Message ID | 20220511114003.162006-1-joel@jms.id.au |
---|---|
State | Accepted |
Headers | show |
Series | [1/2] package/go: Bump to v1.18.2 | expand |
>>>>> "Joel" == Joel Stanley <joel@jms.id.au> writes: > Minor version bump to the latest release. > Signed-off-by: Joel Stanley <joel@jms.id.au> According to to the upstream changelog this fixes security issues: go1.18.2 (released 2022-05-10) includes security fixes to the syscall package, as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509, go/types, net/http/httptest, reflect, and sync/atomic packages https://go.dev/doc/devel/release#go1.18 So I have reworded the commit message to make this clear and committed, thanks.
On Thu, 12 May 2022 at 08:48, Peter Korsgaard <peter@korsgaard.com> wrote: > > >>>>> "Joel" == Joel Stanley <joel@jms.id.au> writes: > > > Minor version bump to the latest release. > > Signed-off-by: Joel Stanley <joel@jms.id.au> > > According to to the upstream changelog this fixes security issues: > > go1.18.2 (released 2022-05-10) includes security fixes to the syscall > package, as well as bug fixes to the compiler, runtime, the go command, > and the crypto/x509, go/types, net/http/httptest, reflect, and > sync/atomic packages > > https://go.dev/doc/devel/release#go1.18 > > So I have reworded the commit message to make this clear and committed, > thanks. Thanks for doing that. I noticed you didn't merge the second patch in this series. Is that one okay to go in too?
>>>>> "Joel" == Joel Stanley <joel@jms.id.au> writes: > On Thu, 12 May 2022 at 08:48, Peter Korsgaard <peter@korsgaard.com> wrote: >> >> >>>>> "Joel" == Joel Stanley <joel@jms.id.au> writes: >> >> > Minor version bump to the latest release. >> > Signed-off-by: Joel Stanley <joel@jms.id.au> >> >> According to to the upstream changelog this fixes security issues: >> >> go1.18.2 (released 2022-05-10) includes security fixes to the syscall >> package, as well as bug fixes to the compiler, runtime, the go command, >> and the crypto/x509, go/types, net/http/httptest, reflect, and >> sync/atomic packages >> >> https://go.dev/doc/devel/release#go1.18 >> >> So I have reworded the commit message to make this clear and committed, >> thanks. > Thanks for doing that. > I noticed you didn't merge the second patch in this series. Is that > one okay to go in too? Sorry, I got sidetracked getting 2022.05-rc1 ready. I'll get back to it later this week.
>>>>> "Joel" == Joel Stanley <joel@jms.id.au> writes: > Minor version bump to the latest release. > Signed-off-by: Joel Stanley <joel@jms.id.au> For 2022.02.x I have instead bumped to 1.7.10, which contains a similar set of fixes.
diff --git a/package/go/go.hash b/package/go/go.hash index 37c34b8b6468..6a9480ff9960 100644 --- a/package/go/go.hash +++ b/package/go/go.hash @@ -1,3 +1,3 @@ # From https://golang.org/dl/ -sha256 efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088 go1.18.1.src.tar.gz +sha256 2c44d03ea2c34092137ab919ba602f2c261a038d08eb468528a3f3a28e5667e2 go1.18.2.src.tar.gz sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE diff --git a/package/go/go.mk b/package/go/go.mk index cf90ac876540..817363d8ff11 100644 --- a/package/go/go.mk +++ b/package/go/go.mk @@ -4,7 +4,7 @@ # ################################################################################ -GO_VERSION = 1.18.1 +GO_VERSION = 1.18.2 GO_SITE = https://storage.googleapis.com/golang GO_SOURCE = go$(GO_VERSION).src.tar.gz
Minor version bump to the latest release. Signed-off-by: Joel Stanley <joel@jms.id.au> --- package/go/go.hash | 2 +- package/go/go.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)