* [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.4
@ 2023-11-07 22:17 Christian Stewart via buildroot
2023-11-08 7:09 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Christian Stewart via buildroot @ 2023-11-07 22:17 UTC (permalink / raw)
To: buildroot; +Cc: Christian Stewart, Yann E . MORIN, Thomas Petazzoni
Go version 1.21.4 includes the following security fixes:
CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device path prefix.
CVE-2023-45284: path/filepath: recognize device names with trailing spaces and superscripts
https://go.dev/doc/devel/release#go1.21.4
Signed-off-by: Christian Stewart <christian@aperture.us>
---
package/go/go.hash | 2 +-
package/go/go.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index 9499f50964..74b18a9b38 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
# From https://go.dev/dl
-sha256 186f2b6f8c8b704e696821b09ab2041a5c1ee13dcbc3156a13adcf75931ee488 go1.21.3.src.tar.gz
+sha256 47b26a83d2b65a3c1c1bcace273b69bee49a7a7b5168a7604ded3d26a37bd787 go1.21.4.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index ef27f32835..7bd7866a05 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.21.3
+GO_VERSION = 1.21.4
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
--
2.42.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.4
2023-11-07 22:17 [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.4 Christian Stewart via buildroot
@ 2023-11-08 7:09 ` Peter Korsgaard
2023-11-11 13:19 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-08 7:09 UTC (permalink / raw)
To: Christian Stewart; +Cc: Yann E . MORIN, Thomas Petazzoni, buildroot
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
> Go version 1.21.4 includes the following security fixes:
> CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device path prefix.
> CVE-2023-45284: path/filepath: recognize device names with trailing spaces and superscripts
> https://go.dev/doc/devel/release#go1.21.4
> Signed-off-by: Christian Stewart <christian@aperture.us>
Committed, thanks.
Can you also send a 1.20.11 bump for 2023.08.x / 2023.02.x?
> ---
> package/go/go.hash | 2 +-
> package/go/go.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
> diff --git a/package/go/go.hash b/package/go/go.hash
> index 9499f50964..74b18a9b38 100644
> --- a/package/go/go.hash
> +++ b/package/go/go.hash
> @@ -1,3 +1,3 @@
> # From https://go.dev/dl
> -sha256 186f2b6f8c8b704e696821b09ab2041a5c1ee13dcbc3156a13adcf75931ee488 go1.21.3.src.tar.gz
> +sha256 47b26a83d2b65a3c1c1bcace273b69bee49a7a7b5168a7604ded3d26a37bd787 go1.21.4.src.tar.gz
> sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
> diff --git a/package/go/go.mk b/package/go/go.mk
> index ef27f32835..7bd7866a05 100644
> --- a/package/go/go.mk
> +++ b/package/go/go.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
> -GO_VERSION = 1.21.3
> +GO_VERSION = 1.21.4
> GO_SITE = https://storage.googleapis.com/golang
> GO_SOURCE = go$(GO_VERSION).src.tar.gz
> --
> 2.42.1
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.4
2023-11-08 7:09 ` Peter Korsgaard
@ 2023-11-11 13:19 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2023-11-11 13:19 UTC (permalink / raw)
To: Christian Stewart; +Cc: Yann E . MORIN, Thomas Petazzoni, buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>>>>> "Christian" == Christian Stewart <christian@aperture.us> writes:
>> Go version 1.21.4 includes the following security fixes:
>> CVE-2023-45283: path/filepath: recognize \??\ as a Root Local Device path prefix.
>> CVE-2023-45284: path/filepath: recognize device names with trailing spaces and superscripts
>> https://go.dev/doc/devel/release#go1.21.4
>> Signed-off-by: Christian Stewart <christian@aperture.us>
> Committed, thanks.
> Can you also send a 1.20.11 bump for 2023.08.x / 2023.02.x?
For 2023.02.x / 2023.08.x I have bumped to 1.20.11 instead.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-11-11 13:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-07 22:17 [Buildroot] [PATCH v1 1/1] package/go: security bump to go1.21.4 Christian Stewart via buildroot
2023-11-08 7:09 ` Peter Korsgaard
2023-11-11 13:19 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox