Commit graph

39624 commits

Author SHA1 Message Date
Brian Goff
086a3fa036
Merge pull request #43468 from thaJeztah/20.10_backport_update_go_1.17
[20.10 backport] update to go 1.17.8
2022-04-12 09:41:51 -07:00
Sebastiaan van Stijn
09d6fcdfec
update to go 1.17.8 to address CVE-2022-24921
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921)

go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
and net packages. See the Go 1.17.8 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.7...go1.17.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e781cf5f64)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:10 +02:00
Sebastiaan van Stijn
5957684b2c
Update Go to 1.17.7
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772),
and cmd/go (CVE-2022-23773).

go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic,
math/big packages and to the go command, as well as bug fixes to the compiler,
linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest
packages. See the Go 1.17.7 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.6...go1.17.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cad6c8f7f1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:08 +02:00
Sebastiaan van Stijn
55b72c70ba
Update Go to 1.17.6
go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime,
and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone
on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f85ae526f0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:06 +02:00
Sebastiaan van Stijn
fdf3020bd5
Update Go to 1.17.5
go1.17.5 (released 2021-12-09) includes security fixes to the syscall and net/http
packages. See the Go 1.17.5 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.5+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d620cb6afc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:04 +02:00
Sebastiaan van Stijn
36e164ba80
Update Go to 1.17.4
go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, runtime,
and the go/types, net/http, and time packages. See the Go 1.17.4 milestone on
the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.4+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6bb3891c60)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:02 +02:00
Sebastiaan van Stijn
ecfba8f588
Update Go to 1.17.3
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
See the Go 1.17.3 milestone on our issue tracker for details.

From the announcement e-mail:

[security] Go 1.17.3 and Go 1.16.10 are released

We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:

- archive/zip: don't panic on (*Reader).Open
  Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
  to panic by an attacker providing either a crafted ZIP archive containing
  completely invalid names or an empty filename argument.
  Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
  Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
  golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
  Malformed binaries parsed using Open or OpenFat can cause a panic when calling
  ImportedSymbols, due to an out-of-bounds slice operation.
  Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
  issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ce668d6c1e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:28:01 +02:00
Sebastiaan van Stijn
4e14dcc125
Update Go to 1.17.2
go1.17.2 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the compiler, the runtime, the go command, and
to the time and text/template packages. See the Go 1.17.2 milestone on our issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.2+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e7fb0c8201)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:27:59 +02:00
Sebastiaan van Stijn
c32b5ece31
Update Go to 1.17.1
This includes additional fixes for CVE-2021-39293.

go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package,
as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand,
embed, go/types, html/template, and net/http packages. See the Go 1.17.1 milestone
on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0050ddd43b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:27:57 +02:00
Sebastiaan van Stijn
7096508811
vendor: update archive/tar to match Go 1.17.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit aa606307b7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:27:55 +02:00
Sebastiaan van Stijn
a1150245cc
Update to Go 1.17.0, and gofmt with Go 1.17
Movified from 686be57d0a, and re-ran
gofmt again to address for files not present in 20.10 and vice-versa.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 686be57d0a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:27:50 +02:00
Sebastiaan van Stijn
95cc7115fb
hack/vendor.sh: allow go version to be specified with .0
Golang '.0' releases are released without a trailing .0 (i.e. go1.17
is equal to go1.17.0). For the base image, we want to specify the go
version including their patch release (golang:1.17 is equivalent to
go1.17.x), so adjust the script to also accept the trailing .0, because
otherwise the download-URL is not found:

    hack/vendor.sh archive/tar
    update vendored copy of archive/tar
    downloading: https://golang.org/dl/go1.17.0.src.tar.gz
    curl: (22) The requested URL returned error: 404

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9ed88a0801)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:26:34 +02:00
Sebastiaan van Stijn
949c33b1c5
vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8,
2021) or later, see https://github.com/golang/go/issues/45702. While this seems
to affect macOS only, let's update to the latest version.

full diff: d19ff857e8...63515b42dc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d48c8b70a1)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:26:32 +02:00
Sebastiaan van Stijn
8392285876
vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
full diff: b64e53b001...d19ff857e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f0d3e905b6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 23:26:29 +02:00
Brian Goff
9ee5abed9c
Merge pull request #43470 from thaJeztah/20.10_backport_bump_buildx_0.8.2
[20.10 backport] testing: install buildx from binary, and update to v0.8.2
2022-04-07 12:36:23 -07:00
Sebastiaan van Stijn
4e81bcf380
Makefile: update buildx to v0.8.2
release notes: https://github.com/docker/buildx/releases/tag/v0.8.2

Notable changes:

- Update Compose spec used by buildx bake to v1.2.1 to fix parsing ports definition
- Fix possible crash on handling progress streams from BuildKit v0.10
- Fix parsing groups in buildx bake when already loaded by a parent group

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ae7d3efafd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 10:56:43 +02:00
Sebastiaan van Stijn
74e699c8d3
Makefile: update buildx version to v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 22316ff1d8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 10:56:21 +02:00
Sebastiaan van Stijn
bc3cc2e7ac
Makefile: install buildx from binary release, instead of building
This was originally added in 833444c0d6,
at which time buildx did not yet have a release, so we had to build
from source.

Now that buildx has binary releases on GitHub, we should be able to
consume those binaries instead of building.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 151ec207b9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-07 10:55:22 +02:00
Sebastiaan van Stijn
811795ccd7
Merge pull request #43454 from thaJeztah/20.10_update_distribution
[20.10] vendor: github.com/docker/distribution v2.8.1
2022-04-05 13:44:22 +02:00
Sebastiaan van Stijn
ae7f230408
Merge pull request #43460 from thaJeztah/20.10_backport_docs_fixes
[20.10 backport] docs: assorted fixes in swagger files
2022-04-05 13:43:10 +02:00
Sebastiaan van Stijn
492fac20af
api: docs: fix indentation of HostConfig.SecurityOpt (v1.39-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0759f013a4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:30:05 +02:00
Sebastiaan van Stijn
3cba2682d8
api: docs: move ContainerWaitResponse to definitions (v1.39-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 352d1bb8e0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:30:02 +02:00
Sebastiaan van Stijn
55e71450ae
api: docs: move VolumeCreateOptions to definitions (v1.39-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 444b27910c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:30:00 +02:00
Sebastiaan van Stijn
c54362cd64
api: docs: move Volume examples inline (v1.39-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5c0aae359f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:29:57 +02:00
Daniel Black
c60ff9b296
doc: server API Correct ImagesCreate - platform parameter added in 1.32
closes: docker/docker.github.io#9305

Signed-off-by: Daniel Black <daniel@linux.ibm.com>
(cherry picked from commit 521ac858e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:29:27 +02:00
Sebastiaan van Stijn
7a45f7a8cc
docs: cleanup swagger API with multiple examples (v1.25-v1.41)
Applies the changes from 3671cb90a3 to
the swagger files used for the documentation.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8ac2f84f9a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:29:11 +02:00
Niel Drummond
29bb9204bf
api: docs: add IPAMConfig on IPAM (v1.41)
Signed-off-by: Niel Drummond <niel@drummond.lu>
(cherry picked from commit abc2f095ab)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:28:54 +02:00
Sebastiaan van Stijn
77f6564369
api: docs: document MountPoint fields (v1.25-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0a438f2612)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:28:14 +02:00
Sebastiaan van Stijn
51ea235ab8
api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
This field was used when Windows did not yet support regular images, and required
the base-image to pre-exist on the Windows machine (as those layers were not yet
allowed to be distributed).

Commit f342b27145 (docker 1.13.0, API v1.25) removed
usage of the field. The field was not documented in the API, but because it was not
removed from the Golang structs in the API, ended up in the API documentation when
we switched to using Swagger instead of plain MarkDown for the API docs.

Given that the field was never set in any of these API versions, and had an "omitempty",
it was never actually returned in a response, so should be fine to remove from these
API docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8e9c8ff7f2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:27:54 +02:00
Sebastiaan van Stijn
3d6b4ae572
Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c04dff7623)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:27:27 +02:00
Michael Weidmann
6e8b9809b7
Correct type of Mounts in ContainerSummary in docs
Signed-off-by: Michael Weidmann <michaelweidmann@web.de>
(cherry picked from commit 16e3ca35eb)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:27:24 +02:00
Sebastiaan van Stijn
621a98dac0
api: docs: fix warning about comment indentation (API v1.40-v1.41)
5428:7 warning comment not indented like content (comments-indentation)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d19dd22257)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:27:02 +02:00
Sebastiaan van Stijn
bb9ef98060
api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
- rename definition in swagger from `Image` to `ImageInspect` to match the go type
- improve (or add) documentation for various fields
- move example values in-line in the "definitions" section
- remove the `required` fields from `ImageInspect`, as the type is only used as
  response type (not to make requests).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9565606222)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:26:59 +02:00
Sebastiaan van Stijn
88ca5cec4e
daemon: fix error-message for minimum allowed kernel-memory limit
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3c44ade6d0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:26:18 +02:00
Sebastiaan van Stijn
3ea996abd7
docs: add missing KernelMemoryTCP to api v1.40 and v1.41
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9f3c238c29)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:26:16 +02:00
Sebastiaan van Stijn
b475bc95cd
docs/api: add missing 400 response for POST /containers/{id}/wait
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5e2b7dea02)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:26:14 +02:00
Sebastiaan van Stijn
ae07b3cc96
docs/api: update /containers/{id}/wait "condition" parameter (v1.30-v1.41)
This patch updates the swagger, and:

- adds an enum definition to document valid values (instead of describing them)
- updates the description to mention both "omitted" and "empty" values (although
  the former is already implicitly covered by the field being "optional" and
  having a default value).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 41b137962d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 19:26:12 +02:00
Sebastiaan van Stijn
19555fa92d
[20.10] vendor: github.com/docker/distribution v2.8.1
equivalent of b92af14a1c, for 20.10.x

no changes to code we use, but the v2.8.0 module was borked

full diff: https://github.com/docker/distribution/compare/v2.8.0...v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-04 11:17:29 +02:00
Tianon Gravi
4e188b8a49
Merge pull request #43426 from thaJeztah/20.10_backport_info_counters_rwmutex
[20.10 backport] daemon: use RWMutex for stateCounter
2022-03-25 15:49:29 -07:00
Sebastiaan van Stijn
339d7bdd7d
Merge pull request #43406 from dims/cherry-pick-thaJeztah-errdefs_reduce_client_deps_alternative
[20.10] errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
2022-03-25 14:52:59 +01:00
Sebastiaan van Stijn
32fe0bbb91
daemon: use RWMutex for stateCounter
Use an RWMutex to allow concurrent reads of these counters

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 699174347c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-25 09:38:53 +01:00
Tianon Gravi
1881be2de5
Merge pull request #43360 from Nossnevs/backport-21.x-linux-routeoverlaps-link-only-42598
[20.10 backport] Only check if route overlaps routes with scope: LINK
2022-03-24 16:54:51 -07:00
Sebastiaan van Stijn
af05807928
Merge pull request #43356 from awmirantis/20.10-bump-swarmkit-increase-config-size
[20.10] Bump swarmkit for change to max config size
2022-03-24 20:23:48 +01:00
Sebastiaan van Stijn
ed8fb00b65
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.

While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;

- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc

This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
 api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.

The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.

Why not move it into the api/server/httputils package?

The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 85b7df5ead93a79ed6c8ef83535c153f65ef116d)
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
(cherry picked from commit b9af850d5d232d2d8e0800f4f0d7ceceb5bf84ff)
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-03-24 14:16:40 -04:00
tonic
3bd611d7a5
log error message when receiving an unexpected type error
Signed-off-by: tonic <tonicbupt@gmail.com>
(cherry picked from commit 24aaa7f8c9)
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2022-03-24 14:16:29 -04:00
Sebastiaan van Stijn
66a96760b2
Merge pull request #43407 from dims/cherry-pick-remove_containerd_from_client
[20.10] Remove containerd "platform" dependency from client
2022-03-24 19:12:03 +01:00
Sebastiaan van Stijn
87a90dc786
Merge pull request #43417 from thaJeztah/20.10_update_containerd_binary_1.5.11
[20.10] update containerd binary to 1.5.11
2022-03-24 02:37:51 +01:00
Sebastiaan van Stijn
7dfe7a1752
[20.10] update containerd binary to 1.5.11
The eleventh patch release for containerd 1.5 includes a fix for
[CVE-2022-24769](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c).

Notable Updates:

- **Fix the inheritable capability defaults** ([GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c))

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 00:50:43 +01:00
Sebastiaan van Stijn
7f375bcff4
Merge pull request from GHSA-2mm7-x5h6-5pvq
[20.10] oci: inheritable capability set should be empty
2022-03-23 22:10:17 +01:00
Sebastiaan van Stijn
cf0abad081
Merge pull request #43416 from thaJeztah/20.10_update_containerd2
[20.10] vendor: containerd 7cfa023d95d37076d5ab035003d4839f4b6ba791
2022-03-23 21:26:07 +01:00