gocryptfs/go.mod, branch v2.5.3 Mirror of gocryptfs source code on Github http://nuetzlich.net/cgit/gocryptfs/atom?h=v2.5.3 2025-03-01T19:54:10+00:00 go.mod: upgrade to golang.org/x/crypto@v0.33.0 2025-03-01T19:54:10+00:00 Jakob Unterwurzacher 2025-03-01T19:54:10+00:00 urn:sha1:6cf295e0e13ec21b207bdf1309907e7c43b33726 I did NOT upgrade to x/crypto@v0.35.0 yet because this requires go 1.23.0 (https://go.googlesource.com/crypto/+/89ff08d67c4d79f9ac619aaf1f7388888798651f) and our github workflow tests go 1.18.x and newer. go.mod: upgrade golang.org/x/sys 2025-02-26T21:01:13+00:00 Jakob Unterwurzacher 2025-02-26T21:00:03+00:00 urn:sha1:ec506e501fa39b65083f405b25c2af0d8875ef7a Now that we have our own wrappers for Setreuid and friends, we can upgrade. $ go get golang.org/x/sys go: upgraded golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a => v0.30.0 $ go mod tidy go.mod: downgrade golang.org/x/sys 2025-01-23T21:17:51+00:00 Jakob Unterwurzacher 2025-01-23T21:07:34+00:00 urn:sha1:6d342f3f4f1e9468da00b141b2abaf1e55f28665 The commit https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51 unix: support all Setuid/Setgid and related syscalls on Linux" changed the behavoir of Setreuid() and Setregid() to affect the whole process instead of just the current thread. This broke syscallcompat.asUser() which uses runtime.LockOSThread() plus Setreuid(). Partially revert 08b6ed16919b27a12a3228b17689d5d6d69eb10e bringing us back to a golang.org/x/sys version with the old behavoir. Fixes https://github.com/rfjakob/gocryptfs/issues/893 go.mod: update golang.org/x/crypto 2025-01-18T13:19:36+00:00 Jakob Unterwurzacher 2025-01-18T13:19:36+00:00 urn:sha1:638658fa7fdbaf2e6662945a6d3b598e9ec0a26c Closes https://github.com/rfjakob/gocryptfs/pull/883 Closes https://github.com/rfjakob/gocryptfs/security/dependabot/10 fix: panic: XTIMES (80000000) overlaps with INIT_RESERVED (80000000) 2024-03-12T14:37:05+00:00 Juan Ezquerro LLanes 2024-03-07T22:13:21+00:00 urn:sha1:0dfa7f8fadfa200c62f8ed9d3d08f745aa182f5b go.mod: update all deps 2024-01-23T20:36:24+00:00 Jakob Unterwurzacher 2024-01-23T20:36:24+00:00 urn:sha1:9958b63931aee613d5f97a8e7137efa3fb118343 Update xattr 2023-10-29T12:10:06+00:00 Christian Stewart 2023-10-16T19:14:25+00:00 urn:sha1:5da40e7adf3bd0e9097b6e5b3c793ccc65d251cc Signed-off-by: Christian Stewart <christian@aperture.us> Update go-fuse 2023-10-29T12:10:06+00:00 Christian Stewart 2023-10-16T19:13:52+00:00 urn:sha1:aa49343d3a569f17483e2afae53c5936bad253e0 Signed-off-by: Christian Stewart <christian@aperture.us> Update /x/crypto, /x/sys/, /x/term, jacobsa-crypto 2023-10-29T12:10:06+00:00 Christian Stewart 2023-09-06T20:58:06+00:00 urn:sha1:08b6ed16919b27a12a3228b17689d5d6d69eb10e Updated jacobsa-crypto which also pulls in the latest versions of the golang.org/x/ packages. Signed-off-by: Christian Stewart <christian@aperture.us> .github: drop unsupported Go versions 2023-10-29T12:10:06+00:00 Christian Stewart 2023-09-06T21:02:17+00:00 urn:sha1:770707e9acd059a36b9825b6bc15e5df7423c98b According to https://go.dev/doc/devel/release#policy each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release. Older releases are not receiving security updates. Upcoming dependency updates to golang exp packages use newer features like unsafe.Slice and therefore do not build correctly against Go < 1.19.x. Drop the older versions and add the newer versions to the ci. Signed-off-by: Christian Stewart <christian@aperture.us>