GNU bug report logs -
#54568
Update to Go 1.17.8, Go 1.16.15
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 54568 in the body.
You can then email your comments to 54568 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#54568; Package
guix-patches.
(Fri, 25 Mar 2022 19:22:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Pier-Hugues Pellerin <ph <at> heykimo.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 25 Mar 2022 19:22:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
security issue with the regexp/syntax package. I've looked at the current
patch and I haven't found one for Go.
This is my first contribution to guix and this process is new to me.
I've made the changes in a single patch, because it covers the same CVE, if
you prefer I can split them.
Also, I've looked to add support for go 1.18 based on the 1.17 package
definition, at work I've had a few hiccups when upgrading to this new
version. What would be the way to test that packages depending on go (or
go-build-system) would still build with it ?
Thanks
--
ph,
http://heykimo.com
[Message part 2 (text/html, inline)]
[0001-Update-to-Go-1.17.8-Go-1.16.15.patch (text/x-patch, attachment)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Mon, 28 Mar 2022 03:15:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Pier-Hugues Pellerin <ph <at> heykimo.com>:
bug acknowledged by developer.
(Mon, 28 Mar 2022 03:15:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 54568-done <at> debbugs.gnu.org (full text, mbox):
On Fri, Mar 25, 2022 at 03:19:07PM -0400, Pier-Hugues Pellerin wrote:
> This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
> security issue with the regexp/syntax package. I've looked at the current
> patch and I haven't found one for Go.
>
> This is my first contribution to guix and this process is new to me.
>
> I've made the changes in a single patch, because it covers the same CVE, if
> you prefer I can split them.
Thanks! I went ahead and split them on your behalf, pushing as commit
fff27ded10fec7efaec11a231324681fb8dd0857:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=fff27ded10fec7efaec11a231324681fb8dd0857
> Also, I've looked to add support for go 1.18 based on the 1.17 package
> definition, at work I've had a few hiccups when upgrading to this new
> version. What would be the way to test that packages depending on go (or
> go-build-system) would still build with it ?
I think that one can use the fold-packages procedure to iterate over
packages and select those that use go-build-system. I don't have an
example off-hand. You can get some help with that on the #guix IRC
channel or the <guix-devel <at> gnu.org> mailing list.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 25 Apr 2022 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 52 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.