InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
55,118 Commits 21 Branches 532 Tags
bda87b7de87be2bea500b5fe0afde2fb38e99b88
Commit Graph

140 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
bda87b7de8 vendor: golang.org/x/crypto v0.45.0 
full diff: https://github.com/golang/crypto/compare/v0.44.0...v0.45.0

Hello gophers,

We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.

This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.

SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58181 and Go issue https://go.dev/issue/76363.

SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-47914 and Go issue https://go.dev/issue/76364.

Cheers, Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 17:33:39 +01:00
Paweł Gronowski
c592d02dfc Merge pull request #51594 from thaJeztah/bump_x_deps 
vendor: update various golang.org/x/xxx dependencies
 2025-11-26 17:28:55 +01:00
Sebastiaan van Stijn
a3916290da vendor: golang.org/x/mod v0.30.0 
full diff: https://github.com/golang/mod/compare/v0.29.0...v0.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 14:31:44 +01:00
Sebastiaan van Stijn
10d68d4399 vendor: golang.org/x/net v0.47.0 
full diff: https://github.com/golang/net/compare/v0.46.0...v0.47.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 14:15:14 +01:00
Sebastiaan van Stijn
633acaa5b3 vendor: golang.org/x/crypto v0.44.0 
full diff: https://github.com/golang/crypto/compare/v0.43.0...v0.44.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 14:14:35 +01:00
Sebastiaan van Stijn
e4900958c3 vendor: golang.org/x/text v0.31.0 
full diff: https://github.com/golang/text/compare/v0.30.0...v0.31.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 14:09:23 +01:00
Sebastiaan van Stijn
bd79eb0da5 vendor: golang.org/x/tools v0.38.0 
full diff: https://github.com/golang/tools/compare/v0.37.0...v0.38.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 14:08:41 +01:00
Sebastiaan van Stijn
421bda22d1 vendor: golang.org/x/sync v0.18.0 
full diff: https://github.com/golang/sync/compare/v0.17.0...v0.18.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 13:43:51 +01:00
Sebastiaan van Stijn
3054fdd8b2 vendor: golang.org/x/sys v0.38.0 
- cpu: add HPDS, LOR, PAN detection for arm64
- cpu: also use MRS instruction in getmmfr1
- cpu: use MRS instruction to read arm64 system registers
- unix: add consts for ELF handling
- unix: add SetMemPolicy and its mode/flag values
- unix: add SizeofNhmsg and SizeofNexthopGrp
- windows: add iphlpapi routing functions

full diff: https://github.com/golang/sys/compare/v0.37.0...v0.38.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 13:39:03 +01:00
Sebastiaan van Stijn
997837376a vendor: github.com/cloudflare/circl v1.6.1 
- fixes [GHSA-2x5j-vhc8-9cwm]: CIRCL-Fourq: Missing and wrong validation
  can lead to incorrect results

full diff: https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1

[GHSA-2x5j-vhc8-9cwm]: https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-26 13:30:29 +01:00
Brian Goff
6e52828ec3 Merge pull request #51517 from corhere/opencensus-bridge 
daemon: install OpenCensus-to-OTEL trace bridge
 2025-11-20 11:07:51 -08:00
Tonis Tiigi
54d269a3b4 vendor: update buildkit to v0.26.2 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2025-11-20 13:27:49 +00:00
Tonis Tiigi
774bb532f1 vendor: update buildkit to v0.26.1 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2025-11-17 16:16:43 +00:00
Akihiro Suda
57e8ef9d30 Merge pull request #51484 from thaJeztah/vendor_oci_cgroups 
vendor: github.com/opencontainers/cgroups v0.0.6
 2025-11-14 11:32:06 -05:00
Albin Kerouanton
c151d52562 Merge pull request #51525 from akerouanton/revendor-ishidawataru-sctp 
vendor: github.com/ishidawataru/sctp v0.0.0-20251114114122-1
 2025-11-14 16:05:37 +01:00
Albin Kerouanton
49c8d77639 vendor: github.com/ishidawataru/sctp v0.0.0-20251114114122-1 
full diff: 4b890084db..19ddcbc6aa

Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
 2025-11-14 12:59:14 +01:00
Cory Snider
4535d63c91 daemon: install OpenCensus-to-OTEL trace bridge 
Export trace spans from the github.com/microsoft/hcsshim module, which
is instrumented with OpenCensus, to the daemon's OpenTelemetry exporter
to provide more visibility into Windows container lifecycle operations.

Signed-off-by: Cory Snider <csnider@mirantis.com>
 2025-11-13 15:00:05 -05:00
Jonathan A. Sternberg
17a3357e32 vendor: github.com/moby/buildkit v0.26.0 
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
 2025-11-12 15:53:45 -06:00
Sebastiaan van Stijn
16b95ba758 go.mod: add back replace rules 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-12 15:43:16 +01:00
Tonis Tiigi
3874ca5984 vendor: update buildkit to v0.26.0-rc2 
Currently requires replace rule for swarmkit etcd.

BuildKit itself doesn't use etcd but version gets bumped
via unused dependency.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:15:07 +01:00
Sebastiaan van Stijn
d558896fae vendor: github.com/secure-systems-lab/go-securesystemslib v0.9.1 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:54 +01:00
Sebastiaan van Stijn
bb07fdcd14 vendor: github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:54 +01:00
Sebastiaan van Stijn
f1d0fe47c9 vendor: github.com/golang-jwt/jwt/v5 v5.3.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:54 +01:00
Sebastiaan van Stijn
79344e1c9a vendor: github.com/gofrs/flock v0.13.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:53 +01:00
Sebastiaan van Stijn
d36617d2c1 vendor: github.com/containerd/nydus-snapshotter v0.15.4 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:53 +01:00
Sebastiaan van Stijn
1e48c34345 vendor: github.com/containerd/stargz-snapshotter/estargz v0.17.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:53 +01:00
Sebastiaan van Stijn
c169cc9629 vendor: github.com/google/certificate-transparency-go v1.3.2 
full diff: https://github.com/google/certificate-transparency-go/compare/v1.1.4...v1.3.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:53 +01:00
Sebastiaan van Stijn
940c8d6b71 vendor: cloud.google.com/go v0.121.6 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 23:14:52 +01:00
Sebastiaan van Stijn
ce739870fb vendor: github.com/opencontainers/cgroups v0.0.6 
- config: switch PidsLimit to *int64
- fs2: add iocost statistics
- systemd: retry when the dbus connection returns EAGAIN
- fs: fix/improve cpuacct.usage_all parsing

full diff: https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 19:23:01 +01:00
Sebastiaan van Stijn
f740e0fefa vendor: github.com/containerd/containerd/v2 v2.2.0 
full diff: https://github.com/containerd/containerd/compare/v2.1.5...v2.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 16:13:34 +01:00
Sebastiaan van Stijn
1639703e56 vendor: github.com/containernetworking/plugins v1.8.0 
full diff: https://github.com/containernetworking/plugins/compare/v1.7.1...v1.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 16:13:31 +01:00
Sebastiaan van Stijn
e4278c4c54 vendor: github.com/containerd/go-cni v1.1.13 
full diff: https://ithub.com/containerd/go-cni/compare/v1.1.12...v1.1.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 16:12:25 +01:00
Sebastiaan van Stijn
7c798d012a vendor: sigs.k8s.io/yaml v1.6.0 
full diff: https://github.com/kubernetes-sigs/yaml/compare/v1.4.0...v1.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 16:12:25 +01:00
Sebastiaan van Stijn
d8f2aa4e3b vendor: github.com/containerd/containerd/api v1.10.0 
full diff: https://github.com/containerd/containerd/compare/api/v1.9.0...api/v1.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 16:12:24 +01:00
Tonis Tiigi
0a494a7303 vendor: github.com/moby/swarmkit/v2 v2.1.2-0.20251110192100-17b8d222e7dd 
Brings in etcd update to v3.6.5

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 14:58:36 +01:00
Sebastiaan van Stijn
bba948f4ab Merge pull request #51479 from thaJeztah/bump_hcsshim 
vendor: github.com/Microsoft/hcsshim v0.14.0-rc.1
 2025-11-11 14:43:58 +01:00
Sebastiaan van Stijn
a040664176 vendor: github.com/Microsoft/hcsshim v0.14.0-rc.1 
full diff: https://github.com/Microsoft/hcsshim/compare/v0.13.0...v0.14.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 13:22:25 +01:00
Sebastiaan van Stijn
e65995d896 vendor: google.golang.org/grpc v1.76.0, google.golang.org/protobuf v1.36.10 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 13:12:09 +01:00
Sebastiaan van Stijn
65bb1bb21f vendor: go.opentelemetry.io/otel v1.38.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 13:12:08 +01:00
Sebastiaan van Stijn
4b2e073bdb Merge pull request #51473 from thaJeztah/bump_compress 
vendor: github.com/klauspost/compress v1.18.1
 2025-11-11 13:11:50 +01:00
Sebastiaan van Stijn
b66e501cad Merge pull request #51474 from thaJeztah/bump_google_logging 
vendor: cloud.google.com/go/logging v1.13.0
 2025-11-11 12:55:58 +01:00
Sebastiaan van Stijn
9e86f904d7 Merge pull request #51472 from thaJeztah/bump_prometheus 
vendor: golang.org/x/oauth2 v0.30.0, github.com/prometheus/client_golang v1.23.2
 2025-11-11 12:31:20 +01:00
Sebastiaan van Stijn
409d0cf4fc Merge pull request #51470 from thaJeztah/bump_cgroups 
vendor: github.com/containerd/cgroups/v3 v3.1.0
 2025-11-11 12:30:18 +01:00
Sebastiaan van Stijn
7eaf25ee59 vendor: cloud.google.com/go/logging v1.13.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 11:20:47 +01:00
Sebastiaan van Stijn
3f6f3b9ed2 vendor: cloud.google.com/go/compute/metadata v0.8.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 11:20:47 +01:00
Sebastiaan van Stijn
94eb87f4c0 vendor: github.com/klauspost/compress v1.18.1 
full diff: https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 11:18:07 +01:00
Sebastiaan van Stijn
1621c4e7ad vendor: github.com/prometheus/client_golang v1.23.2 
full diff: https://github.com/prometheus/client_golang/compare/v1.22.0...v1.23.2

Also updating to go.yaml.in/yaml/v2 v2.4.3

- Retract v2 tags that cannot be installed

full diff: https://github.com/yaml/go-yaml/compare/v2.4.2...v2.4.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 10:33:47 +01:00
Sebastiaan van Stijn
efc3e93b1e vendor: golang.org/x/oauth2 v0.30.0 
full diff: https://github.com/golang/oauth2/compare/v0.29.0...v0.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 10:33:46 +01:00
Sebastiaan van Stijn
e773a0cf50 vendor: github.com/vbatts/tar-split v0.12.2 
- archive/tar: set a limit on the size of GNU sparse file 1.0 regions
- fixes CVE-2025-58183

full diff: https://github.com/vbatts/tar-split/compare/v0.12.1...v0.12.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 10:07:19 +01:00
Sebastiaan van Stijn
ebcf9bb0c4 vendor: github.com/containerd/cgroups/v3 v3.1.0 
Notable changes:

- support network metrics for cgroupv2
- cgroupv2: simplify parseCgroupFile
- introduce cpu burst stat
- add cgroupV2 CPUQuotaPeriodUSec support
    - addresses: cgroup v2 does not set CPUQuotaPeriodUSec
- read cpu.stat regardless if controller enabled
    - addresses: support cgroup v2 CPU stats when controller not enabled
- add cgroup2 hugetlb failcnt metric
- cgroup2: should add IN_CLOEXEC for inotify fd
- cgroup2: cpu shares: follow the behavior of runc v1.3.2
- cgroup2: fix event loss and resource issues in EventChan

full diff: https://github.com/containerd/cgroups/compare/v3.0.5...v3.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-11 09:53:02 +01:00