diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2016-12-04 16:08:55 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2016-12-04 16:08:55 +0000 |
| commit | f027972d5f8c3be64458edfd72c5599cc4afc1d8 (patch) | |
| tree | f400fc4bf3ec93f0b2dca5e4b1fa0fc176161bdc /lang | |
| parent | 3cc22d9bc0d3f792790bad66d97961d6e764e95d (diff) | |
| download | pkgsrc-f027972d5f8c3be64458edfd72c5599cc4afc1d8.tar.gz | |
Update Go to 1.7.4.
Two security-related issues were recently reported, and to address these issues
we have just released Go 1.6.4 and Go 1.7.4.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.7.4).
The issues addressed by these releases are:
On Darwin, user's trust preferences for root certificates were not honored. If
the user had a root certificate loaded in their Keychain that was explicitly
not trusted, a Go program would still verify a connection using that root
certificate. This is addressed by https://golang.org/cl/33721, tracked in
https://golang.org/issue/18141.
Thanks to Xy Ziemba for identifying and reporting this issue.
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request crafted
such that the server ran out of file descriptors. This is addressed by
https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/go/distinfo | 10 | ||||
| -rw-r--r-- | lang/go/version.mk | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/go/distinfo b/lang/go/distinfo index cbc1254a20c..3c0d1779990 100644 --- a/lang/go/distinfo +++ b/lang/go/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.41 2016/10/27 18:58:00 bsiegert Exp $ +$NetBSD: distinfo,v 1.42 2016/12/04 16:08:55 bsiegert Exp $ -SHA1 (go1.7.3.src.tar.gz) = a862e865e9fbfcae21deef3687543fbd16198e26 -RMD160 (go1.7.3.src.tar.gz) = a1fbbf8e0805989e2ca74d66912c87e58328c6b5 -SHA512 (go1.7.3.src.tar.gz) = 9289c7720a551725643be757df0b676b7ec3add73e5f01af5e3ac1d81e2b31a304aca6e86d395ddc06fc3982099814478b5ec693124a3327f79399db7bcd73eb -Size (go1.7.3.src.tar.gz) = 14196345 bytes +SHA1 (go1.7.4.src.tar.gz) = 0fb305c827c8794cfda7e437befa6101a2d06b2e +RMD160 (go1.7.4.src.tar.gz) = 8de5ff1fd50a6f0b6bc16e0de0f1e13185f291f0 +SHA512 (go1.7.4.src.tar.gz) = dc9950c3ea7100e536ad58fd93505d584276b7c50d4b8fe2ba7f20fd043dcf0d315b735c48945302055e91517594cc2b0061ccec9478a8ab48f1f2836c20afb3 +Size (go1.7.4.src.tar.gz) = 14198817 bytes SHA1 (patch-lib_time_update.bash) = 17d28ba574dd08735b58cf73487104a5df3b7684 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0eca1eafa967268ae9b224be4aeda347ebc91901 diff --git a/lang/go/version.mk b/lang/go/version.mk index 0652980b86c..3527ffb2528 100644 --- a/lang/go/version.mk +++ b/lang/go/version.mk @@ -1,8 +1,8 @@ -# $NetBSD: version.mk,v 1.20 2016/12/02 20:26:01 maya Exp $ +# $NetBSD: version.mk,v 1.21 2016/12/04 16:08:55 bsiegert Exp $ .include "../../mk/bsd.prefs.mk" -GO_VERSION= 1.7.3 +GO_VERSION= 1.7.4 GO14_VERSION= 1.4.3 ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-*arm* |