Pull request: all: upd go

Merge in DNS/adguard-home from upd-go to master Squashed commit of the following: commit 132358d69178050ca2eacf8a988b4e4cb0e0ef57 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 13 13:29:07 2022 +0300 all: upd go
2022-07-13 14:43:21 +03:00 · 2022-07-13 14:43:21 +03:00 · 56519548f1
parent bdcd17a41a
commit 56519548f1
3 changed files with 17 additions and 9 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -17,6 +17,13 @@ and this project adheres to

 ### Security

+- Go version was updated to prevent the possibility of exploiting the
+  CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities
+  fixed in [Go 1.17.12][go-1.17.12].
+
+  <!--
+      TODO(a.garipov): Use the above format in all similar announcements below.
+  -->
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
  operation have been disabled ([#2993]).

@ -50,6 +57,7 @@ and this project adheres to
 [#4699]: https://github.com/AdguardTeam/AdGuardHome/issues/4699

 [ddr-draft]:  https://datatracker.ietf.org/doc/html/draft-ietf-add-ddr-08
+[go-1.17.12]: https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE



@ -67,7 +75,7 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7].

 - Go version was updated to prevent the possibility of exploiting the
  [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
-  [CVE-2022-29804] vulnerabilities.
+  [CVE-2022-29804] Go vulnerabilities.
 - Enforced password strength policy ([#3503]).

 ### Added
@ -222,7 +230,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].

 - `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests.
 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] vulnerabilities.
+  [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] Go vulnerabilities.

 ### Added

@ -277,7 +285,7 @@ were resolved.
 ### Security

 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-24921] vulnerability.
+  [CVE-2022-24921] Go vulnerability.

 [CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921

@ -290,7 +298,7 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4].
 ### Security

 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] vulnerabilities.
+  [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] Go vulnerabilities.

 ### Fixed

--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:4.4'
+  'dockerGo': 'adguard/golang-ubuntu:4.5'

 'stages':
 - 'Make release':
@ -285,7 +285,7 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:4.4'
+      'dockerGo': 'adguard/golang-ubuntu:4.5'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@ -300,4 +300,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:4.4'
+      'dockerGo': 'adguard/golang-ubuntu:4.5'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:4.4'
+  'dockerGo': 'adguard/golang-ubuntu:4.5'

 'stages':
 - 'Tests':