2021-08-16 23:07:43 -04:00
|
|
|
variable "GO_VERSION" {
|
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:
We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:
- net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
- net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove `../` path components appended to a
relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
URL `https://go.dev/../go`, despite the JoinPath documentation stating that
`../` path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Release notes:
go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3a17d8a9091674406f0237ca5274428d3912d65a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 16:19:38 -04:00
|
|
|
default = "1.19.1"
|
2021-08-16 23:07:43 -04:00
|
|
|
}
|
2021-03-03 02:03:02 -05:00
|
|
|
variable "VERSION" {
|
|
|
|
|
default = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "USE_GLIBC" {
|
|
|
|
|
default = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "STRIP_TARGET" {
|
|
|
|
|
default = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
group "default" {
|
|
|
|
|
targets = ["binary"]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
target "binary" {
|
|
|
|
|
target = "binary"
|
|
|
|
|
platforms = ["local"]
|
|
|
|
|
output = ["build"]
|
|
|
|
|
args = {
|
|
|
|
|
BASE_VARIANT = USE_GLIBC != "" ? "buster" : "alpine"
|
|
|
|
|
VERSION = VERSION
|
|
|
|
|
GO_STRIP = STRIP_TARGET
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
target "dynbinary" {
|
|
|
|
|
inherits = ["binary"]
|
|
|
|
|
args = {
|
|
|
|
|
GO_LINKMODE = "dynamic"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-05 16:16:05 -05:00
|
|
|
variable "GROUP_TOTAL" {
|
|
|
|
|
default = "1"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "GROUP_INDEX" {
|
|
|
|
|
default = "0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function "platforms" {
|
2021-04-06 16:10:31 -04:00
|
|
|
params = []
|
|
|
|
|
result = ["linux/amd64", "linux/386", "linux/arm64", "linux/arm", "linux/ppc64le", "linux/s390x", "darwin/amd64", "darwin/arm64", "windows/amd64"]
|
2021-03-05 16:16:05 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function "glen" {
|
|
|
|
|
params = [platforms, GROUP_TOTAL]
|
|
|
|
|
result = ceil(length(platforms)/GROUP_TOTAL)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-03 02:03:02 -05:00
|
|
|
target "_all_platforms" {
|
2021-04-06 16:10:31 -04:00
|
|
|
platforms = slice(platforms(), GROUP_INDEX*glen(platforms(), GROUP_TOTAL),min(length(platforms()), (GROUP_INDEX+1)*glen(platforms(), GROUP_TOTAL)))
|
2021-03-03 02:03:02 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
target "cross" {
|
|
|
|
|
inherits = ["binary", "_all_platforms"]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
target "dynbinary-cross" {
|
|
|
|
|
inherits = ["dynbinary", "_all_platforms"]
|
|
|
|
|
}
|
