mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
fdf46323f4
Golang 1.12.12 ------------------------------- full diff: https://github.com/golang/go/compare/go1.12.11...go1.12.12 go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime, syscall and net packages. See the Go 1.12.12 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.12 Golang 1.12.11 (CVE-2019-17596) ------------------------------- full diff: https://github.com/golang/go/compare/go1.12.10...go1.12.11 go1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa package. See the Go 1.12.11 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.11 [security] Go 1.13.2 and Go 1.12.11 are released Hi gophers, We have just released Go 1.13.2 and Go 1.12.11 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.2). Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request, parsing a golang.org/x/crypto/openpgp Entity, or during a golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key. The issue is CVE-2019-17596 and Go issue golang.org/issue/34960. Thanks to Daniel Mandragona for discovering and reporting this issue. We'd also like to thank regilero for a previous disclosure of CVE-2019-16276. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| .circleci | ||
| api | ||
| bitseq | ||
| client | ||
| cluster | ||
| cmd | ||
| config | ||
| datastore | ||
| diagnostic | ||
| discoverapi | ||
| docs | ||
| driverapi | ||
| drivers | ||
| drvregistry | ||
| etchosts | ||
| hostdiscovery | ||
| idm | ||
| internal | ||
| ipam | ||
| ipamapi | ||
| ipams | ||
| ipamutils | ||
| iptables | ||
| ipvs | ||
| netlabel | ||
| netutils | ||
| networkdb | ||
| ns | ||
| options | ||
| osl | ||
| portallocator | ||
| portmapper | ||
| resolvconf | ||
| support | ||
| test/integration | ||
| testutils | ||
| types | ||
| vendor | ||
| .dockerignore | ||
| .gitignore | ||
| agent.go | ||
| agent.pb.go | ||
| agent.proto | ||
| CHANGELOG.md | ||
| controller.go | ||
| default_gateway.go | ||
| default_gateway_freebsd.go | ||
| default_gateway_linux.go | ||
| default_gateway_windows.go | ||
| Dockerfile | ||
| drivers_freebsd.go | ||
| drivers_ipam.go | ||
| drivers_linux.go | ||
| drivers_windows.go | ||
| endpoint.go | ||
| endpoint_cnt.go | ||
| endpoint_info.go | ||
| endpoint_info_unix.go | ||
| endpoint_info_windows.go | ||
| error.go | ||
| errors_test.go | ||
| firewall_linux.go | ||
| firewall_others.go | ||
| libnetwork_internal_test.go | ||
| libnetwork_linux_test.go | ||
| libnetwork_test.go | ||
| LICENSE | ||
| machines | ||
| MAINTAINERS | ||
| Makefile | ||
| network.go | ||
| network_unix.go | ||
| network_windows.go | ||
| README.md | ||
| resolver.go | ||
| resolver_test.go | ||
| resolver_unix.go | ||
| resolver_windows.go | ||
| sandbox.go | ||
| sandbox_dns_unix.go | ||
| sandbox_dns_windows.go | ||
| sandbox_externalkey.go | ||
| sandbox_externalkey_unix.go | ||
| sandbox_externalkey_windows.go | ||
| sandbox_store.go | ||
| sandbox_test.go | ||
| service.go | ||
| service_common.go | ||
| service_common_test.go | ||
| service_linux.go | ||
| service_unsupported.go | ||
| service_windows.go | ||
| store.go | ||
| store_linux_test.go | ||
| store_test.go | ||
| Vagrantfile | ||
| vendor.conf | ||
libnetwork - networking for containers
Libnetwork provides a native Go implementation for connecting containers
The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications.
Design
Please refer to the design for more information.
Using libnetwork
There are many networking solutions available to suit a broad range of use-cases. libnetwork uses a driver / plugin model to support all of these solutions while abstracting the complexity of the driver implementations by exposing a simple and consistent Network Model to users.
import (
"fmt"
"log"
"github.com/docker/docker/pkg/reexec"
"github.com/docker/libnetwork"
"github.com/docker/libnetwork/config"
"github.com/docker/libnetwork/netlabel"
"github.com/docker/libnetwork/options"
)
func main() {
if reexec.Init() {
return
}
// Select and configure the network driver
networkType := "bridge"
// Create a new controller instance
driverOptions := options.Generic{}
genericOption := make(map[string]interface{})
genericOption[netlabel.GenericData] = driverOptions
controller, err := libnetwork.New(config.OptionDriverConfig(networkType, genericOption))
if err != nil {
log.Fatalf("libnetwork.New: %s", err)
}
// Create a network for containers to join.
// NewNetwork accepts Variadic optional arguments that libnetwork and Drivers can use.
network, err := controller.NewNetwork(networkType, "network1", "")
if err != nil {
log.Fatalf("controller.NewNetwork: %s", err)
}
// For each new container: allocate IP and interfaces. The returned network
// settings will be used for container infos (inspect and such), as well as
// iptables rules for port publishing. This info is contained or accessible
// from the returned endpoint.
ep, err := network.CreateEndpoint("Endpoint1")
if err != nil {
log.Fatalf("network.CreateEndpoint: %s", err)
}
// Create the sandbox for the container.
// NewSandbox accepts Variadic optional arguments which libnetwork can use.
sbx, err := controller.NewSandbox("container1",
libnetwork.OptionHostname("test"),
libnetwork.OptionDomainname("docker.io"))
if err != nil {
log.Fatalf("controller.NewSandbox: %s", err)
}
// A sandbox can join the endpoint via the join api.
err = ep.Join(sbx)
if err != nil {
log.Fatalf("ep.Join: %s", err)
}
// libnetwork client can check the endpoint's operational data via the Info() API
epInfo, err := ep.DriverInfo()
if err != nil {
log.Fatalf("ep.DriverInfo: %s", err)
}
macAddress, ok := epInfo[netlabel.MacAddress]
if !ok {
log.Fatalf("failed to get mac address from endpoint info")
}
fmt.Printf("Joined endpoint %s (%s) to sandbox %s (%s)\n", ep.Name(), macAddress, sbx.ContainerID(), sbx.Key())
}
Contributing
Want to hack on libnetwork? Docker's contributions guidelines apply.
Copyright and license
Code and documentation copyright 2015 Docker, inc. Code released under the Apache 2.0 license. Docs released under Creative commons.