upgrade from go1.12.5 to go1.12.10 #40939
Assignees
Labels
Comments
|
as per discussion, we'll do this in time for the 19.2 release and consider whether we need to backport to 19.1 |
bobvawter
added a commit
that referenced
this issue
Oct 14, 2019
This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Fixes: #40939 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers.
craig bot
pushed a commit
that referenced
this issue
Oct 16, 2019
41509: client/kv: keep transaction UserPriority in sync across client.Txn and TxnCoordSender r=nvanbenschoten a=nvanbenschoten Informs #32508. Before this change, a transaction's UserPriority could diverge between the transaction's client.Txn and its TxnCoordSender. This resulted in the need for ugly code (https://github.com/cockroachdb/cockroach/blob/57b02ddc74004e39a411084e05a20dccd93c3a22/pkg/kv/txn_coord_sender.go#L786), had bugs where a transaction could be restarted with the wrong user priority, and resulted in redundant calls to `roachpb.MakePriority`. This last issue had a runtime cost. We saw the redundant calls to `roachpb.MakePriority` show up in profiles. For instance, it was responsible for **0.32%** of a CPU profile when running Sysbench's `oltp_point_select` workload, mainly due to how slow `rand.ExpFloat64` is on the global rand object. This commit fixes this by keeping the priority in-sync between the `client.Txn` and the `kv.TxnCoordSender`. A side-effect of this is that we no longer perform redundant calls to `roachpb.MakePriority`. Release note: None 41576: build: Upgrade to go 1.12.10 r=petermattis a=bobvawter build: Upgrade to go 1.12.10 This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #40939 X-Ref: #23481 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers. 41632: builtins: allow full consistency check w/o nuking cluster r=andreimatei a=tbg Previously, triggering a full consistency check would have potential to harm the cluster due to triggering checks with full DistSender parallelism. Limit to one check at a time for a (much slower, but) less harmful check (that we can potentially emit in roachtests). Release note: None 41636: roachtest: set acceptance/version-upgrade timeout to 30m r=andreimatei a=tbg When adding aggressive consistency checks, I noticed that acceptance/version-upgrade got pushed over the limit. Release note: None Co-authored-by: Nathan VanBenschoten <nvanbenschoten@gmail.com> Co-authored-by: Bob Vawter <bob@cockroachlabs.com> Co-authored-by: Tobias Schottdorf <tobias.schottdorf@gmail.com>
craig bot
pushed a commit
that referenced
this issue
Oct 16, 2019
41647: release-19.2: build: Upgrade to go 1.12.10 r=petermattis a=bobvawter Backport 1/1 commits from #41576. /cc @cockroachdb/release --- build: Upgrade to go 1.12.10 This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #40939 X-Ref: #23481 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers. Co-authored-by: Bob Vawter <bob@cockroachlabs.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
releasing go1.12.10 week of 2019-09-23.
we should also document the version upgrade process as part of this task. see related issue #23481
see go security issue: golang/go#34540
The text was updated successfully, but these errors were encountered: