CVS commit: pkgsrc/lang/go

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/go
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Fri, 26 Sep 2014 13:54:28 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Sep 26 13:54:28 UTC 2014

Modified Files:
        pkgsrc/lang/go: Makefile PLIST distinfo

Log Message:
Update to 1.3.2 for a security fix:

We've just released Go version 1.3.2, a minor point release.

This release includes bug fixes to cgo and the crypto/tls package.
    https://golang.org/doc/devel/release.html#go1.3.minor

The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/misc/libreoffice
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/misc/libreoffice
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index