pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang Update go116 to 1.16.1, fixing two security issues:
details: https://anonhg.NetBSD.org/pkgsrc/rev/1e2a893549f7
branches: trunk
changeset: 448601:1e2a893549f7
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Wed Mar 10 19:55:17 2021 +0000
description:
Update go116 to 1.16.1, fixing two security issues:
- encoding/xml: infinite loop when using xml.NewTokenDecoder with a
custom TokenReader
The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by
xml.NewTokenDecoder may enter an infinite loop when operating on a custom
xml.TokenReader which returns an EOF in the middle of an open XML element.
Thanks to Sam Whited for reporting this issue.
This issue is CVE-2021-27918 and Go issue golang.org/issue/44913.
- archive/zip: panic when calling Reader.Open
The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive
containing files that start with "../".
This issue is CVE-2021-27919 and Go issue golang.org/issue/44916.
diffstat:
lang/go/version.mk | 4 ++--
lang/go116/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (36 lines):
diff -r dc8ac817f0b5 -r 1e2a893549f7 lang/go/version.mk
--- a/lang/go/version.mk Wed Mar 10 19:11:14 2021 +0000
+++ b/lang/go/version.mk Wed Mar 10 19:55:17 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.111 2021/02/17 08:07:03 bsiegert Exp $
+# $NetBSD: version.mk,v 1.112 2021/03/10 19:55:17 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
#
.include "go-vars.mk"
-GO116_VERSION= 1.16
+GO116_VERSION= 1.16.1
GO115_VERSION= 1.15.7
GO114_VERSION= 1.14.14
GO113_VERSION= 1.13.15
diff -r dc8ac817f0b5 -r 1e2a893549f7 lang/go116/distinfo
--- a/lang/go116/distinfo Wed Mar 10 19:11:14 2021 +0000
+++ b/lang/go116/distinfo Wed Mar 10 19:55:17 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.3 2021/02/17 08:07:03 bsiegert Exp $
+$NetBSD: distinfo,v 1.4 2021/03/10 19:55:17 bsiegert Exp $
-SHA1 (go1.16.src.tar.gz) = 1d2b65415c9061eeb800c888a936511d6af0d6d5
-RMD160 (go1.16.src.tar.gz) = 1009890b7d4bbf6d8888a6f7adae8b0e42edb7ae
-SHA512 (go1.16.src.tar.gz) = 9c43e0ebb2d35c694b652cae8d4040ce3f3c8c014abd9496c92c78cc015ecea5b5331e7c2acf098d0c24dec222454ea09d834df4b6bc90d46e9feeac0ac578bf
-Size (go1.16.src.tar.gz) = 20895394 bytes
+SHA1 (go1.16.1.src.tar.gz) = ab7746ed5ec54110f5fbf4f8615a640530990111
+RMD160 (go1.16.1.src.tar.gz) = cab008285e02e97ab3523239684f9ad0b102da6b
+SHA512 (go1.16.1.src.tar.gz) = c7674be1a4a03c031d13a52e03a5e134bd2f499fe1bde3083885e363528252fce43b119974b804c8c46ec59e85337bb94e96b7a7183bdb78301898e222b3bba1
+Size (go1.16.1.src.tar.gz) = 20897580 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e
Home |
Main Index |
Thread Index |
Old Index