pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Nov  1 17:26:17 UTC 2022

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go118: distinfo

Log Message:
go118: update to 1.18.8

This release includes 1 security fixes following the security policy:

syscall, os/exec: unsanitized NUL in environment variables

On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for
invalid environment variable values. A malicious environment variable value
could exploit this behavior to set a value for a different environment
variable. For example, the environment variable string "A=B\x00C=D" set the
variables "A=B" and "C=D".

Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.8


To generate a diff of this commit:
cvs rdiff -u -r1.163 -r1.164 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go118/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.163 pkgsrc/lang/go/version.mk:1.164
--- pkgsrc/lang/go/version.mk:1.163     Wed Oct  5 11:20:24 2022
+++ pkgsrc/lang/go/version.mk   Tue Nov  1 17:26:16 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.163 2022/10/05 11:20:24 bsiegert Exp $
+# $NetBSD: version.mk,v 1.164 2022/11/01 17:26:16 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO119_VERSION= 1.19.2
-GO118_VERSION= 1.18.7
+GO118_VERSION= 1.18.8
 GO117_VERSION= 1.17.13
 GO116_VERSION= 1.16.15
 GO110_VERSION= 1.10.8

Index: pkgsrc/lang/go118/distinfo
diff -u pkgsrc/lang/go118/distinfo:1.8 pkgsrc/lang/go118/distinfo:1.9
--- pkgsrc/lang/go118/distinfo:1.8      Wed Oct  5 09:51:52 2022
+++ pkgsrc/lang/go118/distinfo  Tue Nov  1 17:26:17 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2022/10/05 09:51:52 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2022/11/01 17:26:17 bsiegert Exp $
 
-BLAKE2s (go1.18.7.src.tar.gz) = 90a986b01c2ff99dc45c08aa05e35c3c3495bc0265a057aead2d64656e321780
-SHA512 (go1.18.7.src.tar.gz) = cf1ff024e94b900b87cc52d3ec04b0f7f853880a99c416791ad4b9af5f8e50ec82fbe00788bc8dcc184ef5ce1a9df17f5f5e95cf01c0c8138f28f53d691ca5d4
-Size (go1.18.7.src.tar.gz) = 22872579 bytes
+BLAKE2s (go1.18.8.src.tar.gz) = 73aaf4a5384d4fe3a69ccef38a5193465c4f65bb2a71212fd757fda811a2293a
+SHA512 (go1.18.8.src.tar.gz) = 8fb257e2e53bf887948735c03a68748c55e2ceda3c6593cabb0c70e82b0e4e8f6ecd8aece5e6b1b96e4589a53ae557f8d9d6dea093efff0ae657afad25b05b22
+Size (go1.18.8.src.tar.gz) = 22873390 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35



Home | Main Index | Thread Index | Old Index