Sebastiaan van Stijn
4ae059c714
Update Golang 1.13.7 (CVE-2020-0601, CVE-2020-7919)
...
full diff: https://github.com/golang/go/compare/go1.13.4...go1.13.7
go1.13.7 (released 2020/01/28) includes two security fixes. One mitigates
the CVE-2020-0601 certificate verification bypass on Windows. The other affects
only 32-bit architectures.
https://github.com/golang/go/issues?q=milestone%3AGo1.13.7+label%3ACherryPickApproved
- X.509 certificate validation bypass on Windows 10
A Windows vulnerability allows attackers to spoof valid certificate chains when
the system root store is in use. These releases include a mitigation for Go
applications, but it’s strongly recommended that affected users install the
Windows security update to protect their system.
This issue is CVE-2020-0601 and Go issue golang.org/issue/36834.
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of golang.org/x/crypto/cryptobyte.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-21 23:45:49 +01:00
Derek McGowan
d054b13dc3
Merge pull request #3086 from thaJeztah/forward_port_ISS-2819
...
[master] Use same env var in Dockerfile and Makefile
2020-02-21 10:24:25 -08:00
Derek McGowan
244d5246c2
Merge pull request #3023 from sayboras/feature/golangci-lint
...
Migrate to golangci-lint
2020-02-21 10:21:15 -08:00
sayboras
66809646d9
Migrate to golangci-lint
...
Signed-off-by: Tam Mach <sayboras@yahoo.com>
2020-02-14 08:11:16 +11:00
Ryan Abrams
23f6bdd743
Use same env var in Dockerfile and Makefile
...
Ensures that build tags get set in the Dockerfile so that OSS and GCS drivers
are built into the official registry binary.
Closes #2819
Signed-off-by: Ryan Abrams <rdabrams@gmail.com>
(cherry picked from commit bf74e4f91d114a3fc8e8ab1249f99c15e12bef94)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-22 10:54:02 +01:00
ollypom
fdb1abd387
Added Nginx Recipe Redirect
2020-01-10 12:39:40 +00:00
Derek McGowan
a837179414
Merge pull request #3072 from fermayo/fix-TestRegistryAsCacheMutationAPIs
...
Fix TestRegistryAsCacheMutationAPIs
2019-12-15 20:48:56 -08:00
Fernando Mayo Fernandez
6ca7b9e9fa
Fix TestRegistryAsCacheMutationAPIs
...
Use a synthetic upstream registry when creating the testing mirror configuration
to avoid the test fail when trying to reach http://example.com
Signed-off-by: Fernando Mayo Fernandez <fernando@undefinedlabs.com>
2019-12-15 13:51:25 +01:00
Derek McGowan
f5e84a4939
Update readme and contributing docs
...
Update project details to align more closely with community
updates in OCI and containerd.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2019-12-13 17:20:45 -08:00
Tom Hayward
0f5e2753a6
Fix typo cloudfront updatefrenquency
...
Signed-off-by: Tom Hayward <thayward@infoblox.com>
2019-12-13 12:11:42 -08:00
Derek McGowan
bdf3438b52
Merge pull request #2985 from novas0x2a/default-transport
...
make it possible to wrap the client transport in another one
2019-12-13 11:36:12 -08:00
Derek McGowan
29c300c106
Merge pull request #3050 from ducksecops/patch-1
...
bump golang to 1.13.4
2019-12-13 11:09:05 -08:00
Derek McGowan
4798651387
Merge pull request #3053 from adrian-plata/table-fix
...
Fixing broken table
2019-12-13 11:08:00 -08:00
Derek McGowan
f18781257e
Merge pull request #3061 from guillaumerose/reconciliate
...
Add pathspec for repo _layers directory and allow Repository.BlobStore to enumerate over blobs
2019-12-06 11:27:13 -08:00
Guillaume Rose
c9c3324300
Add unit tests for BlobEnumerator
...
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
2019-12-06 09:38:13 +01:00
Manish Tomar
5538da4923
fixes to make layersPathSpec work
...
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
2019-12-05 20:48:33 +01:00
Manish Tomar
fa7d949408
allow Repository.BlobStore to enumerate over blobs
...
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
2019-12-05 20:48:33 +01:00
Manish Tomar
cf77113795
add pathspec for repo _layers directory
...
Signed-off-by: Guillaume Rose <guillaume.rose@docker.com>
2019-12-05 20:48:33 +01:00
Adrian Plata
b4694b0d2d
Fixing broken table
...
Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-11-26 17:38:40 -08:00
ducksecops
070cc010f7
bump golang to 1.13.4
...
Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2019-11-13 23:15:11 +00:00
syntaxkim
f580993c80
fix typo
...
myregistrydomain.com/my-ubuntu -> myregistry.domain.com/my-ubuntu
2019-10-31 17:46:24 +09:00
Derek McGowan
dee21c0394
Merge pull request #2991 from ad-m/patch-1
...
use latest version of alpine when building the Docker container
2019-10-24 15:54:08 -07:00
Ryan Abrams
ae2e973db9
Merge pull request #2748 from manishtomar/tag-digests
...
API to retrive tag's digests
2019-10-08 12:14:56 -07:00
Sebastiaan van Stijn
fdee6a2ecf
Merge pull request #9270 from das7pad/patch-1
...
[sec] nginx/compose: Drop aforementioned loophole
2019-09-13 00:39:11 +02:00
Ryan Abrams
14b96e55d8
Merge pull request #3003 from laverya/fix-build-badges
...
use travis, not circle, build badge
2019-09-05 08:29:32 -07:00
Ryan Abrams
f656e60de5
Merge pull request #2984 from bouk/rempo
...
registry: Fix typo in RepositoryRemover warning
2019-09-05 08:23:18 -07:00
Ryan Abrams
740d4d1211
Merge pull request #2918 from dmathieu/test-blob-writer-write
...
Test httpBlobUpload.Write method
2019-09-05 08:16:36 -07:00
Andrew Lavery
cc97b94f5d
use travis, not circle, build badge
...
Signed-off-by: Andrew Lavery <laverya@umich.edu>
2019-09-04 15:38:24 -07:00
Derek McGowan
aeaeb84407
Merge pull request #3000 from adrian-plata/master
...
Adding deprecated schema instructions
2019-09-03 11:54:37 -07:00
Adrian Plata
07a50201c9
Adding deprecated schema instructions
...
Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-09-03 11:44:28 -07:00
Bouke van der Bijl
1c481d34d9
registry: Fix typo in RepositoryRemover warning
...
Signed-off-by: Bouke van der Bijl <me@bou.ke>
2019-09-02 16:07:34 +00:00
Adam Dobrawy
a994bb839d
use latest version of alpine when building the Docker container
...
Signed-off-by: Adam Dobrawy <naczelnik@jawnosc.tk>
2019-08-30 00:58:36 +02:00
Dawn W Docker
d61670894a
removing section for Chinese mirror
2019-08-27 14:54:22 -07:00
Mike Lundy
c486db2d71
make it possible to wrap the client transport in another one
...
Signed-off-by: Mike Lundy <mike@fluffypenguin.org>
2019-08-22 17:37:47 -04:00
Jakob Ackermann
dfcc7bccca
[sec] nginx/compose: Drop aforementioned loophole
2019-08-18 19:57:15 +02:00
Ryan Abrams
1fb7fffdb2
Merge pull request #2950 from terinjokes/patches/swift-segment-hash
...
swift: correct segment path generation
2019-07-11 15:35:31 -07:00
Ryan Abrams
10f726344d
Merge pull request #2955 from alex-laties/master
...
allow for VERSION and REVISION to be passed in during docker builds
2019-07-11 15:30:23 -07:00
Ryan Abrams
8063102951
Merge pull request #2917 from dmathieu/repository-blob-resume
...
Implement Repository Blobs upload resuming
2019-07-11 15:28:05 -07:00
Derek McGowan
438b67feef
Merge pull request #2947 from tariq1890/update_versions
...
Update the versions of several dependencies
2019-07-08 13:33:36 -07:00
Ryan Abrams
be07be9904
Merge pull request #2522 from tifayuki/notification_metrics
...
Add notification metrics
2019-06-28 11:10:51 -07:00
Alex Laties
92d213d2c1
allow for VERSION and REVISION to be passed in during docker builds
...
Signed-off-by: Alex Laties <agl@tumblr.com>
2019-06-26 18:06:51 -04:00
Damien Mathieu
dd3bdee21c
implement Repository Blobs upload resuming
...
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-26 09:46:49 +02:00
Ryan Abrams
90dfea7952
Merge pull request #2921 from dmathieu/repository-serve-blob
...
Implement Repository ServeBlob
2019-06-25 19:07:38 -07:00
Ryan Abrams
6c72ec2e85
Merge pull request #2927 from dmathieu/blob-create-uuid
...
Handle Blob Create when the underlying registry doesn't provide 'Docker-Upload-UUID'
2019-06-25 19:06:46 -07:00
Ryan Abrams
ec84b86013
Merge pull request #2930 from dmathieu/extract-blob-resume
...
Extract blob upload resume into its own method
2019-06-25 19:06:16 -07:00
Damien Mathieu
898b1f2a53
test httpBlobUpload.Write method
...
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-25 09:32:58 +02:00
Damien Mathieu
c5d5f938e3
fast-stop ServeBlob if we're doing a HEAD request
...
A registry pointing to ECR is having issues if we try loading the blob
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-25 09:30:22 +02:00
Damien Mathieu
3800c47fd2
Implement Repository ServeBlob
...
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-25 09:30:22 +02:00
Damien Mathieu
a45e5cb13f
handle create blob if the uuid couldn't be retrieved from headers or URL
...
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-25 09:29:38 +02:00
Damien Mathieu
8b31a894bd
deduce blob UUID from location if it wasn't provided in the headers
...
Some registries (ECR) don't provide a `Docker-Upload-UUID` when creating
a blob. So we can't rely on that header. Fallback to reading it from the
URL.
Signed-off-by: Damien Mathieu <dmathieu@salesforce.com>
2019-06-25 09:29:38 +02:00