[golang] update to go1.4
by Vincent Batts
commit 82982da13261bba431371e2a2be43e28b1116e82
Author: Vincent Batts <vbatts(a)hashbangbash.com>
Date: Thu Dec 11 10:27:04 2014 -0500
update to go1.4
.gitignore | 1 +
golang.spec | 10 ++++++----
sources | 1 +
3 files changed, 8 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index fd6ffe6..414d1ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@
/go1.4rc1.src.tar.gz
/golang-19087:a15f344a9efa-xattrs.tar
/go1.4rc2.src.tar.gz
+/go1.4.src.tar.gz
diff --git a/golang.spec b/golang.spec
index 0b2c03c..95fdb6d 100644
--- a/golang.spec
+++ b/golang.spec
@@ -37,16 +37,15 @@
%endif
%global go_api 1.4
-%global go_version 1.4rc2
Name: golang
-Version: 1.3.99
-Release: 3.%{go_version}%{?dist}
+Version: 1.4
+Release: 1%{?dist}
Summary: The Go Programming Language
License: BSD
URL: http://golang.org/
-Source0: https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz
+Source0: https://storage.googleapis.com/golang/go%{version}.src.tar.gz
# this command moved places
%if 0%{?fedora} >= 21
@@ -735,6 +734,9 @@ fi
%changelog
+* Thu Dec 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.4-1
+- update to go1.4 release
+
* Wed Dec 03 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.99-3.1.4rc2
- update to go1.4rc2
diff --git a/sources b/sources
index d874f4e..2579fe1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,3 @@
d76dc07e475b2905b5fec1cf319b6356 golang-19087:a15f344a9efa-xattrs.tar
1e40cd4c47a7eeaab7d99eeaea20d8fc go1.4rc2.src.tar.gz
+c0d732ef7181f98db4b93fbce4eef5a2 go1.4.src.tar.gz
9 years, 5 months
[Bug 1167505] New: CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1167505
Bug ID: 1167505
Summary: CVE-2014-6407 docker: symbolic and hardlink issues
leading to privilege escalation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mmcallis(a)redhat.com
CC: admiller(a)redhat.com, dwalsh(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)fedoraproject.org, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
The following flaw has been fixed in Docker 1.3.2:
""
The Docker engine, up to and including version 1.3.1, was vulnerable to
extracting files to arbitrary paths on the host during ‘docker pull’ and
‘docker load’ operations. This was caused by symlink and hardlink
traversals present in Docker's image extraction. This vulnerability could
be leveraged to perform remote code execution and privilege escalation.
Docker 1.3.2 remedies this vulnerability. Additional checks have been added
to pkg/archive and image extraction is now performed in a chroot. No
remediation is available for older versions of Docker and users are advised
to upgrade.
""
Acknowledgements:
Red Hat would like to thank the Docker project for reporting these issues.
Upstream acknowledges Florian Weimer of Red Hat Product Security and
independent researcher Tõnis Tiigi as the original reporters.
Reference:
http://seclists.org/oss-sec/2014/q4/781
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[Bug 1167506] New: CVE-2014-6408 docker: potential container escalation
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1167506
Bug ID: 1167506
Summary: CVE-2014-6408 docker: potential container escalation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mmcallis(a)redhat.com
CC: admiller(a)redhat.com, dwalsh(a)redhat.com,
golang(a)lists.fedoraproject.org, hushan.jia(a)gmail.com,
jchaloup(a)redhat.com, jperrin(a)centos.org,
lsm5(a)fedoraproject.org, mattdm(a)redhat.com,
mgoldman(a)redhat.com, miminar(a)redhat.com, s(a)shk.io,
thrcka(a)redhat.com, vbatts(a)redhat.com
The following flaw has been fixed in Docker 1.3.2:
""
Docker versions 1.3.0 through 1.3.1 allowed security options to be applied
to images, allowing images to modify the default run profile of containers
executing these images. This vulnerability could allow a malicious image
creator to loosen the restrictions applied to a container’s processes,
potentially facilitating a break-out.
Docker 1.3.2 remedies this vulnerability. Security options applied to
images are no longer consumed by the Docker engine and will be ignored.
Users are advised to upgrade.
""
Acknowledgements:
Red Hat would like to thank the Docker project for reporting this issue.
Reference:
http://seclists.org/oss-sec/2014/q4/781
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[Bug 1167508] New: CVE-2014-6407 docker-io: docker: symbolic and hardlink issues leading to privilege escalation [epel-6]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1167508
Bug ID: 1167508
Summary: CVE-2014-6407 docker-io: docker: symbolic and hardlink
issues leading to privilege escalation [epel-6]
Product: Fedora EPEL
Version: el6
Component: docker-io
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: lsm5(a)fedoraproject.org
Reporter: mmcallis(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
hushan.jia(a)gmail.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)fedoraproject.org,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Blocks: 1167505 (CVE-2014-6407)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for docker-io: see blocks bug list for full details of the
security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1167505
[Bug 1167505] CVE-2014-6407 docker: symbolic and hardlink issues leading to
privilege escalation
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[Bug 1167642] New: docker-io-1.3.2 is available
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1167642
Bug ID: 1167642
Summary: docker-io-1.3.2 is available
Product: Fedora
Version: rawhide
Component: docker-io
Keywords: FutureFeature, Triaged
Assignee: lsm5(a)fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org,
hushan.jia(a)gmail.com, jchaloup(a)redhat.com,
jperrin(a)centos.org, lsm5(a)fedoraproject.org,
mattdm(a)redhat.com, mgoldman(a)redhat.com,
miminar(a)redhat.com, s(a)shk.io, thrcka(a)redhat.com,
vbatts(a)redhat.com
Latest upstream release: 1.3.2
Current version/release in Fedora Rawhide: 1.3.1-2.fc22
URL: https://github.com/docker/docker/releases
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[Bug 1056285] Review Request: golang-googlecode-text - Supplementary Go text libraries
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1056285
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|golang-googlecode-text-0-0. |golang-googlecode-text-0-0.
|2.hg024681b033be.fc21 |2.hg024681b033be.el6
--- Comment #24 from Fedora Update System <updates(a)fedoraproject.org> ---
golang-googlecode-text-0-0.2.hg024681b033be.el6 has been pushed to the Fedora
EPEL 6 stable repository. If problems still persist, please make note of it in
this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
9 years, 5 months
[golang-github-davecgh-go-spew/el6] First package for Fedora - resolves: #1172198
by Jan Chaloupka
commit d68e02c0a2be7bdce3612e244662daaf0dcfd6d3
Author: Jan Chaloupka <jchaloup(a)redhat.com>
Date: Wed Dec 10 17:26:03 2014 +0100
First package for Fedora
- resolves: #1172198
.gitignore | 1 +
golang-github-davecgh-go-spew.spec | 60 ++++++++++++++++++++++++++++++++++++
sources | 1 +
3 files changed, 62 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..120e0db 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/go-spew-83f84dc.tar.gz
diff --git a/golang-github-davecgh-go-spew.spec b/golang-github-davecgh-go-spew.spec
new file mode 100644
index 0000000..df3afe6
--- /dev/null
+++ b/golang-github-davecgh-go-spew.spec
@@ -0,0 +1,60 @@
+%global debug_package %{nil}
+%global provider github
+%global provider_tld com
+%global project davecgh
+%global repo go-spew
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
+%global commit 83f84dc933714d51504ceed59f43ead21d096fe7
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+
+Name: golang-%{provider}-%{project}-%{repo}
+Version: 0
+Release: 0.1.git%{shortcommit}%{?dist}
+Summary: Implements a deep pretty printer for Go data structures to aid in debugging
+License: ISC
+URL: https://%{import_path}
+Source0: https://%{import_path}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+BuildArch: noarch
+%else
+ExclusiveArch: %{ix86} x86_64 %{arm}
+%endif
+
+%description
+%{summary}
+
+%package devel
+BuildRequires: golang >= 1.2.1-3
+Requires: golang >= 1.2.1-3
+Summary: %{summary}
+Provides: golang(%{import_path}/spew) = %{version}-%{release}
+Provides: golang(%{import_path}/spew/testdata) = %{version}-%{release}
+
+%description devel
+%{summary}
+
+This package contains library source intended for
+building other packages which use %{project}/%{repo}.
+
+%prep
+%setup -q -n %{repo}-%{commit}
+
+%build
+
+%install
+install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
+cp -rpav spew %{buildroot}/%{gopath}/src/%{import_path}/
+
+%check
+# NOTE in spew/testdata/dumpcgo.go
+#GOPATH={buildroot}/{gopath}:{gopath} go test {import_path}/spew
+
+%files devel
+%doc README.md LICENSE
+%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
+%{gopath}/src/%{import_path}
+
+%changelog
+* Tue Dec 09 2014 jchaloup <jchaloup(a)redhat.com> - 0-0.1.git83f84dc
+- First package for Fedora
+ resolves: #1172198
diff --git a/sources b/sources
index e69de29..83a03cb 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+ad071ab5966081e7e9f4cded54c7fff0 go-spew-83f84dc.tar.gz
9 years, 5 months
[golang-github-ghodss-yaml/el6] First package for Fedora - resolves: #1172603
by Jan Chaloupka
commit 364d9a60c204222592c6b479b225b08f83a19477
Author: Jan Chaloupka <jchaloup(a)redhat.com>
Date: Wed Dec 10 17:21:10 2014 +0100
First package for Fedora
- resolves: #1172603
.gitignore | 1 +
golang-github-ghodss-yaml.spec | 60 ++++++++++++++++++++++++++++++++++++++++
sources | 1 +
3 files changed, 62 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..f8d938a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/yaml-92ff9d3.tar.gz
diff --git a/golang-github-ghodss-yaml.spec b/golang-github-ghodss-yaml.spec
new file mode 100644
index 0000000..72e833b
--- /dev/null
+++ b/golang-github-ghodss-yaml.spec
@@ -0,0 +1,60 @@
+%global debug_package %{nil}
+%global provider github
+%global provider_tld com
+%global project ghodss
+%global repo yaml
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
+%global commit 92ff9d30bd0a5a2d077f3bc00843e409f65cd38e
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+
+Name: golang-%{provider}-%{project}-%{repo}
+Version: 0
+Release: 0.1.git%{shortcommit}%{?dist}
+Summary: A better way to marshal and unmarshal YAML in Golang
+License: MIT
+URL: https://%{import_path}
+Source0: https://%{import_path}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+BuildArch: noarch
+%else
+ExclusiveArch: %{ix86} x86_64 %{arm}
+%endif
+
+%description
+%{summary}
+
+%package devel
+BuildRequires: golang >= 1.2.1-3
+BuildRequires: golang(gopkg.in/v2/yaml)
+Requires: golang >= 1.2.1-3
+Requires: golang(gopkg.in/v2/yaml)
+Summary: %{summary}
+Provides: golang(%{import_path}) = %{version}-%{release}
+
+%description devel
+%{summary}
+
+This package contains library source intended for
+building other packages which use %{project}/%{repo}.
+
+%prep
+%setup -q -n %{repo}-%{commit}
+
+%build
+
+%install
+install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
+cp -pav *.go %{buildroot}/%{gopath}/src/%{import_path}/
+
+%check
+GOPATH=%{buildroot}/%{gopath}:%{gopath} go test %{import_path}
+
+%files devel
+%doc README.md LICENSE
+%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
+%{gopath}/src/%{import_path}
+
+%changelog
+* Tue Dec 09 2014 jchaloup <jchaloup(a)redhat.com> - 0-0.1.git92ff9d3
+- First package for Fedora
+ resolves: #1172603
diff --git a/sources b/sources
index e69de29..575faf8 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+498922473fee402d9a50da6c63a655cd yaml-92ff9d3.tar.gz
9 years, 5 months