9037069da8
- https://github.com/golang/go/issues?q=milestone%3AGo1.23.1+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.23.0...go1.23.1 These minor releases include 3 security fixes following the security policy: - go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. - encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. - go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. View the release notes for more information: https://go.dev/doc/devel/release#go1.23.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
contrib
The contrib directory contains packages that do not belong in the core containerd packages but still contribute to overall containerd usability.
Package such as Apparmor or Selinux are placed in contrib because they are platform dependent and often require higher level tools and profiles to work.
Packaging and other built tools can be added to contrib to aid in packaging containerd for various distributions.
Testing
Code in the contrib directory may or may not have been tested in the normal test pipeline for core components.