From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Christian Stewart <christian@aperture.us>
Cc: buildroot@buildroot.org,
James Hilliard <james.hilliard1@gmail.com>,
Thomas Perale <thomas.perale@mind.be>,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: Re: [Buildroot] [PATCH v1 1/1] package/go: bump to version 1.26.1
Date: Sun, 08 Mar 2026 22:16:30 +0100 [thread overview]
Message-ID: <3c861042c8270fe75eaf6a41bebfc56f@free.fr> (raw)
In-Reply-To: <20260308005717.49411-1-christian@aperture.us>
Hi Christian,
Thanks for the patch. I have few comments, see below.
On 08/03/2026 01:57, Christian Stewart via buildroot wrote:
> For release notes, see:
> https://go.dev/doc/devel/release#go1.26.0
Buildroot has currently go 1.25.7.
The release note mention that it includes security fixes:
https://github.com/golang/go/issues?q=milestone%3AGo1.26.1%20label%3ASecurity
https://www.cve.org/CVERecord?id=CVE-2026-25679
affected from 0 before 1.25.8
https://www.cve.org/CVERecord?id=CVE-2026-27142
affected from 0 before 1.25.8
It also fixes those two issues introduced in go 1.26.0.
https://www.cve.org/CVERecord?id=CVE-2026-27137
https://www.cve.org/CVERecord?id=CVE-2026-27138
So I believe this bump should be marked as a security bump.
Could you confirm it is the case?
If yes, could you send an updated version of the patch
adding those details in the commit log, please?
[...]
> diff --git a/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> new file mode 100644
> index 0000000000..edd2e0a8c2
> --- /dev/null
> +++ b/package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
> @@ -0,0 +1,3 @@
> +# From https://go.dev/dl
> +sha256
> e988d4a2446ac7fe3f6daa089a58e9936a52a381355adec1c8983230a8d6c59e
> go1.25.8.src.tar.gz
> +sha256
> 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067
> LICENSE
Also, host-go-bootstrap-stage5 are failing with the error:
>>> host-go-bootstrap-stage5 1.25.8 Collecting legal info
ERROR: while checking hashes from
package/go/go-bootstrap-stage5/go-bootstrap-stage5.hash
ERROR: LICENSE has wrong sha256 hash:
ERROR: expected:
2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067
ERROR: got :
911f8f5782931320f5b8d1160a76365b83aea6447ee6c04fa6d5591467db9dad
ERROR: Incomplete download, or man-in-the-middle (MITM) attack
Could you fix the license hash, please?
Best regards,
Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2026-03-08 21:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-08 0:57 [Buildroot] [PATCH v1 1/1] package/go: bump to version 1.26.1 Christian Stewart via buildroot
2026-03-08 21:16 ` Julien Olivain via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3c861042c8270fe75eaf6a41bebfc56f@free.fr \
--to=buildroot@buildroot.org \
--cc=christian@aperture.us \
--cc=james.hilliard1@gmail.com \
--cc=ju.o@free.fr \
--cc=thomas.perale@mind.be \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox