pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/go Update to 1.3.2 for a security fix:
details: https://anonhg.NetBSD.org/pkgsrc/rev/ee633ce887b9
branches: trunk
changeset: 639828:ee633ce887b9
user: wiz <wiz%pkgsrc.org@localhost>
date: Fri Sep 26 13:54:28 2014 +0000
description:
Update to 1.3.2 for a security fix:
We've just released Go version 1.3.2, a minor point release.
This release includes bug fixes to cgo and the crypto/tls package.
https://golang.org/doc/devel/release.html#go1.3.minor
The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.
diffstat:
lang/go/Makefile | 4 ++--
lang/go/PLIST | 5 ++++-
lang/go/distinfo | 8 ++++----
3 files changed, 10 insertions(+), 7 deletions(-)
diffs (57 lines):
diff -r b23e63586786 -r ee633ce887b9 lang/go/Makefile
--- a/lang/go/Makefile Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/Makefile Fri Sep 26 13:54:28 2014 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.17 2014/08/17 15:17:42 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2014/09/26 13:54:28 wiz Exp $
-VERSION= 1.3.1
+VERSION= 1.3.2
DISTNAME= go${VERSION}.src
PKGNAME= go-${VERSION}
CATEGORIES= lang
diff -r b23e63586786 -r ee633ce887b9 lang/go/PLIST
--- a/lang/go/PLIST Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/PLIST Fri Sep 26 13:54:28 2014 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2014/08/17 15:17:42 wiz Exp $
+@comment $NetBSD: PLIST,v 1.12 2014/09/26 13:54:28 wiz Exp $
bin/go
bin/gofmt
go/AUTHORS
@@ -286,6 +286,7 @@
go/misc/cgo/test/issue7665.go
go/misc/cgo/test/issue7695_test.go
go/misc/cgo/test/issue7786.go
+go/misc/cgo/test/issue7978.go
go/misc/cgo/test/issue8148.go
go/misc/cgo/test/issue8331.h
go/misc/cgo/test/issue8331a.go
@@ -1350,11 +1351,13 @@
go/src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
go/src/pkg/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES
go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicket
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicketPreDisable
go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-3DES
go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES
go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
go/src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-RC4
go/src/pkg/crypto/tls/testdata/Server-TLSv12-Resume
+go/src/pkg/crypto/tls/testdata/Server-TLSv12-ResumeDisabled
go/src/pkg/crypto/tls/testdata/Server-TLSv12-SNI
go/src/pkg/crypto/tls/ticket.go
go/src/pkg/crypto/tls/tls.go
diff -r b23e63586786 -r ee633ce887b9 lang/go/distinfo
--- a/lang/go/distinfo Fri Sep 26 13:39:34 2014 +0000
+++ b/lang/go/distinfo Fri Sep 26 13:54:28 2014 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2014/08/17 15:17:42 wiz Exp $
+$NetBSD: distinfo,v 1.13 2014/09/26 13:54:28 wiz Exp $
-SHA1 (go1.3.1.src.tar.gz) = bc296c9c305bacfbd7bff9e1b54f6f66ae421e6e
-RMD160 (go1.3.1.src.tar.gz) = f5b15f441075f3541ee4bacebf55c88ccdb7ed8c
-Size (go1.3.1.src.tar.gz) = 10047964 bytes
+SHA1 (go1.3.2.src.tar.gz) = 67d3a692588c259f9fe9dca5b80109e5b99271df
+RMD160 (go1.3.2.src.tar.gz) = d81642869b9f044f98f8386ee936a5872763c4cf
+Size (go1.3.2.src.tar.gz) = 10049331 bytes
SHA1 (patch-src_cmd_go_build.go) = 1ac7a9d77e8061b0f1184ebe59c7600f61da61e2
Home |
Main Index |
Thread Index |
Old Index