Commit graph

413 commits

Author SHA1 Message Date
Paweł Gronowski
c8134fa046
vendor: github.com/moby/buildkit v0.12.4
full diff: https://github.com/moby/buildkit/compare/v0.12.3...v0.12.4

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-12-04 10:56:20 +01:00
Sebastiaan van Stijn
faa843fcef
vendor: github.com/gorilla/mux v1.8.1
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 12:48:09 +01:00
Sebastiaan van Stijn
028ed1bb22
vendor: github.com/spf13/cobra v1.8.0
full diff: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 11:01:59 +01:00
Sebastiaan van Stijn
2f28582b55
vendor: github.com/Microsoft/hcsshim v0.11.4
full diff: https://github.com/Microsoft/hcsshim/compare/v0.11.1...v0.11.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-19 13:12:22 +01:00
Sebastiaan van Stijn
fb53da508f
vendor: github.com/opencontainers/runc v1.1.10
- full diff: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.10

This is the tenth (and most likely final) patch release in the 1.1.z
release branch of runc. It mainly fixes a few issues in cgroups, and a
umask-related issue in tmpcopyup.

- Add support for `hugetlb.<pagesize>.rsvd` limiting and accounting.
  Fixes the issue of postgres failing when hugepage limits are set.
- Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation.
- libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes`
  (fixes the compatibility with Linux kernel 6.1+).
- Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-13 16:26:29 +01:00
Sebastiaan van Stijn
981a878cf5
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
0b8c1f4e07...fa09c952e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 23:23:37 +01:00
Sam Whited
8074e7a437
Bump go-connections for TLS 1.3 support
Fixes 40495

Signed-off-by: Sam Whited <sam@samwhited.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 17:58:50 +01:00
Evan Lezar
49e04102c1 Update container-device-interface to v0.6.2
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:00:19 +01:00
Sebastiaan van Stijn
38c4ceb00a
vendor: github.com/containerd/containerd v1.7.8
release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8
full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8

Notable Updates

- Fix ambiguous TLS fallback
- Update Go to 1.20.10
- Add a new image label on converted schema 1 images
- Fix handling for missing basic auth credentials
- Fix potential deadlock in create handler for containerd-shim-runc-v2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:44:49 +02:00
Sebastiaan van Stijn
34f5793521
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:43:19 +02:00
Sebastiaan van Stijn
bd23c7729e
vendor: golang.org/x/tools v0.10.0
full diff:  https://github.com/golang/tools/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:36:59 +02:00
Sebastiaan van Stijn
205e4de3fd
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:35:25 +02:00
Sebastiaan van Stijn
df3a321164
migrate to github.com/moby/sys/user
The github.com/opencontainers/runc/libcontainer/user package was moved
to a separate module. While there's still uses of the old module in
our code-base, runc itself is migrating to the new module, and deprecated
the old package (for runc 1.2).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 15:45:02 +02:00
Sebastiaan van Stijn
f2c67ea82f
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 16:32:24 +02:00
Bjorn Neergaard
619d98ab49
vendor: github.com/moby/buildkit v0.12.3
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-10-20 12:01:52 -06:00
Sebastiaan van Stijn
7bb54c3dc5
vendor: gotest.tools/v3 v3.5.1
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-18 14:37:07 +02:00
Sebastiaan van Stijn
70589b8548
Merge pull request #46665 from thaJeztah/update_image_spec
vendor: github.com/opencontainers/image-spec v1.1.0-rc5 and use OCI consts
2023-10-18 10:23:22 +02:00
Sebastiaan van Stijn
1f965317b6
Merge pull request #46457 from thaJeztah/bump_swarmkit
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
2023-10-18 10:20:38 +02:00
Sebastiaan van Stijn
e3feb05175
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-17 14:03:41 +02:00
Sebastiaan van Stijn
26730c891a
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-16 20:37:51 +02:00
Sebastiaan van Stijn
919fe72f60
vendor: github.com/moby/buildkit v0.12.3-dev
update buildkit to the latest code in the v0.12 branch:

full diff: f94ed7cec3...6560bb937e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-10-13 17:05:56 -07:00
Sebastiaan van Stijn
80a9fc6d36
Merge pull request #46565 from vvoland/c8d-mirrors-fix
daemon/RegistryHosts: Don't lose mirrors
2023-10-13 22:31:24 +02:00
Paweł Gronowski
c5389354ac
Merge pull request #46542 from thaJeztah/update_distribution_2.8.3
vendor: github.com/docker/distribution v2.8.3
2023-10-12 12:13:15 +02:00
Sebastiaan van Stijn
aacd100a70
Merge pull request #46623 from thaJeztah/bump_x_net
vendor: golang.org/x/net v0.17.0
2023-10-12 11:15:22 +02:00
Sebastiaan van Stijn
1800dd0876
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.13.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:58:01 +02:00
Sebastiaan van Stijn
1946aead21
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.11.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:57:10 +02:00
Sebastiaan van Stijn
0679ae984b
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.11.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:56:07 +02:00
Sebastiaan van Stijn
bc33c27796
vendor: golang.org/x/sys v0.13.0
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:55:24 +02:00
Sebastiaan van Stijn
db806533e6
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
full diff: 12f0c246fe...f082dd7a0c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 17:54:24 +02:00
Sebastiaan van Stijn
b81b27c21f
vendor: github.com/go-logr/logr v1.2.4
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 17:54:24 +02:00
Sebastiaan van Stijn
cff4f20c44
migrate to github.com/containerd/log v0.1.0
The github.com/containerd/containerd/log package was moved to a separate
module, which will also be used by upcoming (patch) releases of containerd.

This patch moves our own uses of the package to use the new module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 17:52:23 +02:00
Sebastiaan van Stijn
e1d0aacb6a
vendor: github.com/docker/distribution v2.8.3
- Fix storageDriver gcs not registered in binaries
- reference: replace uses of deprecated function SplitHostname
- Dont parse errors as JSON unless Content-Type is set to JSON
- update to go1.20.8
- Set Content-Type header in registry client ReadFrom
- deprecate reference package, migrate to github.com/distribution/reference
- digestset: deprecate package in favor of go-digest/digestset
- Do not close HTTP request body in HTTP handler

full diff: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 17:11:25 +02:00
Paweł Gronowski
aca9ea42bd
vendor: github.com/moby/buildkit 0.12.3-dev
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-10-11 11:44:03 +02:00
Sebastiaan van Stijn
a293cd6ab9
vendor: github.com/containerd/containerd v1.7.7
full diff: https://github.com/containerd/containerd/compare/v1.7.6...v1.7.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-10 14:47:44 +02:00
Sebastiaan van Stijn
2edb858b18
vendor: golang.org/x/net v0.13.0, golang.org/x/crypto v0.11.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.13.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-10 12:35:40 +02:00
Sebastiaan van Stijn
87de23a6cd
vendor: golang.org/x/text v0.11.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-10 12:31:52 +02:00
Bjorn Neergaard
16063c7456
vendor.mod: bump go line to 1.20
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-09-28 10:01:25 -06:00
Drew Erny
42a51cb285 Add support for swarm seccomp and apparmor
And also no-new-privileges

Signed-off-by: Drew Erny <derny@mirantis.com>
2023-09-25 12:38:26 -05:00
Bjorn Neergaard
c217e3c87a
vendor: github.com/moby/buildkit v0.12.2
The following changes were required:
* integration/build: progressui's signature changed in 6b8fbed01e
* builder-next: flightcontrol.Group has become a generic type in 8ffc03b8f0
* builder-next/executor: add github.com/moby/buildkit/executor/resources types, necessitated by 6e87e4b455
* builder-next: stub util/network/Namespace.Sample(), necessitated by 963f16179f

Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-09-21 14:18:45 -06:00
Bjorn Neergaard
fd6dd6935b
vendor: github.com/containerd/containerd v1.7.6
The DeepEqual ignore required in the daemon tests is a bit ugly, but it
works given the new protoc output.

We also have to ignore lints related to schema1 deprecations; these do
not apply as we must continue to support this schema version.

Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-09-21 14:18:40 -06:00
Sebastiaan van Stijn
e852ba55a5
vendor: github.com/Microsoft/hcsshim v0.11.1
full diff: https://github.com/Microsoft/hcsshim/compare/v0.9.10...v0.11.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 08:37:39 +02:00
Sebastiaan van Stijn
554036040b
vendor: github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
full diff: 43070de90f...ced1acdcaa

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:18:49 +02:00
Sebastiaan van Stijn
6fc3ead321
vendor: google.golang.org/grpc v1.56.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:30 +02:00
Sebastiaan van Stijn
73041028b6
vendor: google.golang.org/protobuf v1.31.0
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.30.0...v1.31.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:30 +02:00
Sebastiaan van Stijn
54dc8d2968
vendor: github.com/cenkalti/backoff/v4 v4.2.1
no local changes

full diff: https://github.com/cenkalti/backoff/compare/v4.2.0...v4.2.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:30 +02:00
Sebastiaan van Stijn
d97e4300ee
vendor: google.golang.org/api v0.114.0
full diff:

- https://github.com/googleapis/google-api-go-client/compare/v0.110.0...v0.114.0
- https://github.com/googleapis/gax-go/compare/v2.7.0...v2.7.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:30 +02:00
Sebastiaan van Stijn
d50585b05b
vendor: golang.org/x/tools v0.8.0
full diff: https://github.com/golang/tools/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:29 +02:00
Sebastiaan van Stijn
51d8a975ab
vendor: golang.org/x/oauth2 v0.7.0
full diff: https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:29 +02:00
Sebastiaan van Stijn
9670db3904
vendor: golang.org/x/crypto v0.9.0
full diff: https://github.com/golang/crypto/compare/v0.3.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:29 +02:00
Sebastiaan van Stijn
a046616249
vendor: golang.org/x/sys v0.10.0
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-18 18:17:29 +02:00