pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/go Update to 1.3.2 for a security fix:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ee633ce887b9
branches:  trunk
changeset: 639828:ee633ce887b9
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Fri Sep 26 13:54:28 2014 +0000

description:
Update to 1.3.2 for a security fix:

We've just released Go version 1.3.2, a minor point release.

This release includes bug fixes to cgo and the crypto/tls package.
    https://golang.org/doc/devel/release.html#go1.3.minor

The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.

diffstat:

 lang/go/Makefile |  4 ++--
 lang/go/PLIST    |  5 ++++-
 lang/go/distinfo |  8 ++++----
 3 files changed, 10 insertions(+), 7 deletions(-)

diffs (57 lines):

diff -r b23e63586786 -r ee633ce887b9 lang/go/Makefile
--- a/lang/go/Makefile  Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/Makefile  Fri Sep 26 13:54:28 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.17 2014/08/17 15:17:42 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2014/09/26 13:54:28 wiz Exp $
 
-VERSION=       1.3.1
+VERSION=       1.3.2
 DISTNAME=      go${VERSION}.src
 PKGNAME=       go-${VERSION}
 CATEGORIES=    lang
diff -r b23e63586786 -r ee633ce887b9 lang/go/PLIST
--- a/lang/go/PLIST     Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/PLIST     Fri Sep 26 13:54:28 2014 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2014/08/17 15:17:42 wiz Exp $
+@comment $NetBSD: PLIST,v 1.12 2014/09/26 13:54:28 wiz Exp $
 bin/go
 bin/gofmt
 go/AUTHORS
@@ -286,6 +286,7 @@
 go/misc/cgo/test/issue7665.go
 go/misc/cgo/test/issue7695_test.go
 go/misc/cgo/test/issue7786.go
+go/misc/cgo/test/issue7978.go
 go/misc/cgo/test/issue8148.go
 go/misc/cgo/test/issue8331.h
 go/misc/cgo/test/issue8331a.go
@@ -1350,11 +1351,13 @@
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicket
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-3DES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-RC4
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-Resume
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
 go/src/pkg/crypto/tls/testdata/Server-TLSv12-SNI
 go/src/pkg/crypto/tls/ticket.go
 go/src/pkg/crypto/tls/tls.go
diff -r b23e63586786 -r ee633ce887b9 lang/go/distinfo
--- a/lang/go/distinfo  Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/distinfo  Fri Sep 26 13:54:28 2014 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2014/08/17 15:17:42 wiz Exp $
+$NetBSD: distinfo,v 1.13 2014/09/26 13:54:28 wiz Exp $
 
-SHA1 (go1.3.1.src.tar.gz) = bc296c9c305bacfbd7bff9e1b54f6f66ae421e6e
-RMD160 (go1.3.1.src.tar.gz) = f5b15f441075f3541ee4bacebf55c88ccdb7ed8c
-Size (go1.3.1.src.tar.gz) = 10047964 bytes
+SHA1 (go1.3.2.src.tar.gz) = 67d3a692588c259f9fe9dca5b80109e5b99271df
+RMD160 (go1.3.2.src.tar.gz) = d81642869b9f044f98f8386ee936a5872763c4cf
+Size (go1.3.2.src.tar.gz) = 10049331 bytes
 SHA1 (patch-src_cmd_go_build.go) = 1ac7a9d77e8061b0f1184ebe59c7600f61da61e2



Home | Main Index | Thread Index | Old Index