From unknown Tue Jun 17 01:43:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54568] Update to Go 1.17.8, Go 1.16.15 Resent-From: Pier-Hugues Pellerin Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 25 Mar 2022 19:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54568 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 54568@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16482360722714 (code B ref -1); Fri, 25 Mar 2022 19:22:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 Mar 2022 19:21:12 +0000 Received: from localhost ([127.0.0.1]:52466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nXpUm-0000hh-62 for submit@debbugs.gnu.org; Fri, 25 Mar 2022 15:21:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:44216) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nXpSz-0000dY-OQ for submit@debbugs.gnu.org; Fri, 25 Mar 2022 15:19:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33090) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nXpSz-0006pl-K6 for guix-patches@gnu.org; Fri, 25 Mar 2022 15:19:21 -0400 Received: from [2607:f8b0:4864:20::b33] (port=36502 helo=mail-yb1-xb33.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nXpSx-0002au-Of for guix-patches@gnu.org; Fri, 25 Mar 2022 15:19:21 -0400 Received: by mail-yb1-xb33.google.com with SMTP id f38so15731164ybi.3 for ; Fri, 25 Mar 2022 12:19:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heykimo-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=VNzy13Ox8EueIR1iS+NU9cZRypVccMKO71DCYVVc4m0=; b=hFn2oiJL8beWLPLTdKJxhwd5BPGwcstzsvBorqEkCGJsGDbdEDggRkGD3YaDW/5ASy QaYhq9Bee6n7aGjVybNWYgSeDAsJ3Ekp2j0vnqsLnR2alfqhUh/D51rPXQhYgjipgeQ9 eAN1tidCFg+cPSPSDtG5SLiHYNfRqlDwOrBhLJ+F13XPHOqtOtGv1vyBZ/1CKTB5Vrq1 6sW1cXV3toZVoo129V/ASP1ujF2UH3EBWVK6wrOAkD4laCmJgc6I+ACVPeCyiqcp8GZu R/L8hZP4t3i3OhDGSDrmLJx/JgWcsdTZTarkqcuHeQP34aSfd5UN6FBMzQZ/xCsWV12B KOcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VNzy13Ox8EueIR1iS+NU9cZRypVccMKO71DCYVVc4m0=; b=N0DEtNHUWUCvwrdKFPzYYEQ5T0xLXE0C5MSl0C7udQ/yLiV8AVYGwsGVqFRz54peEw OErrttEvjj4Cx6rg51c5Vx6FDAFsqPlUSgOSsMdwiBle904n+p5t1T4/HqBWsgcQhGYA 9x+whP2nQug4e/rM3paWHlIrk7XAzB9Xzbo5ZLSCAtjV0ogD5I6zW7jMq8ojL8hMelLF FhGFNUQfNRLObLYeCLjw+y1VwQ4uD9nANdR50dJMm6JFX1KwYk2WIcnJGyhCTDWsl9k3 DJO89SxTuhsbjZoSxr0Xu0vbeOS3A+VV3BL6jx9s41jpPT6NIFKfv8P01EfvhyCanOAs 98lA== X-Gm-Message-State: AOAM530NrvPoHi/tpbQn5iT4Br1VluRpE1a+jRPPYGo4pXqmBsdd9KLT +oLkpFtZUtADQbMQNtwJLofdSdjgrc6AQ6yk3p737kJPZyoTFw== X-Google-Smtp-Source: ABdhPJwMK/C9s7wyA46RVWi+Pcn8AwecJO85YWcWrJg+ZXSD/facwtJZ7gBEq5KrPxdOB77Gc4zQQ7MpAukC0KAtM6A= X-Received: by 2002:a05:6902:203:b0:628:7b6f:2845 with SMTP id j3-20020a056902020300b006287b6f2845mr11667895ybs.533.1648235957968; Fri, 25 Mar 2022 12:19:17 -0700 (PDT) MIME-Version: 1.0 From: Pier-Hugues Pellerin Date: Fri, 25 Mar 2022 15:19:07 -0400 Message-ID: Content-Type: multipart/mixed; boundary="000000000000c831bf05db0fd61a" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::b33 (failed) Received-SPF: none client-ip=2607:f8b0:4864:20::b33; envelope-from=ph@heykimo.com; helo=mail-yb1-xb33.google.com X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Mailman-Approved-At: Fri, 25 Mar 2022 15:21:11 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --000000000000c831bf05db0fd61a Content-Type: multipart/alternative; boundary="000000000000c831bd05db0fd618" --000000000000c831bd05db0fd618 Content-Type: text/plain; charset="UTF-8" Hello, This patch updates Go 1.16 and 1.17 to their latest patch and fixes a security issue with the regexp/syntax package. I've looked at the current patch and I haven't found one for Go. This is my first contribution to guix and this process is new to me. I've made the changes in a single patch, because it covers the same CVE, if you prefer I can split them. Also, I've looked to add support for go 1.18 based on the 1.17 package definition, at work I've had a few hiccups when upgrading to this new version. What would be the way to test that packages depending on go (or go-build-system) would still build with it ? Thanks -- ph, http://heykimo.com --000000000000c831bd05db0fd618 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

This patch updates Go= 1.16 and 1.17 to their latest patch and fixes a security issue with the re= gexp/syntax package. I've looked at the current patch and I haven't= found one for Go.

This is my first contribution t= o guix and this process is new to me.

I've mad= e the changes in a single patch, because it covers the same CVE, if you pre= fer I can split them.

Also, I've looked to= add support for go 1.18 based on the 1.17 package definition,=C2=A0 at wor= k I've had a few hiccups when upgrading to this new version. What would= be the way to test that packages depending on go (or go-build-system) woul= d still build with it ?

Thanks
--000000000000c831bd05db0fd618-- --000000000000c831bf05db0fd61a Content-Type: text/x-patch; charset="UTF-8"; name="0001-Update-to-Go-1.17.8-Go-1.16.15.patch" Content-Disposition: attachment; filename="0001-Update-to-Go-1.17.8-Go-1.16.15.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l16sy09n0 RnJvbSAwY2U5YzI4ZDI3ZDFiNGQ3OTExNmYzOTY2OWZmN2MwYWMwNjRjOGNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQaWVyLUh1Z3VlcyBQZWxsZXJpbiA8cGhwZWxsZXJpbkBnbWFp bC5jb20+CkRhdGU6IEZyaSwgMjUgTWFyIDIwMjIgMTQ6MDI6MTkgLTA0MDAKU3ViamVjdDogW1BB VENIXSBVcGRhdGUgdG8gR28gMS4xNy44LCBHbyAxLjE2LjE1CgpSZWxlYXNlIG5vdGVzOgoKZ28x LjE3LjggKHJlbGVhc2VkIDIwMjItMDMtMDMpIGluY2x1ZGVzIGEgc2VjdXJpdHkgZml4IHRvIHRo ZSByZWdleHAvc3ludGF4IHBhY2thZ2VbMF0sIGFzIHdlbGwgYXMgYnVnIGZpeGVzIHRvIHRoZSBj b21waWxlciwgcnVudGltZSwgdGhlIGdvIGNvbW1hbmQsIGFuZCB0aGUgY3J5cHRvL3g1MDkgYW5k IG5ldCBwYWNrYWdlcy4gU2VlIHRoZSBHbyAxLjE3LjggbWlsZXN0b25lWzFdIG9uIG91ciBpc3N1 ZSB0cmFja2VyIGZvciBkZXRhaWxzLgpnbzEuMTYuMTUgKHJlbGVhc2VkIDIwMjItMDMtMDMpIGlu Y2x1ZGVzIGEgc2VjdXJpdHkgZml4IHRvIHRoZSByZWdleHAvc3ludGF4IHBhY2thZ2VbMF0sIGFz IHdlbGwgYXMgYnVnIGZpeGVzIHRvIHRoZSBjb21waWxlciwgcnVudGltZSwgdGhlIGdvIGNvbW1h bmQsIGFuZCB0aGUgbmV0IHBhY2thZ2UuIFNlZSB0aGUgR28gMS4xNi4xNSBtaWxlc3RvbmVbMl0g b24gb3VyIGlzc3VlIHRyYWNrZXIgZm9yIGRldGFpbHMuCgpbMF0gQ1ZFLTIwMjItMjQ5MjEgYW5k IGh0dHBzOi8vZ28uZGV2L2lzc3VlLzUxMTEyLgpbMV0gaHR0cHM6Ly9naXRodWIuY29tL2dvbGFu Zy9nby9pc3N1ZXM/cT1taWxlc3RvbmUlM0FHbzEuMTcuOCtsYWJlbCUzQUNoZXJyeVBpY2tBcHBy b3ZlZApbMl0gaHR0cHM6Ly9naXRodWIuY29tL2dvbGFuZy9nby9pc3N1ZXM/cT1taWxlc3RvbmUl M0FHbzEuMTYuMTUrbGFiZWwlM0FDaGVycnlQaWNrQXBwcm92ZWQKLS0tCiBnbnUvcGFja2FnZXMv Z29sYW5nLnNjbSB8IDkgKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNSBpbnNlcnRpb25zKCsp LCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9nb2xhbmcuc2NtIGIv Z251L3BhY2thZ2VzL2dvbGFuZy5zY20KaW5kZXggYThiODQ1ZTMwMS4uZjNjYzFiZDZiOCAxMDA2 NDQKLS0tIGEvZ251L3BhY2thZ2VzL2dvbGFuZy5zY20KKysrIGIvZ251L3BhY2thZ2VzL2dvbGFu Zy5zY20KQEAgLTMzLDYgKzMzLDcgQEAKIDs7OyBDb3B5cmlnaHQgwqkgMjAyMSBDaGFkd2FpbiBI b2xuZXNzIDxjaGFkd2FpbmhvbG5lc3NAZ21haWwuY29tPgogOzs7IENvcHlyaWdodCDCqSAyMDIx IFBoaWxpcCBNY0dyYXRoIDxwaGlsaXBAcGhpbGlwbWNncmF0aC5jb20+CiA7OzsgQ29weXJpZ2h0 IMKpIDIwMjEgTHUgSHVpIDxsdWh1eDc2QGdtYWlsLmNvbT4KKzs7OyBDb3B5cmlnaHQgwqkgMjAy MiBQaWVyLUh1Z3VlcyBQZWxsZXJpbiA8cGhwZWxsZXJpbkBnbWFpbC5jb20+CiA7OzsKIDs7OyBU aGlzIGZpbGUgaXMgcGFydCBvZiBHTlUgR3VpeC4KIDs7OwpAQCAtNDY2LDcgKzQ2Nyw3IEBAIChk ZWZpbmUtcHVibGljIGdvLTEuMTYKICAgKHBhY2thZ2UKICAgICAoaW5oZXJpdCBnby0xLjE0KQog ICAgIChuYW1lICJnbyIpCi0gICAgKHZlcnNpb24gIjEuMTYuMTQiKQorICAgICh2ZXJzaW9uICIx LjE2LjE1IikKICAgICAoc291cmNlCiAgICAgIChvcmlnaW4KICAgICAgICAobWV0aG9kIGdpdC1m ZXRjaCkKQEAgLTQ3Niw3ICs0NzcsNyBAQCAoZGVmaW5lLXB1YmxpYyBnby0xLjE2CiAgICAgICAg KGZpbGUtbmFtZSAoZ2l0LWZpbGUtbmFtZSBuYW1lIHZlcnNpb24pKQogICAgICAgIChzaGEyNTYK ICAgICAgICAgKGJhc2UzMgotICAgICAgICAgIjE2cG43YXZ6bWx3MjhzbGR4Nnl2MzhhMWFmZHdq N2p6M3g3a2p2bGFneXNxcnNoNWx3d2wiKSkpKQorICAgICAgICAgIjB2bGswcjQ2MDBhaDlmZzVh cGRkOTNnN2kzNjlrMHJremNnbjdjczhoNnFxMms2aHB4amwiKSkpKQogICAgIChhcmd1bWVudHMK ICAgICAgKHN1YnN0aXR1dGUta2V5d29yZC1hcmd1bWVudHMKICAgICAgICAgIChzdHJpcC1rZXl3 b3JkLWFyZ3VtZW50cyAnKCM6dGVzdHM/KSAocGFja2FnZS1hcmd1bWVudHMgZ28tMS4xNCkpCkBA IC02MjUsNyArNjI2LDcgQEAgKGRlZmluZS1wdWJsaWMgZ28tMS4xNwogICAocGFja2FnZQogICAg IChpbmhlcml0IGdvLTEuMTYpCiAgICAgKG5hbWUgImdvIikKLSAgICAodmVyc2lvbiAiMS4xNy43 IikKKyAgICAodmVyc2lvbiAiMS4xNy44IikKICAgICAoc291cmNlCiAgICAgIChvcmlnaW4KICAg ICAgICAobWV0aG9kIGdpdC1mZXRjaCkKQEAgLTYzNSw3ICs2MzYsNyBAQCAoZGVmaW5lLXB1Ymxp YyBnby0xLjE3CiAgICAgICAgKGZpbGUtbmFtZSAoZ2l0LWZpbGUtbmFtZSBuYW1lIHZlcnNpb24p KQogICAgICAgIChzaGEyNTYKICAgICAgICAgKGJhc2UzMgotICAgICAgICAgIjBkMHh5Ym43c3k0 emEzZjBzMmZmYjZ5ZnY2cGphYm5rNGp5dno3ZG4zaGpxaGQ1bGtzN20iKSkpKQorICAgICAgICAg IjA1cWZzMTd3ZGR4bW1pMzQ5ZzljaTEydzlmamI1dmJzczZxcGpjNHF6Z3F6em5xZjB5Y3kiKSkp KQogICAgIChvdXRwdXRzICcoIm91dCIgInRlc3RzIikpIDsgJ3Rlc3RzJyBjb250YWlucyBkaXN0 cmlidXRpb24gdGVzdHMuCiAgICAgKGFyZ3VtZW50cwogICAgICBgKCM6bW9kdWxlcyAoKGljZS05 IG1hdGNoKQoKYmFzZS1jb21taXQ6IGNhYmRhMTE5N2U3OTI1ZjU4YTg1MzI1MzRhZmMxYmRlNmM1 ZWIzNzcKLS0gCjIuMzQuMAoK --000000000000c831bf05db0fd61a-- From unknown Tue Jun 17 01:43:39 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Pier-Hugues Pellerin Subject: bug#54568: closed (Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15) Message-ID: References: X-Gnu-PR-Message: they-closed 54568 X-Gnu-PR-Package: guix-patches Reply-To: 54568@debbugs.gnu.org Date: Mon, 28 Mar 2022 03:15:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1648437302-24774-1" This is a multi-part message in MIME format... ------------=_1648437302-24774-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #54568: Update to Go 1.17.8, Go 1.16.15 which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 54568@debbugs.gnu.org. --=20 54568: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D54568 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1648437302-24774-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 54568-done) by debbugs.gnu.org; 28 Mar 2022 03:14:51 +0000 Received: from localhost ([127.0.0.1]:56920 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nYfqF-0006R7-CO for submit@debbugs.gnu.org; Sun, 27 Mar 2022 23:14:51 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:44825) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nYfqC-0006Qr-5x for 54568-done@debbugs.gnu.org; Sun, 27 Mar 2022 23:14:49 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id BE6E75C0071; Sun, 27 Mar 2022 23:14:42 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Sun, 27 Mar 2022 23:14:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=mesmtp; bh=HdjEsNJQLGy0d5Cx3ufgmJ0OGgM 3o2TK6JmViZkVvvo=; b=SS9kn9xdkEYsQKkyrsFkv7nw2Erfzrh6dV6BMI1xj2M MQDe8m1/Q0XOpP26GglD9NqScQEqckySrg2Jg1QYY5kt7lzQwyqkuMOckQjSp4ok xOSNRAAu9mVpBZ1fLcNSBE64DdKwh237Ulq7CDkaJ3PIf1s4olW8W9ZRj0HljOfE = DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=HdjEsNJQLGy0d5Cx3 ufgmJ0OGgM3o2TK6JmViZkVvvo=; b=FDUeRjkt0KZje4mzPH9+gwIHBDk2JjNeT 8x7IqO6ITv0fvI8biFUBG7UOcD3J8HXc8aW45UxuA5LZ8fFuvWQeOyooJ4b2hNd5 sWav4VZMSxAp/yjXV0jWxwBoJnjCrCbKAgXOou7RdyPwmQGN7VrGAiI0qBTdqEn+ TRfzFM14/LtmrPpL29yeLS4MDRLMMgw5D+J3sSuODCFqf4B8SY8zjBpL6AFkNmzm DKOsJ2j5oe3uoiUbGfrZtI3IudFvNdOt42D98QnV9LPR2ds95H06u58YwyuZqmFf mDsXOoftajEsjbJD6e81Cvj2MZTrBQP2AacUxSRppklR5hKXUZVQg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudehiedgieelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpedvvddugefffeeitddthfefvdeuhffgkeeikeegkeevteeghfeftefggeeuudff ieenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 27 Mar 2022 23:14:42 -0400 (EDT) Date: Sun, 27 Mar 2022 23:14:40 -0400 From: Leo Famulari To: Pier-Hugues Pellerin Subject: Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 54568-done Cc: 54568-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Fri, Mar 25, 2022 at 03:19:07PM -0400, Pier-Hugues Pellerin wrote: > This patch updates Go 1.16 and 1.17 to their latest patch and fixes a > security issue with the regexp/syntax package. I've looked at the current > patch and I haven't found one for Go. > > This is my first contribution to guix and this process is new to me. > > I've made the changes in a single patch, because it covers the same CVE, if > you prefer I can split them. Thanks! I went ahead and split them on your behalf, pushing as commit fff27ded10fec7efaec11a231324681fb8dd0857: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=fff27ded10fec7efaec11a231324681fb8dd0857 > Also, I've looked to add support for go 1.18 based on the 1.17 package > definition, at work I've had a few hiccups when upgrading to this new > version. What would be the way to test that packages depending on go (or > go-build-system) would still build with it ? I think that one can use the fold-packages procedure to iterate over packages and select those that use go-build-system. I don't have an example off-hand. You can get some help with that on the #guix IRC channel or the mailing list. ------------=_1648437302-24774-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 25 Mar 2022 19:21:12 +0000 Received: from localhost ([127.0.0.1]:52466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nXpUm-0000hh-62 for submit@debbugs.gnu.org; Fri, 25 Mar 2022 15:21:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:44216) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nXpSz-0000dY-OQ for submit@debbugs.gnu.org; Fri, 25 Mar 2022 15:19:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33090) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nXpSz-0006pl-K6 for guix-patches@gnu.org; Fri, 25 Mar 2022 15:19:21 -0400 Received: from [2607:f8b0:4864:20::b33] (port=36502 helo=mail-yb1-xb33.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nXpSx-0002au-Of for guix-patches@gnu.org; Fri, 25 Mar 2022 15:19:21 -0400 Received: by mail-yb1-xb33.google.com with SMTP id f38so15731164ybi.3 for ; Fri, 25 Mar 2022 12:19:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heykimo-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=VNzy13Ox8EueIR1iS+NU9cZRypVccMKO71DCYVVc4m0=; b=hFn2oiJL8beWLPLTdKJxhwd5BPGwcstzsvBorqEkCGJsGDbdEDggRkGD3YaDW/5ASy QaYhq9Bee6n7aGjVybNWYgSeDAsJ3Ekp2j0vnqsLnR2alfqhUh/D51rPXQhYgjipgeQ9 eAN1tidCFg+cPSPSDtG5SLiHYNfRqlDwOrBhLJ+F13XPHOqtOtGv1vyBZ/1CKTB5Vrq1 6sW1cXV3toZVoo129V/ASP1ujF2UH3EBWVK6wrOAkD4laCmJgc6I+ACVPeCyiqcp8GZu R/L8hZP4t3i3OhDGSDrmLJx/JgWcsdTZTarkqcuHeQP34aSfd5UN6FBMzQZ/xCsWV12B KOcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VNzy13Ox8EueIR1iS+NU9cZRypVccMKO71DCYVVc4m0=; b=N0DEtNHUWUCvwrdKFPzYYEQ5T0xLXE0C5MSl0C7udQ/yLiV8AVYGwsGVqFRz54peEw OErrttEvjj4Cx6rg51c5Vx6FDAFsqPlUSgOSsMdwiBle904n+p5t1T4/HqBWsgcQhGYA 9x+whP2nQug4e/rM3paWHlIrk7XAzB9Xzbo5ZLSCAtjV0ogD5I6zW7jMq8ojL8hMelLF FhGFNUQfNRLObLYeCLjw+y1VwQ4uD9nANdR50dJMm6JFX1KwYk2WIcnJGyhCTDWsl9k3 DJO89SxTuhsbjZoSxr0Xu0vbeOS3A+VV3BL6jx9s41jpPT6NIFKfv8P01EfvhyCanOAs 98lA== X-Gm-Message-State: AOAM530NrvPoHi/tpbQn5iT4Br1VluRpE1a+jRPPYGo4pXqmBsdd9KLT +oLkpFtZUtADQbMQNtwJLofdSdjgrc6AQ6yk3p737kJPZyoTFw== X-Google-Smtp-Source: ABdhPJwMK/C9s7wyA46RVWi+Pcn8AwecJO85YWcWrJg+ZXSD/facwtJZ7gBEq5KrPxdOB77Gc4zQQ7MpAukC0KAtM6A= X-Received: by 2002:a05:6902:203:b0:628:7b6f:2845 with SMTP id j3-20020a056902020300b006287b6f2845mr11667895ybs.533.1648235957968; Fri, 25 Mar 2022 12:19:17 -0700 (PDT) MIME-Version: 1.0 From: Pier-Hugues Pellerin Date: Fri, 25 Mar 2022 15:19:07 -0400 Message-ID: Subject: Update to Go 1.17.8, Go 1.16.15 To: guix-patches@gnu.org Content-Type: multipart/mixed; boundary="000000000000c831bf05db0fd61a" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::b33 (failed) Received-SPF: none client-ip=2607:f8b0:4864:20::b33; envelope-from=ph@heykimo.com; helo=mail-yb1-xb33.google.com X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 25 Mar 2022 15:21:11 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --000000000000c831bf05db0fd61a Content-Type: multipart/alternative; boundary="000000000000c831bd05db0fd618" --000000000000c831bd05db0fd618 Content-Type: text/plain; charset="UTF-8" Hello, This patch updates Go 1.16 and 1.17 to their latest patch and fixes a security issue with the regexp/syntax package. I've looked at the current patch and I haven't found one for Go. This is my first contribution to guix and this process is new to me. I've made the changes in a single patch, because it covers the same CVE, if you prefer I can split them. Also, I've looked to add support for go 1.18 based on the 1.17 package definition, at work I've had a few hiccups when upgrading to this new version. What would be the way to test that packages depending on go (or go-build-system) would still build with it ? Thanks -- ph, http://heykimo.com --000000000000c831bd05db0fd618 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

This patch updates Go= 1.16 and 1.17 to their latest patch and fixes a security issue with the re= gexp/syntax package. I've looked at the current patch and I haven't= found one for Go.

This is my first contribution t= o guix and this process is new to me.

I've mad= e the changes in a single patch, because it covers the same CVE, if you pre= fer I can split them.

Also, I've looked to= add support for go 1.18 based on the 1.17 package definition,=C2=A0 at wor= k I've had a few hiccups when upgrading to this new version. What would= be the way to test that packages depending on go (or go-build-system) woul= d still build with it ?

Thanks
--000000000000c831bd05db0fd618-- --000000000000c831bf05db0fd61a Content-Type: text/x-patch; charset="UTF-8"; name="0001-Update-to-Go-1.17.8-Go-1.16.15.patch" Content-Disposition: attachment; filename="0001-Update-to-Go-1.17.8-Go-1.16.15.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l16sy09n0 RnJvbSAwY2U5YzI4ZDI3ZDFiNGQ3OTExNmYzOTY2OWZmN2MwYWMwNjRjOGNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQaWVyLUh1Z3VlcyBQZWxsZXJpbiA8cGhwZWxsZXJpbkBnbWFp bC5jb20+CkRhdGU6IEZyaSwgMjUgTWFyIDIwMjIgMTQ6MDI6MTkgLTA0MDAKU3ViamVjdDogW1BB VENIXSBVcGRhdGUgdG8gR28gMS4xNy44LCBHbyAxLjE2LjE1CgpSZWxlYXNlIG5vdGVzOgoKZ28x LjE3LjggKHJlbGVhc2VkIDIwMjItMDMtMDMpIGluY2x1ZGVzIGEgc2VjdXJpdHkgZml4IHRvIHRo ZSByZWdleHAvc3ludGF4IHBhY2thZ2VbMF0sIGFzIHdlbGwgYXMgYnVnIGZpeGVzIHRvIHRoZSBj b21waWxlciwgcnVudGltZSwgdGhlIGdvIGNvbW1hbmQsIGFuZCB0aGUgY3J5cHRvL3g1MDkgYW5k IG5ldCBwYWNrYWdlcy4gU2VlIHRoZSBHbyAxLjE3LjggbWlsZXN0b25lWzFdIG9uIG91ciBpc3N1 ZSB0cmFja2VyIGZvciBkZXRhaWxzLgpnbzEuMTYuMTUgKHJlbGVhc2VkIDIwMjItMDMtMDMpIGlu Y2x1ZGVzIGEgc2VjdXJpdHkgZml4IHRvIHRoZSByZWdleHAvc3ludGF4IHBhY2thZ2VbMF0sIGFz IHdlbGwgYXMgYnVnIGZpeGVzIHRvIHRoZSBjb21waWxlciwgcnVudGltZSwgdGhlIGdvIGNvbW1h bmQsIGFuZCB0aGUgbmV0IHBhY2thZ2UuIFNlZSB0aGUgR28gMS4xNi4xNSBtaWxlc3RvbmVbMl0g b24gb3VyIGlzc3VlIHRyYWNrZXIgZm9yIGRldGFpbHMuCgpbMF0gQ1ZFLTIwMjItMjQ5MjEgYW5k IGh0dHBzOi8vZ28uZGV2L2lzc3VlLzUxMTEyLgpbMV0gaHR0cHM6Ly9naXRodWIuY29tL2dvbGFu Zy9nby9pc3N1ZXM/cT1taWxlc3RvbmUlM0FHbzEuMTcuOCtsYWJlbCUzQUNoZXJyeVBpY2tBcHBy b3ZlZApbMl0gaHR0cHM6Ly9naXRodWIuY29tL2dvbGFuZy9nby9pc3N1ZXM/cT1taWxlc3RvbmUl M0FHbzEuMTYuMTUrbGFiZWwlM0FDaGVycnlQaWNrQXBwcm92ZWQKLS0tCiBnbnUvcGFja2FnZXMv Z29sYW5nLnNjbSB8IDkgKysrKystLS0tCiAxIGZpbGUgY2hhbmdlZCwgNSBpbnNlcnRpb25zKCsp LCA0IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9nb2xhbmcuc2NtIGIv Z251L3BhY2thZ2VzL2dvbGFuZy5zY20KaW5kZXggYThiODQ1ZTMwMS4uZjNjYzFiZDZiOCAxMDA2 NDQKLS0tIGEvZ251L3BhY2thZ2VzL2dvbGFuZy5zY20KKysrIGIvZ251L3BhY2thZ2VzL2dvbGFu Zy5zY20KQEAgLTMzLDYgKzMzLDcgQEAKIDs7OyBDb3B5cmlnaHQgwqkgMjAyMSBDaGFkd2FpbiBI b2xuZXNzIDxjaGFkd2FpbmhvbG5lc3NAZ21haWwuY29tPgogOzs7IENvcHlyaWdodCDCqSAyMDIx IFBoaWxpcCBNY0dyYXRoIDxwaGlsaXBAcGhpbGlwbWNncmF0aC5jb20+CiA7OzsgQ29weXJpZ2h0 IMKpIDIwMjEgTHUgSHVpIDxsdWh1eDc2QGdtYWlsLmNvbT4KKzs7OyBDb3B5cmlnaHQgwqkgMjAy MiBQaWVyLUh1Z3VlcyBQZWxsZXJpbiA8cGhwZWxsZXJpbkBnbWFpbC5jb20+CiA7OzsKIDs7OyBU aGlzIGZpbGUgaXMgcGFydCBvZiBHTlUgR3VpeC4KIDs7OwpAQCAtNDY2LDcgKzQ2Nyw3IEBAIChk ZWZpbmUtcHVibGljIGdvLTEuMTYKICAgKHBhY2thZ2UKICAgICAoaW5oZXJpdCBnby0xLjE0KQog ICAgIChuYW1lICJnbyIpCi0gICAgKHZlcnNpb24gIjEuMTYuMTQiKQorICAgICh2ZXJzaW9uICIx LjE2LjE1IikKICAgICAoc291cmNlCiAgICAgIChvcmlnaW4KICAgICAgICAobWV0aG9kIGdpdC1m ZXRjaCkKQEAgLTQ3Niw3ICs0NzcsNyBAQCAoZGVmaW5lLXB1YmxpYyBnby0xLjE2CiAgICAgICAg KGZpbGUtbmFtZSAoZ2l0LWZpbGUtbmFtZSBuYW1lIHZlcnNpb24pKQogICAgICAgIChzaGEyNTYK ICAgICAgICAgKGJhc2UzMgotICAgICAgICAgIjE2cG43YXZ6bWx3MjhzbGR4Nnl2MzhhMWFmZHdq N2p6M3g3a2p2bGFneXNxcnNoNWx3d2wiKSkpKQorICAgICAgICAgIjB2bGswcjQ2MDBhaDlmZzVh cGRkOTNnN2kzNjlrMHJremNnbjdjczhoNnFxMms2aHB4amwiKSkpKQogICAgIChhcmd1bWVudHMK ICAgICAgKHN1YnN0aXR1dGUta2V5d29yZC1hcmd1bWVudHMKICAgICAgICAgIChzdHJpcC1rZXl3 b3JkLWFyZ3VtZW50cyAnKCM6dGVzdHM/KSAocGFja2FnZS1hcmd1bWVudHMgZ28tMS4xNCkpCkBA IC02MjUsNyArNjI2LDcgQEAgKGRlZmluZS1wdWJsaWMgZ28tMS4xNwogICAocGFja2FnZQogICAg IChpbmhlcml0IGdvLTEuMTYpCiAgICAgKG5hbWUgImdvIikKLSAgICAodmVyc2lvbiAiMS4xNy43 IikKKyAgICAodmVyc2lvbiAiMS4xNy44IikKICAgICAoc291cmNlCiAgICAgIChvcmlnaW4KICAg ICAgICAobWV0aG9kIGdpdC1mZXRjaCkKQEAgLTYzNSw3ICs2MzYsNyBAQCAoZGVmaW5lLXB1Ymxp YyBnby0xLjE3CiAgICAgICAgKGZpbGUtbmFtZSAoZ2l0LWZpbGUtbmFtZSBuYW1lIHZlcnNpb24p KQogICAgICAgIChzaGEyNTYKICAgICAgICAgKGJhc2UzMgotICAgICAgICAgIjBkMHh5Ym43c3k0 emEzZjBzMmZmYjZ5ZnY2cGphYm5rNGp5dno3ZG4zaGpxaGQ1bGtzN20iKSkpKQorICAgICAgICAg IjA1cWZzMTd3ZGR4bW1pMzQ5ZzljaTEydzlmamI1dmJzczZxcGpjNHF6Z3F6em5xZjB5Y3kiKSkp KQogICAgIChvdXRwdXRzICcoIm91dCIgInRlc3RzIikpIDsgJ3Rlc3RzJyBjb250YWlucyBkaXN0 cmlidXRpb24gdGVzdHMuCiAgICAgKGFyZ3VtZW50cwogICAgICBgKCM6bW9kdWxlcyAoKGljZS05 IG1hdGNoKQoKYmFzZS1jb21taXQ6IGNhYmRhMTE5N2U3OTI1ZjU4YTg1MzI1MzRhZmMxYmRlNmM1 ZWIzNzcKLS0gCjIuMzQuMAoK --000000000000c831bf05db0fd61a-- ------------=_1648437302-24774-1--