e5500 is the only powerpc64 target we have in tree, but it's not
supported by golang[1]. Since it's hard to opt e5500 out from the
supported arch list, simply remove powerpc64 from it for now.
1. https://github.com/golang/go/issues/19074
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.24.1 (released 2025-03-04) includes security fixes to the net/http
package, as well as bug fixes to cgo, the compiler, the go command,
and the reflect, runtime, and syscall packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the
compiler, the runtime, and the net package.
go1.23.6 (released 2025-02-04) includes security fixes to the
crypto/elliptic package, as well as bug fixes to the compiler
and the go command.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.23.4 (released 2024-12-03) includes fixes to the compiler, the
runtime, the trace command, and the syscall package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.23.3 (released 2024-11-06) includes fixes to the linker,
the runtime, and the net/http, os, and syscall packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo,
the runtime, and the maps, os, os/exec, time, and unique packages.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Added GOARM64 and GORISCV64 in golang-build.sh.
Drop deprecated GOROOT_FINAL in GoCompiler/Default/Make.
Updated environment vars in golang-values.mk for GOARM64 and GORISCV64.
Refined host build in golang/Makefile for openbsd_riscv64.
Co-authored-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Go 1.23.1 (released 2024-09-05) includes security fixes to
the encoding/gob, go/build/constraint, and go/parser
packages. It also addresses bug fixes in the compiler,
go command, runtime, and the database/sql, go/types,
os, runtime/trace, and unique packages.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
go1.22.7(released 2024-09-05)includes security fixes to the encoding/gob,
go/build/constraint, and go/parser packages,
as well as bug fixes to the fix command and the runtime.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
go1.22.5 (2024-07-02) includes security fixes to the net/http package,
as well as bug fixes to the compiler, cgo, the go command, the linker,
the runtime, and the crypto/tls, go/types, net, net/http, and os/exec.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
go1.22.4 (released 2024-06-04) includes
security fixes to the archive/zip and net/netip packages,
as well as bug fixes to the compiler,
the go command, the linker,
the runtime, and the os package.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
go1.22.3 (released 2024-05-07) includes security fixes to the go command
and the net package, as well as bug fixes to the compiler, the runtime,
and the net/http package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Go 1.22.1 contains the following security fixes:
- CVE-2024-24783:
crypto/x509: Verify panics on certificates with an unknown public key
algorithm
- CVE-2023-45290
net/http: memory exhaustion in Request.ParseMultipartForm
- CVE-2023-45289
net/http, net/http/cookiejar: incorrect forwarding of sensitive headers
and cookies on HTTP redirect
- CVE-2024-24785
html/template: errors returned from MarshalJSON methods may break
template escaping
- CVE-2024-24784
net/mail: comments in display names are incorrectly handled
https://go.dev/doc/devel/release#go1.22.1https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.
go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Includes fixes for CVE-2023-45283 and CVE-2023-45284 (path/filepath:
insecure parsing of Windows paths).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Upstream has updated the Go compiler to not use gold when building for
arm, and is waiting for a fix to binutils (released in 2.41) before
doing the same for aarch64.[1]
Based on the above, it does not appear that
https://github.com/golang/go/pull/49748 will be merged. This removes the
patch from that pull request.
[1]: https://github.com/golang/go/issues/22040
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-29409 (crypto/tls: verifying certificate
chains containing large RSA keys is slow).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-29406 (net/http: insufficient sanitization of
Host header).
This also updates the copyright information for various Go packaging
files.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Includes fixes for:
* 1.20.1:
* CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
Windows
* CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
decoding
* CVE-2022-41724: crypto/tls: large handshake records may cause panics
* CVE-2022-41725: net/http, mime/multipart: denial of service from
excessive resource consumption
* 1.20.2:
* CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
produce incorrect results
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).
This also includes makefile updates for Go 1.19.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Go1.19.5 (released 2023-01-10) includes fixes to the compiler,
the linker, and the crypto/x509, net/http, sync/atomic,
and syscall packages.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
for some use cases, for example:
a system with 64 bit kernel
and 32 bit userspace programs
the local Go installation is "detected"
using the kernel "uname",
causing build failure if they happen to differ
by adding the argument GOHOSTARCH using the corresponding make variable
it would be fully controlled in the openwrt git tree
based on the HOST_ARCH make variable.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
