emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#54568: closed (Update to Go 1.17.8, Go 1.16.15)

From: GNU bug Tracking System
Subject: bug#54568: closed (Update to Go 1.17.8, Go 1.16.15)
Date: Mon, 28 Mar 2022 03:15:02 +0000 
Your message dated Sun, 27 Mar 2022 23:14:40 -0400
with message-id <YkEoIBL4AXNsplmy@jasmine.lan>
and subject line Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15
has caused the debbugs.gnu.org bug report #54568,
regarding Update to Go 1.17.8, Go 1.16.15
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
54568: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=54568
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: Update to Go 1.17.8, Go 1.16.15 Date: Fri, 25 Mar 2022 15:19:07 -0400
Hello,

This patch updates Go 1.16 and 1.17 to their latest patch and fixes a security issue with the regexp/syntax package. I've looked at the current patch and I haven't found one for Go.

This is my first contribution to guix and this process is new to me.

I've made the changes in a single patch, because it covers the same CVE, if you prefer I can split them.

Also, I've looked to add support for go 1.18 based on the 1.17 package definition,  at work I've had a few hiccups when upgrading to this new version. What would be the way to test that packages depending on go (or go-build-system) would still build with it ?

Thanks

--

Attachment: 0001-Update-to-Go-1.17.8-Go-1.16.15.patch
Description: Text Data


--- End Message ---
--- Begin Message --- Subject: Re: [bug#54568] Update to Go 1.17.8, Go 1.16.15 Date: Sun, 27 Mar 2022 23:14:40 -0400 
On Fri, Mar 25, 2022 at 03:19:07PM -0400, Pier-Hugues Pellerin wrote:
> This patch updates Go 1.16 and 1.17 to their latest patch and fixes a
> security issue with the regexp/syntax package. I've looked at the current
> patch and I haven't found one for Go.
> 
> This is my first contribution to guix and this process is new to me.
> 
> I've made the changes in a single patch, because it covers the same CVE, if
> you prefer I can split them.

Thanks! I went ahead and split them on your behalf, pushing as commit
fff27ded10fec7efaec11a231324681fb8dd0857:

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=fff27ded10fec7efaec11a231324681fb8dd0857

> Also, I've looked to add support for go 1.18 based on the 1.17 package
> definition,  at work I've had a few hiccups when upgrading to this new
> version. What would be the way to test that packages depending on go (or
> go-build-system) would still build with it ?

I think that one can use the fold-packages procedure to iterate over
packages and select those that use go-build-system. I don't have an
example off-hand. You can get some help with that on the #guix IRC
channel or the <guix-devel@gnu.org> mailing list.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]