pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Feb 12 20:14:01 UTC 2022
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go117: PLIST distinfo
Log Message:
Update go117 to 1.17.7 (security update).
crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates
Some big.Int values that are not valid field elements (negative or overflowing)
might cause Curve.IsOnCurve to incorrectly return true. Operating on those values
may cause a panic or an invalid curve operation. Note that Unmarshal will never
return such values.
Thanks to Guido Vranken for reporting this.
This is CVE-2022-23806 and https://go.dev/issue/50974.
math/big: prevent large memory consumption in Rat.SetString
An attacker can cause unbounded memory growth in a program using (*Rat).SetString
due to an unhandled overflow.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel Odeke
(@odeke_et) for reporting it.
This is CVE-2022-23772 and Go issue https://go.dev/issue/50699.
cmd/go: prevent branches from materializing into versions
A branch whose name resembles a version tag (such as "v1.0.0" or "subdir/v2.0.0-dev")
can be considered a valid version by the go command. Materializing versions from
branches might be unexpected and bypass ACLs that limit the creation of tags but not
branches.
This is CVE-2022-23773 and Go issue https://go.dev/issue/35671.
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/go117/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go117/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.140 pkgsrc/lang/go/version.mk:1.141
--- pkgsrc/lang/go/version.mk:1.140 Sat Feb 12 19:52:40 2022
+++ pkgsrc/lang/go/version.mk Sat Feb 12 20:14:01 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.140 2022/02/12 19:52:40 bsiegert Exp $
+# $NetBSD: version.mk,v 1.141 2022/02/12 20:14:01 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
#
.include "go-vars.mk"
-GO117_VERSION= 1.17.6
+GO117_VERSION= 1.17.7
GO116_VERSION= 1.16.14
GO110_VERSION= 1.10.8
GO19_VERSION= 1.9.7
Index: pkgsrc/lang/go117/PLIST
diff -u pkgsrc/lang/go117/PLIST:1.5 pkgsrc/lang/go117/PLIST:1.6
--- pkgsrc/lang/go117/PLIST:1.5 Sun Jan 9 19:54:47 2022
+++ pkgsrc/lang/go117/PLIST Sat Feb 12 20:14:01 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2022/01/09 19:54:47 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.6 2022/02/12 20:14:01 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go117/AUTHORS
@@ -259,6 +259,7 @@ go117/misc/cgo/testplugin/overlaydir_tes
go117/misc/cgo/testplugin/plugin_test.go
go117/misc/cgo/testplugin/testdata/checkdwarf/main.go
go117/misc/cgo/testplugin/testdata/common/common.go
+go117/misc/cgo/testplugin/testdata/forkexec/main.go
go117/misc/cgo/testplugin/testdata/host/host.go
go117/misc/cgo/testplugin/testdata/iface/main.go
go117/misc/cgo/testplugin/testdata/iface_a/a.go
@@ -10036,6 +10037,8 @@ go117/test/fixedbugs/issue4964.dir/b.go
go117/test/fixedbugs/issue4964.go
go117/test/fixedbugs/issue5002.go
go117/test/fixedbugs/issue5056.go
+go117/test/fixedbugs/issue50671.go
+go117/test/fixedbugs/issue50854.go
go117/test/fixedbugs/issue5089.go
go117/test/fixedbugs/issue5105.dir/a.go
go117/test/fixedbugs/issue5105.dir/b.go
Index: pkgsrc/lang/go117/distinfo
diff -u pkgsrc/lang/go117/distinfo:1.12 pkgsrc/lang/go117/distinfo:1.13
--- pkgsrc/lang/go117/distinfo:1.12 Sun Jan 9 19:54:47 2022
+++ pkgsrc/lang/go117/distinfo Sat Feb 12 20:14:01 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2022/01/09 19:54:47 bsiegert Exp $
+$NetBSD: distinfo,v 1.13 2022/02/12 20:14:01 bsiegert Exp $
-BLAKE2s (go1.17.6.src.tar.gz) = b605f798c26945919d47a661a264524426b5a592401dbb07bcd5fc6442273ffc
-SHA512 (go1.17.6.src.tar.gz) = 59e5471d33e72208a3ca1ddf6c13aeb2b95a3291c0491571597197a260fb8cb74241c7bb09b44129c1e39f857ce4279f416c139b3ab2d7aded10002beb222ee2
-Size (go1.17.6.src.tar.gz) = 22191372 bytes
+BLAKE2s (go1.17.7.src.tar.gz) = 8f04f9f8153f9a0dbd75898a49a9d1298b84a73d486460706a75ba81f9970dac
+SHA512 (go1.17.7.src.tar.gz) = ee20a97d19e501ee2c11930548bcacfa8b1e8499bbae15659231548f4b03c13bc92bb20c4ce879f0956c02268e748c73ba56d8b140ce8f134501c33cc8b58d3c
+Size (go1.17.7.src.tar.gz) = 22195583 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e
Home |
Main Index |
Thread Index |
Old Index