gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].

* gnu/packages/golang.scm (go-1.11): Update to 1.11.5.
[arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase for
the tarbomb.
This commit is contained in:
Leo Famulari 2019-01-25 15:17:26 -05:00
parent 8204ec8dbe
commit c6bc0fc3a5
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
1 changed files with 14 additions and 2 deletions

View File

@ -406,7 +406,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(package (package
(inherit go-1.9) (inherit go-1.9)
(name "go") (name "go")
(version "1.11.4") (version "1.11.5")
(source (source
(origin (origin
(method url-fetch) (method url-fetch)
@ -414,11 +414,23 @@ in the style of communicating sequential processes (@dfn{CSP}).")
name version ".src.tar.gz")) name version ".src.tar.gz"))
(sha256 (sha256
(base32 (base32
"05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac")))) "0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw"))))
(arguments (arguments
(substitute-keyword-arguments (package-arguments go-1.9) (substitute-keyword-arguments (package-arguments go-1.9)
((#:phases phases) ((#:phases phases)
`(modify-phases ,phases `(modify-phases ,phases
;; XXX Work around the Go 1.11.5 tarbomb.
;; <https://github.com/golang/go/issues/29906>
(add-after 'unpack 'tarbomb-workaround
(lambda _
(chdir "..")
(delete-file-recursively "gocache")
(delete-file-recursively "tmp")
#t))
(replace 'chdir
(lambda _
(chdir "go/src")
#t))
(replace 'prebuild (replace 'prebuild
(lambda* (#:key inputs outputs #:allow-other-keys) (lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib")) (let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib"))