From 3435febfc82e14d80a0d46a52ecaf6671cfe0a8e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 1 Aug 2023 23:46:01 +0200 Subject: [PATCH] update to go1.20.7 Includes a fix for CVE-2023-29409 go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. See the Go 1.20.7 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7 From the mailing list announcement: [security] Go 1.20.7 and Go 1.19.12 are released Hello gophers, We have just released Go versions 1.20.7 and 1.19.12, minor point releases. These minor releases include 1 security fixes following the security policy: - crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. View the release notes for more information: https://go.dev/doc/devel/release#go1.20.7 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit d5cb7cdeae32f071dfa243c2a34925a23dd50679) Signed-off-by: Sebastiaan van Stijn --- .github/workflows/.windows.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- Dockerfile.simple | 2 +- Dockerfile.windows | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml index c9a28dc5d0..bcf342097f 100644 --- a/.github/workflows/.windows.yml +++ b/.github/workflows/.windows.yml @@ -15,7 +15,7 @@ on: default: false env: - GO_VERSION: "1.20.6" + GO_VERSION: "1.20.7" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.3 WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6d5fb2f6a8..2e7467f418 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,7 +15,7 @@ on: pull_request: env: - GO_VERSION: "1.20.6" + GO_VERSION: "1.20.7" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.3 ITG_CLI_MATRIX_SIZE: 6 diff --git a/Dockerfile b/Dockerfile index a742339515..ae34c6f16e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG BASE_DEBIAN_DISTRO="bullseye" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" ARG XX_VERSION=1.2.1 diff --git a/Dockerfile.simple b/Dockerfile.simple index dd6fabfe16..381d9d3b95 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG BASE_DEBIAN_DISTRO="bullseye" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" diff --git a/Dockerfile.windows b/Dockerfile.windows index f3270411ee..3351342372 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -165,7 +165,7 @@ FROM microsoft/windowsservercore # Use PowerShell as the default shell SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG GOTESTSUM_VERSION=v1.8.2 ARG GOWINRES_VERSION=v0.3.0 ARG CONTAINERD_VERSION=v1.6.22