From 3435febfc82e14d80a0d46a52ecaf6671cfe0a8e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 1 Aug 2023 23:46:01 +0200 Subject: [PATCH] update to go1.20.7 Includes a fix for CVE-2023-29409 go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. See the Go 1.20.7 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7 From the mailing list announcement: [security] Go 1.20.7 and Go 1.19.12 are released Hello gophers, We have just released Go versions 1.20.7 and 1.19.12, minor point releases. These minor releases include 1 security fixes following the security policy: - crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. View the release notes for more information: https://go.dev/doc/devel/release#go1.20.7 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit d5cb7cdeae32f071dfa243c2a34925a23dd50679) Signed-off-by: Sebastiaan van Stijn --- .github/workflows/.windows.yml | 2 +- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- Dockerfile.simple | 2 +- Dockerfile.windows | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml index c9a28dc5d0bf0d44156a39ec4f009b08f5ea0cd8..bcf342097f7a6dc9d1f31dc6e6448ff382e6a2bd 100644 --- a/.github/workflows/.windows.yml +++ b/.github/workflows/.windows.yml @@ -15,7 +15,7 @@ on: default: false env: - GO_VERSION: "1.20.6" + GO_VERSION: "1.20.7" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.3 WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6d5fb2f6a8c5cfb8fb9e09270c4786e87892554b..2e7467f418c7532034d1da73b40b87c90f8a1f8b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,7 +15,7 @@ on: pull_request: env: - GO_VERSION: "1.20.6" + GO_VERSION: "1.20.7" GOTESTLIST_VERSION: v0.3.1 TESTSTAT_VERSION: v0.1.3 ITG_CLI_MATRIX_SIZE: 6 diff --git a/Dockerfile b/Dockerfile index a7423395159c489e83bb7972453462a2878f0de3..ae34c6f16e79f5dc34a1acf2706c00208e7ed88f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG BASE_DEBIAN_DISTRO="bullseye" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" ARG XX_VERSION=1.2.1 diff --git a/Dockerfile.simple b/Dockerfile.simple index dd6fabfe168678976476b9ef72ca52ca8e53692f..381d9d3b953f1966d6d06f0386677700fb1c8e45 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG BASE_DEBIAN_DISTRO="bullseye" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" diff --git a/Dockerfile.windows b/Dockerfile.windows index f3270411eed997391295365716a81e0b606e7630..3351342372aa8af5598ee422ba4546080576929a 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -165,7 +165,7 @@ FROM microsoft/windowsservercore # Use PowerShell as the default shell SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -ARG GO_VERSION=1.20.6 +ARG GO_VERSION=1.20.7 ARG GOTESTSUM_VERSION=v1.8.2 ARG GOWINRES_VERSION=v0.3.0 ARG CONTAINERD_VERSION=v1.6.22