Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: d78695d1952a
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 41164d94ab4a
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Apr 4, 2018

  1. go_1_10: 1.10 -> 1.10.1 

    This updates go to the latest version of the golang 1.10 branch.
A few minor (but important) things are fixed in this version:

* CVE-2018-7187 - arbitrary code execution in `go get` (when used with
  --insecure) [1]
* Extended Key Usage verification in client certificate scenarios [3]
* a bunch of stability changes

The full list of changes can se been on GitHub [2] & [4].

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187
[2] https://github.com/golang/go/issues?q=milestone%3AGo1.10.1
[3] golang/go#23884
[4] golang/go#24563

(cherry picked from commit 568d30b)
    @andir @Mic92
    andir authored and Mic92 committed Apr 4, 2018
    Copy the full SHA
    ba49d72 View commit details
    Browse the repository at this point in the history

  2. go_1_9: 1.9.4 -> 1.9.5 

    This is a maintenance bump of the golang 1.9 version.

Within the updates are a few bug fixes including an (extended?)
fix for CVE-2018-7187 [1].

The complete changelog is available at the golang GitHub project [2].

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187
[2] https://github.com/golang/go/issues?q=milestone%3AGo1.9.5

(cherry picked from commit e9f74b9)
    @andir @Mic92
    andir authored and Mic92 committed Apr 4, 2018
    Copy the full SHA
    41164d9 View commit details
    Browse the repository at this point in the history