Bug 2149668
Summary: | Please update EPEL7 golang to 1.18 / 1.19 | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | David Trudgian <dtrudg> |
Component: | golang | Assignee: | Dave Dykstra <dwd> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel7 | CC: | amurdaca, asm, denis, deparker, dwd, eduardo.ramalho, go-sig, jcajka, lemenkov, maxwell |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | golang-1.18.4-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-12-09 01:31:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Trudgian
2022-11-30 14:46:55 UTC
Hi DT, I own the golang for EPEL7, because it was getting much further behind than it is now. My policy is to exactly follow Red Hat's releases in EL8. In fact I base it almost completely on the centos8-stream rpm .spec files. So if you want EPEL7 updated, convince Red Hat to update EL8. Usually they only update it at major 8.X releases or if their is a CVE of significant enough severity. In any case I don't see any point in having EPEL7 ahead of EL8. Having said that, thanks for the ticket, because it looks like EL8 did get updated to 1.18.4, so I will update EPEL7 to that level. I don't know how I missed that, although there is a ton of golang email that flies by and most of it isn't relevant. I do try to look for the tickets that say they apply to EL8 though. It has only been at most 22 days so I didn't miss it by much: https://git.centos.org/rpms/golang/history/SPECS/golang.spec?identifier=c8-stream-rhel8 Ah, that corresponds to the release of RHEL 8.7. Very good. Dave Hi Dave, > My policy is to exactly follow Red Hat's releases in EL8. I think that's pretty fair... and yup, it's probably fair that anything about CVEs that aren't specific to EPEL7 is something I should raise on the other packages... arguing for everything being more up-to-date on those and rolling down, rather than have a situation where EPEL7 is ahead of everything else. > Having said that, thanks for the ticket, because it looks like EL8 did get updated to 1.18.4, so I will update EPEL7 to that level. That'd be great at this point. Cheers, DT Note that 1.18.4 has equivalent CVE fixes as 1.17.12 so upgrading to the level of EL8 does not solve any new CVEs (for a change). That's probably why I didn't see any announcements about RHEL8 upgrading golang. All the outstanding CVEs are medium or lower so I assume that's why Red Hat did not build a newer version. FEDORA-EPEL-2022-96dbad9cd3 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-96dbad9cd3 FEDORA-EPEL-2022-96dbad9cd3 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-96dbad9cd3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2022-96dbad9cd3 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |