diff options
author | Leo Famulari <leo@famulari.name> | 2019-01-25 15:17:26 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2019-01-25 19:24:59 -0500 |
commit | c6bc0fc3a5b20b1548b550211382acf06308b5dd (patch) | |
tree | 9e381ecf6c811d4b2bffa5c614219d85728118a6 | |
parent | 8204ec8dbed14c3b112a2b3cc3591fb2b87b66e1 (diff) | |
download | patches-c6bc0fc3a5b20b1548b550211382acf06308b5dd.tar patches-c6bc0fc3a5b20b1548b550211382acf06308b5dd.tar.gz |
gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].
* gnu/packages/golang.scm (go-1.11): Update to 1.11.5.
[arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase for
the tarbomb.
-rw-r--r-- | gnu/packages/golang.scm | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index a571477ef2..e6269f526f 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -406,7 +406,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (package (inherit go-1.9) (name "go") - (version "1.11.4") + (version "1.11.5") (source (origin (method url-fetch) @@ -414,11 +414,23 @@ in the style of communicating sequential processes (@dfn{CSP}).") name version ".src.tar.gz")) (sha256 (base32 - "05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac")))) + "0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw")))) (arguments (substitute-keyword-arguments (package-arguments go-1.9) ((#:phases phases) `(modify-phases ,phases + ;; XXX Work around the Go 1.11.5 tarbomb. + ;; <https://github.com/golang/go/issues/29906> + (add-after 'unpack 'tarbomb-workaround + (lambda _ + (chdir "..") + (delete-file-recursively "gocache") + (delete-file-recursively "tmp") + #t)) + (replace 'chdir + (lambda _ + (chdir "go/src") + #t)) (replace 'prebuild (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib")) |