime" "syscall" ) @@ -16,7 +16,7 @@ func init() { sysStat = statUnix } -func statUnix(fi os.FileInfo, h *Header) error { +func statUnix(fi fs.FileInfo, h *Header) error { sys, ok := fi.Sys().(*syscall.Stat_t) if !ok { return nil @@ -46,7 +46,7 @@ func statUnix(fi os.FileInfo, h *Header) error { minor := uint32((dev & 0x00000000000000ff) >> 0) minor |= uint32((dev & 0x00000ffffff00000) >> 12) h.Devmajor, h.Devminor = int64(major), int64(minor) - case "darwin": + case "darwin", "ios": // Copied from golang.org/x/sys/unix/dev_darwin.go. major := uint32((dev >> 24) & 0xff) minor := uint32(dev & 0xffffff) diff --git a/vendor/archive/tar/strconv.go b/vendor/archive/tar/strconv.go index 0a910f33b9..f0b61e6dba 100644 --- a/vendor/archive/tar/strconv.go +++ b/vendor/archive/tar/strconv.go @@ -28,7 +28,7 @@ func isASCII(s string) bool { } // toASCII converts the input to an ASCII C-style string. -// This a best effort conversion, so invalid characters are dropped. +// This is a best effort conversion, so invalid characters are dropped. func toASCII(s string) string { if isASCII(s) { return s @@ -265,8 +265,27 @@ func parsePAXRecord(s string) (k, v, r string, err error) { return "", "", s, ErrHeader } + afterSpace := int64(sp + 1) + beforeLastNewLine := n - 1 + // In some cases, "length" was perhaps padded/malformed, and + // trying to index past where the space supposedly is goes past + // the end of the actual record. + // For example: + // "0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319" + // ^ ^ + // | | + // | afterSpace=35 + // | + // beforeLastNewLine=29 + // yet indexOf(firstSpace) MUST BE before endOfRecord. + // + // See https://golang.org/issues/40196. + if afterSpace >= beforeLastNewLine { + return "", "", s, ErrHeader + } + // Extract everything between the space and the final newline. - rec, nl, rem := s[sp+1:n-1], s[n-1:n], s[n:] + rec, nl, rem := s[afterSpace:beforeLastNewLine], s[beforeLastNewLine:n], s[n:] if nl != "\n" { return "", "", s, ErrHeader } diff --git a/vendor/archive/tar/strconv_test.go b/vendor/archive/tar/strconv_test.go index dd3505a758..add65e272a 100644 --- a/vendor/archive/tar/strconv_test.go +++ b/vendor/archive/tar/strconv_test.go @@ -368,6 +368,13 @@ func TestParsePAXRecord(t *testing.T) { {"16 longkeyname=hahaha\n", "16 longkeyname=hahaha\n", "", "", false}, {"3 somelongkey=\n", "3 somelongkey=\n", "", "", false}, {"50 tooshort=\n", "50 tooshort=\n", "", "", false}, + {"0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319", "0000000000000000000000000000000030 mtime=1432668921.098285006\n30 ctime=2147483649.15163319", "mtime", "1432668921.098285006", false}, + {"06 k=v\n", "06 k=v\n", "", "", false}, + {"00006 k=v\n", "00006 k=v\n", "", "", false}, + {"000006 k=v\n", "000006 k=v\n", "", "", false}, + {"000000 k=v\n", "000000 k=v\n", "", "", false}, + {"0 k=v\n", "0 k=v\n", "", "", false}, + {"+0000005 x=\n", "+0000005 x=\n", "", "", false}, } for _, v := range vectors { diff --git a/vendor/archive/tar/tar_test.go b/vendor/archive/tar/tar_test.go index 2676853122..91b38401b6 100644 --- a/vendor/archive/tar/tar_test.go +++ b/vendor/archive/tar/tar_test.go @@ -10,7 +10,7 @@ import ( "fmt" "internal/testenv" "io" - "io/ioutil" + "io/fs" "math" "os" "path" @@ -262,7 +262,7 @@ func TestFileInfoHeaderDir(t *testing.T) { func TestFileInfoHeaderSymlink(t *testing.T) { testenv.MustHaveSymlink(t) - tmpdir, err := ioutil.TempDir("", "TestFileInfoHeaderSymlink") + tmpdir, err := os.MkdirTemp("", "TestFileInfoHeaderSymlink") if err != nil { t.Fatal(err) } @@ -327,7 +327,7 @@ func TestRoundTrip(t *testing.T) { if !reflect.DeepEqual(rHdr, hdr) { t.Errorf("Header mismatch.\n got %+v\nwant %+v", rHdr, hdr) } - rData, err := ioutil.ReadAll(tr) + rData, err := io.ReadAll(tr) if err != nil { t.Fatalf("Read: %v", err) } @@ -338,7 +338,7 @@ func TestRoundTrip(t *testing.T) { type headerRoundTripTest struct { h *Header - fm os.FileMode + fm fs.FileMode } func TestHeaderRoundTrip(t *testing.T) { @@ -361,7 +361,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360600852, 0), Typeflag: TypeSymlink, }, - fm: 0777 | os.ModeSymlink, + fm: 0777 | fs.ModeSymlink, }, { // character device node. h: &Header{ @@ -371,7 +371,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360578951, 0), Typeflag: TypeChar, }, - fm: 0666 | os.ModeDevice | os.ModeCharDevice, + fm: 0666 | fs.ModeDevice | fs.ModeCharDevice, }, { // block device node. h: &Header{ @@ -381,7 +381,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360578954, 0), Typeflag: TypeBlock, }, - fm: 0660 | os.ModeDevice, + fm: 0660 | fs.ModeDevice, }, { // directory. h: &Header{ @@ -391,7 +391,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360601116, 0), Typeflag: TypeDir, }, - fm: 0755 | os.ModeDir, + fm: 0755 | fs.ModeDir, }, { // fifo node. h: &Header{ @@ -401,7 +401,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360578949, 0), Typeflag: TypeFifo, }, - fm: 0600 | os.ModeNamedPipe, + fm: 0600 | fs.ModeNamedPipe, }, { // setuid. h: &Header{ @@ -411,7 +411,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1355405093, 0), Typeflag: TypeReg, }, - fm: 0755 | os.ModeSetuid, + fm: 0755 | fs.ModeSetuid, }, { // setguid. h: &Header{ @@ -421,7 +421,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360602346, 0), Typeflag: TypeReg, }, - fm: 0750 | os.ModeSetgid, + fm: 0750 | fs.ModeSetgid, }, { // sticky. h: &Header{ @@ -431,7 +431,7 @@ func TestHeaderRoundTrip(t *testing.T) { ModTime: time.Unix(1360602540, 0), Typeflag: TypeReg, }, - fm: 0600 | os.ModeSticky, + fm: 0600 | fs.ModeSticky, }, { // hard link. h: &Header{ @@ -804,9 +804,9 @@ func Benchmark(b *testing.B) { b.Run(v.label, func(b *testing.B) { b.ReportAllocs() for i := 0; i < b.N; i++ { - // Writing to ioutil.Discard because we want to + // Writing to io.Discard because we want to // test purely the writer code and not bring in disk performance into this. - tw := NewWriter(ioutil.Discard) + tw := NewWriter(io.Discard) for _, file := range v.files { if err := tw.WriteHeader(file.hdr); err != nil { b.Errorf("unexpected WriteHeader error: %v", err) @@ -844,7 +844,7 @@ func Benchmark(b *testing.B) { if _, err := tr.Next(); err != nil { b.Errorf("unexpected Next error: %v", err) } - if _, err := io.Copy(ioutil.Discard, tr); err != nil { + if _, err := io.Copy(io.Discard, tr); err != nil { b.Errorf("unexpected Copy error : %v", err) } } diff --git a/vendor/archive/tar/writer_test.go b/vendor/archive/tar/writer_test.go index 30556d27d0..a00f02d8fa 100644 --- a/vendor/archive/tar/writer_test.go +++ b/vendor/archive/tar/writer_test.go @@ -9,7 +9,6 @@ import ( "encoding/hex" "errors" "io" - "io/ioutil" "os" "path" "reflect" @@ -520,7 +519,7 @@ func TestWriter(t *testing.T) { } if v.file != "" { - want, err := ioutil.ReadFile(v.file) + want, err := os.ReadFile(v.file) if err != nil { t.Fatalf("ReadFile() = %v, want nil", err) }