tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-06-13 20:24:08 +02:00
Code Activity

gnu: go-1.26: Update to 1.26.3 [security-fixes].

Browse Source 
go1.26.3 (released 2026-05-07) includes security fixes to the go
command, the pack tool, and the html/template, net, net/http,
net/http/httputil, net/mail, and syscall packages, as well as bug fixes
to the go command, the go fix command, the compiler, the linker, the
runtime, and the crypto/fips140, crypto/tls, go/types, and os packages
See: <https://github.com/golang/go/milestone/433>,
<https://groups.google.com/g/golang-announce/c/qcCIEXso47M>.

Containes fixes for:
CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum
                database
CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with
                more than urlmaxqueryparams parameters
CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte
                on Windows
CVE-2026-42499: net/mail: quadratic string concatenation in
                consumePhrase
CVE-2026-39820: net/mail: quadratic string concatentation in
                consumeComment
CVE-2026-39819: cmd/go: "go bug" follows symlinks in predictable
                temporary filenames
CVE-2026-39817: cmd/go: "go tool pack" does not sanitize output paths
CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given
                bad SETTINGS_MAX_FRAME_SIZE
CVE-2026-39826: html/template: escaper bypass leads to XSS
CVE-2026-33811: net: crash when handling long CNAME response
CVE-2026-39823: html/template: bypass of meta content URL escaping
                causes XSS

* gnu/packages/golang.scm (go-1.26): Update to 1.26.3.

Change-Id: Ia1a51eff549c90918e32af4834c03b675504a231
This commit is contained in:
Sharlatan Hellseher
2026-05-15 13:52:01 +01:00
parent 556cb3ca41
commit c1fbc5d4e2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gnu/packages/golang.scm
+2 -2
View File
@@ -1120,7 +1120,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(package
(inherit go-1.24)
(name "go")
(version "1.26.2")
(version "1.26.3")
(source
(origin
(method git-fetch)
@@ -1129,7 +1129,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
(commit (string-append "go" version))))
(file-name (git-file-name name version))
(sha256
(base32 "01dgshhn38dgxmbn02knnvddirmkwgvr3v003dml5q87qibzvg30"))))
(base32 "16yrb9si7swc6vnxjj5ga5pvyjkab5w8z589fqml61q0rypnn6ay"))))
(arguments
(substitute-keyword-arguments arguments
((#:phases phases)