pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2024Q4] pkgsrc/lang
Module Name: pkgsrc
Committed By: maya
Date: Thu Feb 6 15:33:18 UTC 2025
Modified Files:
pkgsrc/lang/go [pkgsrc-2024Q4]: version.mk
pkgsrc/lang/go122 [pkgsrc-2024Q4]: distinfo
pkgsrc/lang/go123 [pkgsrc-2024Q4]: PLIST distinfo
Log Message:
Pullup ticket #6939 - requested by bsiegert
lang/go122: Security fix
lang/go123: Security fix
Revisions pulled up:
- lang/go/version.mk 1.221
- lang/go122/distinfo 1.14
- lang/go123/PLIST 1.6
- lang/go123/distinfo 1.7
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jan 17 10:33:09 UTC 2025
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go122: distinfo
pkgsrc/lang/go123: PLIST distinfo
Log Message:
Update go122 to 1.22.11 and go123 to 1.23.5.
These minor releases include 2 security fixes following the security policy=
:
- crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
A certificate with a URI which has a IPv6 address with a zone ID may
incorrectly satisfy a URI name constraint that applies to the certificate
chain.
Certificates containing URIs are not permitted in the web PKI, so this
only affects users of private PKIs which make use of URIs.
Thanks to Juho Fors=C3=A9n of Mattermost for reporting this issue.
This is CVE-2024-45341 and Go issue https://go.dev/issue/71156.
- net/http: sensitive headers incorrectly sent after cross-domain redirect
The HTTP client drops sensitive headers after following a cross-domain
redirect. For example, a request to a.com/ containing an
Authorization header which is redirected to b.com/ will not send that
header to b.com.
In the event that the client received a subsequent same-domain
redirect, however, the sensitive headers would be restored. For
example, a chain of redirects from a.com/, to b.com/1, and finally to
b.com/2 would incorrectly send the Authorization header to b.com/2.
Thanks to Kyle Seely for reporting this issue.
This is CVE-2024-45336 and Go issue https://go.dev/issue/70530.
To generate a diff of this commit:
cvs rdiff -u -r1.220 -r1.220.2.1 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.13 -r1.13.2.1 pkgsrc/lang/go122/distinfo
cvs rdiff -u -r1.4.2.1 -r1.4.2.2 pkgsrc/lang/go123/PLIST
cvs rdiff -u -r1.5.2.1 -r1.5.2.2 pkgsrc/lang/go123/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.220 pkgsrc/lang/go/version.mk:1.220.2.1
--- pkgsrc/lang/go/version.mk:1.220 Wed Dec 4 18:51:39 2024
+++ pkgsrc/lang/go/version.mk Thu Feb 6 15:33:17 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.220 2024/12/04 18:51:39 bsiegert Exp $
+# $NetBSD: version.mk,v 1.220.2.1 2025/02/06 15:33:17 maya Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
#
.include "go-vars.mk"
-GO123_VERSION= 1.23.4
-GO122_VERSION= 1.22.10
+GO123_VERSION= 1.23.5
+GO122_VERSION= 1.22.11
GO121_VERSION= 1.21.13
GO120_VERSION= 1.20.14
GO119_VERSION= 1.19.13
Index: pkgsrc/lang/go122/distinfo
diff -u pkgsrc/lang/go122/distinfo:1.13 pkgsrc/lang/go122/distinfo:1.13.2.1
--- pkgsrc/lang/go122/distinfo:1.13 Wed Dec 4 18:51:39 2024
+++ pkgsrc/lang/go122/distinfo Thu Feb 6 15:33:18 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2024/12/04 18:51:39 bsiegert Exp $
+$NetBSD: distinfo,v 1.13.2.1 2025/02/06 15:33:18 maya Exp $
-BLAKE2s (go1.22.10.src.tar.gz) = d1e119124684dfa0cb025aa5e976147260f09e64d5a0bf9773358fa6e7acafd6
-SHA512 (go1.22.10.src.tar.gz) = 0ccf4a42a8bf40c94f21b014fea3ea002d46e8ecb1142be7444148c4937b3d10ce863fb5556f2c1a8f4b51d34d85efe16efa892255eeb4447108c44ac080ce13
-Size (go1.22.10.src.tar.gz) = 27565306 bytes
+BLAKE2s (go1.22.11.src.tar.gz) = b28d7f23e094ac9b99e0a1b858ba9e76deb26f362a27f7875cbaba5a5abf17cb
+SHA512 (go1.22.11.src.tar.gz) = 40c133d6008df7c7cc3bb95a41c29f7442a6af2dd78b807007daf732471c88e2c641aed32878414d57be3904e5efa580d2ecd13fff5412ee668e753e50f1356e
+Size (go1.22.11.src.tar.gz) = 27565913 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.4.2.1 pkgsrc/lang/go123/PLIST:1.4.2.2
--- pkgsrc/lang/go123/PLIST:1.4.2.1 Tue Jan 7 07:54:34 2025
+++ pkgsrc/lang/go123/PLIST Thu Feb 6 15:33:18 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4.2.1 2025/01/07 07:54:34 maya Exp $
+@comment $NetBSD: PLIST,v 1.4.2.2 2025/02/06 15:33:18 maya Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go123/CONTRIBUTING.md
@@ -475,6 +475,7 @@ go123/src/cmd/cgo/internal/test/testx.go
go123/src/cmd/cgo/internal/test/typeparam.go
go123/src/cmd/cgo/internal/testcarchive/carchive_test.go
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo/libgo.go
+go123/src/cmd/cgo/internal/testcarchive/testdata/libgo10/a.go
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo2/libgo2.go
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo3/libgo3.go
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo4/libgo4.go
@@ -483,6 +484,7 @@ go123/src/cmd/cgo/internal/testcarchive/
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo8/a.go
go123/src/cmd/cgo/internal/testcarchive/testdata/libgo9/a.go
go123/src/cmd/cgo/internal/testcarchive/testdata/main.c
+go123/src/cmd/cgo/internal/testcarchive/testdata/main10.c
go123/src/cmd/cgo/internal/testcarchive/testdata/main2.c
go123/src/cmd/cgo/internal/testcarchive/testdata/main3.c
go123/src/cmd/cgo/internal/testcarchive/testdata/main4.c
@@ -796,6 +798,7 @@ go123/src/cmd/compile/internal/importer/
go123/src/cmd/compile/internal/importer/iimport.go
go123/src/cmd/compile/internal/importer/support.go
go123/src/cmd/compile/internal/importer/testdata/a.go
+go123/src/cmd/compile/internal/importer/testdata/alias.go
go123/src/cmd/compile/internal/importer/testdata/b.go
go123/src/cmd/compile/internal/importer/testdata/exports.go
go123/src/cmd/compile/internal/importer/testdata/generics.go
@@ -7685,6 +7688,7 @@ go123/src/net/sendfile_linux.go
go123/src/net/sendfile_stub.go
go123/src/net/sendfile_test.go
go123/src/net/sendfile_unix_alt.go
+go123/src/net/sendfile_unix_test.go
go123/src/net/sendfile_windows.go
go123/src/net/server_test.go
go123/src/net/smtp/auth.go
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.5.2.1 pkgsrc/lang/go123/distinfo:1.5.2.2
--- pkgsrc/lang/go123/distinfo:1.5.2.1 Tue Jan 7 07:54:34 2025
+++ pkgsrc/lang/go123/distinfo Thu Feb 6 15:33:18 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.5.2.1 2025/01/07 07:54:34 maya Exp $
+$NetBSD: distinfo,v 1.5.2.2 2025/02/06 15:33:18 maya Exp $
BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.4.src.tar.gz) = 23d99679a436a8dc39cf40ce3e6a4610e018037bea4ccc3ed8230f702117b7e5
-SHA512 (go1.23.4.src.tar.gz) = 5d1cce76b2cbdf628f86a1a8185a07f362becee053cb4270281520e77b36e3908faeaf5b2a6266e61dec9866dc1f3791f77e8dc1bf5f8beaf858c138d0e18c22
-Size (go1.23.4.src.tar.gz) = 28177188 bytes
+BLAKE2s (go1.23.5.src.tar.gz) = 3adb2f7d2ff3bddc8566f6b55102d51e72f12c2c2ea74fb9efcf3691c6482f81
+SHA512 (go1.23.5.src.tar.gz) = b04317afeab2d0ced7c36b8682dd32ac085d95d874cf3f614daa34859d7f7f2b75138132e7a64e237c6b4d711d5b03a4d20533f92a44840915630f4ea7cfafa2
+Size (go1.23.5.src.tar.gz) = 28179014 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index