letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test against go1.20.6 (#6987) 

This version includes a fix that seems relevant to us:

> The HTTP/1 client did not fully validate the contents of the Host
header. A maliciously crafted Host header could inject additional
headers or entire requests. The HTTP/1 client now refuses to send
requests containing an invalid Request.Host or Request.URL.Host value.
> 
> Thanks to Bartek Nowotarski for reporting this issue.
> 
> Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374
This commit is contained in:
Phil Porada 2023-07-11 15:50:42 -04:00 committed by GitHub
parent d7ccffa32e
commit c7dc3a8d72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/boulder-ci.yml vendored
View File

@ -36,8 +36,8 @@ jobs:
matrix: matrix:
# Add additional docker image tags here and all tests will be run with the additional image. # Add additional docker image tags here and all tests will be run with the additional image.
BOULDER_TOOLS_TAG: BOULDER_TOOLS_TAG:
- go1.20.5_2023-06-20 - go1.20.6_2023-07-11
- go1.21rc2_2023-06-21 - go1.21rc2_2023-07-11
# Tests command definitions. Use the entire "docker compose" command you want to run. # Tests command definitions. Use the entire "docker compose" command you want to run.
tests: tests:
# Run ./test.sh --help for a description of each of the flags. # Run ./test.sh --help for a description of each of the flags.
@ -113,8 +113,8 @@ jobs:
matrix: matrix:
# Add additional docker image tags here and all tests will be run with the additional image. # Add additional docker image tags here and all tests will be run with the additional image.
BOULDER_TOOLS_TAG: BOULDER_TOOLS_TAG:
- go1.20.5_2023-06-20 - go1.20.6_2023-07-11
- go1.21rc2_2023-06-21 - go1.21rc2_2023-07-11
env: env:
# This sets the docker image tag for the boulder-tools repository to # This sets the docker image tag for the boulder-tools repository to

2
.github/workflows/release.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
GO_VERSION: GO_VERSION:
- "1.20.5" - "1.20.6"
- "1.21rc2" - "1.21rc2"
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
permissions: permissions:

2
.github/workflows/try-release.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
GO_VERSION: GO_VERSION:
- "1.20.5" - "1.20.6"
- "1.21rc2" - "1.21rc2"
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:

2
docker-compose.yml
View File

@ -2,7 +2,7 @@ version: '3'
services: services:
boulder: boulder:
# Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh. # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.5_2023-06-20} image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.5_2023-07-11}
environment: environment:
# To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
# to the IP address where your ACME client's solver is listening. # to the IP address where your ACME client's solver is listening.

2
ra/ra_test.go
View File

@ -2063,7 +2063,7 @@ func TestNewOrderReuse(t *testing.T) {
t.Run(tc.Name, func(t *testing.T) { t.Run(tc.Name, func(t *testing.T) {
// If the testcase specifies, advance the clock before adding the order // If the testcase specifies, advance the clock before adding the order
if tc.AdvanceClock != nil { if tc.AdvanceClock != nil {
fc.Now().Add(*tc.AdvanceClock) _ = fc.Now().Add(*tc.AdvanceClock)
} }
// Add the order for the test request // Add the order for the test request
order, err := ra.NewOrder(ctx, tc.OrderReq) order, err := ra.NewOrder(ctx, tc.OrderReq)

4
test/boulder-tools/tag_and_upload.sh
View File

@ -12,11 +12,11 @@ DOCKER_REPO="letsencrypt/boulder-tools"
# .github/workflows/release.yml, # .github/workflows/release.yml,
# .github/workflows/try-release.yml if appropriate, # .github/workflows/try-release.yml if appropriate,
# and .github/workflows/boulder-ci.yml with the new container tag. # and .github/workflows/boulder-ci.yml with the new container tag.
GO_CI_VERSIONS=( "1.20.5" "1.21rc2" ) GO_CI_VERSIONS=( "1.20.6" "1.21rc2" )
# These versions are built for both platforms that boulder devs use. # These versions are built for both platforms that boulder devs use.
# When updating GO_DEV_VERSIONS, please also update # When updating GO_DEV_VERSIONS, please also update
# ../../docker-compose.yml's default Go version. # ../../docker-compose.yml's default Go version.
GO_DEV_VERSIONS=( "1.20.5" ) GO_DEV_VERSIONS=( "1.20.6" )
echo "Please login to allow push to DockerHub" echo "Please login to allow push to DockerHub"
docker login docker login