Skip to content

golang: bump to 1.25.6 #28378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
smallprogram wants to merge 1 commit into
base: master
Choose a base branch
from
Open

golang: bump to 1.25.6 #28378

smallprogram wants to merge 1 commit into from

Conversation

@smallprogram
Copy link

@smallprogram smallprogram commented Jan 18, 2026
edited
Loading

📦 Package Details

Maintainer: @jefferyto, @1715173329
(You can find this by checking the history of the package Makefile.)

Description:

golang: bump to 1.25.6

Fixes: CVE-2025-61726
Fixes: CVE-2025-61728
Fixes: CVE-2025-61730
Fixes: CVE-2025-61731
Fixes: CVE-2025-68119
Fixes: CVE-2025-68121

Link: https://github.com/golang/go/issues?q=milestone%3AGo1.25.6+label%3ACherryPickApproved

🧪 Run Testing Details

  • OpenWrt Version: SNAPSHOT
  • OpenWrt Target/Subtarget: x86/64
  • OpenWrt Device: QEMU

✅ Formalities

  • I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

@GeorgeSapkin
Copy link
Member

GeorgeSapkin commented Jan 18, 2026

You need to follow the submissions guidelines regarding the commit message. Check previous golang version bump commits to see what's usually included.

@smallprogram smallprogram deleted the golang branch January 18, 2026 17:46
@smallprogram smallprogram restored the golang branch January 19, 2026 02:59
@smallprogram smallprogram reopened this Jan 19, 2026
@smallprogram
Copy link
Author

smallprogram commented Jan 19, 2026

You need to follow the submissions guidelines regarding the commit message. Check previous golang version bump commits to see what's usually included.

request review

@GeorgeSapkin
Copy link
Member

GeorgeSapkin commented Jan 19, 2026

You didn't change anything about the commit.

@smallprogram
Copy link
Author

smallprogram commented Jan 19, 2026

You didn't change anything about the commit.

done

@smallprogram smallprogram force-pushed the golang branch 2 times, most recently from 32d905a to 426fdda Compare January 19, 2026 12:52
@GeorgeSapkin
Copy link
Member

GeorgeSapkin commented Jan 19, 2026

Please add a list of all CVEs fixed in the release based on the release notes in the mailing list using the format from previous commits.

@GeorgeSapkin
Copy link
Member

GeorgeSapkin commented Jan 19, 2026
edited
Loading

Don't add links to CVEs, CVE ID is enough. Sort CVEs by ID lexicographically. Prefix the milestone URL with Link: instead. Remove the empty line between the last link and sign-off. And commit message lines should be 75 characters long max. Please read the submission guidelines.

@smallprogram smallprogram force-pushed the golang branch 2 times, most recently from 0d24965 to 5adbc18 Compare January 19, 2026 19:44
@smallprogram
Copy link
Author

smallprogram commented Jan 20, 2026
edited
Loading

@GeorgeSapkin

[fail] Commit subject must be <= 60 (and should be <= 50) characters long
       Actual: subject is 305 characters long
       golang: bump to 1.25.6 Fixes: CVE-2025-61726 Fixes: CVE-2025-61728 Fixes: CVE-2025-61730 Fixes: CVE-2025-61731 Fixes: CVE-2025-68119 Fixes: CVE-2025-68121 Link:https://github.com/golang/go/issues?q=milestone%3AGo1.25.6+label%3ACherryPickApproved Signed-off-by: David Mandy <smallprogramzhusir@gmail.com>

I followed your instructions. However, I'm still getting a message that the commit subject is too long. What should I do? Should I delete some content or something else?
I noticed that many previous commits related to Go version upgrades also had very long commit subjects, so why didn't they have any problems?

@GeorgeSapkin
Copy link
Member

GeorgeSapkin commented Jan 20, 2026

This doesn't look like a valid commit message:

=?UTF-8?q?golang:=20bump=20to=201.25.6=20Fixes:=20CVE-202?=
 =?UTF-8?q?5-61726=20Fixes:=20CVE-2025-61728=20Fixes:=20CVE-2025-61730=20F?=
 =?UTF-8?q?ixes:=20CVE-2025-61731=20Fixes:=20CVE-2025-68119=20Fixes:=20CVE?=
 =?UTF-8?q?-2025-68121=20Link=EF=BC=9Ahttps://github.com/golang/go/issues?=
 =?UTF-8?q?=3Fq=3Dmilestone%3AGo1.25.6+label%3ACherryPickApproved=20Signed?=
 =?UTF-8?q?-off-by:=20David=20Mandy=20<smallprogramzhusir@gmail.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From https://patch-diff.githubusercontent.com/raw/openwrt/packages/pull/28378.patch

@smallprogram
Copy link
Author

smallprogram commented Jan 20, 2026
edited
Loading

This doesn't look like a valid commit message:

=?UTF-8?q?golang:=20bump=20to=201.25.6=20Fixes:=20CVE-202?=
 =?UTF-8?q?5-61726=20Fixes:=20CVE-2025-61728=20Fixes:=20CVE-2025-61730=20F?=
 =?UTF-8?q?ixes:=20CVE-2025-61731=20Fixes:=20CVE-2025-68119=20Fixes:=20CVE?=
 =?UTF-8?q?-2025-68121=20Link=EF=BC=9Ahttps://github.com/golang/go/issues?=
 =?UTF-8?q?=3Fq=3Dmilestone%3AGo1.25.6+label%3ACherryPickApproved=20Signed?=
 =?UTF-8?q?-off-by:=20David=20Mandy=20<smallprogramzhusir@gmail.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From https://patch-diff.githubusercontent.com/raw/openwrt/packages/pull/28378.patch

Fixed, My problem was caused by using a full-width colon. I hope it passes the CI test.

@smallprogram
Copy link
Author

smallprogram commented Jan 21, 2026

@GeorgeSapkin is ok?

@moetayuko moetayuko mentioned this pull request Jan 22, 2026
Closed
@laipeng668
Copy link
Contributor

laipeng668 commented Jan 22, 2026

The Signed-off-by also needs to be corrected to match the actual value.
If that's a hassle, I'd be glad to help by submitting the PR.

[fail] `Signed-off-by` must match author
       Actual: missing or doesn't match author
       Expected: `Signed-off-by: zhusir <smallprogram@foxmail.com>`

@vooon vooon mentioned this pull request Jan 22, 2026
Open
1 task
@smallprogram smallprogram force-pushed the golang branch 2 times, most recently from 2b9a753 to 96d0843 Compare January 22, 2026 13:07
@smallprogram
Copy link
Author

smallprogram commented Jan 22, 2026

The Signed-off-by also needs to be corrected to match the actual value. If that's a hassle, I'd be glad to help by submitting the PR.

[fail] `Signed-off-by` must match author
       Actual: missing or doesn't match author
       Expected: `Signed-off-by: zhusir <smallprogram@foxmail.com>`

Now that the author and commit information have been standardized, we are waiting for the CI process to execute.

@laipeng668
Copy link
Contributor

laipeng668 commented Jan 22, 2026

Everything seems to be in order. Please let me know if you need any further help.​

@smallprogram
Copy link
Author

smallprogram commented Jan 22, 2026

Everything seems to be in order. Please let me know if you need any further help.​

tks

@smallprogram @GeorgeSapkin
golang: bump to 1.25.6
6cb3083 
Fixes: CVE-2025-61726
Fixes: CVE-2025-61728
Fixes: CVE-2025-61730
Fixes: CVE-2025-61731
Fixes: CVE-2025-68119
Fixes: CVE-2025-68121
Link: https://github.com/golang/go/issues?q=milestone%3AGo1.25.6+label%3ACherryPickApproved
Signed-off-by: David Mandy <smallprogramzhusir@gmail.com>
@smallprogram
Copy link
Author

smallprogram commented Jan 22, 2026

The requested URL returned error: 500,This problem occurs frequently; perhaps rerunning the failed CI job will solve it...
😓😓😓😓😓😓😓😓😓

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@smallprogram @GeorgeSapkin @laipeng668