go1.24.12 (released 2026-01-15) includes security fixes to the go
command, and the archive/zip, crypto/tls, and net/url packages, as well
as bug fixes to the compiler, the runtime, and the crypto/tls and os
packages.
See: <https://github.com/golang/go/milestone/419>
go1.24.13 (released 2026-02-04) includes security fixes to the go
command and the crypto/tls package, as well as bug fixes to the
crypto/x509 package.
See: <https://github.com/golang/go/milestone/421>
Containes fixes for:
CVE-2025-68121: Unexpected session resumption in crypto/tls
CVE-2025-68119: Unexpected code execution when invoking toolchain in
cmd/go
CVE-2025-61732: Potential code smuggling via doc comments in cmd/cgo
CVE-2025-61731: Arbitrary file write using cgo pkg-config directive in
cmd/go
CVE-2025-61730: Handshake messages may be processed at the incorrect
encryption level in crypto/tls
CVE-2025-61728: Excessive CPU consumption when building archive index in
archive/zip
CVE-2025-61726: Memory exhaustion in query parameter parsing in net/url
* gnu/packages/golang.scm (go-1.24): Update to 1.24.13.
Change-Id: I80dde282c7026fd7a3cf1161a6e63f0ceca2d51f
go1.25.8 (released 2026-03-05) includes security fixes to the
html/template, net/url, and os packages, as well as bug fixes to the go
command, the compiler, and the os package.
See: <https://github.com/golang/go/compare/go1.25.7...go1.25.8>,
<https://www.openwall.com/lists/oss-security/2026/03/06/1>
Containes fixes for:
CVE-2026-27142: URLs in meta content attribute actions are not escaped
in html/template.
CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url.
CVE-2026-27139: FileInfo can escape from a Root in os.
* gnu/packages/golang.scm (go-1.25): Update to 1.25.8.
Change-Id: I01a80a78f20075fe6c05c46f97dfe35f770a99a0
go1.26.1 (released 2026-03-05) includes security fixes to the
crypto/x509, html/template, net/url, and os packages, as well as bug
fixes to the go command, the go fix command, the compiler, and the os
and reflect packages.
See: <https://github.com/golang/go/compare/go1.26.0...go1.26.1>,
<https://www.openwall.com/lists/oss-security/2026/03/06/1>
Containes fixes for:
CVE-2026-27137: Incorrect enforcement of email constraints in
crypto/x509.
CVE-2026-27138: Panic in name constraint checking for malformed
certificates in crypto/x509.
CVE-2026-27142: URLs in meta content attribute actions are not escaped
in html/template.
CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url.
CVE-2026-27139: FileInfo can escape from a Root in os.
* gnu/packages/golang.scm (go-1.26): Update to 1.26.1.
Change-Id: I1c014a334407d9ca927d9e403c8c7e92cad8fe1d
* gnu/packages/golang.scm (go-1.26): Update to 1.26rc2.
[native-inputs]: Use go-1.24 for bootstrap.
Change-Id: I0c60c4af5091edede6cec865590c3fcd10074f3b
Contains fixes for:
CVE-2025-61732: cmd/go: Discrepancy between Go and C/C++ comment parsing
allows for C code smuggling.
CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated
session ticket keys, session resumption does not account
for the expiration of full certificate chainn.
* gnu/packages/golang.scm (go-1.25): Update to 1.25.7.
Change-Id: Id06b038a837beff45af3b6db7ee14a5afd627fb3
* gnu/packages/golang.scm (go-1.24)[arguments]: Adjust the
'disable-more-tests phase to skip a test on armhf-linux.
Change-Id: If05e4b80669a0f4faf79c7c589d6c99b297c7d92
* gnu/packages/golang.scm (go-1.23)[arguments]: Adjust the
'disable-more-tests phase to skip a test on armhf-linux.
Change-Id: I16eabf352395a7fd064cddf40dabd3f1ac35fe65
* gnu/packages/golang.scm (go-1.22)[arguments]: On some architectures
add a phase to extend the test timeout.
Change-Id: I7db0d37a616f6515790189451d8d4ce41188ec1c
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.17)[arguments]: Disable tests when
building for armhf-linux.
Change-Id: I8654c1966daaa19602d876618d5ff9e384b12fc8
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.24)[arguments]: Replace inherited
'disable-more-tests phase to adjust for changes in the source.
[native-inputs]: Rewrite inheriting from go-1.22.
[properties]: Add field previously inherited from go-1.23.
Change-Id: I4938c7854cba0aa982d7b755c10f255cab81a828
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.22)[arguments]: Disable parallel-tests
on riscv64-linux and armhf-linux. Add a phase to disable certain tests
based on the architecture.
(go-1.23)[arguments]: Remove new inherited phase.
Change-Id: If4ed3f195c1af504d6ab4b686829fda8c91138d2
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.20): Update to 1.20.14.
[arguments]<parallel-tests?>: Disable for riscv64-linux.
<tests?>: Disable for riscv64-linux.
<phases>: Add a phase to skip certain tests based on the architecture.
(go-1.21)[arguments]: Strip the inherited keyword tests. Remove the
added phase to skip tests.
Change-Id: If7cd498ad56c503b0d602e7ea62399e82ecddb06
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.17)[arguments]: When building on
aarch64-linux don't disable the tests.
Change-Id: I9c839a059df772636d8dd129bbb7ddad9e4ecbe9
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.17)[inputs]: Rewrite to not inherit from
go-1.4 and to always use gcc:lib.
[arguments]: Add the phase 'patch-gcc:lib unconditionally.
(go-1.18)[arguments]: Replace the inherited 'patch-gcc:lib phase on all
architectures.
Change-Id: I9024db846fef304b76441fe8b816740a60653d0e
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
Building with a canonical-package hinders cross-building.
* gnu/packages/golang.scm (go-1.4)[inputs]: Replace the canonical-package
gcc:lib with gcc:lib.
Change-Id: I4f0c8549611461d47cc017314e8eb55815ae549f
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (go-1.4)[arguments]: Remove code setting the
system to armhf-linux when building for aarch64-linux.
[supported-systems]: Remove aarch64-linux.
Change-Id: I7ad6da7b8ddba674433c6efd7b2085b733548d5c
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/golang.scm (%go-1.23-arm64-micro-architectures): New
variable.
(go-1.23)[compiler-cpu-architectures]: Add aarch64 micro-architectures.
* guix/transformations.scm (tuning-compiler): Update the go optimizer to
also support GOARM64.
Change-Id: I8825f9857e07c1634ea346d5a16ae9550f340e65
* gnu/packages/golang.scm (go-github-com-aarzilli-golua): Move from here ...
* gnu/packages/music.scm: ... to here.
Change-Id: Ice6875f1b845df5361dd7a7166723a93c558cc20
* gnu/packages/golang.scm (go-gitlab-com-ambrevar-golua-unicode): Move
from here ...
* gnu/packages/music.scm: ... to here.
Change-Id: Ie0278f63597ff6a6ddc0b7b8e60e79b74a114a2e
* gnu/packages/golang.scm (go-github-com-stevedonovan-luar): Move from
here ...
* gnu/packages/music.scm: ... to here.
Change-Id: I22182fc66196e907f87081cb39405f81f8edb84f
* gnu/packages/golang.scm (go-github-com-wtolson-go-taglib): Move from
here ...
* gnu/packages/music.scm: ... to here.
Change-Id: I2b5234ac631cb11c663fdebc4173b707a3faace0
