7b575f9813
full diff:88737f569e...69ecbb4d6dIncludes69ecbb4d6d(forward-port of8b5121be2f), which fixes CVE-2020-7919: - Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Thanks to Project Wycheproof for providing the test cases that led to the discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commitb606c8e440) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
166 lines
12 KiB
Text
166 lines
12 KiB
Text
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
|
|
github.com/Microsoft/hcsshim b3f49c06ffaeef24d09c6c08ec8ec8425a0303e2
|
|
github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
|
|
github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
|
|
github.com/golang/gddo 9b12a26f3fbd7397dee4e20939ddca719d840d2a
|
|
github.com/google/uuid 0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
|
|
github.com/gorilla/mux ed099d42384823742bba0bf9a72b53b55c9e2e38 # v1.7.2
|
|
github.com/Microsoft/opengcs a10967154e143a36014584a6f664344e3bb0aa64
|
|
|
|
github.com/creack/pty 2769f65a3a94eb8f876f44a0459d24ae7ad2e488 # v1.1.7
|
|
github.com/konsorten/go-windows-terminal-sequences f55edac94c9bbba5d6182a4be46d86a2c9b5b50e # v1.0.2
|
|
github.com/mattn/go-shellwords a72fbe27a1b0ed0df2f02754945044ce1456608b # v1.0.5
|
|
github.com/sirupsen/logrus 8bdbc7bcc01dcbb8ec23dc8a28e332258d25251f # v1.4.1
|
|
github.com/tchap/go-patricia a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
|
|
golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
|
|
golang.org/x/sys 4c4f7f33c9ed00de01c4c741d2177abfcfe19307
|
|
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
|
|
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
|
|
golang.org/x/text f21a4dfb5e38f5895301dc265a8def02365cc3d0 # v0.3.0
|
|
gotest.tools 1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0
|
|
github.com/google/go-cmp 3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0
|
|
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2
|
|
|
|
github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59
|
|
github.com/imdario/mergo 7c29201646fa3de8506f701213473dd407f19646 # v0.3.7
|
|
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
|
|
|
|
# buildkit
|
|
github.com/moby/buildkit 926935b590c94c3659ebcc49cf44da47c1a65ff6
|
|
github.com/tonistiigi/fsutil 0f039a052ca1da01626278199624b62aed9b3729
|
|
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
|
|
github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
|
|
github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716
|
|
github.com/opentracing-contrib/go-stdlib b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc
|
|
github.com/mitchellh/hashstructure 2bca23e0e452137f789efbc8610126fd8b94f73b
|
|
github.com/gofrs/flock 7f43ea2e6a643ad441fc12d0ecc0d3388b300c53 # v0.7.0
|
|
|
|
# libnetwork
|
|
|
|
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
|
|
github.com/docker/libnetwork 9fd385be8302dbe1071a3ce124891893ff27f90f # bump_19.03 branch
|
|
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
|
|
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
|
|
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
|
|
github.com/hashicorp/go-msgpack 71c2886f5a673a35f909803f38ece5810165097b
|
|
github.com/hashicorp/memberlist 3d8438da9589e7b608a83ffac1ef8211486bcb7c
|
|
github.com/sean-/seed e2103e2c35297fb7e17febb81e49b312087a2372
|
|
github.com/hashicorp/errwrap 8a6fb523712970c966eefc6b39ed2c5e74880354 # v1.0.0
|
|
github.com/hashicorp/go-sockaddr c7188e74f6acae5a989bdc959aa779f8b9f42faf # v1.0.2
|
|
github.com/hashicorp/go-multierror 886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
|
|
github.com/hashicorp/serf 598c54895cc5a7b1a24a398d635e8c0ea0959870
|
|
github.com/docker/libkv 458977154600b9f23984d9f4b82e79570b5ae12b
|
|
github.com/vishvananda/netns 7109fa855b0ff1ebef7fbd2f6aa613e8db7cfbc0
|
|
github.com/vishvananda/netlink a2ad57a690f3caf3015351d2d6e1c0b95c349752
|
|
|
|
# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv.installer accordingly
|
|
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
|
|
github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
|
|
github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
|
|
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
|
|
github.com/coreos/go-semver 8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
|
|
github.com/ugorji/go b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
|
|
github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
|
|
github.com/miekg/dns e57bf427e68187a27e22adceac868350d7a7079b # v1.0.7
|
|
github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847
|
|
go.etcd.io/bbolt a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3
|
|
|
|
# get graph and distribution packages
|
|
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
|
github.com/vbatts/tar-split 620714a4c508c880ac1bdda9c8370a2b19af1a55 # v0.11.0
|
|
github.com/opencontainers/go-digest 279bed98673dd5bef374d3b6e4b09e2af76183bf # v1.0.0-rc1
|
|
|
|
# get go-zfs packages
|
|
github.com/mistifyio/go-zfs f784269be439d704d3dfa1906f45dd848fed2beb
|
|
|
|
google.golang.org/grpc 6eaf6f47437a6b4e2153a190160ef39a92c7eceb # v1.23.0
|
|
|
|
# The version of runc should match the version that is used by the containerd
|
|
# version that is used. If you need to update runc, open a pull request in
|
|
# the containerd project first, and update both after that is merged.
|
|
# This commit does not need to match RUNC_COMMIT as it is used for helper
|
|
# packages but should be newer or equal.
|
|
github.com/opencontainers/runc 3e425f80a8c931f88e6d94a8c831b9d5aa481657 # v1.0.0-rc8-92-g84373aaa
|
|
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
|
|
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
|
|
github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
|
|
|
|
# systemd integration (journald, daemon/listeners, containerd/cgroups)
|
|
github.com/coreos/go-systemd 39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
|
|
github.com/godbus/dbus 5f6efc7ef2759c81b7ba876593971bfce311eab3 # v4.0.0
|
|
|
|
# gelf logging driver deps
|
|
github.com/Graylog2/go-gelf 4143646226541087117ff2f83334ea48b3201841
|
|
|
|
# fluent-logger-golang deps
|
|
github.com/fluent/fluent-logger-golang 7a6c9dcd7f14c2ed5d8c55c11b894e5455ee311b # v1.4.0
|
|
github.com/philhofer/fwd bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
|
|
github.com/tinylib/msgp af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
|
|
|
|
# fsnotify
|
|
github.com/fsnotify/fsnotify 1485a34d5d5723fea214f5710708e19a831720e4 # v1.4.7-11-g1485a34
|
|
|
|
# awslogs deps
|
|
github.com/aws/aws-sdk-go 9ed0c8de252f04ac45a65358377103d5a1aa2d92 # v1.12.66
|
|
github.com/go-ini/ini 300e940a926eb277d3901b20bdfcc54928ad3642 # v1.25.4
|
|
github.com/jmespath/go-jmespath 0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
|
|
|
|
# logentries
|
|
github.com/bsphere/le_go 7a984a84b5492ae539b79b62fb4a10afc63c7bcf
|
|
|
|
# gcplogs deps
|
|
golang.org/x/oauth2 ec22f46f877b4505e0117eeaab541714644fdd28
|
|
google.golang.org/api de943baf05a022a8f921b544b7827bacaba1aed5
|
|
go.opencensus.io c3ed530f775d85e577ca652cb052a52c078aad26 # v0.11.0
|
|
cloud.google.com/go 0fd7230b2a7505833d5f69b75cbd6c9582401479 # v0.23.0
|
|
github.com/googleapis/gax-go 317e0006254c44a0ac427cc52a0e083ff0b9622f # v2.0.0
|
|
google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9
|
|
|
|
# containerd
|
|
github.com/containerd/containerd 7c1e88399ec0b0b077121d9d5ad97e647b11c870
|
|
github.com/containerd/fifo a9fb20d87448d386e6d50b1f2e1fa70dcf0de43c
|
|
github.com/containerd/continuity aaeac12a7ffcd198ae25440a9dff125c2e2703a7
|
|
github.com/containerd/cgroups 5fbad35c2a7e855762d3c60f2e474ffcad0d470a
|
|
github.com/containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
|
|
github.com/containerd/go-runc e029b79d8cda8374981c64eba71f28ec38e5526f
|
|
github.com/containerd/typeurl 2a93cfde8c20b23de8eb84a5adbc234ddf7a9e8d
|
|
github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
|
|
github.com/gogo/googleapis d31c731455cb061f42baff3bda55bad0118b126b # v1.2.0
|
|
|
|
# cluster
|
|
github.com/docker/swarmkit f35d9100f2c6ac810cc8d7de6e8f93dcc7a42d29 # bump_v19.03 branch
|
|
github.com/gogo/protobuf ba06b47c162d49f2af050fb4c75bcbc86a159d5c # v1.2.1
|
|
github.com/golang/protobuf aa810b61a9c79d51363740d207bb46cf8e620ed5 # v1.2.0
|
|
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
|
|
github.com/fernet/fernet-go 1b2437bc582b3cfbb341ee5a29f8ef5b42912ff2
|
|
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
|
|
golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
|
|
golang.org/x/time fbb02b2291d28baffd63558aa44b4b56f178d650
|
|
github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
|
|
github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
|
|
github.com/hashicorp/golang-lru 7087cb70de9f7a8bc0a10c375cb0d2280a8edf9c # v0.5.1
|
|
github.com/coreos/pkg 3ac0863d7acf3bc44daf49afef8919af12f704ef # v3
|
|
code.cloudfoundry.org/clock 02e53af36e6c978af692887ed449b74026d76fec
|
|
|
|
# prometheus
|
|
github.com/prometheus/client_golang c5b7fccd204277076155f10851dad72b76a49317 # v0.8.0
|
|
github.com/beorn7/perks e7f67b54abbeac9c40a31de0f81159e4cafebd6a
|
|
github.com/prometheus/client_model 6f3806018612930941127f2a7c6c453ba2c527d2
|
|
github.com/prometheus/common 7600349dcfe1abd18d72d3a1770870d9800a7801
|
|
github.com/prometheus/procfs 7d6f385de8bea29190f15ba9931442a0eaef9af7
|
|
github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
|
|
github.com/pkg/errors ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1
|
|
github.com/grpc-ecosystem/go-grpc-prometheus c225b8c3b01faf2899099b768856a9e916e5087b # v1.2.0
|
|
|
|
# cli
|
|
github.com/spf13/cobra ef82de70bb3f60c65fb8eebacbb2d122ef517385 # v0.0.3
|
|
github.com/spf13/pflag 583c0c0531f06d5278b7d917446061adc344b5cd # v1.0.1
|
|
github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
|
|
github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b
|
|
|
|
# metrics
|
|
github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
|
|
|
|
github.com/opencontainers/selinux 3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2
|
|
|
|
# DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
|