June 2016 - golang - Fedora Mailing-Lists

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the rawhide tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

[Bug 1250352] New: golang: HTTP request smuggling in net/http library

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1250352 Bug ID: 1250352 Summary: golang: HTTP request smuggling in net/http library Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: admiller(a)redhat.com, golang(a)lists.fedoraproject.org, lemenkov(a)gmail.com, renich(a)woralelandia.com, s(a)shk.io, thrcka(a)redhat.com, vbatts(a)redhat.com There have been found potentially exploitable flaws in Golang net/http library affecting versions 1.4.2 and 1.5. Problems: * Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored. * Invalid headers are parsed as valid headers (like "Content Length:" with a space in the middle) Exploitations: In a situation where the net/http agent HTTP communication with the final http clients is using some reverse proxy (reverse proxy cache, SSL terminators, etc), some requests can be made exploiting the net/http HTTP protocol violations. Attacker could possibly: * bypass security controls on theses previous elements * perform some cache poisoning on these elements * alter the request/response map on these previous elements (for DOS) CVE request: http://seclists.org/oss-sec/2015/q3/237 Upstream patches: https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 10 months

1
28
0 / 0

[Bug 1342329] New: [PATCH] Fix compiler bootstrap

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1342329 Bug ID: 1342329 Summary: [PATCH] Fix compiler bootstrap Product: Fedora Version: rawhide Component: golang Assignee: vbatts(a)redhat.com Reporter: walters(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: admiller(a)redhat.com, amurdaca(a)redhat.com, golang(a)lists.fedoraproject.org, jcajka(a)redhat.com, lemenkov(a)gmail.com, renich(a)woralelandia.com, s(a)shk.io, vbatts(a)redhat.com I'm trying to use rpmdistro-gitoverlay to build the fedora golang dist-git in CentOS Atomic Host Continuous (https://ci.centos.org/job/atomic-rdgo-centos7/) I hit a bug in the patch for the bootstrap path - this is really a patch for a patch, but leaving polish for later. From 75b16e09cec3d2376ed9847ae2adfc0fea3be80c Mon Sep 17 00:00:00 2001 From: Colin Walters <walters(a)verbum.org> Date: Thu, 2 Jun 2016 14:50:57 -0400 Subject: [PATCH] Fix compiler bootstrap --- 0001-Fix-compiler-bootstrap.patch | 46 +++++++++++++++++++++++++++++++++++++++ golang.spec | 3 +++ 2 files changed, 49 insertions(+) create mode 100644 0001-Fix-compiler-bootstrap.patch diff --git a/0001-Fix-compiler-bootstrap.patch b/0001-Fix-compiler-bootstrap.patch new file mode 100644 index 0000000..7edd6fc --- /dev/null +++ b/0001-Fix-compiler-bootstrap.patch @@ -0,0 +1,46 @@ +From 46e66eca16d0fba59c430ce83f1ed3c8ee639e77 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters(a)verbum.org> +Date: Thu, 2 Jun 2016 14:46:27 -0400 +Subject: [PATCH] Fix compiler bootstrap + +--- + src/make.bash | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/make.bash b/src/make.bash +index de8995f..f127b2a 100755 +--- a/src/make.bash ++++ b/src/make.bash +@@ -112,13 +112,13 @@ echo '##### Building Go bootstrap tool.' + echo cmd/dist + export GOROOT="$(cd .. && pwd)" + GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4} +-if [ -x "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" ]; then +- rm -f cmd/dist/dist +- GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" build -o cmd/dist/dist ./cmd/dist +-elif [ -x "$GOROOT_BOOTSTRAP/bin/go" ]; then +- rm -f cmd/dist/dist +- GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist +-else ++for gopath in "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" "$GOROOT_BOOTSTRAP/bin/go"; do ++ if test -x ${gopath}; then ++ BOOTSTRAP_COMPILER=${gopath} ++ break ++ fi ++done ++if test -z "${BOOTSTRAP_COMPILER:-}"; then + echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2 + echo "ERROR: or $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2 + echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2 +@@ -130,7 +130,7 @@ if [ "$GOROOT_BOOTSTRAP" == "$GOROOT" ]; then + exit 1 + fi + rm -f cmd/dist/dist +-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist ++GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "${BOOTSTRAP_COMPILER}" build -o cmd/dist/dist ./cmd/dist + + # -e doesn't propagate out of eval, so check success by hand. + eval $(./cmd/dist/dist env -p || echo FAIL=true) +-- +1.8.3.1 + diff --git a/golang.spec b/golang.spec index c9ac2ff..f2b8f9f 100644 --- a/golang.spec +++ b/golang.spec @@ -128,6 +128,8 @@ Patch213: go1.5beta1-disable-TestGdbPython.patch # later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests. Patch215: ./go1.5-zoneinfo_testing_only.patch +Patch300: 0001-Fix-compiler-bootstrap.patch + # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -249,6 +251,7 @@ Summary: Golang shared object libraries %patch213 -p1 %patch215 -p1 +%patch300 -p1 %build # print out system information -- 1.8.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 10 months

1
5
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the F-24 tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the rawhide tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the F-24 tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the rawhide tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the F-24 tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

Broken dependencies: golang-github-samalba-dockerclient

by Fedora Koji Build System

golang-github-samalba-dockerclient has broken dependencies in the rawhide tree: On x86_64: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On i386: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) On armhfp: golang-github-samalba-dockerclient-devel-0-0.3.gitc37a52f.fc24.noarch requires golang(github.com/docker/docker/pkg/timeutils) Please resolve this as soon as possible.

7 years, 10 months

1
0
0 / 0

[Bug 1342707] New: runc-v1.0.0-rc1 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1342707 Bug ID: 1342707 Summary: runc-v1.0.0-rc1 is available Product: Fedora Version: rawhide Component: runc Keywords: FutureFeature, Triaged Assignee: jchaloup(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: amurdaca(a)redhat.com, golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com, lsm5(a)redhat.com Latest upstream release: v1.0.0-rc1 Current version/release in rawhide: 0.1.1-3.git57b9972.fc25 URL: https://github.com/opencontainers/runc Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/7462/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 10 months

1
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

golang June 2016