Skip to content

Commit 0e11f82

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #25577 from Luap99/v4.9-rhel-crypto
[v4.9-rhel] CVE-2025-22869: replace crypto with github.com/openshift/golang-crypto@v0.33.openshift.1
2 parents c4ce899 + 9b21558 commit 0e11f82

File tree

9 files changed

+74
-120
lines changed

9 files changed

+74
-120
lines changed

go.mod

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/containers/podman/v4
22

3-
go 1.23.0
3+
go 1.18
44

55
require (
66
github.com/BurntSushi/toml v1.3.2
@@ -68,10 +68,10 @@ require (
6868
go.etcd.io/bbolt v1.3.8
6969
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
7070
golang.org/x/net v0.25.0
71-
golang.org/x/sync v0.12.0
72-
golang.org/x/sys v0.31.0
73-
golang.org/x/term v0.30.0
74-
golang.org/x/text v0.23.0
71+
golang.org/x/sync v0.11.0
72+
golang.org/x/sys v0.30.0
73+
golang.org/x/term v0.29.0
74+
golang.org/x/text v0.22.0
7575
google.golang.org/protobuf v1.33.0
7676
gopkg.in/inf.v0 v0.9.1
7777
gopkg.in/yaml.v3 v3.0.1
@@ -205,7 +205,7 @@ require (
205205
go.opentelemetry.io/otel/metric v1.19.0 // indirect
206206
go.opentelemetry.io/otel/trace v1.19.0 // indirect
207207
golang.org/x/arch v0.5.0 // indirect
208-
golang.org/x/crypto v0.36.0 // indirect
208+
golang.org/x/crypto v0.23.0 // indirect
209209
golang.org/x/mod v0.17.0 // indirect
210210
golang.org/x/oauth2 v0.14.0 // indirect
211211
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
@@ -217,3 +217,5 @@ require (
217217
gopkg.in/yaml.v2 v2.4.0 // indirect
218218
tags.cncf.io/container-device-interface/specs-go v0.6.0 // indirect
219219
)
220+
221+
replace golang.org/x/crypto => github.com/openshift/golang-crypto v0.33.1-0.20250310193910-9003f682e581

go.sum

Lines changed: 25 additions & 99 deletions
Large diffs are not rendered by default.

vendor/golang.org/x/crypto/ssh/messages.go

Lines changed: 0 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/golang.org/x/crypto/ssh/tcpip.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/golang.org/x/sync/errgroup/errgroup.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/golang.org/x/sync/errgroup/go120.go

Lines changed: 13 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/golang.org/x/sync/errgroup/pre_go120.go

Lines changed: 14 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/golang.org/x/text/language/parse.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1129,8 +1129,8 @@ go.opentelemetry.io/otel/trace
11291129
# golang.org/x/arch v0.5.0
11301130
## explicit; go 1.17
11311131
golang.org/x/arch/x86/x86asm
1132-
# golang.org/x/crypto v0.36.0
1133-
## explicit; go 1.23.0
1132+
# golang.org/x/crypto v0.23.0 => github.com/openshift/golang-crypto v0.33.1-0.20250310193910-9003f682e581
1133+
## explicit; go 1.20
11341134
golang.org/x/crypto/argon2
11351135
golang.org/x/crypto/blake2b
11361136
golang.org/x/crypto/blowfish
@@ -1188,23 +1188,23 @@ golang.org/x/net/trace
11881188
## explicit; go 1.18
11891189
golang.org/x/oauth2
11901190
golang.org/x/oauth2/internal
1191-
# golang.org/x/sync v0.12.0
1192-
## explicit; go 1.23.0
1191+
# golang.org/x/sync v0.11.0
1192+
## explicit; go 1.18
11931193
golang.org/x/sync/errgroup
11941194
golang.org/x/sync/semaphore
1195-
# golang.org/x/sys v0.31.0
1196-
## explicit; go 1.23.0
1195+
# golang.org/x/sys v0.30.0
1196+
## explicit; go 1.18
11971197
golang.org/x/sys/cpu
11981198
golang.org/x/sys/plan9
11991199
golang.org/x/sys/unix
12001200
golang.org/x/sys/windows
12011201
golang.org/x/sys/windows/registry
12021202
golang.org/x/sys/windows/svc/eventlog
1203-
# golang.org/x/term v0.30.0
1204-
## explicit; go 1.23.0
1203+
# golang.org/x/term v0.29.0
1204+
## explicit; go 1.18
12051205
golang.org/x/term
1206-
# golang.org/x/text v0.23.0
1207-
## explicit; go 1.23.0
1206+
# golang.org/x/text v0.22.0
1207+
## explicit; go 1.18
12081208
golang.org/x/text/encoding
12091209
golang.org/x/text/encoding/charmap
12101210
golang.org/x/text/encoding/htmlindex
@@ -1379,3 +1379,4 @@ tags.cncf.io/container-device-interface/pkg/parser
13791379
# tags.cncf.io/container-device-interface/specs-go v0.6.0
13801380
## explicit; go 1.19
13811381
tags.cncf.io/container-device-interface/specs-go
1382+
# golang.org/x/crypto => github.com/openshift/golang-crypto v0.33.1-0.20250310193910-9003f682e581

0 commit comments

Comments
 (0)