Akihiro Suda
7d75c1d40d
Merge pull request #41731 from thaJeztah/19.03_container_1.3.9
...
[19.03] update containerd binary to v1.3.9 (address CVE-2020-15257)
2020-12-01 12:45:08 +09:00
Sebastiaan van Stijn
d3c5506330
update containerd binary to v1.3.9 (address CVE-2020-15257)
...
full diff: https://github.com/containerd/containerd/compare/v1.3.8...v1.3.9
Release notes:
containerd 1.3.9
---------------------
Welcome to the v1.3.9 release of containerd!
The ninth patch release for containerd 1.3 is a security release to address
CVE-2020-15257. See GHSA-36xw-fx78-c5r4 for more details:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-30 20:10:30 +01:00
Sebastiaan van Stijn
1babdf81e7
update containerd binary to v1.3.8
...
full diff: https://github.com/containerd/containerd/compare/v1.3.7...v1.3.8
Release notes:
containerd 1.3.8
----------------------
Welcome to the v1.3.8 release of containerd!
The eighth patch release for containerd 1.3 includes several bug fixes and updates.
Notable Updates
- Fix metrics monitoring of v2 runtime tasks
- Fix nil pointer error when restoring checkpoint
- Fix devmapper device deletion on rollback
- Fix integer overflow on Windows
- Update seccomp default profile
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-30 20:04:31 +01:00
Brian Goff
35968c420d
Merge pull request #41685 from ameyag/19.03-bmp-libnetwork-nil-deference
...
[19.03] docker/libnetwork 55e924b8a84231a065879156c0de95aefc5f5435 (bump_19.03 branch)
2020-11-18 10:03:17 -08:00
Ameya Gawde
f80f6304e2
Bump libnetwork
...
Signed-off-by: Ameya Gawde <agawde@mirantis.com>
2020-11-17 16:21:39 -08:00
Sebastiaan van Stijn
837baebb74
Merge pull request #41635 from AkihiroSuda/rootlesskit-0.11.0-1903
...
[19.03 backport] bump up rootlesskit to v0.11.0
2020-11-09 20:50:00 +01:00
Akihiro Suda
4b181db52b
bump up rootlesskit to v0.11.0
...
Important fix: Lock state dir for preventing automatic clean-up by systemd-tmpfiles
(https://github.com/rootless-containers/rootlesskit/pull/188 )
Full changes:https://github.com/rootless-containers/rootlesskit/compare/v0.10.0...v0.11.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit c6accc67f2
2020-11-05 16:53:57 +09:00
Akihiro Suda
619f1b54c6
Merge pull request #41596 from thaJeztah/19.03_backport_swagger_fix
...
[19.03 backport] docs: fix builder-version swagger
2020-10-29 12:37:35 +09:00
Tonis Tiigi
7487dca8a5
docs: fix builder-version swagger
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 8cc0fd811e
2020-10-27 20:42:13 +01:00
Brian Goff
bb69504a4a
Merge pull request #41557 from AkihiroSuda/cherrypick-41156-1903
...
[19.03 backport] dockerd-rootless.sh: support new containerd shim socket path convention
2020-10-16 13:06:56 -07:00
Akihiro Suda
c7253a0e1a
dockerd-rootless.sh: support containerd v1.4 shim socket path convention
...
The new shim socket path convention hardcodes `/run/containerd`:
https://github.com/containerd/containerd/pull/4343
`dockerd-rootless.sh` is updated to hide the rootful `/run/containerd`
from the mount namespace of the rootless dockerd.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 794aa20983
2020-10-16 13:33:56 +09:00
Brian Goff
b27122246a
Merge pull request #41542 from thaJeztah/19.03_backport_fix_41517
2020-10-09 16:14:30 -07:00
Tianon Gravi
88eec2e811
Also trim "~..." from AppArmor versions
...
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
(cherry picked from commit 654cad4d9d
2020-10-09 22:22:56 +02:00
Akihiro Suda
ecd3baca25
pkg/aaparser: support parsing version like "3.0.0-beta1"
...
Fix #41517
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit ee079e4692
2020-10-09 22:22:53 +02:00
Brian Goff
233a6379e5
Merge pull request #41522 from thaJeztah/19.03_backport_gcp_leak
...
[19.03 backport] Fix gcplogs memory/connection leak
2020-10-06 14:27:10 -07:00
Patrick Haas
74c0c5b7f1
Fix gcplogs memory/connection leak
...
The cloud logging client should be closed when the log driver is closed. Otherwise dockerd will keep a gRPC connection to the logging endpoint open indefinitely.
This results in a slow leak of tcp sockets (1) and memory (~200Kb) any time that a container using `--log-driver=gcplogs` is terminates.
Signed-off-by: Patrick Haas <patrickhaas@google.com>
(cherry picked from commit ef553e14a4
2020-10-03 00:30:30 +02:00
Tianon Gravi
88623e101c
Merge pull request #41293 from thaJeztah/19.03_backport_fix_getexecuser
...
[19.03 backport] oci: correctly use user.GetExecUser interface
2020-09-25 18:35:14 -07:00
Brian Goff
705762f23c
Merge pull request #41494 from thaJeztah/19.03_backport_aws_sdk_go
...
[19.03 backport] awslogs: Update aws-sdk-go to support IMDSv2
2020-09-25 12:24:39 -07:00
Samuel Karp
5f32bd9ced
awslogs: Update aws-sdk-go to support IMDSv2
...
AWS recently launched a new version of the EC2 Instance Metadata
Service, which is used to provide credentials to the awslogs driver when
running on Amazon EC2. This new version of the IMDS adds
defense-in-depth mechanisms against open firewalls, reverse proxies, and
SSRF vulnerabilities and is generally an improvement over the previous
version. An updated version of the AWS SDK is able to handle the both
the previous version and the new version of the IMDS and functions when
either is enabled.
More information about IMDSv2 is available at the following links:
* https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
Closes https://github.com/moby/moby/issues/40422
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 44a8e10bfc
2020-09-25 16:14:50 +02:00
Tibor Vass
bd33bbf049
Merge pull request #41314 from thaJeztah/19.03_backport_fix_racey_logger_test
...
[19.03 backport] test-fixes for flaky test: TestCheckCapacityAndRotate
2020-09-16 07:28:27 -07:00
Tibor Vass
426396f438
Merge pull request #41451 from thaJeztah/19.03_update_buildkit
...
[19.03] vendor: buildkit v0.6.4-32-gdf89d4dc
2020-09-15 16:02:53 -07:00
Tibor Vass
406dba269c
Merge pull request #41446 from thaJeztah/19.03_backport_swagger_fixes
...
[19.03 backport] swagger: fix MemTotal units in SystemInfo endpoint
2020-09-15 16:00:28 -07:00
Tibor Vass
50b33bd3cd
Merge pull request #41312 from thaJeztah/19.03_backport_pass_network_error
...
[19.03 backport] Check for context error that is wrapped in url.Error
2020-09-15 15:56:29 -07:00
Tibor Vass
519462f3df
Merge pull request #41334 from thaJeztah/19.03_backport_bump_golang_1.13.15
...
[19.03 backport] Bump Golang 1.13.15
2020-09-15 15:55:08 -07:00
Tibor Vass
64fffefffa
Merge pull request #40408 from thaJeztah/19.03_backport_update_containerd_1.3
...
[19.03 backport] update containerd binary v1.3.7
2020-09-15 15:54:32 -07:00
Sebastiaan van Stijn
8cf9d50fc0
[19.03] vendor: buildkit v0.6.4-32-gdf89d4dc
...
full diff: https://github.com/moby/buildkit/compare/v0.6.4-28-gda1f4bf1...v0.6.4-32-gdf89d4dc
no local changes in the daemon code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-15 11:19:58 +02:00
Nikolay Edigaryev
a4e96a486f
swagger: fix MemTotal units in SystemInfo endpoint
...
MemTotal represents bytes, not kilobytes. See Linux[1] and Windows[2]
implementations.
[1]: f50a40e889/pkg/system/meminfo_linux.go (L49)f50a40e889/pkg/system/meminfo_windows.go (L40)13e0ba700a
2020-09-14 14:37:54 +02:00
Sebastiaan van Stijn
9fe291827a
Bump Golang 1.13.15
...
full diff: https://github.com/golang/go/compare/go1.13.14...go1.13.15
go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary
package. See the Go 1.13.15 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.13.15+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2a6325e310
2020-08-10 12:16:14 +02:00
Akihiro Suda
a15a770e1b
update containerd to v1.3.7
...
Release note: https://github.com/containerd/containerd/releases/tag/v1.3.7
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 43d13054c5
2020-08-05 22:40:36 +02:00
Jintao Zhang
9380ec7397
update containerd to v1.3.6
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 85e3dddccd
2020-08-05 22:40:17 +02:00
Jintao Zhang
80cef48453
update containerd to v1.3.5
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 0e915e5413
2020-08-05 22:40:15 +02:00
Jintao Zhang
fc8f88dc14
update containerd to v1.3.4
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit fbaaca6351
2020-08-05 22:40:13 +02:00
Sebastiaan van Stijn
89a4208757
update containerd binary to v1.3.3
...
full diff: https://github.com/containerd/containerd/compare/v1.3.2...v1.3.3
release notes: https://github.com/containerd/containerd/releases/tag/v1.3.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 27649ee44f
2020-08-05 22:40:11 +02:00
Jintao Zhang
490c45b756
Update containerd to v1.3.2
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 7f809e1080
2020-08-05 22:40:09 +02:00
Jintao Zhang
56d897347d
Update containerd to v1.3.1
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit 517946eb47
2020-08-05 22:40:07 +02:00
Derek McGowan
d4c63720e9
update containerd binary v1.3.0
...
full diff: https://github.com/containerd/containerd/compare/v1.2.8..v1.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 6c94a50f41
2020-08-05 22:40:04 +02:00
Brian Goff
ec14dc44d1
Fix log file rotation test.
...
The test was looking for the wrong file name.
Since compression happens asyncronously, sometimes the test would
succeed and sometimes fail.
This change makes sure to wait for the compressed version of the file
since we can't know when the compression is going to occur.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit c6d860ace6
2020-08-05 12:48:27 +02:00
Brian Goff
a958fc3e65
Fix flakey test for log file rotate.
...
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
(cherry picked from commit 5ea5c02c88
2020-08-05 12:48:17 +02:00
Evgeniy Makhrov
89da709cb7
Check for context error that is wrapped in url.Error
...
Signed-off-by: Evgeniy Makhrov <e.makhrov@corp.badoo.com>
(cherry picked from commit 8ccb46a521
2020-08-04 17:44:42 +02:00
Tibor Vass
88820a4793
Merge pull request #41287 from thaJeztah/19.03_backport_bump_netns
...
[19.03 backport] vendor: vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
2020-07-31 12:30:33 +02:00
Aleksa Sarai
83baeafc3c
oci: correctly use user.GetExecUser interface
...
A nil interface in Go is not the same as a nil pointer that satisfies
the interface. libcontainer/user has special handling for missing
/etc/{passwd,group} files but this is all based on nil interface checks,
which were broken by Docker's usage of the API.
When combined with some recent changes in runc that made read errors
actually be returned to the caller, this results in spurrious -EINVAL
errors when we should detect the situation as "there is no passwd file".
Signed-off-by: Aleksa Sarai <asarai@suse.de>
(cherry picked from commit 3108ae6226
2020-07-29 16:04:23 +02:00
Sebastiaan van Stijn
dae08c333e
vendor: vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
...
full diff: 0a2b9b5464...db3c7e526a818bad6ef2
2020-07-29 12:48:55 +02:00
Sebastiaan van Stijn
93cb737687
[19.03] vendor: vishvananda/netns 0a2b9b5464df8343199164a0321edf3313202f7e
...
Same update as was vendored in e26e1cc5c17109fa855b...0a2b9b5464
2020-07-29 12:46:12 +02:00
Tibor Vass
7d597ee2c9
Merge pull request #41273 from thaJeztah/19.03_backport_swagger_fixes
...
[19.03 backport] Assorted swagger fixes
2020-07-28 14:30:31 +02:00
Tibor Vass
22c458b67c
Merge pull request #41274 from thaJeztah/19.03_backport_Double_RLock
...
[19.03 backport] plugin: fix a double RLock bug
2020-07-28 14:27:10 +02:00
Tibor Vass
8b97280f11
Merge pull request #41279 from thaJeztah/19.03_bump_buildkit
...
[19.03] vendor: moby/buildkit v0.6.4-28-gda1f4bf1
2020-07-28 14:25:15 +02:00
Sebastiaan van Stijn
eda52d433e
[19.03] vendor: moby/buildkit v0.6.4-28-gda1f4bf1
...
full diff: a1e4f48e71...da1f4bf179
2020-07-28 13:16:50 +02:00
Sebastiaan van Stijn
168254fcfa
Merge pull request #41277 from AkihiroSuda/rootlesskit-0.10.0-1903
...
[19.03 backport] bump up rootlesskit to v0.10.0
2020-07-28 11:25:20 +02:00
Akihiro Suda
9dc455dffb
bump up rootlesskit to v0.10.0
...
Fix port forwarder resource leak (https://github.com/rootless-containers/rootlesskit/issues/153 ).
Changes: https://github.com/rootless-containers/rootlesskit/compare/v0.9.5...v0.10.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 5bc41368d9
2020-07-28 17:01:10 +09:00
Akihiro Suda
c200868fa2
Merge pull request #41271 from thaJeztah/19.03_backport_remove_dockerproject_from_tests
...
[19.03 backport] Remove apt.dockerproject.org from test
2020-07-28 16:44:42 +09:00
