gnu: go-1.25: Update to 1.25.8 [security-fixes].

go1.25.8 (released 2026-03-05) includes security fixes to the html/template, net/url, and os packages, as well as bug fixes to the go command, the compiler, and the os package. See: <https://github.com/golang/go/compare/go1.25.7...go1.25.8>, <https://www.openwall.com/lists/oss-security/2026/03/06/1> Containes fixes for: CVE-2026-27142: URLs in meta content attribute actions are not escaped in html/template. CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url. CVE-2026-27139: FileInfo can escape from a Root in os. * gnu/packages/golang.scm (go-1.25): Update to 1.25.8. Change-Id: I01a80a78f20075fe6c05c46f97dfe35f770a99a0
2026-04-06 21:20:33 +02:00 · 2026-03-12 11:09:13 +00:00
parent ac0efb2c97
commit 391200d054
1 changed files with 2 additions and 2 deletions
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1125,7 +1125,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
  (package
    (inherit go-1.24)
    (name "go")
-    (version "1.25.7")
+    (version "1.25.8")
    (source
     (origin
       (method git-fetch)
@@ -1134,7 +1134,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
              (commit (string-append "go" version))))
       (file-name (git-file-name name version))
       (sha256
-        (base32 "0mjygpbswf91af07bbc1xpbw1adbcd210401rp5wpqv6d5rqn3jc"))))
+        (base32 "0vgz80mrxlkljr8ynficwvshinirqxbiv2ikscf941ladbv0g604"))))
    (arguments
     (substitute-keyword-arguments (package-arguments go-1.24)
       ((#:phases phases)