github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

update to go1.23.1, go1.22.7

Browse Source 
- https://github.com/golang/go/issues?q=milestone%3AGo1.23.1+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.0...go1.23.1

These minor releases include 3 security fixes following the security policy:

- go/parser: stack exhaustion in all Parse* functions

    Calling any of the Parse functions on Go source code which contains
    deeply nested literals can cause a panic due to stack exhaustion.

    This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

- encoding/gob: stack exhaustion in Decoder.Decode

    Calling Decoder.Decode on a message which contains deeply nested
    structures can cause a panic due to stack exhaustion.

    This is a follow-up to CVE-2022-30635.

    Thanks to Md Sakib Anwar of The Ohio State University for reporting
    this issue.

    This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

- go/build/constraint: stack exhaustion in Parse

    Calling Parse on a "// +build" build tag line with deeply nested
    expressions can cause a panic due to stack exhaustion.

    This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2024-09-06 16:12:28 +02:00
parent e013322eed
commit 9037069da8
9 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.devcontainer/devcontainer.json
View File

@@ -12,7 +12,7 @@
"features": { "features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}, "ghcr.io/devcontainers/features/docker-in-docker:2": {},
"ghcr.io/devcontainers/features/go:1": { "ghcr.io/devcontainers/features/go:1": {
"version": "1.23.0" "version": "1.23.1"
} }
}, },

2
.github/actions/install-go/action.yml vendored
View File

@@ -3,7 +3,7 @@ description: "Reusable action to install Go, so there is one place to bump Go ve
inputs: inputs:
go-version: go-version:
required: true required: true
default: "1.23.0" default: "1.23.1"
description: "Go version to install" description: "Go version to install"
runs: runs:

2
.github/workflows/api-release.yml vendored
View File

@@ -6,7 +6,7 @@ on:
name: API Release name: API Release
env: env:
GO_VERSION: "1.23.0" GO_VERSION: "1.23.1"
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read

2
.github/workflows/ci.yml vendored
View File

@@ -191,7 +191,7 @@ jobs:
strategy: strategy:
matrix: matrix:
os: [ubuntu-22.04, ubuntu-24.04, actuated-arm64-4cpu-16gb, macos-12, windows-2019, windows-2022] os: [ubuntu-22.04, ubuntu-24.04, actuated-arm64-4cpu-16gb, macos-12, windows-2019, windows-2022]
go-version: ["1.22.6", "1.23.0"] go-version: ["1.22.7", "1.23.1"]
exclude: exclude:
- os: ${{ github.repository != 'containerd/containerd' && 'actuated-arm64-4cpu-16gb' }} - os: ${{ github.repository != 'containerd/containerd' && 'actuated-arm64-4cpu-16gb' }}
steps: steps:

2
.github/workflows/release.yml vendored
View File

@@ -13,7 +13,7 @@ on:
name: Release name: Release
env: env:
GO_VERSION: "1.23.0" GO_VERSION: "1.23.1"
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read

2
Vagrantfile vendored
View File

@@ -104,7 +104,7 @@ EOF
config.vm.provision "install-golang", type: "shell", run: "once" do |sh| config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang" sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = { sh.env = {
'GO_VERSION': ENV['GO_VERSION'] || "1.23.0", 'GO_VERSION': ENV['GO_VERSION'] || "1.23.1",
} }
sh.inline = <<~SHELL sh.inline = <<~SHELL
#!/usr/bin/env bash #!/usr/bin/env bash

2
contrib/Dockerfile.test
View File

@@ -29,7 +29,7 @@
# docker run --privileged containerd-test # docker run --privileged containerd-test
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
ARG GOLANG_VERSION=1.23.0 ARG GOLANG_VERSION=1.23.1
ARG GOLANG_IMAGE=golang ARG GOLANG_IMAGE=golang
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang

4
contrib/fuzz/oss_fuzz_build.sh
View File

@@ -43,11 +43,11 @@ go run main.go --target_dir $SRC/containerd/images
apt-get update && apt-get install -y wget apt-get update && apt-get install -y wget
cd $SRC cd $SRC
wget --quiet https://go.dev/dl/go1.23.0.linux-amd64.tar.gz wget --quiet https://go.dev/dl/go1.23.1.linux-amd64.tar.gz
mkdir temp-go mkdir temp-go
rm -rf /root/.go/* rm -rf /root/.go/*
tar -C temp-go/ -xzf go1.23.0.linux-amd64.tar.gz tar -C temp-go/ -xzf go1.23.1.linux-amd64.tar.gz
mv temp-go/go/* /root/.go/ mv temp-go/go/* /root/.go/
cd $SRC/containerd cd $SRC/containerd

2
script/setup/prepare_env_windows.ps1
View File

@@ -5,7 +5,7 @@
# lived test environment. # lived test environment.
Set-MpPreference -DisableRealtimeMonitoring:$true Set-MpPreference -DisableRealtimeMonitoring:$true
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.23.0"; make = ""; nssm = "" } $PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.23.1"; make = ""; nssm = "" }
Write-Host "Downloading chocolatey package" Write-Host "Downloading chocolatey package"
curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip' curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'