Fix commentary to be clear that the RFC1035 2.3.1 rules are not
explicitly enforced by the identifiers regex.
Add a test to show the lessened restrictions for digits to follow hyphen
and period.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Regular expressions in the namespaces package are redundant with the
pre-existing validator in the "identifiers" package; replace this custom
usage with the validator in "identifiers"
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
`OverlayConvertWhiteout` calls `mknod c 0 0` which is not allowed when
running in a user namespace, even in Ubuntu kernel.
Although there is an alternative hacky way to create whiteouts without
calling mknod as Moby `overlay2` actually does(see #3762), let's use
naive applier when running in UserNS and call it a day.
Close#3762
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Updates Microsoft/hcsshim vendor commit hash to a recent version that now:
1. Supports container stats via the Stats RuntimeV2 gRPC call.
2. Fixes a regression when issuing a resize of the pty after the container has
exited which previously in Docker was expected to be a non-error case.
3. Puts in a workaround when using a non-default sandbox size for Windows
containers due to a platform bug. This expansion now happens in the go library
itself.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
Since recent versions of `vndr` are going to remove the autocomplete
scripts from the urfave vendored content, we will just move them into
`contrib/` and reference them in the documentation from that location.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1
- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
- Before the fix, if the timer to remove a SubConn fires at the
same time NewSubConn cancels the timer, it caused a mutex leak
and deadlock.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Golang 1.12.12
-------------------------------
go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime,
syscall and net packages. See the Go 1.12.12 milestone on our issue tracker for
details.
https://github.com/golang/go/issues?q=milestone%3AGo1.12.12
Golang 1.12.11 (CVE-2019-17596)
-------------------------------
go1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa
package. See the Go 1.12.11 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.12.11
[security] Go 1.13.2 and Go 1.12.11 are released
Hi gophers,
We have just released Go 1.13.2 and Go 1.12.11 to address a recently reported
security issue. We recommend that all affected users update to one of these
releases (if you're not sure which, choose Go 1.13.2).
Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using
crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic,
even if the certificates don't chain to a trusted root. The chain can be
delivered via a crypto/tls connection to a client, or to a server that accepts
and verifies client certificates. net/http clients can be made to crash by an
HTTPS server, while net/http servers that accept client certificates will
recover the panic and are unaffected.
Moreover, an application might crash invoking
crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
request, parsing a golang.org/x/crypto/openpgp Entity, or during a
golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client
can panic due to a malformed host key, while a server could panic if either
PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts
a certificate with a malformed public key.
The issue is CVE-2019-17596 and Go issue golang.org/issue/34960.
Thanks to Daniel Mandragona for discovering and reporting this issue. We'd also
like to thank regilero for a previous disclosure of CVE-2019-16276.
The Go 1.13.2 release also includes a fix to the compiler that prevents improper
access to negative slice indexes in rare cases. Affected code, in which the
compiler can prove that the index is zero or negative, would have resulted in a
panic in Go 1.12, but could have led to arbitrary memory read and writes in Go
1.13 and Go 1.13.1. This is Go issue golang.org/issue/34802.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Reized the I/O buffers to align with the size of the kernel buffers with fifos
and move the close aspect of the console to key off of the stdin closing.
Fixes#3738
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This this fixes issues with custom and testing flags in Go 1.3 and should work
in previous go versions.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
