From 869ccc01c173ead832ceb07f9084b492b6e5c8a1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 5 Nov 2021 12:45:14 +0100 Subject: [PATCH] Update Go to 1.17.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the go command, the misc/wasm directory, and to the net/http and syscall packages. See the Go 1.17.3 milestone on our issue tracker for details. From the announcement e-mail: [security] Go 1.17.3 and Go 1.16.10 are released We have just released Go versions 1.17.3 and 1.16.10, minor point releases. These minor releases include two security fixes following the security policy: - archive/zip: don't panic on (*Reader).Open Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made to panic by an attacker providing either a crafted ZIP archive containing completely invalid names or an empty filename argument. Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue golang.org/issue/48085. - debug/macho: invalid dynamic symbol table command can cause panic Malformed binaries parsed using Open or OpenFat can cause a panic when calling ImportedSymbols, due to an out-of-bounds slice operation. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990. Signed-off-by: Sebastiaan van Stijn --- .github/workflows/ci.yml | 18 +++++++++--------- .github/workflows/images.yml | 2 +- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .../containerd-build/integration-test.yaml | 2 +- .zuul/playbooks/containerd-build/run.yaml | 2 +- .../playbooks/containerd-build/unit-test.yaml | 2 +- Vagrantfile | 2 +- contrib/Dockerfile.test | 2 +- script/setup/prepare_env_windows.ps1 | 2 +- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc5c2a67f..841b589d3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: - go-version: [1.17.2] + go-version: [1.17.3] os: [ubuntu-18.04, macos-10.15, windows-2019] steps: @@ -46,7 +46,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: @@ -78,7 +78,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: @@ -111,7 +111,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 - run: go get github.com/cpuguy83/go-md2man/v2@v2.0.1 - run: make man @@ -145,7 +145,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 - run: | set -e -x @@ -202,7 +202,7 @@ jobs: strategy: matrix: os: [ubuntu-18.04, macos-10.15, windows-2019] - go-version: ['1.17.2'] + go-version: ['1.17.3'] steps: - uses: actions/setup-go@v2 @@ -244,7 +244,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: @@ -325,7 +325,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 @@ -444,7 +444,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 - run: sudo -E PATH=$PATH script/setup/install-gotestsum - name: Tests diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 195d33afc..f748cb8c6 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -24,7 +24,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 3795164d7..8d82ea451 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: @@ -135,7 +135,7 @@ jobs: steps: - uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - uses: actions/checkout@v2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 573c52e23..d509fa72b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ jobs: - name: Install Go uses: actions/setup-go@v2 with: - go-version: '1.17.2' + go-version: '1.17.3' - name: Set env shell: bash diff --git a/.zuul/playbooks/containerd-build/integration-test.yaml b/.zuul/playbooks/containerd-build/integration-test.yaml index efbd878e1..77aa81524 100644 --- a/.zuul/playbooks/containerd-build/integration-test.yaml +++ b/.zuul/playbooks/containerd-build/integration-test.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.17.2' + go_version: '1.17.3' arch: arm64 tasks: - name: Install pre-requisites diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml index 5e73817db..882523959 100644 --- a/.zuul/playbooks/containerd-build/run.yaml +++ b/.zuul/playbooks/containerd-build/run.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.17.2' + go_version: '1.17.3' arch: arm64 tasks: - name: Build containerd diff --git a/.zuul/playbooks/containerd-build/unit-test.yaml b/.zuul/playbooks/containerd-build/unit-test.yaml index bf0ee7b47..7249b5c2c 100644 --- a/.zuul/playbooks/containerd-build/unit-test.yaml +++ b/.zuul/playbooks/containerd-build/unit-test.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.17.2' + go_version: '1.17.3' arch: arm64 tasks: - name: Build and test containerd diff --git a/Vagrantfile b/Vagrantfile index b7190ac97..c7eddfd4e 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.17.2", + 'GO_VERSION': ENV['GO_VERSION'] || "1.17.3", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index 1df25d7a8..685e0a587 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -10,7 +10,7 @@ # # docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../ -ARG GOLANG_VERSION=1.17.2 +ARG GOLANG_VERSION=1.17.3 ARG GOLANG_IMAGE=golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang diff --git a/script/setup/prepare_env_windows.ps1 b/script/setup/prepare_env_windows.ps1 index da3e91eac..d1b465e7f 100644 --- a/script/setup/prepare_env_windows.ps1 +++ b/script/setup/prepare_env_windows.ps1 @@ -1,6 +1,6 @@ # Prepare windows environment for building and running containerd tests -$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.17.2"; make = ""; nssm = "" } +$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.17.3"; make = ""; nssm = "" } write-host "Downloading chocolatey package" curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'