TrueCloudLab/distribution

Author	SHA1	Message	Date
Shengjing Zhu	ad5991de09	Fix panic in inmemory driver Signed-off-by: Shengjing Zhu <zhsj@debian.org>	2022-12-04 22:47:15 +08:00
Hayley Swimelar	dc5b207fdd	Merge pull request #3650 from thaJeztah/2.8_bump_alpine [release/2.8 backport] Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16	2022-05-26 09:32:25 -07:00
Silvin Lubecki	38018aeb5d	Fix CVE-2022-28391 by bumping alpine from 3.15 to 3.16 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `9f2bc25b7a`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2022-05-26 13:25:35 +02:00
Milos Gajdos	b5ca020cfb	Merge pull request #3605 from milosgajdos/update-release-notes Update 2.8.1. release notes	2022-03-08 17:52:36 +00:00
Milos Gajdos	1b5f094086	Merge pull request #3604 from crazy-max/2.8-go-1.16.15 go 1.16.15	2022-03-08 17:15:10 +00:00
Milos Gajdos	96cc1fdb3c	FIx typo Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2022-03-08 17:14:24 +00:00
Milos Gajdos	e744906f09	Update 2.8.1. release notes Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2022-03-08 17:11:29 +00:00
CrazyMax	3df9fce2be	go 1.16.15 Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>	2022-03-08 17:54:16 +01:00
Milos Gajdos	9a0196b801	Merge pull request #3596 from milosgajdos/fix-go-mod-v2.8.1 Prepare for v2.8.1 release	2022-03-01 11:37:47 +00:00
Milos Gajdos	6736d1881a	Prepare for v2.8.1 release Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2022-02-24 13:44:40 +00:00
Milos Gajdos	e4a447d0d7	Merge pull request #3595 from crazy-max/2.8-ci-gitref [2.8 backport] ci: use proper git ref for versioning	2022-02-23 08:59:59 +00:00
CrazyMax	80acbdf0a2	ci: use proper git ref for versioning Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> (cherry picked from commit `fabf9cd4e9`)	2022-02-22 22:05:10 +01:00
Milos Gajdos	dcf66392d6	Update README so the release pipeline works properly. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2022-02-07 15:40:21 +00:00
Milos Gajdos	212b38ed22	Merge pull request #3552 from milosgajdos/v2.8.0-release Prepare for v2.8.0 release	2022-01-21 12:46:32 +00:00
Milos Gajdos	359b97a75a	Merge pull request #3568 from crazy-max/2.8-artifacts [2.8] Release artifacts	2022-01-21 12:11:22 +00:00
Milos Gajdos	d5d89a46a3	Make this releaes a beta release first. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2022-01-21 11:36:41 +00:00
CrazyMax	6241e099e1	[2.8] Release artifacts Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>	2022-01-19 16:54:30 +01:00
Milos Gajdos	1840415ca8	Merge pull request #3565 from crazy-max/2.8-gha [2.8] Release workflow	2022-01-13 16:56:37 +00:00
CrazyMax	65ca39e605	release workflow Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>	2022-01-12 16:34:14 +01:00
Milos Gajdos	1ddad0bad8	Apply suggestions from code review Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2021-12-22 09:13:32 +00:00
Milos Gajdos	3960a560bb	Prepare for v2.8.0 release Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>	2021-12-21 13:24:39 +00:00
Milos Gajdos	3b7b534569	Merge pull request from GHSA-qq97-vm5h-rrhg [release/2.7] manifest: validate document type before unmarshal	2021-11-23 19:16:40 +00:00
Milos Gajdos	afe85428bb	Merge pull request #3466 from thaJeztah/2.7_update_jwt [release/2.7] github.com/golang-jwt/jwt v3.2.2	2021-11-23 09:10:53 +00:00
Milos Gajdos	f7365390ef	Merge pull request #3535 from thaJeztah/2.7_bump_oci_specs	2021-11-18 08:34:49 +00:00
Sebastiaan van Stijn	97f6daced4	[release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2 (previous version vendored was v1.0.0) full diff: `ab7389ef9f`...v1.0.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-11-17 22:31:14 +01:00
Milos Gajdos	4313c14723	Merge pull request #3531 from wy65701436/fix-rand [release/2.7]fix go check issues	2021-11-17 20:14:46 +00:00
Wang Yan	9a3ff11330	fix go check issues G404: Replace math rand with crypto rand Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-11-16 17:46:08 +08:00
Samuel Karp	10ade61de9	manifest: validate document type before unmarshal Signed-off-by: Samuel Karp <skarp@amazon.com>	2021-11-05 10:16:09 -07:00
Milos Gajdos	691e62e7ef	Merge pull request #3495 from thaJeztah/2.7_backport_must [release/2.7 backport] Change should to must in v2 spec	2021-09-08 14:44:47 +01:00
Justin Cormack	19b573a6f7	Change should to must in v2 spec We found some examples of manifests with URLs specififed that did not provide a digest or size. This breaks the security model by allowing the content to change, as it no longer provides a Merkle tree. This was not intended, so explicitly disallow by tightening wording. Signed-off-by: Justin Cormack <justin.cormack@docker.com> (cherry picked from commit `1660df4b60`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-09-08 15:24:07 +02:00
Sebastiaan van Stijn	c5679da3a1	[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1 to address CVE-2020-26160 full diff: `a601269ab7`...v3.2.2 3.2.1 release notes --------------------------------------- - Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt - Fixed type confusion issue between string and []string in VerifyAudience. This fixes CVE-2020-26160 3.2.2 release notes --------------------------------------- - Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16. - Fixed a potential issue that could occur when the verification of exp, iat or nbf was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork. - Added support for EdDSA / ED25519. - Optimized allocations. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-08-10 13:05:39 +02:00
Wang Yan	61e7e20823	Merge pull request #3472 from thaJeztah/2.7_update_go116 [release/2.7] update to go1.16	2021-08-10 18:59:49 +08:00
Sebastiaan van Stijn	d836b23fc2	[release/2.7] update to go1.16 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2021-08-10 11:32:03 +02:00
Milos Gajdos	18230b7b34	Merge pull request #3384 from wy65701436/release/2.7-cp-3169 [backport release/2.7]Added flag for user configurable cipher suites	2021-03-23 15:23:04 +00:00
Milos Gajdos	51636a6711	Merge pull request #3385 from wy65701436/release/2.7-ci enable ci for release/2.7	2021-03-23 15:22:46 +00:00
Derek McGowan	09109ab50a	Fix gosimple checks Signed-off-by: Derek McGowan <derek@mcgstyle.net> Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-03-23 21:03:20 +08:00
Manish Tomar	89e6568e34	Remove err nil check since type checking nil will not panic and return appropriately Signed-off-by: Manish Tomar <manish.tomar@docker.com> Signed-off-by: wang yan <wangyan@vmware.com>	2021-03-23 21:03:16 +08:00
Manish Tomar	3c64ff10bb	Fix gometalint errors Signed-off-by: Manish Tomar <manish.tomar@docker.com> Signed-off-by: wang yan <wangyan@vmware.com>	2021-03-23 21:03:10 +08:00
sayboras	f807afbf85	Migrate to golangci-lint Signed-off-by: Tam Mach <sayboras@yahoo.com> Signed-off-by: wang yan <wangyan@vmware.com>	2021-03-23 21:02:54 +08:00
Wang Yan	9142de99fa	enable ci for release/2.7 Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-03-23 18:46:17 +08:00
David Luu	cc341b0110	Added flag for user configurable cipher suites Configuration of list of cipher suites allows a user to disable use of weak ciphers or continue to support them for legacy usage if they so choose. List of available cipher suites at: https://golang.org/pkg/crypto/tls/#pkg-constants Default cipher suites have been updated to: - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 - TLS_CHACHA20_POLY1305_SHA256 - TLS_AES_256_GCM_SHA384 MinimumTLS has also been updated to include TLS 1.3 as an option and now defaults to TLS 1.2 since 1.0 and 1.1 have been deprecated. Signed-off-by: David Luu <david@davidluu.info>	2021-03-23 18:42:12 +08:00
Milos Gajdos	cc866a5bf3	Merge pull request #3370 from wy65701436/release/2.7-cp-3309 [cherry pick]close the io.ReadCloser from storage driver	2021-02-26 09:00:00 +00:00
Wang Yan	3fe1d67ace	close the io.ReadCloser from storage driver Backport PR #3309 to release/2.7 Signed-off-by: Wang Yan <wangyan@vmware.com>	2021-02-23 18:48:00 +08:00
Wang Yan	6300300270	Merge pull request #3347 from wy65701436/release/2.7-cp-ci [backport release/2.7] First draft of actions based ci	2021-02-16 23:19:12 +08:00
Chris Patterson	f1bd655119	First draft of actions based ci Signed-off-by: Chris Patterson <chrispat@github.com>	2021-02-01 11:04:54 +08:00
João Pereira	d7362d7e3a	Merge pull request #3297 from thaJeztah/2.7_backport_fix_header Remove empty Content-Type header	2021-01-30 10:28:10 +00:00
Smasherr	cf8615dedf	Remove empty Content-Type header Fixes #3288 Signed-off-by: Smasherr <soundcracker@gmail.com> (cherry picked from commit `c8d90f904f`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-11-16 11:15:10 +01:00
Derek McGowan	70e0022e42	Merge pull request #3197 from thaJeztah/2.7_backport_add_redirect [release/2.7 backport] docs: add redirect for old URL	2020-07-08 16:08:40 -07:00
Sebastiaan van Stijn	48eeac88e9	docs: add redirect for old URL Looks like there's some projects refering to this old URL: https://grep.app/search?q=https%3A//docs.docker.com/reference/api/registry_api/ Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit `7728c5e445`) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-07-08 12:22:22 +02:00
Derek McGowan	a45a401e97	Merge pull request #3119 from wy65701436/release/2.7-cp-2879 [release/2.7] Fix s3 driver for supporting ceph radosgw	2020-03-10 20:48:21 -07:00

1 2 3 4 5 ...

2743 commits