GNU bug report logs - #54568
Update to Go 1.17.8, Go 1.16.15

Previous Next

Package: guix-patches;

Reported by: Pier-Hugues Pellerin <ph <at> heykimo.com>

Date: Fri, 25 Mar 2022 19:22:02 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 54568-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Pier-Hugues Pellerin <ph <at> heykimo.com>
Cc: 54568-done <at> debbugs.gnu.org
Subject: Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15
Date: Sun, 27 Mar 2022 23:14:40 -0400

On Fri, Mar 25, 2022 at 03:19:07PM -0400, Pier-Hugues Pellerin wrote:
> This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
> security issue with the regexp/syntax package. I've looked at the current
> patch and I haven't found one for Go.
> 
> This is my first contribution to guix and this process is new to me.
> 
> I've made the changes in a single patch, because it covers the same CVE, if
> you prefer I can split them.

Thanks! I went ahead and split them on your behalf, pushing as commit
fff27ded10fec7efaec11a231324681fb8dd0857:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=fff27ded10fec7efaec11a231324681fb8dd0857

> Also, I've looked to add support for go 1.18 based on the 1.17 package
> definition,  at work I've had a few hiccups when upgrading to this new
> version. What would be the way to test that packages depending on go (or
> go-build-system) would still build with it ?

I think that one can use the fold-packages procedure to iterate over
packages and select those that use go-build-system. I don't have an
example off-hand. You can get some help with that on the #guix IRC
channel or the <guix-devel <at> gnu.org> mailing list.
This bug report was last modified 3 years and 52 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.