CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Wed, 3 Jul 2024 06:49:55 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Wed Jul  3 06:49:54 UTC 2024

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go121: PLIST distinfo
        pkgsrc/lang/go122: PLIST distinfo

Log Message:
go: update to 1.22.5 and 1.21.12 (security)

These minor releases include 1 security fix following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a
request with an "Expect: 100-continue" header with a non-informational (200 or
higher) status. This mishandling could leave a client connection in an invalid
state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can
exploit this mishandling to cause a denial of service by sending "Expect:
100-continue" requests which elicit a non-informational response from the
backend. Each such request leaves the proxy with an invalid connection, and
causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.5


To generate a diff of this commit:
cvs rdiff -u -r1.210 -r1.211 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go121/PLIST
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/go121/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/go122/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/go122/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.210 pkgsrc/lang/go/version.mk:1.211
--- pkgsrc/lang/go/version.mk:1.210     Thu Jun 13 12:55:15 2024
+++ pkgsrc/lang/go/version.mk   Wed Jul  3 06:49:54 2024
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.210 2024/06/13 12:55:15 bsiegert Exp $
+# $NetBSD: version.mk,v 1.211 2024/07/03 06:49:54 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO122_VERSION= 1.22.4
-GO121_VERSION= 1.21.11
+GO122_VERSION= 1.22.5
+GO121_VERSION= 1.21.12
 GO120_VERSION= 1.20.14
 GO119_VERSION= 1.19.13
 GO118_VERSION= 1.18.10

Index: pkgsrc/lang/go121/PLIST
diff -u pkgsrc/lang/go121/PLIST:1.11 pkgsrc/lang/go121/PLIST:1.12
--- pkgsrc/lang/go121/PLIST:1.11        Thu Jun 13 12:49:39 2024
+++ pkgsrc/lang/go121/PLIST     Wed Jul  3 06:49:54 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2024/06/13 12:49:39 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.12 2024/07/03 06:49:54 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go121/CONTRIBUTING.md
@@ -1821,6 +1821,8 @@ go121/src/cmd/go/testdata/mod/example.co
 go121/src/cmd/go/testdata/mod/example.com_retract_incompatible_v2.0.0+incompatible.txt
 go121/src/cmd/go/testdata/mod/example.com_retract_missingmod_v1.0.0.txt
 go121/src/cmd/go/testdata/mod/example.com_retract_missingmod_v1.9.0.txt
+go121/src/cmd/go/testdata/mod/example.com_retract_newergoversion_v1.0.0.txt
+go121/src/cmd/go/testdata/mod/example.com_retract_newergoversion_v1.2.0.txt
 go121/src/cmd/go/testdata/mod/example.com_retract_noupgrade_v1.0.0.txt
 go121/src/cmd/go/testdata/mod/example.com_retract_rationale_v1.0.0-block.txt
 go121/src/cmd/go/testdata/mod/example.com_retract_rationale_v1.0.0-blockwithcomment.txt
@@ -2269,6 +2271,7 @@ go121/src/cmd/go/testdata/script/list_pe
 go121/src/cmd/go/testdata/script/list_pkgconfig_error.txt
 go121/src/cmd/go/testdata/script/list_replace_absolute_windows.txt
 go121/src/cmd/go/testdata/script/list_reserved.txt
+go121/src/cmd/go/testdata/script/list_retractions_issue66403.txt
 go121/src/cmd/go/testdata/script/list_shadow.txt
 go121/src/cmd/go/testdata/script/list_split_main.txt
 go121/src/cmd/go/testdata/script/list_std.txt
@@ -2667,6 +2670,7 @@ go121/src/cmd/go/testdata/script/test_fl
 go121/src/cmd/go/testdata/script/test_fullpath.txt
 go121/src/cmd/go/testdata/script/test_fuzz.txt
 go121/src/cmd/go/testdata/script/test_fuzz_cache.txt
+go121/src/cmd/go/testdata/script/test_fuzz_cgo.txt
 go121/src/cmd/go/testdata/script/test_fuzz_chatty.txt
 go121/src/cmd/go/testdata/script/test_fuzz_cleanup.txt
 go121/src/cmd/go/testdata/script/test_fuzz_cov.txt

Index: pkgsrc/lang/go121/distinfo
diff -u pkgsrc/lang/go121/distinfo:1.14 pkgsrc/lang/go121/distinfo:1.15
--- pkgsrc/lang/go121/distinfo:1.14     Thu Jun 13 12:49:39 2024
+++ pkgsrc/lang/go121/distinfo  Wed Jul  3 06:49:54 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.14 2024/06/13 12:49:39 bsiegert Exp $
+$NetBSD: distinfo,v 1.15 2024/07/03 06:49:54 bsiegert Exp $
 
-BLAKE2s (go1.21.11.src.tar.gz) = 1e233c7060f761dca6e361fa55ba1a8d33b54c71496fd0df989d052d1ee52fb0
-SHA512 (go1.21.11.src.tar.gz) = dffcef964a4fbe08cd965bcffad6138fab164f14936a83988ced86924f794c1f107c122d1aeb674eacb0a1a498a31bdf83ea8f87b352494fa69f6e38931d2120
-Size (go1.21.11.src.tar.gz) = 26994914 bytes
+BLAKE2s (go1.21.12.src.tar.gz) = f53bc0b65f3f624d84017d9574fc5d4ecfd96a6b90430af70d1ed0a2373e6237
+SHA512 (go1.21.12.src.tar.gz) = fb909b92e9dbcf022b9f9250c66a6681585e26aeaf7b8a16b4263082c137181c53966299aa8014983a0215d70e03d1e18b77d674ab32dcfaa5de8c9ed2c8020c
+Size (go1.21.12.src.tar.gz) = 26997443 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Index: pkgsrc/lang/go122/PLIST
diff -u pkgsrc/lang/go122/PLIST:1.5 pkgsrc/lang/go122/PLIST:1.6
--- pkgsrc/lang/go122/PLIST:1.5 Thu Jun 13 12:55:15 2024
+++ pkgsrc/lang/go122/PLIST     Wed Jul  3 06:49:54 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2024/06/13 12:55:15 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.6 2024/07/03 06:49:54 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go122/CONTRIBUTING.md
@@ -585,6 +585,7 @@ go122/src/cmd/cgo/internal/testplugin/te
 go122/src/cmd/cgo/internal/testplugin/testdata/issue53989/plugin.go
 go122/src/cmd/cgo/internal/testplugin/testdata/issue62430/main.go
 go122/src/cmd/cgo/internal/testplugin/testdata/issue62430/plugin.go
+go122/src/cmd/cgo/internal/testplugin/testdata/issue67976/plugin.go
 go122/src/cmd/cgo/internal/testplugin/testdata/mangle/plugin.go
 go122/src/cmd/cgo/internal/testplugin/testdata/method/main.go
 go122/src/cmd/cgo/internal/testplugin/testdata/method/plugin.go
@@ -1844,6 +1845,8 @@ go122/src/cmd/go/testdata/mod/example.co
 go122/src/cmd/go/testdata/mod/example.com_retract_incompatible_v2.0.0+incompatible.txt
 go122/src/cmd/go/testdata/mod/example.com_retract_missingmod_v1.0.0.txt
 go122/src/cmd/go/testdata/mod/example.com_retract_missingmod_v1.9.0.txt
+go122/src/cmd/go/testdata/mod/example.com_retract_newergoversion_v1.0.0.txt
+go122/src/cmd/go/testdata/mod/example.com_retract_newergoversion_v1.2.0.txt
 go122/src/cmd/go/testdata/mod/example.com_retract_noupgrade_v1.0.0.txt
 go122/src/cmd/go/testdata/mod/example.com_retract_rationale_v1.0.0-block.txt
 go122/src/cmd/go/testdata/mod/example.com_retract_rationale_v1.0.0-blockwithcomment.txt
@@ -1906,7 +1909,7 @@ go122/src/cmd/go/testdata/mod/golang.org
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.0.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.1.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.3.linux-amd64.txt
-go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.5.linux-amd64.txt
+go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go${PKGVERSION}.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.7.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.9.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22rc1.linux-amd64.txt
@@ -2274,6 +2277,7 @@ go122/src/cmd/go/testdata/script/list_pe
 go122/src/cmd/go/testdata/script/list_pkgconfig_error.txt
 go122/src/cmd/go/testdata/script/list_replace_absolute_windows.txt
 go122/src/cmd/go/testdata/script/list_reserved.txt
+go122/src/cmd/go/testdata/script/list_retractions_issue66403.txt
 go122/src/cmd/go/testdata/script/list_shadow.txt
 go122/src/cmd/go/testdata/script/list_split_main.txt
 go122/src/cmd/go/testdata/script/list_std.txt
@@ -2664,6 +2668,7 @@ go122/src/cmd/go/testdata/script/test_fl
 go122/src/cmd/go/testdata/script/test_fullpath.txt
 go122/src/cmd/go/testdata/script/test_fuzz.txt
 go122/src/cmd/go/testdata/script/test_fuzz_cache.txt
+go122/src/cmd/go/testdata/script/test_fuzz_cgo.txt
 go122/src/cmd/go/testdata/script/test_fuzz_chatty.txt
 go122/src/cmd/go/testdata/script/test_fuzz_cleanup.txt
 go122/src/cmd/go/testdata/script/test_fuzz_cov.txt
@@ -11908,9 +11913,14 @@ go122/test/fixedbugs/issue6513.dir/main.
 go122/test/fixedbugs/issue6513.go
 go122/test/fixedbugs/issue65593.go
 go122/test/fixedbugs/issue6572.go
+go122/test/fixedbugs/issue65957.dir/a.go
+go122/test/fixedbugs/issue65957.dir/main.go
+go122/test/fixedbugs/issue65957.go
 go122/test/fixedbugs/issue66066.go
 go122/test/fixedbugs/issue66066b.go
 go122/test/fixedbugs/issue66096.go
+go122/test/fixedbugs/issue66575.go
+go122/test/fixedbugs/issue66575.out
 go122/test/fixedbugs/issue6671.go
 go122/test/fixedbugs/issue6703a.go
 go122/test/fixedbugs/issue6703b.go

Index: pkgsrc/lang/go122/distinfo
diff -u pkgsrc/lang/go122/distinfo:1.7 pkgsrc/lang/go122/distinfo:1.8
--- pkgsrc/lang/go122/distinfo:1.7      Thu Jun 13 12:55:15 2024
+++ pkgsrc/lang/go122/distinfo  Wed Jul  3 06:49:54 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.7 2024/06/13 12:55:15 bsiegert Exp $
+$NetBSD: distinfo,v 1.8 2024/07/03 06:49:54 bsiegert Exp $
 
-BLAKE2s (go1.22.4.src.tar.gz) = 0634d5823abbb1ba4dd5f320f55f33156ca8f8a0482fbdfb5804b28f9aceb38b
-SHA512 (go1.22.4.src.tar.gz) = 4855ba7e277b2eb79eb52e3ad2a52f18b3a4cd3adc20b7a17d29fabae74141265bf31399307b8d3f35110031d11ad7f583016aa903f3e36eeb6d1f64cfc8a5ad
-Size (go1.22.4.src.tar.gz) = 27555503 bytes
+BLAKE2s (go1.22.5.src.tar.gz) = 0407b536f7f26d7ef9b006a32ac072201b7b42750bc056d6c84ac645cf677fe7
+SHA512 (go1.22.5.src.tar.gz) = 798c2bd5d59be1fb5d7af98893fa7bb68322117facfdee546a37175ec5e8be634f2bed2d8d0e7d4d0555b354c8e9d72b3829c39670d3be2d2328376a00a48576
+Size (go1.22.5.src.tar.gz) = 27559458 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index