CVS commit: [pkgsrc-2015Q3] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2015Q3] pkgsrc/lang
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Tue, 6 Oct 2015 16:37:05 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Tue Oct  6 16:37:05 UTC 2015

Modified Files:
        pkgsrc/lang/go [pkgsrc-2015Q3]: version.mk
        pkgsrc/lang/go14 [pkgsrc-2015Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket #4819 - requested by bsiegert
lang/go14: security update

Revisions pulled up:
- lang/go/version.mk                                            1.9
- lang/go14/Makefile                                            1.5
- lang/go14/PLIST                                               1.2
- lang/go14/distinfo                                            1.3

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tnn
   Date:           Sun Sep 27 00:36:02 UTC 2015

   Modified Files:
           pkgsrc/lang/go14: Makefile

   Log Message:
   more REPLACE_BASH

   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go14/Makefile

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sat Sep 26 17:37:01 UTC 2015

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go14: Makefile PLIST distinfo

   Log Message:
   Update go14 to 1.4.3. It fixes four security-related issues.

   The issues were reported in Go's net/http package. They affect programs usi=
   ng
   that package to proxy HTTP requests. We recommend that all users upgrade to=
    Go
   1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we ha=
   ve
   released version 1.4.3, which is based on Go 1.4.2 plus fixes for these iss=
   ues.
   Affected Go programs=E2=80=94those that use the net/http package as a proxy=
    server=E2=80=94must
   be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.

   The CVE issue descriptions and fixes are linked below.

   CVE-2015-5739
   "Content Length" treated as valid header:
   https://go-review.googlesource.com/#/c/11772/

   CVE-2015-5740
   Double content-length headers does not return 400 error:
   https://go-review.googlesource.com/#/c/11810/

   CVE-2015-5741
   Additional hardening, not sending Content-Length w/Transfer-Encoding,
   Closing connections:
   https://go-review.googlesource.com/#/c/11810/
   https://go-review.googlesource.com/#/c/12865/
   https://go-review.googlesource.com/#/c/13148/

   The Go team would like to thank Jed Denlea and R=C3=A9gis Leroy for their
   contributions to this release. They have been awarded 1337 USD under the Go=
   ogle
   Security Bounty program.

   To generate a diff of this commit:
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go14/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go14/PLIST
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go14/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.3.2.1 pkgsrc/lang/go14/Makefile
cvs rdiff -u -r1.1 -r1.1.2.1 pkgsrc/lang/go14/PLIST
cvs rdiff -u -r1.2 -r1.2.2.1 pkgsrc/lang/go14/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/deforaos-configure
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/deforaos-configure
Indexes:

Home | Main Index | Thread Index | Old Index