03fa8f92c8
go1.16.10 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
misc/wasm directory, and to the net/http package. See the Go 1.16.10 milestone
for details: https://github.com/golang/go/issues?q=milestone%3AGo1.16.10+label%3ACherryPickApproved
From the announcement e-mail:
[security] Go 1.17.3 and Go 1.16.10 are released
We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:
- archive/zip: don't panic on (*Reader).Open
Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
to panic by an attacker providing either a crafted ZIP archive containing
completely invalid names or an empty filename argument.
Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
Malformed binaries parsed using Open or OpenFat can cause a panic when calling
ImportedSymbols, due to an out-of-bounds slice operation.
Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e285f15009)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
47 lines
1.6 KiB
Docker
47 lines
1.6 KiB
Docker
ARG GO_VERSION=1.16.10
|
|
|
|
# Use Debian based image as docker-compose requires glibc.
|
|
FROM golang:${GO_VERSION}-buster
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
build-essential \
|
|
curl \
|
|
openssl \
|
|
openssh-client \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
ARG COMPOSE_VERSION=1.25.1
|
|
RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
|
|
&& chmod +x /usr/local/bin/docker-compose
|
|
|
|
ARG NOTARY_VERSION=v0.6.1
|
|
RUN curl -fsSL https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 -o /usr/local/bin/notary \
|
|
&& chmod +x /usr/local/bin/notary
|
|
|
|
ARG GOTESTSUM_VERSION=0.4.0
|
|
RUN curl -fsSL https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz -o gotestsum.tar.gz \
|
|
&& tar -xf gotestsum.tar.gz gotestsum \
|
|
&& mv gotestsum /usr/local/bin/gotestsum \
|
|
&& rm gotestsum.tar.gz
|
|
|
|
ENV CGO_ENABLED=0 \
|
|
DISABLE_WARN_OUTSIDE_CONTAINER=1 \
|
|
PATH=/go/src/github.com/docker/cli/build:$PATH
|
|
WORKDIR /go/src/github.com/docker/cli
|
|
|
|
# Trust notary CA cert.
|
|
COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
|
|
RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
|
|
|
|
COPY . .
|
|
ARG VERSION
|
|
ARG GITCOMMIT
|
|
ENV VERSION=${VERSION}
|
|
ENV GITCOMMIT=${GITCOMMIT}
|
|
ENV DOCKER_BUILDKIT=1
|
|
ENV COMPOSE_DOCKER_CLI_BUILD=1
|
|
RUN ./scripts/build/binary
|
|
RUN ./scripts/build/plugins e2e/cli-plugins/plugins/*
|
|
|
|
CMD ./scripts/test/e2e/entry
|