diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2022-09-07 06:36:32 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2022-09-07 06:36:32 +0000 |
commit | 0cd8417dbb0e92a8adcee35239001fb1c2ce5d9e (patch) | |
tree | f3a8dfd515187f4da51d4bcb54c6878f9f200711 /lang | |
parent | b37b94dff1199127bdaaee44dea584f2533331c9 (diff) | |
download | pkgsrc-0cd8417dbb0e92a8adcee35239001fb1c2ce5d9e.tar.gz |
go118: update to 1.18.6 (security)
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev", "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Diffstat (limited to 'lang')
-rw-r--r-- | lang/go/version.mk | 4 | ||||
-rw-r--r-- | lang/go118/PLIST | 30 | ||||
-rw-r--r-- | lang/go118/distinfo | 8 |
3 files changed, 30 insertions, 12 deletions
diff --git a/lang/go/version.mk b/lang/go/version.mk index ec85325df86..0ed76a88c35 100644 --- a/lang/go/version.mk +++ b/lang/go/version.mk @@ -1,4 +1,4 @@ -# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $ +# $NetBSD: version.mk,v 1.158 2022/09/07 06:36:32 bsiegert Exp $ # # If bsd.prefs.mk is included before go-package.mk in a package, then this @@ -7,7 +7,7 @@ .include "go-vars.mk" GO119_VERSION= 1.19.1 -GO118_VERSION= 1.18.5 +GO118_VERSION= 1.18.6 GO117_VERSION= 1.17.13 GO116_VERSION= 1.16.15 GO110_VERSION= 1.10.8 diff --git a/lang/go118/PLIST b/lang/go118/PLIST index 1fe28caa25d..faa345e3f83 100644 --- a/lang/go118/PLIST +++ b/lang/go118/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2022/08/12 16:15:04 bsiegert Exp $ +@comment $NetBSD: PLIST,v 1.7 2022/09/07 06:36:33 bsiegert Exp $ bin/go${GOVERSSUFFIX} bin/gofmt${GOVERSSUFFIX} go118/AUTHORS @@ -585,7 +585,6 @@ go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolizer. go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolz.a go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/transport.a go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/profile.a -go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3.a go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph.a go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/svgpan.a go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/ianlancetaylor/demangle.a @@ -3014,6 +3013,7 @@ go118/src/cmd/go/testdata/script/test_race.txt go118/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt go118/src/cmd/go/testdata/script/test_race_install.txt go118/src/cmd/go/testdata/script/test_race_install_cgo.txt +go118/src/cmd/go/testdata/script/test_race_tag.txt go118/src/cmd/go/testdata/script/test_rebuildall.txt go118/src/cmd/go/testdata/script/test_regexps.txt go118/src/cmd/go/testdata/script/test_relative_cmdline.txt @@ -3531,6 +3531,14 @@ go118/src/cmd/vendor/github.com/google/pprof/internal/driver/driver_focus.go go118/src/cmd/vendor/github.com/google/pprof/internal/driver/fetch.go go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flags.go go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flamegraph.go +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.css +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.js +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/flamegraph.html +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/graph.html +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/header.html +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/plaintext.html +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/source.html +go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/top.html go118/src/cmd/vendor/github.com/google/pprof/internal/driver/interactive.go go118/src/cmd/vendor/github.com/google/pprof/internal/driver/options.go go118/src/cmd/vendor/github.com/google/pprof/internal/driver/settings.go @@ -3560,11 +3568,15 @@ go118/src/cmd/vendor/github.com/google/pprof/profile/merge.go go118/src/cmd/vendor/github.com/google/pprof/profile/profile.go go118/src/cmd/vendor/github.com/google/pprof/profile/proto.go go118/src/cmd/vendor/github.com/google/pprof/profile/prune.go -go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/LICENSE -go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/README.md -go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/d3.go -go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/LICENSE +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_FLAME_GRAPH_LICENSE +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_LICENSE +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/README.md go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/d3_flame_graph.go +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/index.js +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package-lock.json +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package.json +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/update.sh +go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/webpack.config.js go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/LICENSE go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/svgpan.go go118/src/cmd/vendor/github.com/ianlancetaylor/demangle/.gitignore @@ -3756,6 +3768,7 @@ go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_illumos.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_386.go +go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_arm.go @@ -10787,6 +10800,9 @@ go118/test/fixedbugs/issue5260.dir/a.go go118/test/fixedbugs/issue5260.dir/b.go go118/test/fixedbugs/issue5260.go go118/test/fixedbugs/issue52612.go +go118/test/fixedbugs/issue52788.go +go118/test/fixedbugs/issue52788a.go +go118/test/fixedbugs/issue52788a.out go118/test/fixedbugs/issue5291.dir/pkg1.go go118/test/fixedbugs/issue5291.dir/prog.go go118/test/fixedbugs/issue5291.go @@ -10797,7 +10813,9 @@ go118/test/fixedbugs/issue53454.go go118/test/fixedbugs/issue5358.go go118/test/fixedbugs/issue53600.go go118/test/fixedbugs/issue53600.out +go118/test/fixedbugs/issue53702.go go118/test/fixedbugs/issue5373.go +go118/test/fixedbugs/issue54467.go go118/test/fixedbugs/issue5470.dir/a.go go118/test/fixedbugs/issue5470.dir/b.go go118/test/fixedbugs/issue5470.go diff --git a/lang/go118/distinfo b/lang/go118/distinfo index 828bb19b759..d578de74e59 100644 --- a/lang/go118/distinfo +++ b/lang/go118/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.6 2022/08/12 16:15:04 bsiegert Exp $ +$NetBSD: distinfo,v 1.7 2022/09/07 06:36:33 bsiegert Exp $ -BLAKE2s (go1.18.5.src.tar.gz) = 7c859789d63ca8a99845582df0ff049ab368d3f1c188699b3060391f2bdae527 -SHA512 (go1.18.5.src.tar.gz) = 4ba69ad49b5c17963fdc39ae7f5360fa38950db39ec1fb9b52744d6a209abf177dab6bd587e7457c83a4fd265589907ec241d8b09d0eac76cf984243a14500ef -Size (go1.18.5.src.tar.gz) = 22847094 bytes +BLAKE2s (go1.18.6.src.tar.gz) = 71c3a452522d81e751845cc89a341a7164d80c2d3368d36c6bf71191185117b2 +SHA512 (go1.18.6.src.tar.gz) = 2af66b09bfe033b413eb7603a73a490319bf49fec0a2e20c40350e60b9ef35250a6dc8544c5fc67bd1ede55e242d056e7749f69ef500a38b1efe4b8f93078de3 +Size (go1.18.6.src.tar.gz) = 22865753 bytes SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35 |