* [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3
@ 2026-05-07 19:50 Peter Korsgaard
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Peter Korsgaard @ 2026-05-07 19:50 UTC (permalink / raw)
To: buildroot; +Cc: Thomas Perale, Christian Stewart
Fixes the following security issues:
CVE-2026-33811: net: crash when handling long CNAME response
CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
SETTINGS_MAX_FRAME_SIZE
CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
CVE-2026-39819: md/go: "go bug" follows symlinks in predictable temporary
filenames
CVE-2026-39820: net/mail: quadratic string concatenation in consumeComment
CVE-2026-39823: html/template: bypass of meta content URL escaping causes
XSS
CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
than urlmaxqueryparams parameters
CVE-2026-39826: html/template: escaper bypass leads to XSS
CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
Windows
CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
go1.26.3 (released 2026-05-07) includes security fixes to the go command,
the pack tool, and the html/template, net, net/http, net/http/httputil,
net/mail, and syscall packages, as well as bug fixes to the go command, the
go fix command, the compiler, the linker, the runtime, and the
crypto/fips140, crypto/tls, go/types, and os packages.
https://go.dev/doc/devel/release#go1.26.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/go/go.hash | 14 +++++++-------
package/go/go.mk | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index 77be843c83..69f2a3139c 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,9 +1,9 @@
# sha256 checksum from https://go.dev/dl/
-sha256 2e91ebb6947a96e9436fb2b3926a8802efe63a6d375dffec4f82aa9dbd6fd43b go1.26.2.src.tar.gz
-sha256 89835cdc4dfebde7fe28c9c6dc080bb3753f6b0354301966ff9f62d14991bd7d go1.26.2.linux-386.tar.gz
-sha256 990e6b4bbba816dc3ee129eaeaf4b42f17c2800b88a2166c265ac1a200262282 go1.26.2.linux-amd64.tar.gz
-sha256 c958a1fe1b361391db163a485e21f5f228142d6f8b584f6bef89b26f66dc5b23 go1.26.2.linux-arm64.tar.gz
-sha256 0000e45577827b0a8868588c543cbe4232853def1d3d7a344ad6e60ce2b015c8 go1.26.2.linux-armv6l.tar.gz
-sha256 62b7645dd2404052535617c59e91cf03c7aa28e332dbaddbe4c0d7de7bcc6736 go1.26.2.linux-ppc64le.tar.gz
-sha256 410726ed10a0ea6745c2ea8da4f0e769fd3ce819cd4a41a67ad08b094d5dfc31 go1.26.2.linux-s390x.tar.gz
+sha256 1c646875d0aa8799133184ed57cf79ff24bdefe8c8820470602a9d3d6d9192b8 go1.26.3.src.tar.gz
+sha256 0ef3626a149b5811c813838c62b7d6618d03ea36047b32c90b0e4851cc42b1fa go1.26.3.linux-386.tar.gz
+sha256 2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556 go1.26.3.linux-amd64.tar.gz
+sha256 9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565 go1.26.3.linux-arm64.tar.gz
+sha256 d44133d4c66b1451a1e247da26db7716f76a081c0169a75e6c84e1871e394320 go1.26.3.linux-armv6l.tar.gz
+sha256 dbd82b50530ead2beb1fd72215117380df3cb16332b51467116dc35b3691dd75 go1.26.3.linux-ppc64le.tar.gz
+sha256 5c0605b7175449f1c8e8cb02efaba2695caab914fad4dcedc764c2f4c6dfe6ca go1.26.3.linux-s390x.tar.gz
sha256 911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 67948dc405..ebd0d418ef 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.26.2
+GO_VERSION = 1.26.3
HOST_GO_GOPATH = $(HOST_DIR)/share/go-path
HOST_GO_HOST_CACHE = $(HOST_DIR)/share/host-go-cache
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10
2026-05-07 19:50 [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Peter Korsgaard
@ 2026-05-07 19:50 ` Peter Korsgaard
2026-05-07 23:03 ` Christian Stewart via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
2026-05-08 9:19 ` [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Julien Olivain via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
2 siblings, 2 replies; 6+ messages in thread
From: Peter Korsgaard @ 2026-05-07 19:50 UTC (permalink / raw)
To: buildroot; +Cc: Thomas Perale, Christian Stewart
Fixes the following security issues:
CVE-2026-33811: net: crash when handling long CNAME response
CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
SETTINGS_MAX_FRAME_SIZE
CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
CVE-2026-39819: md/go: "go bug" follows symlinks in predictable temporary
filenames
CVE-2026-39820: net/mail: quadratic string concatenation in consumeComment
CVE-2026-39823: html/template: bypass of meta content URL escaping causes
XSS
CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
than urlmaxqueryparams parameters
CVE-2026-39826: html/template: escaper bypass leads to XSS
CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
Windows
CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
go1.25.10 (released 2026-05-07) includes security fixes to the go command,
the pack tool, and the html/template, net, net/http, net/http/httputil,
net/mail, and syscall packages, as well as bug fixes to the go command, the
compiler, the linker, the runtime, and the crypto/fips140, go/types, and os
packages.
https://go.dev/doc/devel/release#go1.25.10
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash | 2 +-
package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
index 5e40ba7e6e..58391471d9 100644
--- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
+++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
@@ -1,3 +1,3 @@
# From https://go.dev/dl
-sha256 e988d4a2446ac7fe3f6daa089a58e9936a52a381355adec1c8983230a8d6c59e go1.25.8.src.tar.gz
+sha256 20cf04a92e5af99748e341bc8996fa28090c9ac98765fa115ec5ddf41d7af41d go1.25.10.src.tar.gz
sha256 911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad LICENSE
diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
index 9006e5bf44..85468414a2 100644
--- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
+++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
@@ -6,7 +6,7 @@
# Use last Go version that go-bootstrap-stage4 can build: v1.25.x
# See https://go.dev/doc/go1.26#bootstrap
-GO_BOOTSTRAP_STAGE5_VERSION = 1.25.8
+GO_BOOTSTRAP_STAGE5_VERSION = 1.25.10
GO_BOOTSTRAP_STAGE5_SITE = https://go.dev/dl
GO_BOOTSTRAP_STAGE5_SOURCE = go$(GO_BOOTSTRAP_STAGE5_VERSION).src.tar.gz
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
@ 2026-05-07 23:03 ` Christian Stewart via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
1 sibling, 0 replies; 6+ messages in thread
From: Christian Stewart via buildroot @ 2026-05-07 23:03 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot, Thomas Perale
Hi all,
On Thu, May 7, 2026 at 12:50 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> Fixes the following security issues:
>
> CVE-2026-33811: net: crash when handling long CNAME response
> CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
> SETTINGS_MAX_FRAME_SIZE
> CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
> CVE-2026-39819: md/go: "go bug" follows symlinks in predictable temporary
> filenames
> CVE-2026-39820: net/mail: quadratic string concatenation in consumeComment
> CVE-2026-39823: html/template: bypass of meta content URL escaping causes
> XSS
> CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
> than urlmaxqueryparams parameters
> CVE-2026-39826: html/template: escaper bypass leads to XSS
> CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
> Windows
> CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
> CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
>
> go1.25.10 (released 2026-05-07) includes security fixes to the go command,
> the pack tool, and the html/template, net, net/http, net/http/httputil,
> net/mail, and syscall packages, as well as bug fixes to the go command, the
> compiler, the linker, the runtime, and the crypto/fips140, go/types, and os
> packages.
>
> https://go.dev/doc/devel/release#go1.25.10
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash | 2 +-
> package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> index 5e40ba7e6e..58391471d9 100644
> --- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> +++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> @@ -1,3 +1,3 @@
> # From https://go.dev/dl
> -sha256 e988d4a2446ac7fe3f6daa089a58e9936a52a381355adec1c8983230a8d6c59e go1.25.8.src.tar.gz
> +sha256 20cf04a92e5af99748e341bc8996fa28090c9ac98765fa115ec5ddf41d7af41d go1.25.10.src.tar.gz
> sha256 911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad LICENSE
> diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> index 9006e5bf44..85468414a2 100644
> --- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> +++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> @@ -6,7 +6,7 @@
>
> # Use last Go version that go-bootstrap-stage4 can build: v1.25.x
> # See https://go.dev/doc/go1.26#bootstrap
> -GO_BOOTSTRAP_STAGE5_VERSION = 1.25.8
> +GO_BOOTSTRAP_STAGE5_VERSION = 1.25.10
Lgtm.
Reviewed-by: Christian Stewart <christian@aperture.us>
For what it's worth, this is just used to bootstrap the Go compiler,
so these CVEs wouldn't really apply.
Best,
Christian
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3
2026-05-07 19:50 [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Peter Korsgaard
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
@ 2026-05-08 9:19 ` Julien Olivain via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
2 siblings, 0 replies; 6+ messages in thread
From: Julien Olivain via buildroot @ 2026-05-08 9:19 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot, Thomas Perale, Christian Stewart
On 07/05/2026 21:50, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> CVE-2026-33811: net: crash when handling long CNAME response
> CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given
> bad
> SETTINGS_MAX_FRAME_SIZE
> CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
> CVE-2026-39819: md/go: "go bug" follows symlinks in predictable
> temporary
> filenames
> CVE-2026-39820: net/mail: quadratic string concatenation in
> consumeComment
> CVE-2026-39823: html/template: bypass of meta content URL escaping
> causes
> XSS
> CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with
> more
> than urlmaxqueryparams parameters
> CVE-2026-39826: html/template: escaper bypass leads to XSS
> CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL
> byte on
> Windows
> CVE-2026-42499: net/mail: quadratic string concatenation in
> consumePhrase
> CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum
> database
>
> go1.26.3 (released 2026-05-07) includes security fixes to the go
> command,
> the pack tool, and the html/template, net, net/http, net/http/httputil,
> net/mail, and syscall packages, as well as bug fixes to the go command,
> the
> go fix command, the compiler, the linker, the runtime, and the
> crypto/fips140, crypto/tls, go/types, and os packages.
>
> https://go.dev/doc/devel/release#go1.26.3
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Series applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
2026-05-07 23:03 ` Christian Stewart via buildroot
@ 2026-05-15 17:46 ` Thomas Perale via buildroot
1 sibling, 0 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2026-05-15 17:46 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Thomas Perale, buildroot
In reply of:
> Fixes the following security issues:
>
> CVE-2026-33811: net: crash when handling long CNAME response
> CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
> SETTINGS_MAX_FRAME_SIZE
> CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
> CVE-2026-39819: md/go: "go bug" follows symlinks in predictable temporary
> filenames
> CVE-2026-39820: net/mail: quadratic string concatenation in consumeComment
> CVE-2026-39823: html/template: bypass of meta content URL escaping causes
> XSS
> CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
> than urlmaxqueryparams parameters
> CVE-2026-39826: html/template: escaper bypass leads to XSS
> CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
> Windows
> CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
> CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
>
> go1.25.10 (released 2026-05-07) includes security fixes to the go command,
> the pack tool, and the html/template, net, net/http, net/http/httputil,
> net/mail, and syscall packages, as well as bug fixes to the go command, the
> compiler, the linker, the runtime, and the crypto/fips140, go/types, and os
> packages.
>
> https://go.dev/doc/devel/release#go1.25.10
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to 2026.02.x. Thanks
> ---
> package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash | 2 +-
> package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> index 5e40ba7e6e..58391471d9 100644
> --- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> +++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> @@ -1,3 +1,3 @@
> # From https://go.dev/dl
> -sha256 e988d4a2446ac7fe3f6daa089a58e9936a52a381355adec1c8983230a8d6c59e go1.25.8.src.tar.gz
> +sha256 20cf04a92e5af99748e341bc8996fa28090c9ac98765fa115ec5ddf41d7af41d go1.25.10.src.tar.gz
> sha256 911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad LICENSE
> diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> index 9006e5bf44..85468414a2 100644
> --- a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> +++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.mk
> @@ -6,7 +6,7 @@
>
> # Use last Go version that go-bootstrap-stage4 can build: v1.25.x
> # See https://go.dev/doc/go1.26#bootstrap
> -GO_BOOTSTRAP_STAGE5_VERSION = 1.25.8
> +GO_BOOTSTRAP_STAGE5_VERSION = 1.25.10
> GO_BOOTSTRAP_STAGE5_SITE = https://go.dev/dl
> GO_BOOTSTRAP_STAGE5_SOURCE = go$(GO_BOOTSTRAP_STAGE5_VERSION).src.tar.gz
>
> --
> 2.47.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3
2026-05-07 19:50 [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Peter Korsgaard
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
2026-05-08 9:19 ` [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Julien Olivain via buildroot
@ 2026-05-15 17:46 ` Thomas Perale via buildroot
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Perale via buildroot @ 2026-05-15 17:46 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Thomas Perale, buildroot
In reply of:
> Fixes the following security issues:
>
> CVE-2026-33811: net: crash when handling long CNAME response
> CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad
> SETTINGS_MAX_FRAME_SIZE
> CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
> CVE-2026-39819: md/go: "go bug" follows symlinks in predictable temporary
> filenames
> CVE-2026-39820: net/mail: quadratic string concatenation in consumeComment
> CVE-2026-39823: html/template: bypass of meta content URL escaping causes
> XSS
> CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more
> than urlmaxqueryparams parameters
> CVE-2026-39826: html/template: escaper bypass leads to XSS
> CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on
> Windows
> CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase
> CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database
>
> go1.26.3 (released 2026-05-07) includes security fixes to the go command,
> the pack tool, and the html/template, net, net/http, net/http/httputil,
> net/mail, and syscall packages, as well as bug fixes to the go command, the
> go fix command, the compiler, the linker, the runtime, and the
> crypto/fips140, crypto/tls, go/types, and os packages.
>
> https://go.dev/doc/devel/release#go1.26.3
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to 2026.02.x. Thanks
> ---
> package/go/go.hash | 14 +++++++-------
> package/go/go.mk | 2 +-
> 2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/package/go/go.hash b/package/go/go.hash
> index 77be843c83..69f2a3139c 100644
> --- a/package/go/go.hash
> +++ b/package/go/go.hash
> @@ -1,9 +1,9 @@
> # sha256 checksum from https://go.dev/dl/
> -sha256 2e91ebb6947a96e9436fb2b3926a8802efe63a6d375dffec4f82aa9dbd6fd43b go1.26.2.src.tar.gz
> -sha256 89835cdc4dfebde7fe28c9c6dc080bb3753f6b0354301966ff9f62d14991bd7d go1.26.2.linux-386.tar.gz
> -sha256 990e6b4bbba816dc3ee129eaeaf4b42f17c2800b88a2166c265ac1a200262282 go1.26.2.linux-amd64.tar.gz
> -sha256 c958a1fe1b361391db163a485e21f5f228142d6f8b584f6bef89b26f66dc5b23 go1.26.2.linux-arm64.tar.gz
> -sha256 0000e45577827b0a8868588c543cbe4232853def1d3d7a344ad6e60ce2b015c8 go1.26.2.linux-armv6l.tar.gz
> -sha256 62b7645dd2404052535617c59e91cf03c7aa28e332dbaddbe4c0d7de7bcc6736 go1.26.2.linux-ppc64le.tar.gz
> -sha256 410726ed10a0ea6745c2ea8da4f0e769fd3ce819cd4a41a67ad08b094d5dfc31 go1.26.2.linux-s390x.tar.gz
> +sha256 1c646875d0aa8799133184ed57cf79ff24bdefe8c8820470602a9d3d6d9192b8 go1.26.3.src.tar.gz
> +sha256 0ef3626a149b5811c813838c62b7d6618d03ea36047b32c90b0e4851cc42b1fa go1.26.3.linux-386.tar.gz
> +sha256 2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556 go1.26.3.linux-amd64.tar.gz
> +sha256 9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565 go1.26.3.linux-arm64.tar.gz
> +sha256 d44133d4c66b1451a1e247da26db7716f76a081c0169a75e6c84e1871e394320 go1.26.3.linux-armv6l.tar.gz
> +sha256 dbd82b50530ead2beb1fd72215117380df3cb16332b51467116dc35b3691dd75 go1.26.3.linux-ppc64le.tar.gz
> +sha256 5c0605b7175449f1c8e8cb02efaba2695caab914fad4dcedc764c2f4c6dfe6ca go1.26.3.linux-s390x.tar.gz
> sha256 911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad LICENSE
> diff --git a/package/go/go.mk b/package/go/go.mk
> index 67948dc405..ebd0d418ef 100644
> --- a/package/go/go.mk
> +++ b/package/go/go.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -GO_VERSION = 1.26.2
> +GO_VERSION = 1.26.3
>
> HOST_GO_GOPATH = $(HOST_DIR)/share/go-path
> HOST_GO_HOST_CACHE = $(HOST_DIR)/share/host-go-cache
> --
> 2.47.3
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-15 17:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-07 19:50 [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Peter Korsgaard
2026-05-07 19:50 ` [Buildroot] [PATCH 2/2] package/go-bootstrap-stage5: security bump to version 1.25.10 Peter Korsgaard
2026-05-07 23:03 ` Christian Stewart via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
2026-05-08 9:19 ` [Buildroot] [PATCH 1/2] package/go: security bump to version 1.26.3 Julien Olivain via buildroot
2026-05-15 17:46 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox