Fedora has issued an advisory today (June 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/ The RedHat bug contains links to the upstream bug and patch: https://bugzilla.redhat.com/show_bug.cgi?id=1455189 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
golang-1.8.1-6 is fixing the issue for cauldron/mga6. Freeze push asked.
Status: NEW => ASSIGNED
golang-1.6.4-2 should fix the issue for mga5. submitted to testing. I adapted the patch provided for 1.8.1, so this should be checked.
Assignee: bruno => qa-bugs
Changing the version to 5 since this is assigned to QA, but it still needs fixed in Cauldron; the patch wasn't checked into SVN.
Version: Cauldron => 5CC: (none) => brunoWhiteboard: MGA5TOO => (none)
Advisory: ======================== Updated golang packages fix security vulnerability: A carry propagation issue was found in the P-256 implementation for x86-64 in golang (CVE-2017-8932). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8932 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/ ======================== Updated packages in core/updates_testing: ======================== golang-1.6.4-2.mga5 golang-docs-1.6.4-2.mga5 golang-misc-1.6.4-2.mga5 golang-tests-1.6.4-2.mga5 golang-src-1.6.4-2.mga5 golang-bin-1.6.4-2.mga5 golang-shared-1.6.4-2.mga5 from golang-1.6.4-2.mga5.src.rpm
Trying this out on x86_64 real hardware after studying some of the tutorials in Donovan & Kernighan's 'The Go Programming Language'. The language has similarities to C and other strongly typed languages. It is easy to write but quite difficult to use because it requires (IIUC) a development environment local to the user. That takes some getting used to. Built a local development tree and imported a hello-world program and a string reverse utility from an online tutorial and a similar hello-world from the ebook's website using the 'go get' command. Ran the latter from the $HOME/go/bin directory: $ ./helloworld Hello, 世界 The odd characters came out correctly on the screen - pictographs of some kind. Built the string utility as a local package and ran the other helloworld program from the src directory: $ go run hello.go Good morning QA !AQ gninrom dooG Going to investigate "golang-tests" next.
CC: (none) => tarazed25
Created attachment 9439 [details] Hello world program with string manipulation Placed in $HOME/go/src $ go run hello.go
Created attachment 9440 [details] Package file containing string reverse function Placed in $HOME/go/src/stringutil $ cd $HOME/go/src/stringutil $ go build reverse.go
Created attachment 9441 [details] Snapshot of the directory structure after importing chapter 1 of the ebook
dummy.go is a copy of reverse.go $ cd $HOME/go/src $ go test # stringutil stringutil/reverse.go:5: Reverse redeclared in this block previous declaration at stringutil/dummy.go:5 Not sure what golang-tests contains but there is a built-in unit testing framework so that may be it. 'go test' can be used with the -bench flag to run your own benchmarks within this framework. /usr/share does not contain much, just these empty directories: $ ls /usr/share/gocode/src bitbucket.org code.google.com github.com golang.org
All seven packages updated cleanly. $ cd ~/go/src $ go run helloworld.go Hello, 世界 $ go build helloworld.go $ ./helloworld Hello, 世界 $ go run hello.go Good morning QA !AQ gninrom dooG $ go build hello.go $ ./hello Good morning QA !AQ gninrom dooG $ urpmq --whatrequires golang | sort | uniq docker-devel docker-pkg-devel golang golang-bin golang-blackfriday-devel golang-codegangsta-devel golang-docs golang-godbus golang-gopatricia golang-go-systemd golang-libcontainer golang-libcontainer-devel golang-logrus-devel golang-misc golang-net-devel golang-testify-devel golang-tests go-md2man-devel Nothing else there that I feel like testing. On the basis of these very elementary tests am assigning an OK.
Whiteboard: (none) => MGA5-64-OK
Just noting that the Cauldron update has been pushed. Thanks Bruno.
Created attachment 9450 [details] Directory structure for a go environment Needed to remove copyright violation
Attachment 9441 is obsolete: 0 => 1
mga5.1 Mate in i586 virtualbox Some of the material here was downloaded from the website quoted in the Donovan & Kernighan book which I have paid for so I am entitled to use this myself but nobody else in QA may do so. To avoid a copyright violation the link in the go get command has been removed but the tree structure below shows how to build the local go environment. # An example for tcsh $ setenv GOPATH /home/<user>/qa/go # For bash $ export GOPATH=$HOME/go $ go get <path to helloworld program on the web> # This imports a directory structure from the book site. $ tree go go ├── bin │ └── helloworld ├── hello.go ├── reverse.go └── src └── <website name> ├── ch1 │ ├── dup1 │ │ └── main.go │ ├── dup2 │ │ └── main.go │ ├── echo3 │ │ └── main.go │ ├── fetch │ │ └── main.go │ └── memotest │ └── memotest.go └── README.md 143 directories, 171 files $ ./go/bin/helloworld Hello, 世界 Created a package directory for the hello program, moved hello.go to src and reverse.go to the package directory src/stringutil, viz: go ├── bin │ └── helloworld └── src ├── <website name> │ │ └── memotest │ │ └── memotest.go │ └── README.md ├── hello.go └── stringutil └── reverse.go Started from the go directory: $ go run src/hello.go Good morning QA !AQ gninrom dooG $ go build src/hello.go [lcl@localhost go]$ ls -l total 1812 drwxr-xr-x 2 lcl lcl 4096 Jun 29 15:00 bin -rwxr-xr-x 1 lcl lcl 1846296 Jun 29 15:44 hello drwxr-xr-x 4 lcl lcl 4096 Jun 29 15:42 src $ ./hello Good morning QA !AQ gninrom dooG The seven packages in Updates Testing installed cleanly. Worked through the commands posted above, starting from scratch (removing the chapter1 tree and bin directory). $ go get <website>/ch1/helloworld $ $GOPATH/bin/helloworld Hello, 世界 etc. etc. Everything fine. Hopefully these very basic tests show that go is working fine for 32-bits after the update.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0195.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED