1
0
mirror of https://github.com/docker/docker-credential-helpers.git synced 2026-07-18 09:42:16 +05:30
Files
docker-credential-helpers/deb/Dockerfile
T
Sebastiaan van Stijn 08a06198d8 update to go1.26.5
go1.26.5 (released 2026-07-07) includes security fixes to the crypto/tls
and os packages, as well as bug fixes to the compiler, the runtime, the
go command, and the net, os, and syscall packages. See the Go 1.26.5
milestone on our issue tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.26.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.26.4...go1.26.5

From the security announcement:

We have just released Go versions 1.26.5 and 1.25.12, minor point releases.

These releases include 2 security fixes following the security policy:

- os: Root escape via symlink plus trailing slash

  On Unix systems, opening a file in an os.Root improperly
  followed symlinks to locations outside of the Root when
  the final path component of the a path is a symbolic link
  and the path ends in /.

  For example, root.Open("symlink/") would open "symlink"
  even when "symlink" is a symbolic link pointing outside of the root.

  On Unix, openat(fd, path, O_NOFOLLOW) will follow symlinks
  in path when path ends in a /. Root failed to account for
  this behavior, permitting paths with a trailing / to escape.
  It now properly sanitizes the path parameter provided to openat.

  hanks to Mundur for reporting this issue.

  This is CVE-2026-39822 and Go issue https://go.dev/issue/79005.

- crypto/tls: Encrypted Client Hello privacy leak

  he Encrypted Client Hello implementation would leak the pre-shared key
  dentities during the handshake, allowing a passive network observer who can
  ollect handshakes to de-anonymize the hostname of the server, even when ECH was
  eing used.

  Thanks to Coia Prant (github.com/rbqvq) for reporting this issue.

  This is CVE-2026-42505 and Go issue https://go.dev/issue/79282.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-07-08 00:25:27 +02:00

43 lines
1.0 KiB
Docker

# syntax=docker/dockerfile:1
# GO_VERSION sets the version of the golang base image to use.
# It must be a valid tag in the docker.io/library/golang image repository.
ARG GO_VERSION=1.26.5
# BASE_DEBIAN_DISTRO sets the golang base image debian variant to use.
# It must be a valid variant in the docker.io/library/golang image repository.
ARG BASE_DEBIAN_DISTRO=bookworm
ARG DISTRO=ubuntu
ARG SUITE=jammy
FROM golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO} AS gobase
FROM ${DISTRO}:${SUITE}
RUN apt-get update && apt-get install -yy debhelper dh-make libsecret-1-dev
RUN mkdir -p /build
WORKDIR /build
ENV GOPROXY=https://proxy.golang.org|direct
ENV GO111MODULE=off
ENV GOPATH=/build
ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
COPY --from=gobase /usr/local/go /usr/local/go
COPY Makefile .
COPY credentials credentials
COPY secretservice secretservice
COPY pass pass
COPY deb/debian ./debian
COPY deb/build-deb .
ARG VERSION
ENV VERSION=${VERSION}
ARG REVISION
ENV REVISION=${REVISION}
ARG DISTRO
ENV DISTRO=${DISTRO}
ARG SUITE
ENV SUITE=${SUITE}
RUN /build/build-deb