From 39a0de9a45205675874504dc5d504f811e7c5ad1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 10 Mar 2023 10:22:54 +0100 Subject: [PATCH] update to go1.19.7 Includes a security fix for crypto/elliptic (CVE-2023-24532). > go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic > package, as well as bug fixes to the linker, the runtime, and the crypto/x509 > and syscall packages. See the Go 1.19.7 milestone on our issue tracker for > details. https://go.dev/doc/devel/release#go1.19.minor From the announcement: > We have just released Go versions 1.20.2 and 1.19.7, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results > > The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an > incorrect result if called with some specific unreduced scalars (a scalar larger > than the order of the curve). > > This does not impact usages of crypto/ecdsa or crypto/ecdh. > > This is CVE-2023-24532 and Go issue https://go.dev/issue/58647. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 23da1cec6c9cf541095012122084da019fff9b92) Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- appveyor.yml | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.binary-native | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.e2e | 2 +- dockerfiles/Dockerfile.lint | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84eebb913f..70ed52bf1c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.0 diff --git a/appveyor.yml b/appveyor.yml index 0f4b15d0f6..a030e73222 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -4,7 +4,7 @@ clone_folder: c:\gopath\src\github.com\docker\cli environment: GOPATH: c:\gopath - GOVERSION: 1.19.6 + GOVERSION: 1.19.7 DEPVERSION: v0.4.1 install: diff --git a/docker-bake.hcl b/docker-bake.hcl index 4452f7f23f..2aa4c48aaa 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.19.6" + default = "1.19.7" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.binary-native b/dockerfiles/Dockerfile.binary-native index 92aaa8d0fb..4ebe09d25b 100644 --- a/dockerfiles/Dockerfile.binary-native +++ b/dockerfiles/Dockerfile.binary-native @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 FROM golang:${GO_VERSION}-alpine diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index e916d18915..46e977ff69 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang diff --git a/dockerfiles/Dockerfile.e2e b/dockerfiles/Dockerfile.e2e index e9a1c9a5be..32e323c69b 100644 --- a/dockerfiles/Dockerfile.e2e +++ b/dockerfiles/Dockerfile.e2e @@ -1,4 +1,4 @@ -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 # Use Debian based image as docker-compose requires glibc. FROM golang:${GO_VERSION}-buster diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 404134b804..a732efaadf 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG GOLANGCI_LINT_VERSION=v1.49.0