pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Sep 7 06:36:33 UTC 2022
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go118: PLIST distinfo
Log Message:
go118: update to 1.18.6 (security)
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/go118/PLIST pkgsrc/lang/go118/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.157 pkgsrc/lang/go/version.mk:1.158
--- pkgsrc/lang/go/version.mk:1.157 Tue Sep 6 19:11:13 2022
+++ pkgsrc/lang/go/version.mk Wed Sep 7 06:36:32 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
+# $NetBSD: version.mk,v 1.158 2022/09/07 06:36:32 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
.include "go-vars.mk"
GO119_VERSION= 1.19.1
-GO118_VERSION= 1.18.5
+GO118_VERSION= 1.18.6
GO117_VERSION= 1.17.13
GO116_VERSION= 1.16.15
GO110_VERSION= 1.10.8
Index: pkgsrc/lang/go118/PLIST
diff -u pkgsrc/lang/go118/PLIST:1.6 pkgsrc/lang/go118/PLIST:1.7
--- pkgsrc/lang/go118/PLIST:1.6 Fri Aug 12 16:15:04 2022
+++ pkgsrc/lang/go118/PLIST Wed Sep 7 06:36:33 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go118/AUTHORS
@@ -585,7 +585,6 @@ go118/pkg/${GO_PLATFORM}/cmd/vendor/gith
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolz.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/transport.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/profile.a
-go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/svgpan.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/ianlancetaylor/demangle.a
@@ -3014,6 +3013,7 @@ go118/src/cmd/go/testdata/script/test_ra
go118/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
go118/src/cmd/go/testdata/script/test_race_install.txt
go118/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go118/src/cmd/go/testdata/script/test_race_tag.txt
go118/src/cmd/go/testdata/script/test_rebuildall.txt
go118/src/cmd/go/testdata/script/test_regexps.txt
go118/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -3531,6 +3531,14 @@ go118/src/cmd/vendor/github.com/google/p
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/fetch.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flags.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flamegraph.go
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.css
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.js
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/flamegraph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/graph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/header.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/plaintext.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/source.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/top.html
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/interactive.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/options.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/settings.go
@@ -3560,11 +3568,15 @@ go118/src/cmd/vendor/github.com/google/p
go118/src/cmd/vendor/github.com/google/pprof/profile/profile.go
go118/src/cmd/vendor/github.com/google/pprof/profile/proto.go
go118/src/cmd/vendor/github.com/google/pprof/profile/prune.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/LICENSE
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/README.md
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/d3.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_FLAME_GRAPH_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/README.md
go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/d3_flame_graph.go
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/index.js
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package-lock.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/update.sh
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/webpack.config.js
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/LICENSE
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/svgpan.go
go118/src/cmd/vendor/github.com/ianlancetaylor/demangle/.gitignore
@@ -3756,6 +3768,7 @@ go118/src/cmd/vendor/golang.org/x/sys/un
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_illumos.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -10787,6 +10800,9 @@ go118/test/fixedbugs/issue5260.dir/a.go
go118/test/fixedbugs/issue5260.dir/b.go
go118/test/fixedbugs/issue5260.go
go118/test/fixedbugs/issue52612.go
+go118/test/fixedbugs/issue52788.go
+go118/test/fixedbugs/issue52788a.go
+go118/test/fixedbugs/issue52788a.out
go118/test/fixedbugs/issue5291.dir/pkg1.go
go118/test/fixedbugs/issue5291.dir/prog.go
go118/test/fixedbugs/issue5291.go
@@ -10797,7 +10813,9 @@ go118/test/fixedbugs/issue53454.go
go118/test/fixedbugs/issue5358.go
go118/test/fixedbugs/issue53600.go
go118/test/fixedbugs/issue53600.out
+go118/test/fixedbugs/issue53702.go
go118/test/fixedbugs/issue5373.go
+go118/test/fixedbugs/issue54467.go
go118/test/fixedbugs/issue5470.dir/a.go
go118/test/fixedbugs/issue5470.dir/b.go
go118/test/fixedbugs/issue5470.go
Index: pkgsrc/lang/go118/distinfo
diff -u pkgsrc/lang/go118/distinfo:1.6 pkgsrc/lang/go118/distinfo:1.7
--- pkgsrc/lang/go118/distinfo:1.6 Fri Aug 12 16:15:04 2022
+++ pkgsrc/lang/go118/distinfo Wed Sep 7 06:36:33 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
-BLAKE2s (go1.18.5.src.tar.gz) = 7c859789d63ca8a99845582df0ff049ab368d3f1c188699b3060391f2bdae527
-SHA512 (go1.18.5.src.tar.gz) = 4ba69ad49b5c17963fdc39ae7f5360fa38950db39ec1fb9b52744d6a209abf177dab6bd587e7457c83a4fd265589907ec241d8b09d0eac76cf984243a14500ef
-Size (go1.18.5.src.tar.gz) = 22847094 bytes
+BLAKE2s (go1.18.6.src.tar.gz) = 71c3a452522d81e751845cc89a341a7164d80c2d3368d36c6bf71191185117b2
+SHA512 (go1.18.6.src.tar.gz) = 2af66b09bfe033b413eb7603a73a490319bf49fec0a2e20c40350e60b9ef35250a6dc8544c5fc67bd1ede55e242d056e7749f69ef500a38b1efe4b8f93078de3
+Size (go1.18.6.src.tar.gz) = 22865753 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index