diff options
author | bsiegert <bsiegert> | 2016-07-18 20:37:40 +0000 |
---|---|---|
committer | bsiegert <bsiegert> | 2016-07-18 20:37:40 +0000 |
commit | bbe51472339e841b19b1578f1cfff3a9911d34d4 (patch) | |
tree | a18267e161afd332819e567ab91a4cc95af64d8d /lang/go/version.mk | |
parent | 9501d117cd848c5a2d0210c0a7225cf897ddb329 (diff) | |
download | pkgsrc-bbe51472339e841b19b1578f1cfff3a9911d34d4.tar.gz |
Update Go to 1.6.3.
A security-related issue was recently reported in Go's net/http/cgi package and
net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 contain
a fix for this issue.
Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation flaw in
the CGI components resulting in the HTTP_PROXY environment variable being set
by the incoming Proxy header. This environment variable was also used to set
the outgoing proxy, enabling an attacker to insert a proxy into outgoing
requests of a CGI program.
This is CVE-2016-5386 and was addressed by this change:
https://golang.org/cl/25010, tracked in this issue:
https://golang.org/issue/16405
The Go team would like to thank Dominic Scheirlinck for coordinating disclosure
of this issue across multiple languages and CGI environments. Read more about
"httpoxy" here: https://httpoxy.org/
Go 1.6.3 also adds support for macOS Sierra. See https://golang.org/issue/16354
for details.
Diffstat (limited to 'lang/go/version.mk')
-rw-r--r-- | lang/go/version.mk | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lang/go/version.mk b/lang/go/version.mk index a463f9f4bc4..175914c5a32 100644 --- a/lang/go/version.mk +++ b/lang/go/version.mk @@ -1,8 +1,8 @@ -# $NetBSD: version.mk,v 1.14 2016/04/30 11:22:28 bsiegert Exp $ +# $NetBSD: version.mk,v 1.15 2016/07/18 20:37:40 bsiegert Exp $ .include "../../mk/bsd.prefs.mk" -GO_VERSION= 1.6.2 +GO_VERSION= 1.6.3 GO14_VERSION= 1.4.3 ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-evbarm |