Skip to content
This repository was archived by the owner on Oct 13, 2023. It is now read-only.

Commit 2cf45c5

Browse files
thaJeztahTibor Vass
thaJeztah
authored and
Tibor Vass
committed
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
full diff: golang/crypto@88737f5...69ecbb4 Includes golang/crypto@69ecbb4 (forward-port of golang/crypto@8b5121b), which fixes CVE-2020-7919: - Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing functions of golang.org/x/crypto/cryptobyte can lead to a panic. The malformed certificate can be delivered via a crypto/tls connection to a client, or to a server that accepts client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Thanks to Project Wycheproof for providing the test cases that led to the discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b606c8e440144b0ae7c18b5d9a7b557ef3ddd9d9) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 7b575f98132b9a61662382d9fcc1afba7254c29c Component: engine
1 parent 6466a77 commit 2cf45c5

30 files changed

Lines changed: 687 additions & 3613 deletions

components/engine/vendor.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ github.com/golang/protobuf aa810b61a9c79d51363740d207bb
134134
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
135135
github.com/fernet/fernet-go 1b2437bc582b3cfbb341ee5a29f8ef5b42912ff2
136136
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
137-
golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
137+
golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
138138
golang.org/x/time fbb02b2291d28baffd63558aa44b4b56f178d650
139139
github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
140140
github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git

components/engine/vendor/golang.org/x/crypto/cryptobyte/asn1.go

Lines changed: 3 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

components/engine/vendor/golang.org/x/crypto/cryptobyte/string.go

Lines changed: 1 addition & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

components/engine/vendor/golang.org/x/crypto/curve25519/const_amd64.h

Lines changed: 0 additions & 8 deletions
This file was deleted.

components/engine/vendor/golang.org/x/crypto/curve25519/const_amd64.s

Lines changed: 0 additions & 20 deletions
This file was deleted.

components/engine/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s

Lines changed: 0 additions & 65 deletions
This file was deleted.

0 commit comments

Comments
 (0)