pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Sep 6 18:38:23 UTC 2024
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go123: PLIST distinfo
Log Message:
go123: update to 1.23.1
This minor release includes 3 security fixes following the security policy:
go/parser: stack exhaustion in all Parse* functions
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
This is CVE-2024-34155 and Go issue https://go.dev/issue/69138.
encoding/gob: stack exhaustion in Decoder.Decode
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion.
This is a follow-up to CVE-2022-30635.
Thanks to Md Sakib Anwar of The Ohio State University (anwar.40%osu.edu@localhost) for reporting this issue.
This is CVE-2024-34156 and Go issue https://go.dev/issue/69139.
go/build/constraint: stack exhaustion in Parse
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
This is CVE-2024-34158 and Go issue https://go.dev/issue/69141.
To generate a diff of this commit:
cvs rdiff -u -r1.213 -r1.214 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go123/PLIST pkgsrc/lang/go123/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.213 pkgsrc/lang/go/version.mk:1.214
--- pkgsrc/lang/go/version.mk:1.213 Wed Aug 14 10:04:05 2024
+++ pkgsrc/lang/go/version.mk Fri Sep 6 18:38:22 2024
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.213 2024/08/14 10:04:05 bsiegert Exp $
+# $NetBSD: version.mk,v 1.214 2024/09/06 18:38:22 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
#
.include "go-vars.mk"
-GO123_VERSION= 1.23.0
+GO123_VERSION= 1.23.1
GO122_VERSION= 1.22.6
GO121_VERSION= 1.21.13
GO120_VERSION= 1.20.14
Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.1 pkgsrc/lang/go123/PLIST:1.2
--- pkgsrc/lang/go123/PLIST:1.1 Wed Aug 14 10:04:04 2024
+++ pkgsrc/lang/go123/PLIST Fri Sep 6 18:38:22 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2024/08/14 10:04:04 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.2 2024/09/06 18:38:22 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go123/CONTRIBUTING.md
@@ -6732,6 +6732,8 @@ go123/src/internal/types/testdata/check/
go123/src/internal/types/testdata/check/go1_19_20.go
go123/src/internal/types/testdata/check/go1_20_19.go
go123/src/internal/types/testdata/check/go1_21_19.go
+go123/src/internal/types/testdata/check/go1_21_22.go
+go123/src/internal/types/testdata/check/go1_22_21.go
go123/src/internal/types/testdata/check/go1_8.go
go123/src/internal/types/testdata/check/go1_xx_19.go
go123/src/internal/types/testdata/check/gotos.go
@@ -7008,6 +7010,8 @@ go123/src/internal/types/testdata/fixedb
go123/src/internal/types/testdata/fixedbugs/issue67683.go
go123/src/internal/types/testdata/fixedbugs/issue67872.go
go123/src/internal/types/testdata/fixedbugs/issue67962.go
+go123/src/internal/types/testdata/fixedbugs/issue68903.go
+go123/src/internal/types/testdata/fixedbugs/issue68935.go
go123/src/internal/types/testdata/fixedbugs/issue6977.go
go123/src/internal/types/testdata/spec/assignability.go
go123/src/internal/types/testdata/spec/comparable.go
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.1 pkgsrc/lang/go123/distinfo:1.2
--- pkgsrc/lang/go123/distinfo:1.1 Wed Aug 14 10:04:04 2024
+++ pkgsrc/lang/go123/distinfo Fri Sep 6 18:38:23 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1 2024/08/14 10:04:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.2 2024/09/06 18:38:23 bsiegert Exp $
-BLAKE2s (go1.23.0.src.tar.gz) = 06bd9978a1ed13efe9dd50ee5a4848af7477576e1a2d8469afd9936735ec6daa
-SHA512 (go1.23.0.src.tar.gz) = 5822124ca570662ac8dcec32a79196520ce355fe421d83372f8b8a97b3811de0739edcd7080a23f845cf700a6a26f3af6c93278f6ce485b93120afdd4f6c4f47
-Size (go1.23.0.src.tar.gz) = 28163301 bytes
+BLAKE2s (go1.23.1.src.tar.gz) = d74ba1ae026f98c49013b56ad5dd596cbae0713568100eec0de80f28938741d6
+SHA512 (go1.23.1.src.tar.gz) = c1db053bab03c33b4ec4cbef6c8dfae279542cde433fdb787b564ccf797bb9ac6d191aae3152a860a9539956502f31003f746e924287040849afce5ccaaf0988
+Size (go1.23.1.src.tar.gz) = 28164249 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index