pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri Sep  6 18:38:23 UTC 2024

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go123: PLIST distinfo

Log Message:
go123: update to 1.23.1

This minor release includes 3 security fixes following the security policy:

go/parser: stack exhaustion in all Parse* functions

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.

encoding/gob: stack exhaustion in Decoder.Decode

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.

This is a follow-up to CVE-2022-30635.

Thanks to Md Sakib Anwar of The Ohio State University (anwar.40%osu.edu@localhost) for reporting this issue.

This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.

go/build/constraint: stack exhaustion in Parse

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.

This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.


To generate a diff of this commit:
cvs rdiff -u -r1.213 -r1.214 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go123/PLIST pkgsrc/lang/go123/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.213 pkgsrc/lang/go/version.mk:1.214
--- pkgsrc/lang/go/version.mk:1.213     Wed Aug 14 10:04:05 2024
+++ pkgsrc/lang/go/version.mk   Fri Sep  6 18:38:22 2024
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.213 2024/08/14 10:04:05 bsiegert Exp $
+# $NetBSD: version.mk,v 1.214 2024/09/06 18:38:22 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO123_VERSION= 1.23.0
+GO123_VERSION= 1.23.1
 GO122_VERSION= 1.22.6
 GO121_VERSION= 1.21.13
 GO120_VERSION= 1.20.14

Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.1 pkgsrc/lang/go123/PLIST:1.2
--- pkgsrc/lang/go123/PLIST:1.1 Wed Aug 14 10:04:04 2024
+++ pkgsrc/lang/go123/PLIST     Fri Sep  6 18:38:22 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2024/08/14 10:04:04 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.2 2024/09/06 18:38:22 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go123/CONTRIBUTING.md
@@ -6732,6 +6732,8 @@ go123/src/internal/types/testdata/check/
 go123/src/internal/types/testdata/check/go1_19_20.go
 go123/src/internal/types/testdata/check/go1_20_19.go
 go123/src/internal/types/testdata/check/go1_21_19.go
+go123/src/internal/types/testdata/check/go1_21_22.go
+go123/src/internal/types/testdata/check/go1_22_21.go
 go123/src/internal/types/testdata/check/go1_8.go
 go123/src/internal/types/testdata/check/go1_xx_19.go
 go123/src/internal/types/testdata/check/gotos.go
@@ -7008,6 +7010,8 @@ go123/src/internal/types/testdata/fixedb
 go123/src/internal/types/testdata/fixedbugs/issue67683.go
 go123/src/internal/types/testdata/fixedbugs/issue67872.go
 go123/src/internal/types/testdata/fixedbugs/issue67962.go
+go123/src/internal/types/testdata/fixedbugs/issue68903.go
+go123/src/internal/types/testdata/fixedbugs/issue68935.go
 go123/src/internal/types/testdata/fixedbugs/issue6977.go
 go123/src/internal/types/testdata/spec/assignability.go
 go123/src/internal/types/testdata/spec/comparable.go
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.1 pkgsrc/lang/go123/distinfo:1.2
--- pkgsrc/lang/go123/distinfo:1.1      Wed Aug 14 10:04:04 2024
+++ pkgsrc/lang/go123/distinfo  Fri Sep  6 18:38:23 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1 2024/08/14 10:04:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.2 2024/09/06 18:38:23 bsiegert Exp $
 
-BLAKE2s (go1.23.0.src.tar.gz) = 06bd9978a1ed13efe9dd50ee5a4848af7477576e1a2d8469afd9936735ec6daa
-SHA512 (go1.23.0.src.tar.gz) = 5822124ca570662ac8dcec32a79196520ce355fe421d83372f8b8a97b3811de0739edcd7080a23f845cf700a6a26f3af6c93278f6ce485b93120afdd4f6c4f47
-Size (go1.23.0.src.tar.gz) = 28163301 bytes
+BLAKE2s (go1.23.1.src.tar.gz) = d74ba1ae026f98c49013b56ad5dd596cbae0713568100eec0de80f28938741d6
+SHA512 (go1.23.1.src.tar.gz) = c1db053bab03c33b4ec4cbef6c8dfae279542cde433fdb787b564ccf797bb9ac6d191aae3152a860a9539956502f31003f746e924287040849afce5ccaaf0988
+Size (go1.23.1.src.tar.gz) = 28164249 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35



Home | Main Index | Thread Index | Old Index