github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
Files
ce22387b8fe8ca18c93d3db05be7615869b5fab1
containerd/contrib
History
Sebastiaan van Stijn 157dff2812 update to go1.20.7, go1.19.12 
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

go1.19.12 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.19.12 milestone on our issue tracker for details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.19.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.19.11...go1.19.12

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:57:32 +02:00
..
ansible
upgrade registry.k8s.io/pause version
2023-05-28 07:59:10 +08:00
apparmor
contrib/apparmor: remove code related to apparmor_parser version
2023-02-17 00:15:36 +01:00
autocomplete
Fix zsh autocomplete script
2020-02-11 19:56:27 +08:00
aws
Move snapshotters benchmark to a separate package
2019-04-02 14:42:21 -07:00
diffservice
OCI: Add From/ToProto helpers for Descriptor
2023-06-28 12:16:20 -07:00
Dockerfile.test.d
contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages
2023-01-03 20:19:38 +09:00
fuzz
pkg/cri/sbserver: experimental NRI integration for CRI.
2023-02-13 22:08:18 +02:00
gce
migrate to community owned bucket
2023-07-25 12:09:54 +03:00
nvidia
replace uses of os/exec with golang.org/x/sys/execabs
2021-08-25 18:11:09 +02:00
seccomp
seccomp: always allow name_to_handle_at
2023-06-28 05:50:24 -06:00
snapshotservice
Snapshots: Add From/ToProto helpers for types
2023-06-28 12:17:52 -07:00
Dockerfile.test
update to go1.20.7, go1.19.12
2023-08-01 23:57:32 +02:00
README.md
Add readme to contib
2017-09-18 11:47:27 -04:00

README.md

contrib

The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.

Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.

Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.

Testing

Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.