gnu: Go: Update to 1.11.5 [fixes CVE-2019-6486].
* gnu/packages/golang.scm (go-1.11): Update to 1.11.5. [arguments]: Add a 'tarbomb-workaround' phase and adapt the 'chdir' phase for the tarbomb.
This commit is contained in:
parent
8204ec8dbe
commit
c6bc0fc3a5
|
@ -406,7 +406,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
|
|||
(package
|
||||
(inherit go-1.9)
|
||||
(name "go")
|
||||
(version "1.11.4")
|
||||
(version "1.11.5")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -414,11 +414,23 @@ in the style of communicating sequential processes (@dfn{CSP}).")
|
|||
name version ".src.tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"05fvp8dq0yffsrvdyii4wgl756dn0xkgm5a80al7j7kb19r45zac"))))
|
||||
"0gllmbjvp12iszwils8id78mvjxwviwf98lh2gdkb236n4mz07mw"))))
|
||||
(arguments
|
||||
(substitute-keyword-arguments (package-arguments go-1.9)
|
||||
((#:phases phases)
|
||||
`(modify-phases ,phases
|
||||
;; XXX Work around the Go 1.11.5 tarbomb.
|
||||
;; <https://github.com/golang/go/issues/29906>
|
||||
(add-after 'unpack 'tarbomb-workaround
|
||||
(lambda _
|
||||
(chdir "..")
|
||||
(delete-file-recursively "gocache")
|
||||
(delete-file-recursively "tmp")
|
||||
#t))
|
||||
(replace 'chdir
|
||||
(lambda _
|
||||
(chdir "go/src")
|
||||
#t))
|
||||
(replace 'prebuild
|
||||
(lambda* (#:key inputs outputs #:allow-other-keys)
|
||||
(let* ((gcclib (string-append (assoc-ref inputs "gcc:lib") "/lib"))
|
||||
|
|
Loading…
Reference in New Issue