From 52ef3468bcdb971a22ec2288808f14cc763f3c7b Mon Sep 17 00:00:00 2001 From: Danny Canter Date: Tue, 11 Jul 2023 14:34:23 -0700 Subject: [PATCH] Update Go to 1.20.6,1.19.11 go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. See the Go 1.20.6 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.20.6+label%3ACherryPickApproved Full diff: https://github.com/golang/go/compare/go1.20.5...go1.20.6 These minor releases include 1 security fixes following the security policy: - net/http: insufficient sanitization of Host header The HTTP/1 client did not fully validate the contents of the Host header. A maliciously crafted Host header could inject additional headers or entire requests. The HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Thanks to Bartek Nowotarski for reporting this issue. Includes security fixes for CVE-2023-29406 and Go issue https://go.dev/issue/60374 Signed-off-by: Danny Canter --- .github/workflows/build-test-images.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/codeql.yml | 2 +- .github/workflows/images.yml | 2 +- .github/workflows/nightly.yml | 2 +- .github/workflows/release.yml | 2 +- Vagrantfile | 2 +- contrib/Dockerfile.test | 2 +- script/setup/prepare_env_windows.ps1 | 2 +- 9 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-test-images.yml b/.github/workflows/build-test-images.yml index 0b12aa9e4075..6df67d0e81a5 100644 --- a/.github/workflows/build-test-images.yml +++ b/.github/workflows/build-test-images.yml @@ -43,7 +43,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.20.5" + go-version: "1.20.6" - uses: actions/checkout@v3 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8d928c6fd01..8aead608ebca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: env: # Go version we currently use to build containerd across all CI. # Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions. - GO_VERSION: "1.20.5" + GO_VERSION: "1.20.6" permissions: # added using https://github.com/step-security/secure-workflows contents: read @@ -209,7 +209,7 @@ jobs: strategy: matrix: os: [ubuntu-20.04, macos-12, windows-2019, windows-2022] - go-version: ["1.20.5", "1.19.10"] + go-version: ["1.20.6", "1.19.11"] steps: - uses: actions/setup-go@v4 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b840c3de3485..1f8b12f19139 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: - uses: actions/setup-go@v3 with: - go-version: 1.20.5 + go-version: 1.20.6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index fa337e81c635..4f65a95370bb 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -28,7 +28,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: "1.20.5" + go-version: "1.20.6" - uses: actions/checkout@v3 with: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 8f34094bcd23..366a86364672 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -7,7 +7,7 @@ on: - ".github/workflows/nightly.yml" env: - GO_VERSION: "1.20.5" + GO_VERSION: "1.20.6" permissions: # added using https://github.com/step-security/secure-workflows contents: read diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 366ee99a72b6..822c371f518e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ on: name: Release env: - GO_VERSION: "1.20.5" + GO_VERSION: "1.20.6" permissions: # added using https://github.com/step-security/secure-workflows contents: read diff --git a/Vagrantfile b/Vagrantfile index 032ec907404c..69c25060313a 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -101,7 +101,7 @@ EOF config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.20.5", + 'GO_VERSION': ENV['GO_VERSION'] || "1.20.6", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index c097db7a3511..1e7f4277f5d7 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -29,7 +29,7 @@ # docker run --privileged containerd-test # ------------------------------------------------------------------------------ -ARG GOLANG_VERSION=1.20.5 +ARG GOLANG_VERSION=1.20.6 ARG GOLANG_IMAGE=golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang diff --git a/script/setup/prepare_env_windows.ps1 b/script/setup/prepare_env_windows.ps1 index 46b7e551163e..c34d89485c9a 100644 --- a/script/setup/prepare_env_windows.ps1 +++ b/script/setup/prepare_env_windows.ps1 @@ -5,7 +5,7 @@ # lived test environment. Set-MpPreference -DisableRealtimeMonitoring:$true -$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.20.5"; make = ""; nssm = "" } +$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.20.6"; make = ""; nssm = "" } Write-Host "Downloading chocolatey package" curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'