pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang go119: update to 1.19.1 (security)
details: https://anonhg.NetBSD.org/pkgsrc/rev/96d4d324b437
branches: trunk
changeset: 384876:96d4d324b437
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Sep 06 19:11:13 2022 +0000
description:
go119: update to 1.19.1 (security)
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
diffstat:
lang/go/version.mk | 4 ++--
lang/go119/PLIST | 12 +++++++++++-
lang/go119/distinfo | 8 ++++----
3 files changed, 17 insertions(+), 7 deletions(-)
diffs (82 lines):
diff -r 704ce345fe18 -r 96d4d324b437 lang/go/version.mk
--- a/lang/go/version.mk Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go/version.mk Tue Sep 06 19:11:13 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.156 2022/08/21 11:42:19 bsiegert Exp $
+# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
#
.include "go-vars.mk"
-GO119_VERSION= 1.19
+GO119_VERSION= 1.19.1
GO118_VERSION= 1.18.5
GO117_VERSION= 1.17.13
GO116_VERSION= 1.16.15
diff -r 704ce345fe18 -r 96d4d324b437 lang/go119/PLIST
--- a/lang/go119/PLIST Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go119/PLIST Tue Sep 06 19:11:13 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go119/CONTRIBUTING.md
@@ -2634,6 +2634,7 @@
go119/src/cmd/go/testdata/script/import_cycle.txt
go119/src/cmd/go/testdata/script/import_ignore.txt
go119/src/cmd/go/testdata/script/import_main.txt
+go119/src/cmd/go/testdata/script/import_unix_tag.txt
go119/src/cmd/go/testdata/script/index.txt
go119/src/cmd/go/testdata/script/install_cgo_excluded.txt
go119/src/cmd/go/testdata/script/install_cleans_build.txt
@@ -3102,6 +3103,7 @@
go119/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
go119/src/cmd/go/testdata/script/test_race_install.txt
go119/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go119/src/cmd/go/testdata/script/test_race_tag.txt
go119/src/cmd/go/testdata/script/test_rebuildall.txt
go119/src/cmd/go/testdata/script/test_regexps.txt
go119/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -11214,7 +11216,12 @@
go119/test/fixedbugs/issue53635.go
go119/test/fixedbugs/issue53653.go
go119/test/fixedbugs/issue53653.out
+go119/test/fixedbugs/issue53702.go
go119/test/fixedbugs/issue5373.go
+go119/test/fixedbugs/issue53982.go
+go119/test/fixedbugs/issue54220.go
+go119/test/fixedbugs/issue54467.go
+go119/test/fixedbugs/issue54638.go
go119/test/fixedbugs/issue5470.dir/a.go
go119/test/fixedbugs/issue5470.dir/b.go
go119/test/fixedbugs/issue5470.go
@@ -12073,6 +12080,9 @@
go119/test/typeparam/issue53477.go
go119/test/typeparam/issue53762.go
go119/test/typeparam/issue54135.go
+go119/test/typeparam/issue54302.dir/a.go
+go119/test/typeparam/issue54302.dir/main.go
+go119/test/typeparam/issue54302.go
go119/test/typeparam/list.go
go119/test/typeparam/list2.go
go119/test/typeparam/listimp.dir/a.go
diff -r 704ce345fe18 -r 96d4d324b437 lang/go119/distinfo
--- a/lang/go119/distinfo Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go119/distinfo Tue Sep 06 19:11:13 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+$NetBSD: distinfo,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
-BLAKE2s (go1.19.src.tar.gz) = 2c1b998568e6c3e1eb3ab304635d922d6f5ae769e4ec32091905402a9505d3ea
-SHA512 (go1.19.src.tar.gz) = c4460d54957a0bcf3407ea72cd1c6b3c645ef4ef6cc0fa142a80cb43c06ca4af31d52b0ccd723c81d17a62004bc96559cad23da874a4b668b4d8b168f1da2186
-Size (go1.19.src.tar.gz) = 26521849 bytes
+BLAKE2s (go1.19.1.src.tar.gz) = 58558ab93053577809b2b826edf4e8217a312efcaedbfbff5317beddcd8d4bee
+SHA512 (go1.19.1.src.tar.gz) = 7e8cf557f05d5a537f9305bb9c19cf8ab9ce640376e5ea97ff0d490b016364936e8dfc129462760c4e817af01fdf09e3f815b88412f9985bb254dfa3167752c0
+Size (go1.19.1.src.tar.gz) = 26527375 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index