Skip to content

Commit 2e9f081

Browse files
rozmansirozmansi
committed
mod: bump golang.org/x/...
The most recent versions that compile with Go 1.20 were picked. The govulncheck report follows with my ">" comments inline. C:\Users\Simon\Projekti\wireguard-windows>govulncheck -show verbose ./... Fetching vulnerabilities from the database... Checking the code against the vulnerabilities... The package pattern matched the following 19 root packages: golang.zx2c4.com/wireguard/windows/conf/dpapi golang.zx2c4.com/wireguard/windows/tunnel/winipcfg golang.zx2c4.com/wireguard/windows/driver golang.zx2c4.com/wireguard/windows/l18n golang.zx2c4.com/wireguard/windows/version golang.zx2c4.com/wireguard/windows/services golang.zx2c4.com/wireguard/windows/conf golang.zx2c4.com/wireguard/windows/elevate golang.zx2c4.com/wireguard/windows/ringlogger golang.zx2c4.com/wireguard/windows/updater/winhttp golang.zx2c4.com/wireguard/windows/updater golang.zx2c4.com/wireguard/windows/manager golang.zx2c4.com/wireguard/windows/tunnel/firewall golang.zx2c4.com/wireguard/windows/tunnel golang.zx2c4.com/wireguard/windows/ui/syntax golang.zx2c4.com/wireguard/windows/ui golang.zx2c4.com/wireguard/windows golang.zx2c4.com/wireguard/windows/driver/memmod golang.zx2c4.com/wireguard/windows/embeddable-dll-service Govulncheck scanned the following 4 modules and the go1.20.14 standard library: golang.zx2c4.com/wireguard/windows golang.org/x/[email protected] golang.org/x/[email protected] golang.org/x/[email protected] === Symbol Results === Vulnerability #1: GO-2024-3106 Stack exhaustion in Decoder.Decode in encoding/gob More info: https://pkg.go.dev/vuln/GO-2024-3106 Standard library Found in: encoding/[email protected] Fixed in: encoding/[email protected] Example traces found: #1: manager/ipc_client.go:420:25: manager.IPCClientUpdateState calls gob.Decoder.Decode > The most complex struct, our IPC is passing around, is conf.Config. It does not contain deeply nested structures, so we should be fine. The config may be huge, but it is not deep. Vulnerability #2: GO-2024-2888 Mishandling of corrupt central directory record in archive/zip More info: https://pkg.go.dev/vuln/GO-2024-2888 Standard library Found in: archive/[email protected] Fixed in: archive/[email protected] Example traces found: #1: ui/tunnelspage.go:309:29: ui.importFiles calls zip.OpenReader > Securing Zip config file exchange is beyond WireGuard scope. === Package Results === Vulnerability #1: GO-2025-3447 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec More info: https://pkg.go.dev/vuln/GO-2025-3447 Standard library Found in: crypto/internal/[email protected] Fixed in: crypto/internal/[email protected] Platforms: ppc64le > There are no Windows on ppc64le platform we'd support. Vulnerability #2: GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip More info: https://pkg.go.dev/vuln/GO-2024-2887 Standard library Found in: net/[email protected] Fixed in: net/[email protected] > Not using any of the affected net/netip functions. === Module Results === Vulnerability #1: GO-2025-3487 Potential denial of service in golang.org/x/crypto More info: https://pkg.go.dev/vuln/GO-2025-3487 Module: golang.org/x/crypto Found in: golang.org/x/[email protected] Fixed in: golang.org/x/[email protected] Vulnerability #2: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #3: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #4: GO-2024-3107 Stack exhaustion in Parse in go/build/constraint More info: https://pkg.go.dev/vuln/GO-2024-3107 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #5: GO-2024-3105 Stack exhaustion in all Parse functions in go/parser More info: https://pkg.go.dev/vuln/GO-2024-3105 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #6: GO-2024-2963 Denial of service due to improper 100-continue handling in net/http More info: https://pkg.go.dev/vuln/GO-2024-2963 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #7: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #8: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #9: GO-2024-2609 Comments in display names are incorrectly handled in net/mail More info: https://pkg.go.dev/vuln/GO-2024-2609 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #10: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #11: GO-2024-2599 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: [email protected] Fixed in: [email protected] Vulnerability #12: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: [email protected] Fixed in: [email protected] Your code is affected by 2 vulnerabilities from the Go standard library. This scan also found 2 vulnerabilities in packages you import and 12 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Signed-off-by: Simon Rozman <[email protected]>
1 parent f24cbbc commit 2e9f081

File tree

2 files changed

+18
-29
lines changed

2 files changed

+18
-29
lines changed

go.mod

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,15 @@ go 1.20
55
require (
66
github.com/lxn/walk v0.0.0-20210112085537-c389da54e794
77
github.com/lxn/win v0.0.0-20210218163916-a377121e959e
8-
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
9-
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86
10-
golang.org/x/text v0.3.8-0.20220124021120-d1c84af989ab
8+
golang.org/x/crypto v0.33.0
9+
golang.org/x/sys v0.30.0
10+
golang.org/x/text v0.22.0
1111
)
1212

1313
require (
14-
golang.org/x/mod v0.4.2 // indirect
15-
golang.org/x/tools v0.1.7 // indirect
16-
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
14+
golang.org/x/mod v0.17.0 // indirect
15+
golang.org/x/sync v0.11.0 // indirect
16+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
1717
)
1818

1919
replace (

go.sum

Lines changed: 12 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,16 @@
1-
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
2-
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
3-
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
4-
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
5-
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
6-
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
7-
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
8-
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
9-
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
10-
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
11-
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
1+
golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
2+
golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
3+
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
4+
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
5+
golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
6+
golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
127
golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
13-
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86 h1:A9i04dxx7Cribqbs8jf3FQLogkL/CV2YN7hj9KWJCkc=
14-
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
15-
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
16-
golang.org/x/text v0.3.8-0.20220124021120-d1c84af989ab h1:eHo2TTVBaAPw9lDGK2Gb9GyPMXT6g7O63W6sx3ylbzU=
17-
golang.org/x/text v0.3.8-0.20220124021120-d1c84af989ab/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0=
18-
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
19-
golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ=
20-
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
21-
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
22-
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
23-
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
24-
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
8+
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
9+
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
10+
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
11+
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
12+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
13+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
2514
golang.zx2c4.com/wireguard/windows v0.0.0-20210121140954-e7fc19d483bd h1:kAUzMAITME2MCtrXBaUa9P4tndiXGWO674k9gn6ZR28=
2615
golang.zx2c4.com/wireguard/windows v0.0.0-20210121140954-e7fc19d483bd/go.mod h1:Y+FYqVFaQO6a+1uigm0N0GiuaZrLEaBxEiJ8tfH9sMQ=
2716
golang.zx2c4.com/wireguard/windows v0.0.0-20210224134948-620c54ef6199 h1:ogXKLng/Myrt2odYTkleySGzQj/GWg9GV1AQ8P9NnU4=

0 commit comments

Comments
 (0)