Commit Graph

3729 Commits

Author SHA1 Message Date
Sebastiaan van Stijn cc60026c7b
update to go1.19.4
Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).

These minor releases include 2 security fixes following the security policy:

- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows

  The os.DirFS function and http.Dir type provide access to a tree of files
  rooted at a given directory. These functions permitted access to Windows
  device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
  would open the COM1 device.
  Both os.DirFS and http.Dir only provide read-only filesystem access.

  In addition, on Windows, an os.DirFS for the directory \(the root of the
  current drive) can permit a maliciously crafted path to escape from the
  drive and access any path on the system.

  The behavior of os.DirFS("") has changed. Previously, an empty root was
  treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
  path "/tmp". This now returns an error.

  This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.

- net/http: limit canonical header cache by bytes, not entries

  An attacker can cause excessive memory growth in a Go server accepting
  HTTP/2 requests.

  HTTP/2 server connections contain a cache of HTTP header keys sent by
  the client. While the total number of entries in this cache is capped,
  an attacker sending very large keys can cause the server to allocate
  approximately 64 MiB per open connection.

  This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
  manually configuring HTTP/2.

  Thanks to Josselin Costanzi for reporting this issue.

  This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4

And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved

Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4

The golang.org/x/net fix is in 1e63c2f08a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-07 10:22:50 +01:00
Guillaume Lours 6b4ad0d1db
Merge pull request #10047 from thaJeztah/cleanup_output
Cleanup tips from output
2022-12-06 23:37:38 +01:00
Sebastiaan van Stijn 87a0a57f70 Cleanup tips from output
The scan tip has been shown for two years, and most users will know
about it by now. Presenting the message also involved checking if the
plugin was installed, and wether or not the message was shown before,
which also caused some overhead, so cleaning up the output a bit.

The corresponding DOCKER_SCAN_SUGGEST environment-variable is also
removed with this.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:29:03 +01:00
Guillaume Lours c80d52aded
Merge pull request #10049 from glours/fix-flaky-tests
check only running containers in after down tests of profiles e2e tests
2022-12-06 23:28:51 +01:00
Guillaume Lours 95bc6c58b7
check only running containers in after down tests of profiles e2e tests
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-12-06 23:17:14 +01:00
Laura Brehm be30c67633
Merge pull request #10045 from docker/dependabot/go_modules/go.opentelemetry.io/otel-1.11.2
build(deps): bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2
2022-12-06 13:24:33 +00:00
Laura Brehm 57a1e1e0df
Update `e2e` mod deps
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-12-06 13:13:17 +00:00
dependabot[bot] 02305756b3
build(deps): bump go.opentelemetry.io/otel from 1.11.1 to 1.11.2
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.11.1 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.11.1...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-06 09:07:31 +00:00
Guillaume Lours 12dad4f8d0
Merge pull request #10030 from ndeloof/max_concurrency
introduce --parallel to limit concurrent engine calls
2022-12-06 09:45:57 +01:00
Nicolas De Loof a0acc20d88
introduce --parallel to limit concurrent engine calls
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-06 08:15:50 +01:00
Milas Bowman 053f20edab
port: improve error-handling if port not found (#10039)
This method looked slightly incomplete. If the port wasn't found,
it'd return `err`, but that was always `nil`, so we'd print out
`:0`.

Now, we construct a nice error message with the targeted port and
the ones we found.

The `--protocol` flag is also now case-insensitive to prevent any
weirdness/confusion there.

Co-authored-by: Nick Sieger <nicksieger@gmail.com>
Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-05 22:11:45 +00:00
Guillaume Lours 6ed9a7928f
Merge pull request #10037 from milas/go-1.19.3
ci: upgrade to Go 1.19.3 & bump deps
2022-12-02 17:40:50 +01:00
Milas Bowman 9b8d520b7d ci: upgrade to Go 1.19.3 & bump deps
Upgrade to Go 1.19.3 (from 1.19.2) and bump a couple dependencies.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 11:24:46 -05:00
Milas Bowman 113fb6732d
schema: add support for tmpfs.mode in mount definition (#10031)
See compose-spec/compose-go#325 for the acutal spec change. This
propagates it to the Engine API object and adds an E2E test via
Cucumber 🥒

Fixes #9873.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 11:21:53 -05:00
Milas Bowman b9e5f9e917
test: speed up Cucumber stop test (#10032)
Evidently `ping` doesn't respond to `SIGTERM`, so use `init` to
get Tini supervising it. This changes the exit code to 143 since
it's not hitting the 10s timeout and getting a `SIGKILL` (137).

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
2022-12-02 09:34:06 -05:00
i-ky c74a77e895 Make use of Containers.filter() and isService()
Signed-off-by: i-ky <gl.ivanovsky@gmail.com>
2022-12-02 12:16:35 +01:00
i-ky 7f975fa40b Fix replacing "service:x" with "container:y"
Signed-off-by: i-ky <gl.ivanovsky@gmail.com>
2022-12-02 12:16:35 +01:00
Guillaume Lours 7cf5940f4a
Merge pull request #10035 from ndeloof/9323
use StringToBool to detect COMPOSE_IGNORE_ORPHANS
2022-12-01 10:06:21 +01:00
Nicolas De Loof 7369127650
use StringToBool to detect COMPOSE_IGNORE_ORPHANS
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-12-01 09:38:57 +01:00
windforce17 2e7644ff21 use api.Separator to print right image names
Signed-off-by: windforce17 <wzcboss@qq.com>
2022-12-01 09:20:09 +01:00
Nicolas De Loof 8f2b747104 use DistributionInspect to resolve image digest
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-30 21:18:18 +01:00
Nicolas De Loof 9ac4f69918 move image digests resolution to backend
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-30 21:18:18 +01:00
NitishKumar06 2bef9769e5 Broken Link fixed in compose docs
Signed-off-by: NitishKumar06 <justnitish06@gmail.com>
2022-11-30 17:33:58 +01:00
Guillaume Lours 707d55c77f add file header and cleanup profiles e2e tests
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-30 13:21:16 +01:00
Guillaume Lours 5edd783032 add e2e tests to check profile activation via targeted service
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-30 13:21:16 +01:00
Guillaume Lours 6fbef29619 add e2e tests to check no profile usages
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-30 13:21:16 +01:00
Guillaume Lours 7fe43a8b4a add e2e tests using explicitly profiles
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-30 13:21:16 +01:00
Guillaume Lours 24ec0b2d09 pass services list to projectOrName function to add profiles for targeted services
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-30 13:21:16 +01:00
Nicolas De Loof ed38fe0da8 only stop services started by `up` on interruption
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-30 08:07:20 +01:00
Umar Faruq Chowdhury 06e71371ff
docs: fix grammatical issues (#9997)
Signed-off-by: Umar Chowdhury <umarfchy@gmail.com>
Co-authored-by: Milas Bowman <milasb@gmail.com>
2022-11-29 10:52:22 -05:00
Nicolas De Loof fb5b90ed47 implement support for oom_score_adj
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-25 09:03:12 +01:00
Guillaume Lours 10a5d998e6 useDockerDefaultOrServicePlatform fct should return service.platform if defined
and present in the build.platforms list (or if the list is empty)

Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-25 09:03:03 +01:00
Nicolas De Loof c3e5e49957 configure buildx for plain output if --ansi=never has been set
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-24 16:02:04 +01:00
Guillaume Lours 770281e9d5
Merge pull request #10016 from glours/fix-docs-pr-creation-workflow
change the default branch of the doc repository
2022-11-23 17:03:59 +01:00
Guillaume Lours 4bf98c7053
change the default branch of the doc repository
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-23 16:28:16 +01:00
Laura Brehm 8c5d7baa7d
Merge pull request #9995 from docker/dependabot/go_modules/github.com/containerd/containerd-1.6.10
build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10
2022-11-21 18:33:29 +01:00
Laura Brehm d7a24e9c81
Update `e2e` module deps
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-11-21 18:22:15 +01:00
Guillaume Lours 02818ba6c7
Merge pull request #9998 from glours/display-engine-warnings
display creation warnings from the engine
2022-11-21 15:17:26 +01:00
Guillaume Lours 481ae0aa7d
Merge pull request #9999 from glours/pull-use-default-platform
use platform defined by DOCKER_DEFAULT_PLATFORM when pulling and no service platform defined
2022-11-18 14:27:41 +01:00
Laura Brehm 88c3aaf1bf
Merge pull request #10007 from laurazard/add-build-run
Add `--build` to `compose run`
2022-11-17 20:00:57 +01:00
Nicolas De Loof 19d6ca9c5d ignore error parsing container number label, just warn
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-11-17 15:18:28 +01:00
Laura Brehm 6fe03e935e
Update docs
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-11-17 12:29:19 +01:00
Laura Brehm 35d31cc500
Add `--build` option to `compose run`
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
2022-11-17 00:57:35 +01:00
Guillaume Lours 7c5675c306
use platform defined by DOCKER_DEFAULT_PLATFORM when pulling and no service platform defined
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-16 13:51:44 +01:00
Guillaume Lours ea32fc99e1
Merge pull request #9984 from glours/build-image-depends-on
check if a missing image won't be build via a service declared in depends_on section
2022-11-16 13:04:53 +01:00
Guillaume Lours a077e8a24b display creation warnings from the engine
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-15 18:12:14 +01:00
Guillaume Lours c53539e1cc
Merge pull request #9906 from glours/profiles-priority
use COMPOSE_PROFILES value only if no command line arg profiles used
2022-11-15 18:03:11 +01:00
Guillaume Lours 8c1e2af3e1 add e2e tests to check build dependency between services
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-15 14:43:53 +01:00
Guillaume Lours a9e070206e check if a missing image won't be build via a service declared in depends_on section
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-15 14:43:53 +01:00
Guillaume Lours 32f29b833f add --no-consistency flag to convert command
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
2022-11-15 10:31:59 +01:00