community/go: upgrade to 1.23.6

54e4df6b · Sören Tempel · Sören Tempel · cee8f92d · cee8f92d · 54e4df6b
Commit 54e4df6b authored 1 month ago by Sören Tempel Committed by Sören Tempel 1 month ago
--- a/community/go/0003-release-branch.go1.23-cmd-go-internal-modfetch-do-no.patch
+++ b/community/go/0003-release-branch.go1.23-cmd-go-internal-modfetch-do-no.patch
-From ab44565bcd9ad975b87ffd78c36c1fae1644d0bf Mon Sep 17 00:00:00 2001
-From: Russ Cox <rsc@golang.org>
-Date: Mon, 13 Jan 2025 23:00:14 -0500
-Subject: [PATCH] [release-branch.go1.23] cmd/go/internal/modfetch: do not
- trust server to send all tags in shallow fetch
-
-Newer git versions (at least git 2.47.1) do not send all the matching tags
-for a shallow fetch of a specific hash anymore. The go command assumes
-that git servers do this. Since that assumption is broken, use the local
-copy of the remote refs list to augment the tags sent by the server.
-This makes the cmd/go/internal/modfetch tests pass again with newer git.
-
-For #71261
-Fixes #71263
-
-Change-Id: I9fd4f3fd7beeb68a522938599f8f3acd887d0b26
-Reviewed-on: https://go-review.googlesource.com/c/go/+/642437
-Reviewed-by: Michael Matloob <matloob@golang.org>
-LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
-Auto-Submit: Russ Cox <rsc@golang.org>
-(cherry picked from commit bd80d8956f3062d2b2bff2d7da6b879dfa909f12)
-Reviewed-on: https://go-review.googlesource.com/c/go/+/642696
-Reviewed-by: Michael Knyszek <mknyszek@google.com>
-Reviewed-by: Russ Cox <rsc@golang.org>
---
- src/cmd/go/internal/modfetch/codehost/git.go | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/src/cmd/go/internal/modfetch/codehost/git.go b/src/cmd/go/internal/modfetch/codehost/git.go
-index bab4c5ebbe..9996be7af7 100644
--- a/src/cmd/go/internal/modfetch/codehost/git.go
-+++ b/src/cmd/go/internal/modfetch/codehost/git.go
-@@ -662,7 +662,21 @@ func (r *gitRepo) statLocal(ctx context.Context, version, rev string) (*RevInfo,
- 			}
- 		}
- 	}
-	sort.Strings(info.Tags)
-+
-+	// Git 2.47.1 does not send the tags during shallow clone anymore
-+	// (perhaps the exact version that changed behavior is an earlier one),
-+	// so we have to also add tags from the refs list we fetched with ls-remote.
-+	if refs, err := r.loadRefs(ctx); err == nil {
-+		for ref, h := range refs {
-+			if h == hash {
-+				if tag, found := strings.CutPrefix(ref, "refs/tags/"); found {
-+					info.Tags = append(info.Tags, tag)
-+				}
-+			}
-+		}
-+	}
-+	slices.Sort(info.Tags)
-+	info.Tags = slices.Compact(info.Tags)
- 
- 	// Used hash as info.Version above.
- 	// Use caller's suggested version if it appears in the tag list
--- a/community/go/APKBUILD
+++ b/community/go/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
 pkgname=go
 # go binaries are statically linked, security updates require rebuilds
-pkgver=1.23.5
+pkgver=1.23.6
 pkgrel=0
 pkgdesc="Go programming language compiler"
 url="https://go.dev/"
@@ -16,7 +16,6 @@ subpackages="$pkgname-doc"
 source="https://go.dev/dl/go$pkgver.src.tar.gz
 	0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
 	0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
-	0003-release-branch.go1.23-cmd-go-internal-modfetch-do-no.patch
 	tests-fchmodat-not-supported.patch
 	"
 case "$CARCH" in
@@ -33,6 +32,8 @@ esac
 #     - CVE-2022-41720
 #     - CVE-2022-41722
 #     - CVE-2024-24787
+#   1.23.6-r0:
+#     - CVE-2025-22866
 #   1.23.5-r0:
 #     - CVE-2024-45336
 #     - CVE-2024-45341
@@ -302,9 +303,8 @@ package() {
 		-exec rm -rf \{\} \+
 }
 sha512sums="
-b04317afeab2d0ced7c36b8682dd32ac085d95d874cf3f614daa34859d7f7f2b75138132e7a64e237c6b4d711d5b03a4d20533f92a44840915630f4ea7cfafa2  go1.23.5.src.tar.gz
+c504476d42cdbcd1b6afe53c0974e82c19eb0efac974bc06d41c1641440676891cfe6416455a0cfc81fe82902a9b82ea0a1d95089c676667d05487e45f5e04e3  go1.23.6.src.tar.gz
 34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41  0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
 8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4  0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
-b2ef901e8b6bdfa98e54d2a1f82d3e198c09c482dfba76e2976c393f7f8081f9388b95015c918d1aae37928fddc13840cdaa8edd28db0df77752de68c0ae5e8d  0003-release-branch.go1.23-cmd-go-internal-modfetch-do-no.patch
 33ecefca77fa0af52a3b2b66a76977af27a88c8dddb89f03e0a5ae6794b9aac53a62d7be33020b49022e9a89d4cdfa383038ee10e160eb94548b2430bf3cfb5e  tests-fchmodat-not-supported.patch
 "