Thank for the new release... I may be looking in the wrong place, but the darwin binaries for 1.18.1 appear to be missing.
https://go.dev/doc/install when installing on a mac shows an installer button labeled "Download Go for Mac" which links to https://go.dev/dl/undefined which gives a 404 error. % go install golang.org/dl/go1.18.1@latest % go1.18.1 download fails with go1.18.1: download failed: no binary release of go1.18.1 for darwin/amd64 at https://dl.google.com/go/go1.18.1.darwin-amd64.tar.gz Downloading from source, and running all.bash works fine. Thanks, Amnon On Wednesday, 13 April 2022 at 02:01:53 UTC+1 dmit...@golang.org wrote: > Hello gophers, > > We have just released Go versions 1.18.1 and 1.17.9, minor point releases. > > These minor releases include three security fixes following the security > policy: > > - encoding/pem: fix stack overflow in Decode > > A large (more than 5 MB) PEM input can cause a stack overflow in > Decode, leading the program to crash. > > Thanks to Juho Nurminen of Mattermost who reported the error. > > This is CVE-2022-24675 and https://go.dev/issue/51853. > > > - crypto/elliptic: tolerate all oversized scalars in generic P-256 > > A crafted scalar input longer than 32 bytes can cause > P256().ScalarMult or P256().ScalarBaseMult to panic. Indirect uses through > crypto/ecdsa and crypto/tls are unaffected. amd64, arm64, ppc64le, and > s390x are unaffected. > > This was discovered thanks to a Project Wycheproof test vector. > > This is CVE-2022-28327 and https://go.dev/issue/52075. > > > - crypto/x509: non-compliant certificates can cause a panic in Verify > on macOS in Go 1.18 > > Verifying certificate chains containing certificates which are not > compliant with RFC 5280 causes Certificate.Verify to panic on macOS. > > These chains can be delivered through TLS and can cause a crypto/tls > or net/http client to crash. > > Thanks to Tailscale for doing weird things and finding this. > > This is CVE-2022-27536 and https://go.dev/issue/51759. > > > View the release notes for more information: > https://go.dev/doc/devel/release#go1.18.minor > > You can download binary and source distributions from the Go web site: > https://go.dev/dl/ > > macOS binary artifacts for Go 1.18.1 are not available at this time due to > an issue <https://go.dev/issue/52317>. > We are working on providing them as soon as possible. Sorry for the > inconvenience. > > To compile from source using a Git clone, update to the release with > "git checkout go1.18.1" and build as usual. > > Thanks to everyone who contributed to the releases. > > Cheers, > Dmitri and Cherry for the Go team > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/0fe07807-da65-4e3e-86ce-b5df14417d59n%40googlegroups.com.
