Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update to go 1.22 and k8s.io mods to v0.30
as part of fixing CVE-2023-48795 [0], the golang.org/x/crypto fixed this in v0.17 [1]. this brings in 0.22: ❯ go list -m -mod=mod all | rg crypto golang.org/x/crypto v0.14.0 => golang.org/x/crypto v0.17.0 this also updated kubernetes.NewForConfig() which now requires context.Context as the first argument so that was updated. [0] https://www.cve.org/CVERecord?id=CVE-2023-48795 [1] : ❯ git remote -v origin https://go.googlesource.com/crypto (fetch) origin https://go.googlesource.com/crypto (push) ❯ git br * (HEAD detached at v0.17.0) master ❯ git log -1 commit 9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (HEAD, tag: v0.17.0) Author: Roland Shoemaker <bracewell@google.com> Date: Mon Nov 20 12:06:18 2023 -0800 ssh: implement strict KEX protocol changes Implement the "strict KEX" protocol changes, as described in section 1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1). Namely this makes the following changes: * Both the server and the client add an additional algorithm to the initial KEXINIT message, indicating support for the strict KEX mode. * When one side of the connection sees the strict KEX extension algorithm, the strict KEX mode is enabled for messages originating from the other side of the connection. If the sequence number for the side which requested the extension is not 1 (indicating that it has already received non-KEXINIT packets), the connection is terminated. * When strict kex mode is enabled, unexpected messages during the handshake are considered fatal. Additionally when a key change occurs (on the receipt of the NEWKEYS message) the message sequence numbers are reset. Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr University Bochum for reporting this issue. Fixes CVE-2023-48795 Fixes golang/go#64784 Change-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/550715 Reviewed-by: Nicola Murino <nicola.murino@gmail.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
- Loading branch information