aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2019-01-25 15:17:26 -0500
committerLeo Famulari <leo@famulari.name>2019-01-25 19:24:59 -0500
commitc6bc0fc3a5b20b1548b550211382acf06308b5dd (patch)
tree9e381ecf6c811d4b2bffa5c614219d85728118a6
parent8204ec8dbed14c3b112a2b3cc3591fb2b87b66e1 (diff)
downloadguix-c6bc0fc3a5b20b1548b550211382acf06308b5dd.tar
guix-c6bc0fc3a5b20b1548b550211382acf06308b5dd.tar.gz
gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].
* gnu/packages/golang.scm (go-1.11): Update to 1.11.5. [arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase for the tarbomb.
-rw-r--r--gnu/packages/golang.scm16
1 files changed, 14 insertions, 2 deletions
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index a571477ef2..e6269f526f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -406,7 +406,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(package
(inherit go-1.9)
(name "go")
- (version "1.11.4")
+ (version "1.11.5")
(source
(origin
(method url-fetch)
@@ -414,11 +414,23 @@ in the style of communicating sequential processes (@dfn{CSP}).")
name version ".src.tar.gz"))
(sha256
(base32
- "05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac"))))
+ "0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw"))))
(arguments
(substitute-keyword-arguments (package-arguments go-1.9)
((#:phases phases)
`(modify-phases ,phases
+ ;; XXX Work around the Go 1.11.5 tarbomb.
+ ;; <https://github.com/golang/go/issues/29906>
+ (add-after 'unpack 'tarbomb-workaround
+ (lambda _
+ (chdir "..")
+ (delete-file-recursively "gocache")
+ (delete-file-recursively "tmp")
+ #t))
+ (replace 'chdir
+ (lambda _
+ (chdir "go/src")
+ #t))
(replace 'prebuild
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib"))