From 960a7a75ed44637a2fd936e3b4df87e13bcb0ba0 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Fri, 7 Oct 2022 15:48:51 +0300 Subject: [PATCH] Pull request: upd-go Merge in DNS/adguard-home from upd-go to master Squashed commit of the following: commit 3dffc8b5d8951216c1e695472199fc9e9d85e1c7 Author: Ainar Garipov Date: Fri Oct 7 14:30:23 2022 +0300 all: fix chlog commit cca70bd6cd27d04cd7cebe14a4e4bef112ce2bcb Author: Ainar Garipov Date: Fri Oct 7 14:07:39 2022 +0300 all: upd go --- .github/workflows/build.yml | 2 +- .github/workflows/lint.yml | 2 +- CHANGELOG.md | 23 +++++++++++++++-------- bamboo-specs/release.yaml | 6 +++--- bamboo-specs/test.yaml | 2 +- 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dbe2bad3..bc2caa31 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,7 @@ 'name': 'build' 'env': - 'GO_VERSION': '1.18.6' + 'GO_VERSION': '1.18.7' 'NODE_VERSION': '14' 'on': diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 64719a3e..1028b6b1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,7 +1,7 @@ 'name': 'lint' 'env': - 'GO_VERSION': '1.18.6' + 'GO_VERSION': '1.18.7' 'on': 'push': diff --git a/CHANGELOG.md b/CHANGELOG.md index 551a3db1..b826cea4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,12 @@ and this project adheres to ## [v0.108.0] - TBA (APPROX.) --> +## Security + +- Go version has been updated to prevent the possibility of exploiting the + CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in + [Go 1.18.7][go-1.18.7]. + ## Added - The ability to put [ClientIDs][clientid] into DNS-over-HTTPS hostnames as @@ -23,7 +29,8 @@ and this project adheres to [#3418]: https://github.com/AdguardTeam/AdGuardHome/issues/3418 -[clientid]: https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid +[go-1.18.7]: https://groups.google.com/g/golang-announce/c/xtuG5faxtaU +[clientid]: https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid @@ -173,7 +180,7 @@ See also the [v0.107.12 GitHub milestone][ms-v0.107.12]. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the CVE-2022-27664 and CVE-2022-32190 Go vulnerabilities fixed in [Go 1.18.6][go-1.18.6]. @@ -294,7 +301,7 @@ See also the [v0.107.9 GitHub milestone][ms-v0.107.9]. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the CVE-2022-32189 Go vulnerability fixed in [Go 1.18.5][go-1.18.5]. Go 1.17 support has also been removed, as it has reached end of life and will not receive security updates. @@ -337,7 +344,7 @@ See also the [v0.107.8 GitHub milestone][ms-v0.107.8]. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities fixed in [Go 1.17.12][go-1.17.12]. @@ -373,7 +380,7 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7]. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and [CVE-2022-29804] Go vulnerabilities. - Enforced password strength policy ([#3503]). @@ -530,7 +537,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6]. ### Security - `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests. -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] Go vulnerabilities. ### Added @@ -585,7 +592,7 @@ were resolved. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the [CVE-2022-24921] Go vulnerability. [CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921 @@ -598,7 +605,7 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4]. ### Security -- Go version was updated to prevent the possibility of exploiting the +- Go version has been updated to prevent the possibility of exploiting the [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] Go vulnerabilities. ### Fixed diff --git a/bamboo-specs/release.yaml b/bamboo-specs/release.yaml index ddd95734..4232b734 100644 --- a/bamboo-specs/release.yaml +++ b/bamboo-specs/release.yaml @@ -7,7 +7,7 @@ # Make sure to sync any changes with the branch overrides below. 'variables': 'channel': 'edge' - 'dockerGo': 'adguard/golang-ubuntu:5.1' + 'dockerGo': 'adguard/golang-ubuntu:5.2' 'stages': - 'Build frontend': @@ -322,7 +322,7 @@ # need to build a few of these. 'variables': 'channel': 'beta' - 'dockerGo': 'adguard/golang-ubuntu:5.1' + 'dockerGo': 'adguard/golang-ubuntu:5.2' # release-vX.Y.Z branches are the branches from which the actual final release # is built. - '^release-v[0-9]+\.[0-9]+\.[0-9]+': @@ -337,4 +337,4 @@ # are the ones that actually get released. 'variables': 'channel': 'release' - 'dockerGo': 'adguard/golang-ubuntu:5.1' + 'dockerGo': 'adguard/golang-ubuntu:5.2' diff --git a/bamboo-specs/test.yaml b/bamboo-specs/test.yaml index fe26bd10..81796e1f 100644 --- a/bamboo-specs/test.yaml +++ b/bamboo-specs/test.yaml @@ -5,7 +5,7 @@ 'key': 'AHBRTSPECS' 'name': 'AdGuard Home - Build and run tests' 'variables': - 'dockerGo': 'adguard/golang-ubuntu:5.1' + 'dockerGo': 'adguard/golang-ubuntu:5.2' 'stages': - 'Tests':