From: Pier-Hugues Pellerin <ph@heykimo.com>
To: 54568@debbugs.gnu.org
Subject: [bug#54568] Update to Go 1.17.8, Go 1.16.15
Date: Fri, 25 Mar 2022 15:19:07 -0400 [thread overview]
Message-ID: <CA+RyfLkzT25r7eV1wkorxmJupeAobaTGCpFfEmGggUoYYzp0uQ@mail.gmail.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 663 bytes --]
Hello,
This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
security issue with the regexp/syntax package. I've looked at the current
patch and I haven't found one for Go.
This is my first contribution to guix and this process is new to me.
I've made the changes in a single patch, because it covers the same CVE, if
you prefer I can split them.
Also, I've looked to add support for go 1.18 based on the 1.17 package
definition, at work I've had a few hiccups when upgrading to this new
version. What would be the way to test that packages depending on go (or
go-build-system) would still build with it ?
Thanks
--
ph,
http://heykimo.com
[-- Attachment #1.2: Type: text/html, Size: 1024 bytes --]
[-- Attachment #2: 0001-Update-to-Go-1.17.8-Go-1.16.15.patch --]
[-- Type: text/x-patch, Size: 2754 bytes --]
From 0ce9c28d27d1b4d79116f39669ff7c0ac064c8cc Mon Sep 17 00:00:00 2001
From: Pier-Hugues Pellerin <phpellerin@gmail.com>
Date: Fri, 25 Mar 2022 14:02:19 -0400
Subject: [PATCH] Update to Go 1.17.8, Go 1.16.15
Release notes:
go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package[0], as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509 and net packages. See the Go 1.17.8 milestone[1] on our issue tracker for details.
go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package[0], as well as bug fixes to the compiler, runtime, the go command, and the net package. See the Go 1.16.15 milestone[2] on our issue tracker for details.
[0] CVE-2022-24921 and https://go.dev/issue/51112.
[1] https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved
[2] https://github.com/golang/go/issues?q=milestone%3AGo1.16.15+label%3ACherryPickApproved
---
gnu/packages/golang.scm | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index a8b845e301..f3cc1bd6b8 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -33,6 +33,7 @@
;;; Copyright © 2021 Chadwain Holness <chadwainholness@gmail.com>
;;; Copyright © 2021 Philip McGrath <philip@philipmcgrath.com>
;;; Copyright © 2021 Lu Hui <luhux76@gmail.com>
+;;; Copyright © 2022 Pier-Hugues Pellerin <phpellerin@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -466,7 +467,7 @@ (define-public go-1.16
(package
(inherit go-1.14)
(name "go")
- (version "1.16.14")
+ (version "1.16.15")
(source
(origin
(method git-fetch)
@@ -476,7 +477,7 @@ (define-public go-1.16
(file-name (git-file-name name version))
(sha256
(base32
- "16pn7avzmlw28sldx6yv38a1afdwj7jz3x7kjvlagysqrsh5lwwl"))))
+ "0vlk0r4600ah9fg5apdd93g7i369k0rkzcgn7cs8h6qq2k6hpxjl"))))
(arguments
(substitute-keyword-arguments
(strip-keyword-arguments '(#:tests?) (package-arguments go-1.14))
@@ -625,7 +626,7 @@ (define-public go-1.17
(package
(inherit go-1.16)
(name "go")
- (version "1.17.7")
+ (version "1.17.8")
(source
(origin
(method git-fetch)
@@ -635,7 +636,7 @@ (define-public go-1.17
(file-name (git-file-name name version))
(sha256
(base32
- "0d0xybn7sy4za3f0s2ffb6yfv6pjabnk4jyvz7dn3hjqhd5lks7m"))))
+ "05qfs17wddxmmi349g9ci12w9fjb5vbss6qpjc4qzgqzznqf0ycy"))))
(outputs '("out" "tests")) ; 'tests' contains distribution tests.
(arguments
`(#:modules ((ice-9 match)
base-commit: cabda1197e7925f58a8532534afc1bde6c5eb377
--
2.34.0
next reply other threads:[~2022-03-25 21:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-25 19:19 Pier-Hugues Pellerin [this message]
2022-03-28 3:14 ` bug#54568: Update to Go 1.17.8, Go 1.16.15 Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+RyfLkzT25r7eV1wkorxmJupeAobaTGCpFfEmGggUoYYzp0uQ@mail.gmail.com \
--to=ph@heykimo.com \
--cc=54568@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.