Go 1.20.3 and Go 1.19.8 have been released on April 4, fixing security issues: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 SUSE has issued an advisories for this today (April 6): https://lists.suse.com/pipermail/sle-security-updates/2023-April/014420.html https://lists.suse.com/pipermail/sle-security-updates/2023-April/014421.html They also determined that conmon and skopeo needed to be rebuilt with this update: https://lists.suse.com/pipermail/sle-security-updates/2023-April/014423.html https://lists.suse.com/pipermail/sle-security-updates/2023-April/014387.html Our skopeo package has a lot of other issues because it's unmaintained and/or has an unresponsive maintainer (see Bug 28885). Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.19.8 and 1.20.3Whiteboard: (none) => MGA8TOO
1.20.3 on its way to updates_testing for cauldron.
Status: NEW => ASSIGNED
1.19.8 on its way to updates_testing for mga8
Assignee: bruno => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 1.19.8 and 1.20.3 => (none)
Note that the freeze move request for Cauldron is pending. Mageia 8 update: golang-1.19.8-1.mga8 golang-tests-1.19.8-1.mga8 golang-misc-1.19.8-1.mga8 golang-docs-1.19.8-1.mga8 golang-src-1.19.8-1.mga8 golang-shared-1.19.8-1.mga8 golang-bin-1.19.8-1.mga8 from golang-1.19.8-1.mga8.src.rpm
CC: (none) => bruno
Trying to follow Len's lead in bug 31575, but $ mgarepo co docker Host key verification failed. svn: E170013: Unable to connect to a repository at URL 'svn+ssh://svn.mageia.org/svn/packages/cauldron/docker/current' svn: E210002: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. svn: E210002: Network connection closed unexpectedly
CC: (none) => herman.viaene
You need to use anonymous access to SVN. See mgarepo.conf (and I believe this is documented on the wiki somewhere too).
Uncommented line in mgarepo.conf mirror = svn://svn.mageia.org/svn/packages/ Then I could proceed $ cd docker $ mgarepo co docker Using the svn mirror. To be able to commit changes, use 'mgarepo switch' first. A docker/SOURCES A docker/SOURCES/sha1.lst A docker/SOURCES/docker.service A docker/SOURCES/docker-network.sysconfig A docker/SOURCES/docker-network-cleanup.sh A docker/SOURCES/docker-storage.sysconfig A docker/SOURCES/docker.socket A docker/SOURCES/docker.sysconfig A docker/SOURCES/docker-logrotate.sh A docker/SOURCES/README.docker-logrotate A docker/SPECS A docker/SPECS/docker.spec Checked out revision 1952681. etc...... $ bm -s error: couldn't guess SPECS directory
cd docker
$ cd docker [tester8@mach7 docker]$ bm -s creating package list processing package %{origname}-%{moby_version}-%mkrel 1 building source package succeeded! $ bm -l After installing a load of other golang packages I get $ bm -l creating package list processing package %{origname}-%{moby_version}-%mkrel 1 building source and binary packages warning: Macro expanded in comment on line 43: %{shortcommit_moby} warning: line 120: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-swarm warning: line 122: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-vim Executing(%prep): /bin/sh -e /home/tester8/docker/docker/BUILDROOT/rpm-tmp.u8R79b + umask 022 + cd /home/tester8/docker/docker/BUILD and more ........ and at the end Executing(%clean): /bin/sh -e /home/tester8/docker/docker/BUILDROOT/rpm-tmp.3bucDd + umask 022 + cd /home/tester8/docker/docker/BUILD + cd moby-20.10.22 + /usr/bin/rm -rf /home/tester8/docker/docker/BUILDROOT/docker-20.10.22-1.mga8.x86_64 + RPM_EC=0 ++ jobs -p + exit 0 succeeded! So OK for me.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0145.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED