From 8afe9f422dc0183ce48e1db09189ccbde634080a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 14 Dec 2018 00:44:49 +0100 Subject: [PATCH] Bump Golang 1.10.6 (CVE-2018-16875) go1.10.6 (released 2018/12/14) - crypto/x509: CPU denial of service in chain validation golang/go#29233 - cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231 - cmd/go: remote command execution during "go get -u" golang/go#29230 See the Go 1.10.6 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.10.6 Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 4 ++-- Dockerfile.e2e | 2 +- Dockerfile.simple | 2 +- Dockerfile.windows | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4ecfd9faef4bf..6acae0759b998 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,10 +24,10 @@ # the case. Therefore, you don't have to disable it anymore. # -FROM golang:1.10.5 AS base +FROM golang:1.10.6 AS base # FIXME(vdemeester) this is kept for other script depending on it to not fail right away # Remove this once the other scripts uses something else to detect the version -ENV GO_VERSION 1.10.5 +ENV GO_VERSION 1.10.6 # allow replacing httpredir or deb mirror ARG APT_MIRROR=deb.debian.org RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list diff --git a/Dockerfile.e2e b/Dockerfile.e2e index 12f05ace249ce..359d09eedc05d 100644 --- a/Dockerfile.e2e +++ b/Dockerfile.e2e @@ -1,5 +1,5 @@ ## Step 1: Build tests -FROM golang:1.10.5-alpine3.7 as builder +FROM golang:1.10.6-alpine3.7 as builder RUN apk add --update \ bash \ diff --git a/Dockerfile.simple b/Dockerfile.simple index 40a745e20e51f..010393c91bf94 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -42,7 +42,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ # will need updating, to avoid errors. Ping #docker-maintainers on IRC # with a heads-up. # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored -ENV GO_VERSION 1.10.5 +ENV GO_VERSION 1.10.6 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ | tar -xzC /usr/local ENV PATH /go/bin:/usr/local/go/bin:$PATH diff --git a/Dockerfile.windows b/Dockerfile.windows index ab1bc7381ef76..e915200f440b9 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # Environment variable notes: # - GO_VERSION must be consistent with 'Dockerfile' used by Linux. # - FROM_DOCKERFILE is used for detection of building within a container. -ENV GO_VERSION=1.10.5 ` +ENV GO_VERSION=1.10.6 ` GIT_VERSION=2.11.1 ` GOPATH=C:\go ` FROM_DOCKERFILE=1