diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2015-09-26 17:37:01 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2015-09-26 17:37:01 +0000 |
| commit | 9dba10a98ae6715b69a2e7606e8b625358e3c936 (patch) | |
| tree | 149500f89c87d401c64a78442c2f73d8bc915298 /lang/go14 | |
| parent | a5cc3289162493d7179a50b08d18b21af05492b9 (diff) | |
| download | pkgsrc-9dba10a98ae6715b69a2e7606e8b625358e3c936.tar.gz | |
Update go14 to 1.4.3. It fixes four security-related issues.
The issues were reported in Go's net/http package. They affect programs using
that package to proxy HTTP requests. We recommend that all users upgrade to Go
1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we have
released version 1.4.3, which is based on Go 1.4.2 plus fixes for these issues.
Affected Go programs—those that use the net/http package as a proxy server—must
be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.
The CVE issue descriptions and fixes are linked below.
CVE-2015-5739
"Content Length" treated as valid header:
https://go-review.googlesource.com/#/c/11772/
CVE-2015-5740
Double content-length headers does not return 400 error:
https://go-review.googlesource.com/#/c/11810/
CVE-2015-5741
Additional hardening, not sending Content-Length w/Transfer-Encoding,
Closing connections:
https://go-review.googlesource.com/#/c/11810/
https://go-review.googlesource.com/#/c/12865/
https://go-review.googlesource.com/#/c/13148/
The Go team would like to thank Jed Denlea and Régis Leroy for their
contributions to this release. They have been awarded 1337 USD under the Google
Security Bounty program.
Diffstat (limited to 'lang/go14')
| -rw-r--r-- | lang/go14/Makefile | 3 | ||||
| -rw-r--r-- | lang/go14/PLIST | 30 | ||||
| -rw-r--r-- | lang/go14/distinfo | 8 |
3 files changed, 10 insertions, 31 deletions
diff --git a/lang/go14/Makefile b/lang/go14/Makefile index c76b4870fb7..37bae3dc8bf 100644 --- a/lang/go14/Makefile +++ b/lang/go14/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.3 2015/08/22 23:32:40 wiz Exp $ +# $NetBSD: Makefile,v 1.4 2015/09/26 17:37:01 bsiegert Exp $ .include "../../lang/go/version.mk" DISTNAME= go${GO14_VERSION}.src PKGNAME= go14-${GO14_VERSION} -PKGREVISION= 2 CATEGORIES= lang MASTER_SITES= https://storage.googleapis.com/golang/ PATCH_SITES= https://codereview.appspot.com/download/ diff --git a/lang/go14/PLIST b/lang/go14/PLIST index 6b84564e9a2..295639b5495 100644 --- a/lang/go14/PLIST +++ b/lang/go14/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2015/07/31 14:46:25 bsiegert Exp $ +@comment $NetBSD: PLIST,v 1.2 2015/09/26 17:37:01 bsiegert Exp $ go14/AUTHORS go14/CONTRIBUTORS go14/LICENSE @@ -187,6 +187,9 @@ go14/include/plan9/stdarg.h go14/include/plan9/utf.h go14/include/u.h go14/include/utf.h +go14/lib/codereview/codereview.cfg +go14/lib/codereview/codereview.py +go14/lib/codereview/test.sh go14/lib/time/README go14/lib/time/update.bash go14/lib/time/zoneinfo.zip @@ -338,33 +341,9 @@ go14/misc/chrome/gophertool/gopher.png go14/misc/chrome/gophertool/manifest.json go14/misc/chrome/gophertool/popup.html go14/misc/chrome/gophertool/popup.js -go14/misc/dashboard/codereview/app.yaml -go14/misc/dashboard/codereview/cron.yaml -go14/misc/dashboard/codereview/dashboard/cl.go -go14/misc/dashboard/codereview/dashboard/front.go -go14/misc/dashboard/codereview/dashboard/gc.go -go14/misc/dashboard/codereview/dashboard/mail.go -go14/misc/dashboard/codereview/dashboard/people.go -go14/misc/dashboard/codereview/index.yaml -go14/misc/dashboard/codereview/queue.yaml -go14/misc/dashboard/codereview/static/gopherstamp.jpg -go14/misc/dashboard/codereview/static/icon.png go14/misc/editors go14/misc/git/pre-commit go14/misc/linkcheck/linkcheck.go -go14/misc/makerelease/darwin/Distribution -go14/misc/makerelease/darwin/Resources/bg.png -go14/misc/makerelease/darwin/etc/paths.d/go -go14/misc/makerelease/darwin/scripts/postinstall -go14/misc/makerelease/darwin/scripts/preinstall -go14/misc/makerelease/makerelease.go -go14/misc/makerelease/windows/LICENSE.rtf -go14/misc/makerelease/windows/README.txt -go14/misc/makerelease/windows/images/Banner.jpg -go14/misc/makerelease/windows/images/Dialog.jpg -go14/misc/makerelease/windows/images/DialogLeft.jpg -go14/misc/makerelease/windows/images/gopher.ico -go14/misc/makerelease/windows/installer.wxs go14/misc/nacl/README go14/misc/nacl/go_nacl_386_exec go14/misc/nacl/go_nacl_amd64p32_exec @@ -4039,6 +4018,7 @@ go14/test/fixedbugs/bug488.go go14/test/fixedbugs/bug489.go go14/test/fixedbugs/bug490.go go14/test/fixedbugs/bug491.go +go14/test/fixedbugs/issue10135.go go14/test/fixedbugs/issue1304.go go14/test/fixedbugs/issue2615.go go14/test/fixedbugs/issue3552.dir/one.go diff --git a/lang/go14/distinfo b/lang/go14/distinfo index 2b2caea4cad..7ea57b09ee2 100644 --- a/lang/go14/distinfo +++ b/lang/go14/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.2 2015/09/14 13:32:49 joerg Exp $ +$NetBSD: distinfo,v 1.3 2015/09/26 17:37:01 bsiegert Exp $ -SHA1 (go1.4.2.src.tar.gz) = 460caac03379f746c473814a65223397e9c9a2f6 -RMD160 (go1.4.2.src.tar.gz) = dea15b3b4c31554a47b40799f4b9a926ea760e70 -Size (go1.4.2.src.tar.gz) = 10921896 bytes +SHA1 (go1.4.3.src.tar.gz) = 486db10dc571a55c8d795365070f66d343458c48 +RMD160 (go1.4.3.src.tar.gz) = b1fbb2805a777c8107e7c946f36a881303ac5e35 +Size (go1.4.3.src.tar.gz) = 10875170 bytes SHA1 (patch-doc_progs_run) = 5a29fe4f91defb2e20d192850601df7cbabdac7c SHA1 (patch-misc_cgo_test_cthread__unix.c) = a63f08f07713bd32e279315cca21235101ce9cd3 SHA1 (patch-misc_cgo_testso_cgoso.go) = ef782a6f173c814656eac0df640aedaa1a923bbc |