Update Golang 1.12.12 (CVE-2019-17596)
Golang 1.12.12
-------------------------------
full diff: https://github.com/golang/go/compare/go1.12.11...go1.12.12
go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime,
syscall and net packages. See the Go 1.12.12 milestone on our issue tracker for
details.
https://github.com/golang/go/issues?q=milestone%3AGo1.12.12
Golang 1.12.11 (CVE-2019-17596)
-------------------------------
full diff: https://github.com/golang/go/compare/go1.12.10...go1.12.11
go1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa
package. See the Go 1.12.11 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.12.11
[security] Go 1.13.2 and Go 1.12.11 are released
Hi gophers,
We have just released Go 1.13.2 and Go 1.12.11 to address a recently reported
security issue. We recommend that all affected users update to one of these
releases (if you're not sure which, choose Go 1.13.2).
Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using
crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic,
even if the certificates don't chain to a trusted root. The chain can be
delivered via a crypto/tls connection to a client, or to a server that accepts
and verifies client certificates. net/http clients can be made to crash by an
HTTPS server, while net/http servers that accept client certificates will
recover the panic and are unaffected.
Moreover, an application might crash invoking
crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate
request, parsing a golang.org/x/crypto/openpgp Entity, or during a
golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client
can panic due to a malformed host key, while a server could panic if either
PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts
a certificate with a malformed public key.
The issue is CVE-2019-17596 and Go issue golang.org/issue/34960.
Thanks to Daniel Mandragona for discovering and reporting this issue. We'd also
like to thank regilero for a previous disclosure of CVE-2019-16276.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 474d522ee2cb9357f73891f1a86c7162d0b9d23c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-10-20 17:26:31 -04:00
|
|
|
ARG GO_VERSION=1.12.12
|
2018-03-19 18:56:51 -04:00
|
|
|
|
2018-05-17 07:11:59 -04:00
|
|
|
# Use Debian based image as docker-compose requires glibc.
|
|
|
|
FROM golang:${GO_VERSION}
|
|
|
|
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
|
|
build-essential \
|
|
|
|
curl \
|
|
|
|
openssl \
|
2018-09-06 01:38:01 -04:00
|
|
|
openssh-client \
|
2018-05-17 07:11:59 -04:00
|
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
|
|
|
|
ARG COMPOSE_VERSION=1.21.2
|
|
|
|
RUN curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
|
|
|
|
&& chmod +x /usr/local/bin/docker-compose
|
|
|
|
|
|
|
|
ARG NOTARY_VERSION=v0.6.1
|
|
|
|
RUN curl -Ls https://github.com/theupdateframework/notary/releases/download/${NOTARY_VERSION}/notary-Linux-amd64 -o /usr/local/bin/notary \
|
|
|
|
&& chmod +x /usr/local/bin/notary
|
|
|
|
|
2019-04-12 21:16:01 -04:00
|
|
|
ARG GOTESTSUM_VERSION=0.3.4
|
2019-01-24 11:53:42 -05:00
|
|
|
RUN curl -Ls https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz -o gotestsum.tar.gz \
|
|
|
|
&& tar -xf gotestsum.tar.gz gotestsum \
|
|
|
|
&& mv gotestsum /usr/local/bin/gotestsum \
|
|
|
|
&& rm gotestsum.tar.gz
|
|
|
|
|
2018-05-17 07:11:59 -04:00
|
|
|
ENV CGO_ENABLED=0 \
|
|
|
|
DISABLE_WARN_OUTSIDE_CONTAINER=1 \
|
|
|
|
PATH=/go/src/github.com/docker/cli/build:$PATH
|
|
|
|
WORKDIR /go/src/github.com/docker/cli
|
|
|
|
|
|
|
|
# Trust notary CA cert.
|
|
|
|
COPY e2e/testdata/notary/root-ca.cert /usr/share/ca-certificates/notary.cert
|
|
|
|
RUN echo 'notary.cert' >> /etc/ca-certificates.conf && update-ca-certificates
|
|
|
|
|
|
|
|
COPY . .
|
|
|
|
ARG VERSION
|
|
|
|
ARG GITCOMMIT
|
|
|
|
ENV VERSION=${VERSION} GITCOMMIT=${GITCOMMIT}
|
|
|
|
RUN ./scripts/build/binary
|
2018-12-11 09:15:04 -05:00
|
|
|
RUN ./scripts/build/plugins e2e/cli-plugins/plugins/*
|
2018-05-17 07:11:59 -04:00
|
|
|
|
|
|
|
CMD ./scripts/test/e2e/entry
|