From ac0efb2c97fbe7175bb31e9800e7d6ad0af80d97 Mon Sep 17 00:00:00 2001 From: Sharlatan Hellseher Date: Thu, 12 Mar 2026 10:59:29 +0000 Subject: gnu: go-1.26: Update to 1.26.1 [security-fixes]. go1.26.1 (released 2026-03-05) includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages. See: , Containes fixes for: CVE-2026-27137: Incorrect enforcement of email constraints in crypto/x509. CVE-2026-27138: Panic in name constraint checking for malformed certificates in crypto/x509. CVE-2026-27142: URLs in meta content attribute actions are not escaped in html/template. CVE-2026-25679: Incorrect parsing of IPv6 host literals in net/url. CVE-2026-27139: FileInfo can escape from a Root in os. * gnu/packages/golang.scm (go-1.26): Update to 1.26.1. Change-Id: I1c014a334407d9ca927d9e403c8c7e92cad8fe1d --- gnu/packages/golang.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 8cccbae4f2b..06ba31d26a1 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -1170,7 +1170,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (package (inherit go-1.24) (name "go") - (version "1.26.0") + (version "1.26.1") (source (origin (method git-fetch) @@ -1179,7 +1179,7 @@ in the style of communicating sequential processes (@dfn{CSP}).") (commit (string-append "go" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "1n37n62bg2kb39s4a5273lpmqk1n5f5yi6jgfm8m7489j11ay8rl")))) + (base32 "1blfc89jxlr7n35j77i523k8rsxvz16f44qzd0h65c940zrrmf77")))) (arguments (substitute-keyword-arguments (package-arguments go-1.24) ((#:phases phases) -- cgit v1.3