Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go 1.17.8 #96193

Closed
wants to merge 1 commit into from
Closed

go 1.17.8 #96193

wants to merge 1 commit into from

Conversation

jidicula
Copy link
Contributor

@jidicula jidicula commented Mar 3, 2022

Created with brew bump-formula-pr.

resource blocks may require updates.

@BrewTestBot BrewTestBot added bump-formula-pr PR was created using `brew bump-formula-pr` CI-build-dependents-from-source Pass --build-dependents-from-source to brew test-bot. CI-linux-self-hosted Build on Linux self-hosted runner labels Mar 3, 2022
@jidicula
Copy link
Contributor Author

jidicula commented Mar 3, 2022

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB.

Thanks to Juho Nurminen of Mattermost for reporting this.

This is CVE-2022-24921 and golang/go#51112.

@chenrui333 chenrui333 added the long build Set a long timeout for formula testing label Mar 3, 2022
@iMichka iMichka added the CI-skip-recursive-dependents Pass --skip-recursive-dependents to brew test-bot. label Mar 3, 2022
@alebcay alebcay added the CI-long-timeout [DEPRECATED] Use longer GitHub Actions CI timeout. label Mar 3, 2022
@Bo98
Copy link
Member

Bo98 commented Mar 3, 2022

I'm happy to run this without CI-build-dependents-from-source unless someone has strong opinions otherwise. The original intention I had for adding that feature to test-bot was for source/build-incompatible updates (1.x -> 1.y), which this isn't and I've been wanting to implement smarter version management for a while now.

@stefanb
Copy link
Member

stefanb commented Mar 4, 2022

Should be easy, since

was done very recently, so likely no or only a few other formulas broke in the mean time.

@Bo98 Bo98 removed the CI-build-dependents-from-source Pass --build-dependents-from-source to brew test-bot. label Mar 4, 2022
@cho-m cho-m removed the CI-long-timeout [DEPRECATED] Use longer GitHub Actions CI timeout. label Mar 4, 2022
@BrewTestBot
Copy link
Member

🤖 A scheduled task has triggered a merge.

@carlocab
Copy link
Member

carlocab commented Mar 4, 2022

I'm happy to run this without CI-build-dependents-from-source unless someone has strong opinions otherwise. The original intention I had for adding that feature to test-bot was for source/build-incompatible updates (1.x -> 1.y), which this isn't and I've been wanting to implement smarter version management for a while now.

I've been thinking the same thing about building dependents from source for go too -- it probably shouldn't be done for patch releases.

@jidicula jidicula deleted the bump-go-1.17.8 branch April 12, 2022 18:11
@github-actions github-actions bot added the outdated PR was locked due to age label May 13, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Bo98 Bo98 Bo98 approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-linux-self-hosted Build on Linux self-hosted runner CI-skip-recursive-dependents Pass --skip-recursive-dependents to brew test-bot. long build Set a long timeout for formula testing outdated PR was locked due to age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@jidicula @Bo98 @stefanb @BrewTestBot @carlocab @chenrui333 @iMichka @alebcay @cho-m