01/30: gnu: go-1.24: Update to 1.24.13.

Fri, 06 Mar 2026 07:31:24 -0800 

guix_mirror_bot pushed a commit to branch go-team
in repository guix.

commit 40cf2bdc3188696988a9a7c33a27497416994098
Author: Sharlatan Hellseher <[email protected]>
AuthorDate: Sun Mar 1 15:01:46 2026 +0000

    gnu: go-1.24: Update to 1.24.13.
    
    go1.24.12 (released 2026-01-15) includes security fixes to the go
    command, and the archive/zip, crypto/tls, and net/url packages, as well
    as bug fixes to the compiler, the runtime, and the crypto/tls and os
    packages.
    See: <https://github.com/golang/go/milestone/419>
    
    go1.24.13 (released 2026-02-04) includes security fixes to the go
    command and the crypto/tls package, as well as bug fixes to the
    crypto/x509 package.
    See: <https://github.com/golang/go/milestone/421>
    
    Containes fixes for:
    CVE-2025-68121: Unexpected session resumption in crypto/tls
    CVE-2025-68119: Unexpected code execution when invoking toolchain in
                    cmd/go
    CVE-2025-61732: Potential code smuggling via doc comments in cmd/cgo
    CVE-2025-61731: Arbitrary file write using cgo pkg-config directive in
                    cmd/go
    CVE-2025-61730: Handshake messages may be processed at the incorrect
                    encryption level in crypto/tls
    CVE-2025-61728: Excessive CPU consumption when building archive index in
                    archive/zip
    CVE-2025-61726: Memory exhaustion in query parameter parsing in net/url
    
    * gnu/packages/golang.scm (go-1.24): Update to 1.24.13.
    
    Change-Id: I80dde282c7026fd7a3cf1161a6e63f0ceca2d51f
---
 gnu/packages/golang.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index 8cccbae4f2..41dc4a0606 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1076,7 +1076,7 @@ in the style of communicating sequential processes 
(@dfn{CSP}).")
   (package
     (inherit go-1.22)
     (name "go")
-    (version "1.24.11")
+    (version "1.24.13")
     (source
      (origin
        (method git-fetch)
@@ -1085,7 +1085,7 @@ in the style of communicating sequential processes 
(@dfn{CSP}).")
              (commit (string-append "go" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "1x41gipd0si307kazivsbmqx6kc96w76fsiglxlay7x8k1ig7rh4"))))
+        (base32 "1w4yip0cbfs845655j2kflsww4dkzm3cqhlg8jqxkl2gxia98sf6"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.22)
        ((#:phases phases)

Reply via email to