github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Update golang to 1.18.5, 1.17.13

Browse Source 
Update Go runtime to 1.18.5 to address CVE-2022-32189.

Full diff:
https://github.com/golang/go/compare/go1.18.4...go1.18.5

--------------------------------------------------------

From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10

We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.

These minor releases include 1 security fixes following the security
policy:

encoding/gob & math/big: decoding big.Float and big.Rat can panic

Decoding big.Float and big.Rat types can panic if the encoded message is
too short.

This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.5

Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This commit is contained in:
Daniel Canter 2022-08-02 11:54:45 -07:00
parent e2069e99f0
commit e1c5d71c0c
13 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-test-images.yml vendored
View File

@ -39,7 +39,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:

18
.github/workflows/ci.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
strategy:
matrix:
go-version: [1.18.4]
go-version: [1.18.5]
os: [ubuntu-18.04, macos-12, windows-2019]
steps:
@ -46,7 +46,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:
@ -78,7 +78,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:
@ -110,7 +110,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
- run: go install github.com/cpuguy83/go-md2man/v2@v2.0.1
- run: make man
@ -148,7 +148,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
- run: |
set -e -x
@ -215,7 +215,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-18.04, macos-12, windows-2019, windows-2022]
go-version: ['1.17.12', '1.18.4']
go-version: ['1.17.13', '1.18.5']
steps:
- uses: actions/setup-go@v2
with:
@ -262,7 +262,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:
@ -404,7 +404,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
@ -534,7 +534,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
- run: sudo -E PATH=$PATH script/setup/install-gotestsum
- name: Tests

2
.github/workflows/codeql.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
- uses: actions/setup-go@v2
with:
go-version: 1.18.4
go-version: 1.18.5
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL

2
.github/workflows/images.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:

4
.github/workflows/nightly.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:
@ -155,7 +155,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- uses: actions/checkout@v2
with:

4
.github/workflows/release.yml vendored
View File

@ -66,7 +66,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: '1.18.4'
go-version: '1.18.5'
- name: Set env
shell: bash
env:
@ -109,7 +109,7 @@ jobs:
find ./releases/ -maxdepth 1 -type l | xargs rm
working-directory: src/github.com/containerd/containerd
env:
GO_VERSION: '1.18.4'
GO_VERSION: '1.18.5'
PLATFORM: ${{ matrix.platform }}
- name: Save Artifacts
uses: actions/upload-artifact@v2

2
.zuul/playbooks/containerd-build/integration-test.yaml
View File

@ -2,7 +2,7 @@
become: yes
roles:
- role: config-golang
go_version: '1.18.4'
go_version: '1.18.5'
arch: arm64
tasks:
- name: Install pre-requisites

2
.zuul/playbooks/containerd-build/run.yaml
View File

@ -2,7 +2,7 @@
become: yes
roles:
- role: config-golang
go_version: '1.18.4'
go_version: '1.18.5'
arch: arm64
tasks:
- name: Build containerd

2
.zuul/playbooks/containerd-build/unit-test.yaml
View File

@ -2,7 +2,7 @@
become: yes
roles:
- role: config-golang
go_version: '1.18.4'
go_version: '1.18.5'
arch: arm64
tasks:
- name: Build and test containerd

2
Vagrantfile vendored
View File

@ -97,7 +97,7 @@ EOF
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
'GO_VERSION': ENV['GO_VERSION'] || "1.18.4",
'GO_VERSION': ENV['GO_VERSION'] || "1.18.5",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash

2
contrib/Dockerfile.test
View File

@ -10,7 +10,7 @@
#
# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../
ARG GOLANG_VERSION=1.18.4
ARG GOLANG_VERSION=1.18.5
ARG GOLANG_IMAGE=golang
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang

4
contrib/fuzz/oss_fuzz_build.sh
View File

@ -40,11 +40,11 @@ compile_fuzzers() {
apt-get update && apt-get install -y wget
cd $SRC
wget --quiet https://go.dev/dl/go1.18.4.linux-amd64.tar.gz
wget --quiet https://go.dev/dl/go1.18.5.linux-amd64.tar.gz
mkdir temp-go
rm -rf /root/.go/*
tar -C temp-go/ -xzf go1.18.4.linux-amd64.tar.gz
tar -C temp-go/ -xzf go1.18.5.linux-amd64.tar.gz
mv temp-go/go/* /root/.go/
cd $SRC/containerd

2
script/setup/prepare_env_windows.ps1
View File

@ -5,7 +5,7 @@
# lived test environment.
Set-MpPreference -DisableRealtimeMonitoring:$true
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.4"; make = ""; nssm = "" }
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.5"; make = ""; nssm = "" }
Write-Host "Downloading chocolatey package"
curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'