From a66a37866981e6ab53197932319ef19589698e26 Mon Sep 17 00:00:00 2001 From: Zephyr Lykos Date: Mon, 19 Feb 2024 19:47:01 +0800 Subject: [PATCH 1/2] golang: Update to 1.22.0 Added a third bootstrap stage since go1.22 (and onwards) requires at least go1.20.14 to build.[1] [1]: https://go.dev/doc/go1.22#bootstrap Signed-off-by: Zephyr Lykos --- lang/golang/golang/Makefile | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index 4ea28a873d..f11594f691 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk -GO_VERSION_MAJOR_MINOR:=1.21 -GO_VERSION_PATCH:=7 +GO_VERSION_MAJOR_MINOR:=1.22 +GO_VERSION_PATCH:=0 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=00197ab20f33813832bff62fd93cca1c42a08cc689a32a6672ca49591959bff6 +PKG_HASH:=4d196c3d41a0d6c1dfc64d04e3cc1f608b0c436bd87b7060ce3e23234e1f4d5c PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause @@ -95,6 +95,12 @@ BOOTSTRAP_1_17_HASH:=a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd BOOTSTRAP_1_17_BUILD_DIR:=$(HOST_BUILD_DIR)/.go_bootstrap_1.17 +BOOTSTRAP_1_20_SOURCE:=go1.20.14.src.tar.gz +BOOTSTRAP_1_20_SOURCE_URL:=$(GO_SOURCE_URLS) +BOOTSTRAP_1_20_HASH:=1aef321a0e3e38b7e91d2d7eb64040666cabdcc77d383de3c9522d0d69b67f4e + +BOOTSTRAP_1_20_BUILD_DIR:=$(HOST_BUILD_DIR)/.go_bootstrap_1.20 + include $(INCLUDE_DIR)/host-build.mk include $(INCLUDE_DIR)/package.mk include ../golang-compiler.mk @@ -104,6 +110,7 @@ PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DI HOST_UNPACK:=$(HOST_TAR) -C "$(HOST_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)" BOOTSTRAP_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(BOOTSTRAP_SOURCE)" BOOTSTRAP_1_17_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_1_17_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(BOOTSTRAP_1_17_SOURCE)" +BOOTSTRAP_1_20_UNPACK:=$(HOST_TAR) -C "$(BOOTSTRAP_1_20_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(BOOTSTRAP_1_20_SOURCE)" # don't strip ELF executables in test data RSTRIP:=: @@ -216,6 +223,22 @@ Hooks/HostPrepare/Post+=Bootstrap-1.17/Prepare $(eval $(call GoCompiler/AddProfile,Bootstrap-1.17,$(BOOTSTRAP_1_17_BUILD_DIR),,bootstrap-1.17,$(GO_HOST_OS_ARCH))) +# Bootstrap 1.20 + +define Download/golang-bootstrap-1.20 + FILE:=$(BOOTSTRAP_1_20_SOURCE) + URL:=$(BOOTSTRAP_1_20_SOURCE_URL) + HASH:=$(BOOTSTRAP_1_20_HASH) +endef +$(eval $(call Download,golang-bootstrap-1.20)) + +define Bootstrap-1.20/Prepare + mkdir -p "$(BOOTSTRAP_1_20_BUILD_DIR)" && $(BOOTSTRAP_1_20_UNPACK) ; +endef +Hooks/HostPrepare/Post+=Bootstrap-1.20/Prepare + +$(eval $(call GoCompiler/AddProfile,Bootstrap-1.20,$(BOOTSTRAP_1_20_BUILD_DIR),,bootstrap-1.20,$(GO_HOST_OS_ARCH))) + # Host ifeq ($(GO_HOST_PIE_SUPPORTED),1) @@ -251,8 +274,13 @@ define Host/Compile $(HOST_GO_VARS) \ ) - $(call GoCompiler/Host/Make, \ + $(call GoCompiler/Bootstrap-1.20/Make, \ GOROOT_BOOTSTRAP="$(BOOTSTRAP_1_17_BUILD_DIR)" \ + $(HOST_GO_VARS) \ + ) + + $(call GoCompiler/Host/Make, \ + GOROOT_BOOTSTRAP="$(BOOTSTRAP_1_20_BUILD_DIR)" \ $(if $(HOST_GO_ENABLE_PIE),GO_LDFLAGS="-buildmode pie") \ $(HOST_GO_VARS) \ ) From 456fa1f1b653831c7ddf896128f3b470391e99ee Mon Sep 17 00:00:00 2001 From: Zephyr Lykos Date: Fri, 8 Mar 2024 12:35:07 +0800 Subject: [PATCH 2/2] golang: Update to 1.22.1 Go 1.22.1 contains the following security fixes: - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm - CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm - CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect - CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping - CVE-2024-24784 net/mail: comments in display names are incorrectly handled https://go.dev/doc/devel/release#go1.22.1 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg Signed-off-by: Zephyr Lykos --- lang/golang/golang/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index f11594f691..8756dcf661 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.22 -GO_VERSION_PATCH:=0 +GO_VERSION_PATCH:=1 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=4d196c3d41a0d6c1dfc64d04e3cc1f608b0c436bd87b7060ce3e23234e1f4d5c +PKG_HASH:=79c9b91d7f109515a25fc3ecdaad125d67e6bdb54f6d4d98580f46799caea321 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause