Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2023/12/05/2
Source RPM: (none) => golang-1.21.0-1.mga9.src.rpm, golang-1.20.5-1.mga9.src.rpmStatus comment: (none) => Fixed upstream in 1.21.5 and 1.20.12
Stig has done the most recent golang version updates, and as this is similar, assigning to you for 1.21.x. CC'ing Bruno for 1.20.x.
CC: (none) => brunoAssignee: bugsquad => smelror
I can take this update for all versions, but I'd like to update mga8 with 1.21.x because it's needed to finally solve the docker stack on that version and close https://bugs.mageia.org/show_bug.cgi?id=31733 For that we need to update the build nodes still being running mga8 with that updated version of golang so I can build after that the remaining part of the docker stack for all versions of Mageia.
Status: NEW => ASSIGNED
golang-1.21.5-1.mga9.src.rpm and golang-1.21.5-1.mga8.src.rpm on their way to be rebuilt for both distributions. Please validate both updates, as mga8 is needing it for build nodes, pending their updates.
Assignee: smelror => qa-bugs
CVE: (none) => CVE-2023-39326, CVE-2023-45283, CVE-2023-45285Whiteboard: (none) => NGA8TOOCC: (none) => marja11
Whiteboard: NGA8TOO => MGA8TOO
The uploaded advisory can be seen here: https://svnweb.mageia.org/advisories/32622.adv?view=markup&pathrev=15402 What is the fastest way to find the included RPMs? They need to be listed for the QA testers
Keywords: (none) => advisory
Sorry, missed that. Here is the list of what is built: RPMS/noarch/golang-docs-1.21.5-1.mga9.noarch.rpm RPMS/noarch/golang-misc-1.21.5-1.mga9.noarch.rpm RPMS/noarch/golang-src-1.21.5-1.mga9.noarch.rpm RPMS/noarch/golang-tests-1.21.5-1.mga9.noarch.rpm RPMS/x86_64/golang-1.21.5-1.mga9.x86_64.rpm RPMS/x86_64/golang-bin-1.21.5-1.mga9.x86_64.rpm RPMS/x86_64/golang-shared-1.21.5-1.mga9.x86_64.rpm
Mageia9, x86_64 Clean update. There are test files at /usr/lib/golang/src/cmd/compile/internal/test/ but no help document to go with them so we shall go with the usual test and try compiling docker. $ mgarepo co docker [...] $ cd docker $ sudo urpmi --buildrequires SPECS/docker.spec warning: Macro expanded in comment on line 43: %{shortcommit_moby} warning: line 120: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-swarm warning: line 122: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-vim In order to satisfy the 'golang(golang.org/x/text/encoding/htmlindex)' dependency, one of the following packages is needed: 1- golang-x-text-devel-0.3.7-3.mga9.noarch: Go text processing support (to install) 2- golang-golangorg-text-devel-0.3.3-2.mga9.noarch: Supplementary Go text libraries for golang.org/x/ imports (to install) What is your choice? (1-2) 1 [...] 163MB of packages will be retrieved. Proceed with the installation of the 355 packages? (Y/n) <355 extra packages installed> $ bm -l [...] line 120: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-swarm line 122: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-vim succeeded! That looks OK. $ cd RPMS/x86_64/ $ ls docker-24.0.5-5.mga9.x86_64.rpm docker-devel-24.0.5-5.mga9.x86_64.rpm docker-fish-completion-24.0.5-5.mga9.x86_64.rpm docker-logrotate-24.0.5-5.mga9.x86_64.rpm docker-nano-24.0.5-5.mga9.x86_64.rpm docker-zsh-completion-24.0.5-5.mga9.x86_64.rpm Slight advance on installed docker. $ rpm -q docker docker-24.0.5-4.mga9 That looks like a successful local build so go looks fine.
CC: (none) => tarazed25Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OK
Mageia8, x86_64 Waiting for the updates.
For mga8 they are available it seems: http://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/8/x86_64/media/core/updates_testing/
Mageia8, x86_64 golang-docs-1.21.5-1.mga8.noarch.rpm golang-misc-1.21.5-1.mga8.noarch.rpm golang-src-1.21.5-1.mga8.noarch.rpm golang-tests-1.21.5-1.mga8.noarch.rpm golang-1.21.5-1.mga8.x86_64.rpm golang-bin-1.21.5-1.mga8.x86_64.rpm golang-shared-1.21.5-1.mga8.x86_64.rpm The seven packages updated cleanly. $ mgarepo co docker $ sudo urpmi --buildrequires SPECS/docker.spec <49 RPMs pulled in> $ bm -ls <Set up the sources> $ bm -l <packages built> $ ls BUILD/ BUILDROOT/ RPMS/ SOURCES/ SPECS/ SRPMS/ $ cd RPMS/x86_64 $ ls docker-24.0.5-5.mga8.x86_64.rpm docker-devel-24.0.5-5.mga8.x86_64.rpm docker-fish-completion-24.0.5-5.mga8.x86_64.rpm docker-logrotate-24.0.5-5.mga8.x86_64.rpm docker-nano-24.0.5-5.mga8.x86_64.rpm docker-zsh-completion-24.0.5-5.mga8.x86_64.rpm <compare> $ rpm -q docker docker-20.10.22-1.mga8 Passing this on.
Whiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0349.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED