From a453612e7cab5894b8562b863609b66ac9e06555 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Garcia?= Date: Thu, 7 May 2026 08:39:53 +0000 Subject: [PATCH] TUN-10507: Bump go and go-boring to 1.26.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## What Bumps go-boring from 1.26.0-1 to 1.26.2-1 and CI builder image from \`3501-fc698419a625\` to \`3595-779e088c0ec4\`. go1.26.2 (released 2026-04-07) includes security fixes to the \`go\` command, the compiler, and the \`archive/tar\`, \`crypto/tls\`, \`crypto/x509\`, \`html/template\`, and \`os\` packages, as well as bug fixes to the \`net\`, \`net/http\`, and \`net/url\` packages. ### Security fixes (relevant) - **crypto/tls**: multiple CVEs — cloudflared uses TLS extensively for tunnel connections - **crypto/x509**: CVE-2026-32280 (excessive chain-building in \`Verify\`), CVE-2026-32281 (quadratic work in policy validation) ### Net bug fixes (not applicable) - **net/url #78111**: \`url.Parse\` regression for MongoDB-style multi-host URLs — not used in cloudflared - **net/http #78019**: race condition on Windows when using \`os.File\` as HTTP request body — cloudflared does not pass \`os.File\` as a request body - **net #77885**: \`ReadMsgUDP\`/\`WriteMsgUDP\` WSAEFAULT on Windows with empty non-nil oob — quic-go uses \`basicConn\` on Windows (\`ReadFrom\`, not \`ReadMsgUDP\`) ## Jira [TUN-10507](https://jira.cfdata.org/browse/TUN-10507) --- .ci/image/Dockerfile | 2 +- .ci/linux.gitlab-ci.yml | 2 +- .gitlab-ci.yml | 2 +- Dockerfile | 2 +- Dockerfile.amd64 | 2 +- Dockerfile.arm64 | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.ci/image/Dockerfile b/.ci/image/Dockerfile index 4e3103db..fd25ffb5 100644 --- a/.ci/image/Dockerfile +++ b/.ci/image/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && \ apt-get install --no-install-recommends --allow-downgrades -y \ build-essential \ git \ - go-boring=1.26.0-1 \ + go-boring=1.26.2-1 \ libffi-dev \ procps \ python3-dev \ diff --git a/.ci/linux.gitlab-ci.yml b/.ci/linux.gitlab-ci.yml index d0c48727..89164b97 100644 --- a/.ci/linux.gitlab-ci.yml +++ b/.ci/linux.gitlab-ci.yml @@ -5,7 +5,7 @@ runner: linux-x86-8cpu-16gb stage: build golangVersion: "boring-1.26" - imageVersion: "3501-fc698419a625@sha256:aff18c895a50e8451982484e629319e893ebd411675e0482d247079801253e7b" + imageVersion: "3595-779e088c0ec4@sha256:a9825d640211b76915a60071e9bef3f73ad3572ce770c7c7dd36b3dd3687504c" CGO_ENABLED: 1 .default-packaging-job: &packaging-job-defaults diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4444e161..220fe4ec 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - GO_VERSION: "1.26.0" + GO_VERSION: "1.26.2" MAC_GO_VERSION: "go@$GO_VERSION" WIN_GO_VERSION: "go$GO_VERSION" GIT_DEPTH: "0" diff --git a/Dockerfile b/Dockerfile index aa00af9d..5917a6a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # use a builder image for building cloudflare ARG TARGET_GOOS ARG TARGET_GOARCH -FROM golang:1.26.0 AS builder +FROM golang:1.26.2 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ TARGET_GOOS=${TARGET_GOOS} \ diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 index 224d1f04..5b16292d 100644 --- a/Dockerfile.amd64 +++ b/Dockerfile.amd64 @@ -1,5 +1,5 @@ # use a builder image for building cloudflare -FROM golang:1.26.0 AS builder +FROM golang:1.26.2 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ # the CONTAINER_BUILD envvar is used set github.com/cloudflare/cloudflared/metrics.Runtime=virtual diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index fc9e2a9d..05c4ed94 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -1,5 +1,5 @@ # use a builder image for building cloudflare -FROM golang:1.26.0 AS builder +FROM golang:1.26.2 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ # the CONTAINER_BUILD envvar is used set github.com/cloudflare/cloudflared/metrics.Runtime=virtual