summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2018-02-08 19:32:17 +0000
committerbsiegert <bsiegert@pkgsrc.org>2018-02-08 19:32:17 +0000
commit34c7bbeb3d9415830da8a4c5981d63d84467d362 (patch)
treebf5a2647a96484157b0dc25b3898707514b1ccc8
parented99eaae68a6592c3a0421adf1bd61bbb70dd26d (diff)
downloadpkgsrc-34c7bbeb3d9415830da8a4c5981d63d84467d362.tar.gz
Update Go to 1.9.4.
By using the clang or gcc plugin mechanism, it was possible for an attacker to trick the “go get” command into executing arbitrary code. The go command now restricts the set of allowed host compiler and linker arguments in cgo source files to a list of allowed flags, in particular disallowing -fplugin= and -plugin=. The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go issue for details. Thanks to Christopher Brown of Mattermost for reporting this problem.
Diffstat
-rw-r--r--lang/go/PLIST4
-rw-r--r--lang/go/distinfo10
-rw-r--r--lang/go/version.mk4
3 files changed, 10 insertions, 8 deletions
diff --git a/lang/go/PLIST b/lang/go/PLIST
index b04dd87aaaf..114926ca3c8 100644
--- a/lang/go/PLIST
+++ b/lang/go/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.37 2018/01/28 11:31:03 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.38 2018/02/08 19:32:17 bsiegert Exp $
bin/go
bin/gofmt
go/AUTHORS
@@ -1789,6 +1789,8 @@ go/src/cmd/go/internal/web/http.go
go/src/cmd/go/internal/web/security.go
go/src/cmd/go/internal/work/build.go
go/src/cmd/go/internal/work/build_test.go
+go/src/cmd/go/internal/work/security.go
+go/src/cmd/go/internal/work/security_test.go
go/src/cmd/go/internal/work/testgo.go
go/src/cmd/go/main.go
go/src/cmd/go/mkalldocs.sh
diff --git a/lang/go/distinfo b/lang/go/distinfo
index 9841ea93b6a..60a697ba161 100644
--- a/lang/go/distinfo
+++ b/lang/go/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.56 2018/01/28 11:31:03 bsiegert Exp $
+$NetBSD: distinfo,v 1.57 2018/02/08 19:32:17 bsiegert Exp $
-SHA1 (go1.9.3.src.tar.gz) = e1854548e8e2defca7d63ab752ff46f38eb7db2a
-RMD160 (go1.9.3.src.tar.gz) = 0088a287f3a3c4bd4c152101f684e22173c59fa4
-SHA512 (go1.9.3.src.tar.gz) = 31c564af58b78c648c9bece8fa2ed3334feb80316b07b16f6286319e26d317da90d1af0464c3a2f776a3da72d31b22b063dbc620b93114bf142a11e8a625e527
-Size (go1.9.3.src.tar.gz) = 16385451 bytes
+SHA1 (go1.9.4.src.tar.gz) = 12b0ecee83525cd594f4fbf30380d4832e06f189
+RMD160 (go1.9.4.src.tar.gz) = 801d6a8a57d2dc0fefba283ea1ae456b869a7398
+SHA512 (go1.9.4.src.tar.gz) = 1a7c830e07507ff7b89025adfb5c713444d97301f8ad47ef2564722c1e28186e946350f07e22777fbdd6f2f589c334eb01dfd589e97cb8a86f73669547badb0b
+Size (go1.9.4.src.tar.gz) = 16392325 bytes
SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
SHA1 (patch-src_cmd_link_internal_ld_elf.go) = acc8d92b7eae1b77470bd3e88af93d458695ac76
diff --git a/lang/go/version.mk b/lang/go/version.mk
index 2a3fa8fec88..2ad841f7cae 100644
--- a/lang/go/version.mk
+++ b/lang/go/version.mk
@@ -1,10 +1,10 @@
-# $NetBSD: version.mk,v 1.33 2018/01/30 17:05:21 jperkin Exp $
+# $NetBSD: version.mk,v 1.34 2018/02/08 19:32:17 bsiegert Exp $
SSP_SUPPORTED= no
.include "../../mk/bsd.prefs.mk"
-GO_VERSION= 1.9.3
+GO_VERSION= 1.9.4
GO14_VERSION= 1.4.3
ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-earmv[67]hf
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 00:56:48 +0000