GNU bug report logs - #54568
Update to Go 1.17.8, Go 1.16.15

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#54568: closed (Update to Go 1.17.8, Go 1.16.15)
Date: Mon, 28 Mar 2022 03:15:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Sun, 27 Mar 2022 23:14:40 -0400
with message-id <YkEoIBL4AXNsplmy <at> jasmine.lan>
and subject line Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15
has caused the debbugs.gnu.org bug report #54568,
regarding Update to Go 1.17.8, Go 1.16.15
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
54568: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=54568
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Pier-Hugues Pellerin <ph <at> heykimo.com>
To: guix-patches <at> gnu.org
Subject: Update to Go 1.17.8, Go 1.16.15
Date: Fri, 25 Mar 2022 15:19:07 -0400

[Message part 3 (text/plain, inline)]

Hello,

This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
security issue with the regexp/syntax package. I've looked at the current
patch and I haven't found one for Go.

This is my first contribution to guix and this process is new to me.

I've made the changes in a single patch, because it covers the same CVE, if
you prefer I can split them.

Also, I've looked to add support for go 1.18 based on the 1.17 package
definition,  at work I've had a few hiccups when upgrading to this new
version. What would be the way to test that packages depending on go (or
go-build-system) would still build with it ?

Thanks

-- 
ph,
http://heykimo.com

[Message part 4 (text/html, inline)]

[0001-Update-to-Go-1.17.8-Go-1.16.15.patch (text/x-patch, attachment)]

[Message part 6 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: Pier-Hugues Pellerin <ph <at> heykimo.com>
Cc: 54568-done <at> debbugs.gnu.org
Subject: Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15
Date: Sun, 27 Mar 2022 23:14:40 -0400

On Fri, Mar 25, 2022 at 03:19:07PM -0400, Pier-Hugues Pellerin wrote:
> This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
> security issue with the regexp/syntax package. I've looked at the current
> patch and I haven't found one for Go.
> 
> This is my first contribution to guix and this process is new to me.
> 
> I've made the changes in a single patch, because it covers the same CVE, if
> you prefer I can split them.

Thanks! I went ahead and split them on your behalf, pushing as commit
fff27ded10fec7efaec11a231324681fb8dd0857:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=fff27ded10fec7efaec11a231324681fb8dd0857

> Also, I've looked to add support for go 1.18 based on the 1.17 package
> definition,  at work I've had a few hiccups when upgrading to this new
> version. What would be the way to test that packages depending on go (or
> go-build-system) would still build with it ?

I think that one can use the fold-packages procedure to iterate over
packages and select those that use go-build-system. I don't have an
example off-hand. You can get some help with that on the #guix IRC
channel or the <guix-devel <at> gnu.org> mailing list.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.