[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].
From: |
guix-commits |
Subject: |
01/01: gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486]. |
Date: |
Fri, 25 Jan 2019 19:26:22 -0500 (EST) |
lfam pushed a commit to branch master
in repository guix.
commit c6bc0fc3a5b20b1548b550211382acf06308b5dd
Author: Leo Famulari <address@hidden>
Date: Fri Jan 25 15:17:26 2019 -0500
gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].
* gnu/packages/golang.scm (go-1.11): Update to 1.11.5.
[arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase
for
the tarbomb.
---
gnu/packages/golang.scm | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index a571477..e6269f5 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -406,7 +406,7 @@ in the style of communicating sequential processes
(@dfn{CSP}).")
(package
(inherit go-1.9)
(name "go")
- (version "1.11.4")
+ (version "1.11.5")
(source
(origin
(method url-fetch)
@@ -414,11 +414,23 @@ in the style of communicating sequential processes
(@dfn{CSP}).")
name version ".src.tar.gz"))
(sha256
(base32
- "05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac"))))
+ "0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw"))))
(arguments
(substitute-keyword-arguments (package-arguments go-1.9)
((#:phases phases)
`(modify-phases ,phases
+ ;; XXX Work around the Go 1.11.5 tarbomb.
+ ;; <https://github.com/golang/go/issues/29906>
+ (add-after 'unpack 'tarbomb-workaround
+ (lambda _
+ (chdir "..")
+ (delete-file-recursively "gocache")
+ (delete-file-recursively "tmp")
+ #t))
+ (replace 'chdir
+ (lambda _
+ (chdir "go/src")
+ #t))
(replace 'prebuild
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((gcclib (string-append (assoc-ref inputs "gcc:lib")
"/lib"))