CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Tue, 7 May 2024 18:18:06 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue May  7 18:18:06 UTC 2024

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go121: PLIST distinfo
        pkgsrc/lang/go122: PLIST distinfo

Log Message:
go: update to 1.21.10 and 1.22.3 (security)

These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin

  On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple
  version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  Thanks to Juho Forsén of Mattermost for reporting this issue.

  This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop

  A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite
  loop.

  Thanks to @long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak
  for bringing the issue to our attention.

  This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.


To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.207 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go121/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go121/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go122/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/go122/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.206 pkgsrc/lang/go/version.mk:1.207
--- pkgsrc/lang/go/version.mk:1.206     Fri Apr  5 19:07:55 2024
+++ pkgsrc/lang/go/version.mk   Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.206 2024/04/05 19:07:55 bsiegert Exp $
+# $NetBSD: version.mk,v 1.207 2024/05/07 18:18:05 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO122_VERSION= 1.22.2
-GO121_VERSION= 1.21.9
+GO122_VERSION= 1.22.3
+GO121_VERSION= 1.21.10
 GO120_VERSION= 1.20.14
 GO119_VERSION= 1.19.13
 GO118_VERSION= 1.18.10

Index: pkgsrc/lang/go121/PLIST
diff -u pkgsrc/lang/go121/PLIST:1.9 pkgsrc/lang/go121/PLIST:1.10
--- pkgsrc/lang/go121/PLIST:1.9 Fri Apr  5 19:07:55 2024
+++ pkgsrc/lang/go121/PLIST     Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2024/04/05 19:07:55 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.10 2024/05/07 18:18:05 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go121/CONTRIBUTING.md
@@ -2124,6 +2124,7 @@ go121/src/cmd/go/testdata/script/cover_t
 go121/src/cmd/go/testdata/script/cover_test_race_issue56370.txt
 go121/src/cmd/go/testdata/script/cover_var_init_order.txt
 go121/src/cmd/go/testdata/script/cpu_profile_twice.txt
+go121/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
 go121/src/cmd/go/testdata/script/devnull.txt
 go121/src/cmd/go/testdata/script/dist_list_missing.txt
 go121/src/cmd/go/testdata/script/doc.txt

Index: pkgsrc/lang/go121/distinfo
diff -u pkgsrc/lang/go121/distinfo:1.12 pkgsrc/lang/go121/distinfo:1.13
--- pkgsrc/lang/go121/distinfo:1.12     Tue Apr  9 16:55:55 2024
+++ pkgsrc/lang/go121/distinfo  Tue May  7 18:18:05 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2024/04/09 16:55:55 jperkin Exp $
+$NetBSD: distinfo,v 1.13 2024/05/07 18:18:05 bsiegert Exp $
 
-BLAKE2s (go1.21.9.src.tar.gz) = 089cdce5fe54fe3f1cab7c8ddb573b1c41e021a2f0c39456e8a40eb8b68020ea
-SHA512 (go1.21.9.src.tar.gz) = e1cf7e458d41f8b343c34b7d35dc4a1696bacbad2ad64abac36dbbeaf1e0a1b71cdb32cebb1686c6e5c90bf0ad3474714d09acea010d6c074730c59d71e79f4e
-Size (go1.21.9.src.tar.gz) = 26993426 bytes
+BLAKE2s (go1.21.10.src.tar.gz) = 5203975dc6fd4bfc94a20962873f586d144d360cf375c373e060b87a58311fa0
+SHA512 (go1.21.10.src.tar.gz) = 90105f977c86a0d5ea4d31e4e699d8611a74178db1e443ddc57679b7a2a648baa328e7fa9ea4a732727487cc29afe07e9597a1e2eb0184cb270973f403349f5a
+Size (go1.21.10.src.tar.gz) = 26993576 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Index: pkgsrc/lang/go122/PLIST
diff -u pkgsrc/lang/go122/PLIST:1.3 pkgsrc/lang/go122/PLIST:1.4
--- pkgsrc/lang/go122/PLIST:1.3 Fri Apr  5 18:51:52 2024
+++ pkgsrc/lang/go122/PLIST     Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2024/04/05 18:51:52 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.4 2024/05/07 18:18:05 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go122/CONTRIBUTING.md
@@ -1904,7 +1904,7 @@ go122/src/cmd/go/testdata/mod/golang.org
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.18.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.0.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.1.linux-amd64.txt
-go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.3.linux-amd64.txt
+go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go${PKGVERSION}.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.5.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.7.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.9.linux-amd64.txt
@@ -2157,6 +2157,7 @@ go122/src/cmd/go/testdata/script/cover_t
 go122/src/cmd/go/testdata/script/cover_test_race_issue56370.txt
 go122/src/cmd/go/testdata/script/cover_var_init_order.txt
 go122/src/cmd/go/testdata/script/cpu_profile_twice.txt
+go122/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
 go122/src/cmd/go/testdata/script/devnull.txt
 go122/src/cmd/go/testdata/script/dist_list_missing.txt
 go122/src/cmd/go/testdata/script/doc.txt

Index: pkgsrc/lang/go122/distinfo
diff -u pkgsrc/lang/go122/distinfo:1.5 pkgsrc/lang/go122/distinfo:1.6
--- pkgsrc/lang/go122/distinfo:1.5      Tue Apr  9 16:57:45 2024
+++ pkgsrc/lang/go122/distinfo  Tue May  7 18:18:05 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.5 2024/04/09 16:57:45 jperkin Exp $
+$NetBSD: distinfo,v 1.6 2024/05/07 18:18:05 bsiegert Exp $
 
-BLAKE2s (go1.22.2.src.tar.gz) = 1cda38de9b035db9c153c21042f23f62bc3ad1cd516b012916a446ca09b94d70
-SHA512 (go1.22.2.src.tar.gz) = f2491d2b5d4ef2dd86ca7820503a2534cd1860822049dc01a6cb40b556a0812cfc4196fa83173765816060253ac949f4165b0fb4b2bed5d45e30d03bb69e434d
-Size (go1.22.2.src.tar.gz) = 27551470 bytes
+BLAKE2s (go1.22.3.src.tar.gz) = fc915cdf74ff63831716b752f88dde2bf42d82117761303bb063cc0226977a67
+SHA512 (go1.22.3.src.tar.gz) = e6756866d3cf195f1afd3d852015f32dfb2de3648e30a78e9238a863eae192e9e7ccbcfd19fd97b1d552f35d51d62bf2104d81e35b8854a40400b0d61cf93672
+Size (go1.22.3.src.tar.gz) = 27552410 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index