diff --git a/go.mod b/go.mod index 1621315a8b7f..89268a09e9fd 100644 --- a/go.mod +++ b/go.mod @@ -29,8 +29,8 @@ require ( github.com/containernetworking/plugins v1.4.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/distribution/reference v0.5.0 - github.com/docker/cli v25.0.2+incompatible - github.com/docker/docker v25.0.2+incompatible + github.com/docker/cli v25.0.3+incompatible + github.com/docker/docker v25.0.3+incompatible github.com/docker/go-connections v0.5.0 github.com/docker/go-units v0.5.0 github.com/gofrs/flock v0.8.1 diff --git a/go.sum b/go.sum index 00936d808720..37c2eaf7675f 100644 --- a/go.sum +++ b/go.sum @@ -430,8 +430,8 @@ github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/ github.com/docker/cli v0.0.0-20190925022749-754388324470/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v20.10.0-beta1.0.20201029214301-1d20b15adc38+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v25.0.2+incompatible h1:6GEdvxwEA451/+Y3GtqIGn/MNjujQazUlxC6uGu8Tog= -github.com/docker/cli v25.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6/EsX/6284= +github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.6.0-rc.1.0.20180327202408-83389a148052+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -442,8 +442,8 @@ github.com/docker/docker v1.4.2-0.20180531152204-71cd53e4a197/go.mod h1:eEKB0N0r github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v17.12.0-ce-rc1.0.20200730172259-9f28837c1d93+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v25.0.2+incompatible h1:/OaKeauroa10K4Nqavw4zlhcDq/WBcPMc5DbjOGgozY= -github.com/docker/docker v25.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.3+incompatible h1:D5fy/lYmY7bvZa0XTZ5/UJPljor41F+vdyJG5luQLfQ= +github.com/docker/docker v25.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index 567939580b48..e55a76fc63c3 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -8327,6 +8327,16 @@ paths: description: "BuildKit output configuration" type: "string" default: "" + - name: "version" + in: "query" + type: "string" + default: "1" + enum: ["1", "2"] + description: | + Version of the builder backend to use. + + - `1` is the first generation classic (deprecated) builder in the Docker daemon (default) + - `2` is [BuildKit](https://github.com/moby/buildkit) responses: 200: description: "no error" diff --git a/vendor/github.com/docker/docker/api/types/network/endpoint.go b/vendor/github.com/docker/docker/api/types/network/endpoint.go index 4b3c06a52b58..9edd1c38d919 100644 --- a/vendor/github.com/docker/docker/api/types/network/endpoint.go +++ b/vendor/github.com/docker/docker/api/types/network/endpoint.go @@ -14,6 +14,9 @@ type EndpointSettings struct { IPAMConfig *EndpointIPAMConfig Links []string Aliases []string // Aliases holds the list of extra, user-specified DNS names for this endpoint. + // MacAddress may be used to specify a MAC address when the container is created. + // Once the container is running, it becomes operational data (it may contain a + // generated address). MacAddress string // Operational data NetworkID string diff --git a/vendor/github.com/docker/docker/api/types/network/ipam.go b/vendor/github.com/docker/docker/api/types/network/ipam.go index 17f370ef7efe..f319e1402b08 100644 --- a/vendor/github.com/docker/docker/api/types/network/ipam.go +++ b/vendor/github.com/docker/docker/api/types/network/ipam.go @@ -30,30 +30,9 @@ const ( ip6 ipFamily = "IPv6" ) -// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil -// ipam. -func HasIPv6Subnets(ipam *IPAM) bool { - if ipam == nil { - return false - } - - for _, cfg := range ipam.Config { - subnet, err := netip.ParsePrefix(cfg.Subnet) - if err != nil { - continue - } - - if subnet.Addr().Is6() { - return true - } - } - - return false -} - // ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of // errors found. -func ValidateIPAM(ipam *IPAM) error { +func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error { if ipam == nil { return nil } @@ -70,6 +49,10 @@ func ValidateIPAM(ipam *IPAM) error { subnetFamily = ip6 } + if !enableIPv6 && subnetFamily == ip6 { + continue + } + if subnet != subnet.Masked() { errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked())) } diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers.go b/vendor/github.com/docker/docker/pkg/ioutils/readers.go index de00b95e3f64..e03d3fee7574 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/readers.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/readers.go @@ -3,11 +3,15 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "context" "io" + "runtime/debug" + "sync/atomic" // make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered // TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged. _ "crypto/sha256" _ "crypto/sha512" + + "github.com/containerd/log" ) // ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser @@ -16,10 +20,15 @@ import ( type ReadCloserWrapper struct { io.Reader closer func() error + closed atomic.Bool } // Close calls back the passed closer function func (r *ReadCloserWrapper) Close() error { + if !r.closed.CompareAndSwap(false, true) { + subsequentCloseWarn("ReadCloserWrapper") + return nil + } return r.closer() } @@ -87,6 +96,7 @@ type cancelReadCloser struct { cancel func() pR *io.PipeReader // Stream to read from pW *io.PipeWriter + closed atomic.Bool } // NewCancelReadCloser creates a wrapper that closes the ReadCloser when the @@ -146,6 +156,17 @@ func (p *cancelReadCloser) closeWithError(err error) { // Close closes the wrapper its underlying reader. It will cause // future calls to Read to return io.EOF. func (p *cancelReadCloser) Close() error { + if !p.closed.CompareAndSwap(false, true) { + subsequentCloseWarn("cancelReadCloser") + return nil + } p.closeWithError(io.EOF) return nil } + +func subsequentCloseWarn(name string) { + log.G(context.TODO()).Error("subsequent attempt to close " + name) + if log.GetLevel() >= log.DebugLevel { + log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack())) + } +} diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers.go b/vendor/github.com/docker/docker/pkg/ioutils/writers.go index 61c679497dab..1f50602f28c8 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/writers.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/writers.go @@ -1,6 +1,9 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils" -import "io" +import ( + "io" + "sync/atomic" +) // NopWriter represents a type which write operation is nop. type NopWriter struct{} @@ -29,9 +32,14 @@ func (f *NopFlusher) Flush() {} type writeCloserWrapper struct { io.Writer closer func() error + closed atomic.Bool } func (r *writeCloserWrapper) Close() error { + if !r.closed.CompareAndSwap(false, true) { + subsequentCloseWarn("WriteCloserWrapper") + return nil + } return r.closer() } diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default.json b/vendor/github.com/docker/docker/profiles/seccomp/default.json index c6d82f668b9b..c4d91109c3a5 100644 --- a/vendor/github.com/docker/docker/profiles/seccomp/default.json +++ b/vendor/github.com/docker/docker/profiles/seccomp/default.json @@ -64,6 +64,7 @@ "alarm", "bind", "brk", + "cachestat", "capget", "capset", "chdir", @@ -109,6 +110,7 @@ "fchdir", "fchmod", "fchmodat", + "fchmodat2", "fchown", "fchown32", "fchownat", @@ -130,8 +132,11 @@ "ftruncate", "ftruncate64", "futex", + "futex_requeue", "futex_time64", + "futex_wait", "futex_waitv", + "futex_wake", "futimesat", "getcpu", "getcwd", @@ -203,6 +208,7 @@ "lstat", "lstat64", "madvise", + "map_shadow_stack", "membarrier", "memfd_create", "memfd_secret", @@ -780,7 +786,8 @@ "names": [ "get_mempolicy", "mbind", - "set_mempolicy" + "set_mempolicy", + "set_mempolicy_home_node" ], "action": "SCMP_ACT_ALLOW", "includes": { diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go b/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go index d2f7d5653a34..09fb33765d4a 100644 --- a/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go +++ b/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go @@ -56,6 +56,7 @@ func DefaultProfile() *Seccomp { "alarm", "bind", "brk", + "cachestat", // kernel v6.5, libseccomp v2.5.5 "capget", "capset", "chdir", @@ -101,6 +102,7 @@ func DefaultProfile() *Seccomp { "fchdir", "fchmod", "fchmodat", + "fchmodat2", // kernel v6.6, libseccomp v2.5.5 "fchown", "fchown32", "fchownat", @@ -122,8 +124,11 @@ func DefaultProfile() *Seccomp { "ftruncate", "ftruncate64", "futex", + "futex_requeue", // kernel v6.7, libseccomp v2.5.5 "futex_time64", + "futex_wait", // kernel v6.7, libseccomp v2.5.5 "futex_waitv", + "futex_wake", // kernel v6.7, libseccomp v2.5.5 "futimesat", "getcpu", "getcwd", @@ -195,6 +200,7 @@ func DefaultProfile() *Seccomp { "lstat", "lstat64", "madvise", + "map_shadow_stack", // kernel v6.6, libseccomp v2.5.5 "membarrier", "memfd_create", "memfd_secret", @@ -768,6 +774,7 @@ func DefaultProfile() *Seccomp { "get_mempolicy", "mbind", "set_mempolicy", + "set_mempolicy_home_node", // kernel v5.17, libseccomp v2.5.4 }, Action: specs.ActAllow, }, diff --git a/vendor/modules.txt b/vendor/modules.txt index d947accd6f7b..acfd7e03681a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -449,14 +449,14 @@ github.com/dimchansky/utfbom # github.com/distribution/reference v0.5.0 ## explicit; go 1.20 github.com/distribution/reference -# github.com/docker/cli v25.0.2+incompatible +# github.com/docker/cli v25.0.3+incompatible ## explicit github.com/docker/cli/cli/config github.com/docker/cli/cli/config/configfile github.com/docker/cli/cli/config/credentials github.com/docker/cli/cli/config/types github.com/docker/cli/cli/connhelper/commandconn -# github.com/docker/docker v25.0.2+incompatible +# github.com/docker/docker v25.0.3+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types