Merge pull request #21989 from containers/renovate/go-gopkg.in/go-jose/go-jose.v2-vulnerability

Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY]
2025-05-22 01:27:07 +08:00 · 2024-03-08 10:01:05 +00:00
parent d7b2fc8f43 e220d1ce62
commit 3c20e38cec
9 changed files with 122 additions and 125 deletions
--- a/go.mod
+++ b/go.mod
@ -218,7 +218,7 @@ require (
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
 	google.golang.org/grpc v1.61.0 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -820,8 +820,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U=
+gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=
-gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
+gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
--- a/vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/CHANGELOG.md
@ -0,0 +1,84 @@
 # v4.0.1
 ## Fixed
 - An attacker could send a JWE containing compressed data that used large
   amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`.
   Those functions now return an error if the decompressed data would exceed
   250kB or 10x the compressed size (whichever is larger). Thanks to
   Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj)
   for reporting.
 # v4.0.0
 This release makes some breaking changes in order to more thoroughly
 address the vulnerabilities discussed in [Three New Attacks Against JSON Web
 Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot
 token".
 ## Changed
 - Limit JWT encryption types (exclude password or public key types) (#78)
 - Enforce minimum length for HMAC keys (#85)
 - jwt: match any audience in a list, rather than requiring all audiences (#81)
 - jwt: accept only Compact Serialization (#75)
 - jws: Add expected algorithms for signatures (#74)
 - Require specifying expected algorithms for ParseEncrypted,
   ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned,
   jwt.ParseSignedAndEncrypted (#69, #74)
   - Usually there is a small, known set of appropriate algorithms for a program
     to use and it's a mistake to allow unexpected algorithms. For instance the
     "billion hash attack" relies in part on programs accepting the PBES2
     encryption algorithm and doing the necessary work even if they weren't
     specifically configured to allow PBES2.
 - Revert "Strip padding off base64 strings" (#82)
  - The specs require base64url encoding without padding.
 - Minimum supported Go version is now 1.21
 ## Added
 - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON.
   - These allow parsing a specific serialization, as opposed to ParseSigned and
     ParseEncrypted, which try to automatically detect which serialization was
     provided. It's common to require a specific serialization for a specific
     protocol - for instance JWT requires Compact serialization.
 [1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
 # v3.0.3
 ## Fixed
 - Limit decompression output size to prevent a DoS. Backport from v4.0.1.
 # v3.0.2
 ## Fixed
 - DecryptMulti: handle decompression error (#19)
 ## Changed
 - jwe/CompactSerialize: improve performance (#67)
 - Increase the default number of PBKDF2 iterations to 600k (#48)
 - Return the proper algorithm for ECDSA keys (#45)
 ## Added
 - Add Thumbprint support for opaque signers (#38)
 # v3.0.1
 ## Fixed
 - Security issue: an attacker specifying a large "p2c" value can cause
   JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
   amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the
   disclosure and to Tom Tervoort for originally publishing the category of attack.
   https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
 # v2.6.3
 ## Fixed
 - Limit decompression output size to prevent a DoS. Backport from v4.0.1.
--- a/vendor/gopkg.in/go-jose/go-jose.v2/README.md
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/README.md
@ -1,118 +1,4 @@
-# Go JOSE 
+# go-jose v2
-[![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
+Version 2 of this library is no longer supported. [Please use v4
-[![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
+instead](https://pkg.go.dev/github.com/go-jose/go-jose/v4).
 [![license](http://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE)
 [![build](https://travis-ci.org/go-jose/go-jose.svg?branch=v2)](https://travis-ci.org/go-jose/go-jose)
 [![coverage](https://coveralls.io/repos/github/go-jose/go-jose/badge.svg?branch=v2)](https://coveralls.io/r/go-jose/go-jose)
 Package jose aims to provide an implementation of the Javascript Object Signing
 and Encryption set of standards. This includes support for JSON Web Encryption,
 JSON Web Signature, and JSON Web Token standards.
 **Disclaimer**: This library contains encryption software that is subject to
 the U.S. Export Administration Regulations. You may not export, re-export,
 transfer or download this code or any part of it in violation of any United
 States law, directive or regulation. In particular this software may not be
 exported or re-exported in any form or on any media to Iran, North Sudan,
 Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
 US maintained blocked list.
 ## Overview
 The implementation follows the
 [JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516) (RFC 7516),
 [JSON Web Signature](http://dx.doi.org/10.17487/RFC7515) (RFC 7515), and
 [JSON Web Token](http://dx.doi.org/10.17487/RFC7519) (RFC 7519).
 Tables of supported algorithms are shown below. The library supports both
 the compact and full serialization formats, and has optional support for
 multiple recipients. It also comes with a small command-line utility
 ([`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util))
 for dealing with JOSE messages in a shell.
 **Note**: We use a forked version of the `encoding/json` package from the Go
 standard library which uses case-sensitive matching for member names (instead
 of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
 This is to avoid differences in interpretation of messages between go-jose and
 libraries in other languages.
 ### Versions
 We use [gopkg.in](https://gopkg.in) for versioning.
 [Version 2](https://gopkg.in/go-jose/go-jose.v2)
 ([branch](https://github.com/go-jose/go-jose/tree/v2),
 [doc](https://godoc.org/gopkg.in/go-jose/go-jose.v2)) is the current version:
    import "gopkg.in/go-jose/go-jose.v2"
 The old `v1` branch ([go-jose.v1](https://gopkg.in/go-jose/go-jose.v1)) will
 still receive backported bug fixes and security fixes, but otherwise
 development is frozen. All new feature development takes place on the `v2`
 branch. Version 2 also contains additional sub-packages such as the
 [jwt](https://godoc.org/gopkg.in/go-jose/go-jose.v2/jwt) implementation
 contributed by [@shaxbee](https://github.com/shaxbee).
 ### Supported algorithms
 See below for a table of supported algorithms. Algorithm identifiers match
 the names in the [JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518)
 standard where possible. The Godoc reference has a list of constants.
 Key encryption             | Algorithm identifier(s)
 :------------------------- | :------------------------------
 RSA-PKCS#1v1.5             | RSA1_5
 RSA-OAEP                   | RSA-OAEP, RSA-OAEP-256
 AES key wrap               | A128KW, A192KW, A256KW
 AES-GCM key wrap           | A128GCMKW, A192GCMKW, A256GCMKW
 ECDH-ES + AES key wrap     | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
 ECDH-ES (direct)           | ECDH-ES<sup>1</sup>
 Direct encryption          | dir<sup>1</sup>
 <sup>1. Not supported in multi-recipient mode</sup>
 Signing / MAC              | Algorithm identifier(s)
 :------------------------- | :------------------------------
 RSASSA-PKCS#1v1.5          | RS256, RS384, RS512
 RSASSA-PSS                 | PS256, PS384, PS512
 HMAC                       | HS256, HS384, HS512
 ECDSA                      | ES256, ES384, ES512
 Ed25519                    | EdDSA<sup>2</sup>
 <sup>2. Only available in version 2 of the package</sup>
 Content encryption         | Algorithm identifier(s)
 :------------------------- | :------------------------------
 AES-CBC+HMAC               | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
 AES-GCM                    | A128GCM, A192GCM, A256GCM 
 Compression                | Algorithm identifiers(s)
 :------------------------- | -------------------------------
 DEFLATE (RFC 1951)         | DEF
 ### Supported key types
 See below for a table of supported key types. These are understood by the
 library, and can be passed to corresponding functions such as `NewEncrypter` or
 `NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which
 allows attaching a key id.
 Algorithm(s)               | Corresponding types
 :------------------------- | -------------------------------
 RSA                        | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey)
 ECDH, ECDSA                | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey)
 EdDSA<sup>1</sup>          | [ed25519.PublicKey](https://godoc.org/golang.org/x/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://godoc.org/golang.org/x/crypto/ed25519#PrivateKey)
 AES, HMAC                  | []byte
 <sup>1. Only available in version 2 of the package</sup>
 ## Examples
 [![godoc](http://img.shields.io/badge/godoc-version_1-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v1)
 [![godoc](http://img.shields.io/badge/godoc-version_2-blue.svg?style=flat)](https://godoc.org/gopkg.in/go-jose/go-jose.v2)
 Examples can be found in the Godoc
 reference for this package. The
 [`jose-util`](https://github.com/go-jose/go-jose/tree/v2/jose-util)
 subdirectory also contains a small command-line utility which might be useful
 as an example.
--- a/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/asymmetric.go
@ -285,6 +285,9 @@ func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm
 	switch alg {
 	case RS256, RS384, RS512:
 		// TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the
 		// random parameter is legacy and ignored, and it can be nil.
 		// https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1
 		out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed)
 	case PS256, PS384, PS512:
 		out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{
--- a/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go
@ -406,6 +406,9 @@ func (ctx *genericEncrypter) Options() EncrypterOptions {
 // Decrypt and validate the object and return the plaintext. Note that this
 // function does not support multi-recipient, if you desire multi-recipient
 // decryption use DecryptMulti instead.
 //
 // Automatically decompresses plaintext, but returns an error if the decompressed
 // data would be >250kB or >10x the size of the compressed data, whichever is larger.
 func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
 	headers := obj.mergedHeaders(nil)
@ -470,6 +473,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)
 // with support for multiple recipients. It returns the index of the recipient
 // for which the decryption was successful, the merged headers for that recipient,
 // and the plaintext.
 //
 // Automatically decompresses plaintext, but returns an error if the decompressed
 // data would be >250kB or >3x the size of the compressed data, whichever is larger.
 func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
 	globalHeaders := obj.mergedHeaders(nil)
--- a/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/encoding.go
@ -21,6 +21,7 @@ import (
 	"compress/flate"
 	"encoding/base64"
 	"encoding/binary"
 	"fmt"
 	"io"
 	"math/big"
 	"strings"
@ -85,7 +86,7 @@ func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
 	}
 }
-// Compress with DEFLATE
+// deflate compresses the input.
 func deflate(input []byte) ([]byte, error) {
 	output := new(bytes.Buffer)
@ -97,15 +98,27 @@ func deflate(input []byte) ([]byte, error) {
 	return output.Bytes(), err
 }
-// Decompress with DEFLATE
+// inflate decompresses the input.
 //
 // Errors if the decompressed data would be >250kB or >10x the size of the
 // compressed data, whichever is larger.
 func inflate(input []byte) ([]byte, error) {
 	output := new(bytes.Buffer)
 	reader := flate.NewReader(bytes.NewBuffer(input))
-	_, err := io.Copy(output, reader)
+	maxCompressedSize := 10 * int64(len(input))
-	if err != nil {
+	if maxCompressedSize < 250000 {
 		maxCompressedSize = 250000
 	}
 	limit := maxCompressedSize + 1
 	n, err := io.CopyN(output, reader, limit)
 	if err != nil && err != io.EOF {
 		return nil, err
 	}
 	if n == limit {
 		return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize)
 	}
 	err = reader.Close()
 	return output.Bytes(), err
--- a/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
+++ b/vendor/gopkg.in/go-jose/go-jose.v2/symmetric.go
@ -402,6 +402,11 @@ func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipien
 		if p2c <= 0 {
 			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: must be a positive integer")
 		}
 		if p2c > 1000000 {
 			// An unauthenticated attacker can set a high P2C value. Set an upper limit to avoid
 			// DoS attacks.
 			return nil, fmt.Errorf("go-jose/go-jose: invalid P2C: too high")
 		}
 		// salt is UTF8(Alg) || 0x00 || Salt Input
 		alg := headers.getAlgorithm()
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1374,7 +1374,7 @@ google.golang.org/protobuf/types/gofeaturespb
 google.golang.org/protobuf/types/known/anypb
 google.golang.org/protobuf/types/known/durationpb
 google.golang.org/protobuf/types/known/timestamppb
-# gopkg.in/go-jose/go-jose.v2 v2.6.1
+# gopkg.in/go-jose/go-jose.v2 v2.6.3
 ## explicit
 gopkg.in/go-jose/go-jose.v2
 gopkg.in/go-jose/go-jose.v2/cipher