New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.10 backport] update to go 1.17.8 #43468
[20.10 backport] update to go 1.17.8 #43468
Commits on Apr 7, 2022
-
vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
full diff: golang/sys@b64e53b...d19ff85 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit f0d3e90) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 8392285 - Browse repository at this point
Copy the full SHA 8392285View commit details -
vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (fo…
…r Go 1.17) Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8, 2021) or later, see golang/go#45702. While this seems to affect macOS only, let's update to the latest version. full diff: golang/sys@d19ff85...63515b4 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit d48c8b7) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 949c33b - Browse repository at this point
Copy the full SHA 949c33bView commit details -
hack/vendor.sh: allow go version to be specified with .0
Golang '.0' releases are released without a trailing .0 (i.e. go1.17 is equal to go1.17.0). For the base image, we want to specify the go version including their patch release (golang:1.17 is equivalent to go1.17.x), so adjust the script to also accept the trailing .0, because otherwise the download-URL is not found: hack/vendor.sh archive/tar update vendored copy of archive/tar downloading: https://golang.org/dl/go1.17.0.src.tar.gz curl: (22) The requested URL returned error: 404 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 9ed88a0) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 95cc711 - Browse repository at this point
Copy the full SHA 95cc711View commit details -
Configuration menu - View commit details
-
Copy full SHA for a115024 - Browse repository at this point
Copy the full SHA a115024View commit details -
vendor: update archive/tar to match Go 1.17.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit aa60630) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 7096508 - Browse repository at this point
Copy the full SHA 7096508View commit details -
This includes additional fixes for CVE-2021-39293. go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and net/http packages. See the Go 1.17.1 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.1+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 0050ddd) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for c32b5ec - Browse repository at this point
Copy the full SHA c32b5ecView commit details -
go1.17.2 (released 2021-10-07) includes a security fix to the linker and misc/wasm directory, as well as bug fixes to the compiler, the runtime, the go command, and to the time and text/template packages. See the Go 1.17.2 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.2+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit e7fb0c8) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 4e14dcc - Browse repository at this point
Copy the full SHA 4e14dccView commit details -
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the go command, the misc/wasm directory, and to the net/http and syscall packages. See the Go 1.17.3 milestone on our issue tracker for details. From the announcement e-mail: [security] Go 1.17.3 and Go 1.16.10 are released We have just released Go versions 1.17.3 and 1.16.10, minor point releases. These minor releases include two security fixes following the security policy: - archive/zip: don't panic on (*Reader).Open Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made to panic by an attacker providing either a crafted ZIP archive containing completely invalid names or an empty filename argument. Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue golang.org/issue/48085. - debug/macho: invalid dynamic symbol table command can cause panic Malformed binaries parsed using Open or OpenFat can cause a panic when calling ImportedSymbols, due to an out-of-bounds slice operation. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit ce668d6) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for ecfba8f - Browse repository at this point
Copy the full SHA ecfba8fView commit details -
go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, runtime, and the go/types, net/http, and time packages. See the Go 1.17.4 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.4+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 6bb3891) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 36e164b - Browse repository at this point
Copy the full SHA 36e164bView commit details -
go1.17.5 (released 2021-12-09) includes security fixes to the syscall and net/http packages. See the Go 1.17.5 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.5+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit d620cb6) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for fdf3020 - Browse repository at this point
Copy the full SHA fdf3020View commit details -
go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. See the Go 1.17.6 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.6+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit f85ae52) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 55b72c7 - Browse repository at this point
Copy the full SHA 55b72c7View commit details -
Includes security fixes for crypto/elliptic (CVE-2022-23806), math/big (CVE-2022-23772), and cmd/go (CVE-2022-23773). go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic, math/big packages and to the go command, as well as bug fixes to the compiler, linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest packages. See the Go 1.17.7 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.7+label%3ACherryPickApproved full diff: golang/go@go1.17.6...go1.17.7 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit cad6c8f) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 5957684 - Browse repository at this point
Copy the full SHA 5957684View commit details -
update to go 1.17.8 to address CVE-2022-24921
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921) go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509, and net packages. See the Go 1.17.8 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved full diff: golang/go@go1.17.7...go1.17.8 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit e781cf5) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Configuration menu - View commit details
-
Copy full SHA for 09d6fcd - Browse repository at this point
Copy the full SHA 09d6fcdView commit details