Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[20.10 backport] Bump go 1.16.6 #42643

Merged
merged 4 commits into from Jul 18, 2021
Merged

[20.10 backport] Bump go 1.16.6 #42643

merged 4 commits into from Jul 18, 2021

Conversation

thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jul 15, 2021
edited

opening as draft, as this is based on #42642. I'll rebase once that's merged done

backport of:

@thaJeztah thaJeztah added this to the 20.10.8 milestone Jul 15, 2021
@thaJeztah
Bump go 1.16.5
55c363e 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ae5ddd2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
update archive/tar patch for go 1.16
7c6645b 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f400e84)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
updated vendored archive/tar to go1.16.5
abe8c4e 
result of: `hack/vendor.sh archive/tar`

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3ed804a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Bump go 1.16.6 (addresses CVE-2021-34558)
b0da207 
This addresses CVE-2021-34558: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558

go1.16.6 (released 2021-07-12) includes a security fix to the crypto/tls package,
as well as bug fixes to the compiler, and the net and net/http packages. See the
Go 1.16.6 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.16.6+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fe6f1a4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah marked this pull request as ready for review July 16, 2021 17:45
@thaJeztah thaJeztah requested a review from tianon as a code owner July 16, 2021 17:45
samuelkarp
samuelkarp approved these changes Jul 18, 2021
View reviewed changes
Copy link
Member

@samuelkarp samuelkarp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AkihiroSuda AkihiroSuda merged commit e7bf992 into moby:20.10 Jul 18, 2021
@thaJeztah thaJeztah deleted the 20.10_backport_bump_go116 branch July 18, 2021 13:24
@AkihiroSuda AkihiroSuda mentioned this pull request Jul 19, 2021
Closed
@kolyshkin kolyshkin mentioned this pull request Jul 20, 2021
Merged
@thomasgl-orange
Copy link

thomasgl-orange commented Aug 4, 2021
edited

@thaJeztah : I just got beaten by upgrading to 20.10.8 on a server with an $HTTP_PROXY environment variable but no $HTTPS_PROXY. This used to work fine for accessing https://... images registries through the HTTP proxy, but does not work any more after this golang 1.16.x update; see golang/go#40909 and 1.16 release notes.
Maybe that's something which would be worth mentioning in the 20.10.8 release notes, because if it has happened to me a few hours after the release, I assume I won't be the only one.

@thaJeztah
Copy link
Member Author

@thomasgl-orange ah, good call, yes. Are you interested in contributing a PR in the documentation repository? https://github.com/docker/docker.github.io/blob/master/engine/release-notes/index.md

(I'll amend the release notes in this repository as well after that)

@thaJeztah
Copy link
Member Author

TBH, I'm still on the fence if golang/go#40909 was the right thing to do; I don't see a reason for doing that (other than some obscure use-case reported by the user), as using a HTTP_PROXY for https:// request (AFAIK) should be valid.

@thomasgl-orange thomasgl-orange mentioned this pull request Aug 4, 2021
Merged
@thomasgl-orange
Copy link

Thanks for the quick reply.

Are you interested in contributing a PR in the documentation repository?

Would something like docker/docs#13284 be okay?

TBH, I'm still on the fence if golang/go#40909 was the right thing to do

I don't mind having to set a distinct proxy env var for https (curl does it too, it won't use $http_proxy for https, IIRC). But as a Java dev, I'm amazed that such changes in a standard lib can happen without a 10 years deprecation notice :-)

@thaJeztah
Copy link
Member Author

Would something like docker/docs#13284 be okay?

Thank you! I'll review that one shortly

I'm amazed that such changes in a standard lib can happen without a 10 years deprecation notice :-)

Agreed. It's somewhat "unexpected".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samuelkarp samuelkarp samuelkarp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@tianon tianon Awaiting requested review from tianon

Assignees
No one assigned
Labels
impact/changelog status/2-code-review
Projects
None yet
Milestone
20.10.8
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@thaJeztah @thomasgl-orange @samuelkarp @AkihiroSuda