github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
ce22387b8f
containerd/contrib
History
Sebastiaan van Stijn 157dff2812
update to go1.20.7, go1.19.12 
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

go1.19.12 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.19.12 milestone on our issue tracker for details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.19.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.19.11...go1.19.12

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:57:32 +02:00
..
ansible upgrade registry.k8s.io/pause version 2023-05-28 07:59:10 +08:00
apparmor contrib/apparmor: remove code related to apparmor_parser version 2023-02-17 00:15:36 +01:00
autocomplete Fix zsh autocomplete script 2020-02-11 19:56:27 +08:00
aws Move snapshotters benchmark to a separate package 2019-04-02 14:42:21 -07:00
diffservice OCI: Add From/ToProto helpers for Descriptor 2023-06-28 12:16:20 -07:00
Dockerfile.test.d contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages 2023-01-03 20:19:38 +09:00
fuzz pkg/cri/sbserver: experimental NRI integration for CRI. 2023-02-13 22:08:18 +02:00
gce migrate to community owned bucket 2023-07-25 12:09:54 +03:00
nvidia replace uses of os/exec with golang.org/x/sys/execabs 2021-08-25 18:11:09 +02:00
seccomp seccomp: always allow name_to_handle_at 2023-06-28 05:50:24 -06:00
snapshotservice Snapshots: Add From/ToProto helpers for types 2023-06-28 12:17:52 -07:00
Dockerfile.test update to go1.20.7, go1.19.12 2023-08-01 23:57:32 +02:00
README.md Add readme to contib 2017-09-18 11:47:27 -04:00

README.md

contrib

The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.

Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.

Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.

Testing

Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.