From c6bc0fc3a5b20b1548b550211382acf06308b5dd Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 25 Jan 2019 15:17:26 -0500 Subject: [PATCH] gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486]. * gnu/packages/golang.scm (go-1.11): Update to 1.11.5. [arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase for the tarbomb. --- gnu/packages/golang.scm | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index a571477ef2..e6269f526f 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -406,7 +406,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (package (inherit go-1.9) (name "go") - (version "1.11.4") + (version "1.11.5") (source (origin (method url-fetch) @@ -414,11 +414,23 @@ in the style of communicating sequential processes (@dfn{CSP}).") name version ".src.tar.gz")) (sha256 (base32 - "05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac")))) + "0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw")))) (arguments (substitute-keyword-arguments (package-arguments go-1.9) ((#:phases phases) `(modify-phases ,phases + ;; XXX Work around the Go 1.11.5 tarbomb. + ;; + (add-after 'unpack 'tarbomb-workaround + (lambda _ + (chdir "..") + (delete-file-recursively "gocache") + (delete-file-recursively "tmp") + #t)) + (replace 'chdir + (lambda _ + (chdir "go/src") + #t)) (replace 'prebuild (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib"))