93eead45ee
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.18.6 (released 2022-09-06) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the pprof command, the
runtime, and the crypto/tls, encoding/xml, and net packages. See the Go 1.18.6
milestone on the issue tracker for details;
https://github.com/golang/go/issues?q=milestone%3AGo1.18.6+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1061f74496)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
46 lines
1.5 KiB
Docker
46 lines
1.5 KiB
Docker
ARG GO_VERSION=1.18.6
|
|
|
|
# Use Debian based image as docker-compose requires glibc.
|
|
FROM golang:${GO_VERSION}-buster
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
build-essential \
|
|
curl \
|
|
openssl \
|
|
openssh-client \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
ARG COMPOSE_VERSION=1.29.2
|
|
RUN curl -fsSL https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
|
|
&& chmod +x /usr/local/bin/docker-compose
|
|
|
|
ARG NOTARY_VERSION=v0.6.1
|
|
RUN curl -fsSL https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 -o /usr/local/bin/notary \
|
|
&& chmod +x /usr/local/bin/notary
|
|
|
|
ARG GOTESTSUM_VERSION=0.4.0
|
|
RUN curl -fsSL https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz -o gotestsum.tar.gz \
|
|
&& tar -xf gotestsum.tar.gz gotestsum \
|
|
&& mv gotestsum /usr/local/bin/gotestsum \
|
|
&& rm gotestsum.tar.gz
|
|
|
|
ENV CGO_ENABLED=0 \
|
|
DISABLE_WARN_OUTSIDE_CONTAINER=1 \
|
|
PATH=/go/src/github.com/docker/cli/build:$PATH
|
|
WORKDIR /go/src/github.com/docker/cli
|
|
|
|
# Trust notary CA cert.
|
|
COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
|
|
RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
|
|
|
|
COPY . .
|
|
ARG VERSION
|
|
ARG GITCOMMIT
|
|
ENV VERSION=${VERSION}
|
|
ENV GITCOMMIT=${GITCOMMIT}
|
|
ENV DOCKER_BUILDKIT=1
|
|
RUN ./scripts/build/binary
|
|
RUN ./scripts/build/plugins e2e/cli-plugins/plugins/*
|
|
|
|
CMD ./scripts/test/e2e/entry
|