go: cmd/go: "go get" fails on import path patterns with wildcards ("...")
The fix for cmd/go: remote command execution during "go get -u" (#29230) as released in Go 1.10.6 and 1.11.3 introduced a regression causing commands like go get example.com/... to fail with invalid import path: malformed import path "example.com/...": double dot when fetching packages not already present in GOPATH.
See https://github.com/golang/go/issues/29236#issuecomment-447144051
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 20
- Comments: 18 (6 by maintainers)
Commits related to this issue
- Fix: go1.11.3 https://github.com/golang/go/issues/29241 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com> — committed to sylr/alertmanager by deleted user 6 years ago
- Fix: go1.11.3 https://github.com/golang/go/issues/29241 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com> — committed to sylr/alertmanager by deleted user 6 years ago
- Fix: go1.11.3 https://github.com/golang/go/issues/29241 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com> — committed to sylr/alertmanager by deleted user 6 years ago
- Fix: go1.11.3 https://github.com/golang/go/issues/29241 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com> — committed to sylr/alertmanager by deleted user 6 years ago
- Fix: go1.11.3 https://github.com/golang/go/issues/29241 Signed-off-by: Sylvain Rabot <s.rabot@lectra.com> — committed to sylr/alertmanager by deleted user 6 years ago
- Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround) Attempt to fix CI is failing due to a regression in Go 1.10.6 / 1.11.3 (see https://github.com/golang/go/issues/29241) ``` package githu... — committed to thaJeztah/containerd by thaJeztah 6 years ago
- Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround) Attempt to fix CI is failing due to a regression in Go 1.10.6 / 1.11.3 (see https://github.com/golang/go/issues/29241) ``` package githu... — committed to thaJeztah/containerd by thaJeztah 6 years ago
- Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround) Attempt to fix CI is failing due to a regression in Go 1.10.6 / 1.11.3 (see https://github.com/golang/go/issues/29241) ``` package githu... — committed to thaJeztah/containerd by thaJeztah 6 years ago
- Use containerd at HEAD until better tagged version is available. Go 1.11.3 has a bug: https://github.com/golang/go/issues/29241 This is fixed/workarounded in containerd: https://github.com/container... — committed to google/gvisor by nlacasse 6 years ago
- Update Go to 1.11.3, 1.10.6 — committed to docker-library/official-images by tianon 6 years ago
- Makefile: fix "go get" for go-bindata in go 1.11.3 Go 1.11.3's CVE fix for 'remote command execution during "go get -u"' broke getting wildcard paths, which Gitea's makefile uses to fetch go-bindata ... — committed to aswild/gitea by aswild 6 years ago
- Use containerd at HEAD until better tagged version is available. Go 1.11.3 has a bug: https://github.com/golang/go/issues/29241 This is fixed/workarounded in containerd: https://github.com/container... — committed to tonistiigi/gvisor by nlacasse 6 years ago
@gopherbot, please backport to 1.11 and 1.10 immediately: this is a major regression.
@johan-lejdung https://github.com/docker-library/golang/issues/255 - the docker tags are currently in progress
The release is already done since 2 days: go1.11.4 and go1.10.7
Note: the docker images are not up-to-date https://hub.docker.com/_/golang?tab=tags
In absence of a response, I have started fixing this.
@FiloSottile I noticed that
go list ./...still works on Go 1.11.3 (and Go 1.10.6). While it’s usable as a workaround for this regression (https://github.com/containerd/containerd/pull/2879), wondering if that’s actually something that was missed in the patch release (or won’tgo listhave the same security issue? I didn’t dive deep into the fix that went into those patch releases 😅)