summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
authorbsiegert <bsiegert@pkgsrc.org>2022-09-07 06:36:32 +0000
committerbsiegert <bsiegert@pkgsrc.org>2022-09-07 06:36:32 +0000
commit0cd8417dbb0e92a8adcee35239001fb1c2ce5d9e (patch)
treef3a8dfd515187f4da51d4bcb54c6878f9f200711 /lang
parentb37b94dff1199127bdaaee44dea584f2533331c9 (diff)
downloadpkgsrc-0cd8417dbb0e92a8adcee35239001fb1c2ce5d9e.tar.gz
go118: update to 1.18.6 (security)
This minor release includes 2 security fixes following the security policy: net/http: handle server errors after sending GOAWAY A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service. Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu for reporting this. This is CVE-2022-27664 and Go issue https://go.dev/issue/54658. net/url: JoinPath does not strip relative path components in all circumstances JoinPath and URL.JoinPath would not remove ../ path components appended to a relative path. For example, JoinPath("https://go.dev", "../go") returned the URL https://go.dev/../go, despite the JoinPath documentation stating that ../ path elements are cleaned from the result. Thanks to q0jt for reporting this issue. This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
Diffstat (limited to 'lang')
-rw-r--r--lang/go/version.mk4
-rw-r--r--lang/go118/PLIST30
-rw-r--r--lang/go118/distinfo8
3 files changed, 30 insertions, 12 deletions
diff --git a/lang/go/version.mk b/lang/go/version.mk
index ec85325df86..0ed76a88c35 100644
--- a/lang/go/version.mk
+++ b/lang/go/version.mk
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
+# $NetBSD: version.mk,v 1.158 2022/09/07 06:36:32 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
.include "go-vars.mk"
GO119_VERSION= 1.19.1
-GO118_VERSION= 1.18.5
+GO118_VERSION= 1.18.6
GO117_VERSION= 1.17.13
GO116_VERSION= 1.16.15
GO110_VERSION= 1.10.8
diff --git a/lang/go118/PLIST b/lang/go118/PLIST
index 1fe28caa25d..faa345e3f83 100644
--- a/lang/go118/PLIST
+++ b/lang/go118/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go118/AUTHORS
@@ -585,7 +585,6 @@ go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolizer.
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolz.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/transport.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/profile.a
-go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/svgpan.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/ianlancetaylor/demangle.a
@@ -3014,6 +3013,7 @@ go118/src/cmd/go/testdata/script/test_race.txt
go118/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
go118/src/cmd/go/testdata/script/test_race_install.txt
go118/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go118/src/cmd/go/testdata/script/test_race_tag.txt
go118/src/cmd/go/testdata/script/test_rebuildall.txt
go118/src/cmd/go/testdata/script/test_regexps.txt
go118/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -3531,6 +3531,14 @@ go118/src/cmd/vendor/github.com/google/pprof/internal/driver/driver_focus.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/fetch.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flags.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flamegraph.go
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.css
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.js
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/flamegraph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/graph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/header.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/plaintext.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/source.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/top.html
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/interactive.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/options.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/settings.go
@@ -3560,11 +3568,15 @@ go118/src/cmd/vendor/github.com/google/pprof/profile/merge.go
go118/src/cmd/vendor/github.com/google/pprof/profile/profile.go
go118/src/cmd/vendor/github.com/google/pprof/profile/proto.go
go118/src/cmd/vendor/github.com/google/pprof/profile/prune.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/LICENSE
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/README.md
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/d3.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_FLAME_GRAPH_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/README.md
go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/d3_flame_graph.go
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/index.js
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package-lock.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/update.sh
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/webpack.config.js
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/LICENSE
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/svgpan.go
go118/src/cmd/vendor/github.com/ianlancetaylor/demangle/.gitignore
@@ -3756,6 +3768,7 @@ go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_illumos.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -10787,6 +10800,9 @@ go118/test/fixedbugs/issue5260.dir/a.go
go118/test/fixedbugs/issue5260.dir/b.go
go118/test/fixedbugs/issue5260.go
go118/test/fixedbugs/issue52612.go
+go118/test/fixedbugs/issue52788.go
+go118/test/fixedbugs/issue52788a.go
+go118/test/fixedbugs/issue52788a.out
go118/test/fixedbugs/issue5291.dir/pkg1.go
go118/test/fixedbugs/issue5291.dir/prog.go
go118/test/fixedbugs/issue5291.go
@@ -10797,7 +10813,9 @@ go118/test/fixedbugs/issue53454.go
go118/test/fixedbugs/issue5358.go
go118/test/fixedbugs/issue53600.go
go118/test/fixedbugs/issue53600.out
+go118/test/fixedbugs/issue53702.go
go118/test/fixedbugs/issue5373.go
+go118/test/fixedbugs/issue54467.go
go118/test/fixedbugs/issue5470.dir/a.go
go118/test/fixedbugs/issue5470.dir/b.go
go118/test/fixedbugs/issue5470.go
diff --git a/lang/go118/distinfo b/lang/go118/distinfo
index 828bb19b759..d578de74e59 100644
--- a/lang/go118/distinfo
+++ b/lang/go118/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
-BLAKE2s (go1.18.5.src.tar.gz) = 7c859789d63ca8a99845582df0ff049ab368d3f1c188699b3060391f2bdae527
-SHA512 (go1.18.5.src.tar.gz) = 4ba69ad49b5c17963fdc39ae7f5360fa38950db39ec1fb9b52744d6a209abf177dab6bd587e7457c83a4fd265589907ec241d8b09d0eac76cf984243a14500ef
-Size (go1.18.5.src.tar.gz) = 22847094 bytes
+BLAKE2s (go1.18.6.src.tar.gz) = 71c3a452522d81e751845cc89a341a7164d80c2d3368d36c6bf71191185117b2
+SHA512 (go1.18.6.src.tar.gz) = 2af66b09bfe033b413eb7603a73a490319bf49fec0a2e20c40350e60b9ef35250a6dc8544c5fc67bd1ede55e242d056e7749f69ef500a38b1efe4b8f93078de3
+Size (go1.18.6.src.tar.gz) = 22865753 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35