diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2021-07-13 10:12:00 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2021-07-13 10:12:00 +0000 |
| commit | 8b67b8fd385d5c8dc4a5a2669093c5c88e38ff0c (patch) | |
| tree | 313887f3d735fb03a5b6744c6cc5f36ff9033c23 /lang/go | |
| parent | 98e543fc187a43289225192556fb9b72e5f1c811 (diff) | |
| download | pkgsrc-8b67b8fd385d5c8dc4a5a2669093c5c88e38ff0c.tar.gz | |
Update go116 to 1.16.6.
This minor release includes a security fix according to the new security policy.
crypto/tls clients can panic when provided a certificate of the wrong type for
the negotiated parameters. net/http clients performing HTTPS requests are also
affected. The panic can be triggered by an attacker in a privileged network
position without access to the server certificate's private key, as long as a
trusted ECDSA or Ed25519 certificate for the server exists (or can be issued),
or the client is configured with Config.InsecureSkipVerify. Clients that
disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher
suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.
This is issue 47143 and CVE-2021-34558. Thanks to Imre Rad for reporting this
issue.
Diffstat (limited to 'lang/go')
| -rw-r--r-- | lang/go/version.mk | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lang/go/version.mk b/lang/go/version.mk index f909a4cbb51..eb4406ef671 100644 --- a/lang/go/version.mk +++ b/lang/go/version.mk @@ -1,4 +1,4 @@ -# $NetBSD: version.mk,v 1.121 2021/07/13 10:05:08 bsiegert Exp $ +# $NetBSD: version.mk,v 1.122 2021/07/13 10:12:00 bsiegert Exp $ # # If bsd.prefs.mk is included before go-package.mk in a package, then this @@ -6,7 +6,7 @@ # .include "go-vars.mk" -GO116_VERSION= 1.16.5 +GO116_VERSION= 1.16.6 GO115_VERSION= 1.15.14 GO110_VERSION= 1.10.8 GO19_VERSION= 1.9.7 |