-
Notifications
You must be signed in to change notification settings - Fork 4.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This resolves [CVE-2023-29406] (https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the `net/http` standard library. Note that until the follow-up to #18124 is done, the version of Go used in those impacted tests will need to remain on 1.20.5. Manual backport of 93f3209.
- Loading branch information
Showing
3 changed files
with
67 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| ```release-note:security | ||
| Upgrade to use Go 1.20.6. | ||
| This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. | ||
| A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`. | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -80,15 +80,15 @@ jobs: | |
| strategy: | ||
| matrix: | ||
| include: | ||
| - {go: "1.20.4", goos: "linux", goarch: "386"} | ||
| - {go: "1.20.4", goos: "linux", goarch: "amd64"} | ||
| - {go: "1.20.4", goos: "linux", goarch: "arm"} | ||
| - {go: "1.20.4", goos: "linux", goarch: "arm64"} | ||
| - {go: "1.20.4", goos: "freebsd", goarch: "386"} | ||
| - {go: "1.20.4", goos: "freebsd", goarch: "amd64"} | ||
| - {go: "1.20.4", goos: "windows", goarch: "386"} | ||
| - {go: "1.20.4", goos: "windows", goarch: "amd64"} | ||
| - {go: "1.20.4", goos: "solaris", goarch: "amd64"} | ||
| - {go: "1.20.6", goos: "linux", goarch: "386"} | ||
| - {go: "1.20.6", goos: "linux", goarch: "amd64"} | ||
| - {go: "1.20.6", goos: "linux", goarch: "arm"} | ||
| - {go: "1.20.6", goos: "linux", goarch: "arm64"} | ||
| - {go: "1.20.6", goos: "freebsd", goarch: "386"} | ||
| - {go: "1.20.6", goos: "freebsd", goarch: "amd64"} | ||
| - {go: "1.20.6", goos: "windows", goarch: "386"} | ||
| - {go: "1.20.6", goos: "windows", goarch: "amd64"} | ||
| - {go: "1.20.6", goos: "solaris", goarch: "amd64"} | ||
| fail-fast: true | ||
|
|
||
| name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | ||
|
|
@@ -170,14 +170,65 @@ jobs: | |
| name: ${{ env.DEB_PACKAGE }} | ||
| path: out/${{ env.DEB_PACKAGE }} | ||
|
|
||
| build-s390x: | ||
| needs: set-product-version | ||
| if: ${{ endsWith(github.repository, '-enterprise') }} | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - {go: "1.20.6", goos: "linux", goarch: "s390x"} | ||
| fail-fast: true | ||
|
|
||
| name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | ||
| steps: | ||
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | ||
|
|
||
| - name: Setup with node and yarn | ||
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | ||
| with: | ||
| node-version: '14' | ||
| cache: 'yarn' | ||
| cache-dependency-path: 'ui/yarn.lock' | ||
|
|
||
| - name: Build UI | ||
| run: | | ||
| CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | ||
| CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }} | ||
| CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | ||
| CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | ||
| echo "consul_version is ${CONSUL_VERSION}" | ||
| echo "consul_date is ${CONSUL_DATE}" | ||
| echo "consul binary type is ${CONSUL_BINARY_TYPE}" | ||
| echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | ||
| cd ui && make && cd .. | ||
| rm -rf agent/uiserver/dist | ||
| mv ui/packages/consul-ui/dist agent/uiserver/ | ||
| - name: Go Build | ||
| env: | ||
| PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | ||
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | ||
| CGO_ENABLED: "0" | ||
| GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | ||
| uses: hashicorp/[email protected] | ||
| with: | ||
| product_name: ${{ env.PKG_NAME }} | ||
| product_version: ${{ needs.set-product-version.outputs.product-version }} | ||
| go_version: ${{ matrix.go }} | ||
| os: ${{ matrix.goos }} | ||
| arch: ${{ matrix.goarch }} | ||
| reproducible: report | ||
| instructions: |- | ||
| go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false | ||
| build-darwin: | ||
| needs: set-product-version | ||
| runs-on: macos-latest | ||
| strategy: | ||
| matrix: | ||
| goos: [ darwin ] | ||
| goarch: [ "amd64", "arm64" ] | ||
| go: [ "1.20.4" ] | ||
| go: [ "1.20.6" ] | ||
| fail-fast: true | ||
|
|
||
| name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| # Copyright (c) HashiCorp, Inc. | ||
| # SPDX-License-Identifier: MPL-2.0 | ||
|
|
||
| ARG GOLANG_VERSION=1.20.4 | ||
| ARG GOLANG_VERSION=1.20.6 | ||
| FROM golang:${GOLANG_VERSION} | ||
|
|
||
| WORKDIR /consul |