diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2022-04-13 07:36:53 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2022-04-13 07:36:53 +0000 |
| commit | 3c9ac2e4564d43762b4c3438777bed06feb853eb (patch) | |
| tree | 334e2ebdc84c1350293f45f3308753cba3cbfc30 /lang | |
| parent | 68920d57fe07e7ceeab87a4d24c4ec1e4270b8c3 (diff) | |
| download | pkgsrc-3c9ac2e4564d43762b4c3438777bed06feb853eb.tar.gz | |
go117: update to 1.17.9
This minor release includes three security fixes following the security policy:
- encoding/pem: fix stack overflow in Decode
A large (more than 5 MB) PEM input can cause a stack overflow in Decode,
leading the program to crash.
Thanks to Juho Nurminen of Mattermost who reported the error.
This is CVE-2022-24675 and https://go.dev/issue/51853.
- crypto/elliptic: tolerate all oversized scalars in generic P-256
A crafted scalar input longer than 32 bytes can cause P256().ScalarMult or
P256().ScalarBaseMult to panic. Indirect uses through crypto/ecdsa and
crypto/tls are unaffected. amd64, arm64, ppc64le, and s390x are unaffected.
This was discovered thanks to a Project Wycheproof test vector.
This is CVE-2022-28327 and https://go.dev/issue/52075.
- crypto/x509: non-compliant certificates can cause a panic in Verify on macOS in Go 1.18
Verifying certificate chains containing certificates which are not compliant
with RFC 5280 causes Certificate.Verify to panic on macOS.
These chains can be delivered through TLS and can cause a crypto/tls or
net/http client to crash.
Thanks to Tailscale for doing weird things and finding this.
This is CVE-2022-27536 and https://go.dev/issue/51759.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/go/version.mk | 4 | ||||
| -rw-r--r-- | lang/go117/PLIST | 13 | ||||
| -rw-r--r-- | lang/go117/distinfo | 8 |
3 files changed, 14 insertions, 11 deletions
diff --git a/lang/go/version.mk b/lang/go/version.mk index 9f0c1b6a756..0c60de7b5b0 100644 --- a/lang/go/version.mk +++ b/lang/go/version.mk @@ -1,4 +1,4 @@ -# $NetBSD: version.mk,v 1.144 2022/03/15 20:13:45 bsiegert Exp $ +# $NetBSD: version.mk,v 1.145 2022/04/13 07:36:53 bsiegert Exp $ # # If bsd.prefs.mk is included before go-package.mk in a package, then this @@ -7,7 +7,7 @@ .include "go-vars.mk" GO118_VERSION= 1.18 -GO117_VERSION= 1.17.8 +GO117_VERSION= 1.17.9 GO116_VERSION= 1.16.15 GO110_VERSION= 1.10.8 GO19_VERSION= 1.9.7 diff --git a/lang/go117/PLIST b/lang/go117/PLIST index 3bf051eb780..f74bad8e719 100644 --- a/lang/go117/PLIST +++ b/lang/go117/PLIST @@ -1,6 +1,6 @@ -@comment $NetBSD: PLIST,v 1.7 2022/03/07 08:44:52 bsiegert Exp $ -bin/go${GOVERSSUFFIX} -bin/gofmt${GOVERSSUFFIX} +@comment $NetBSD: PLIST,v 1.8 2022/04/13 07:36:53 bsiegert Exp $ +bin/go117 +bin/gofmt117 go117/AUTHORS go117/CONTRIBUTING.md go117/CONTRIBUTORS @@ -295,6 +295,9 @@ go117/misc/cgo/testplugin/testdata/method/plugin.go go117/misc/cgo/testplugin/testdata/method2/main.go go117/misc/cgo/testplugin/testdata/method2/p/p.go go117/misc/cgo/testplugin/testdata/method2/plugin.go +go117/misc/cgo/testplugin/testdata/method3/main.go +go117/misc/cgo/testplugin/testdata/method3/p/p.go +go117/misc/cgo/testplugin/testdata/method3/plugin.go go117/misc/cgo/testplugin/testdata/plugin1/plugin1.go go117/misc/cgo/testplugin/testdata/plugin2/plugin2.go go117/misc/cgo/testplugin/testdata/sub/plugin1/plugin1.go @@ -783,7 +786,7 @@ go117/pkg/${GO_PLATFORM}/net/url.a go117/pkg/${GO_PLATFORM}/os.a go117/pkg/${GO_PLATFORM}/os/exec.a go117/pkg/${GO_PLATFORM}/os/signal.a -${PLIST.pty}go117/pkg/${GO_PLATFORM}/os/signal/internal/pty.a +go117/pkg/${GO_PLATFORM}/os/signal/internal/pty.a go117/pkg/${GO_PLATFORM}/os/user.a go117/pkg/${GO_PLATFORM}/path.a go117/pkg/${GO_PLATFORM}/path/filepath.a @@ -837,7 +840,7 @@ go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/http/httpproxy.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/http2/hpack.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/idna.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/nettest.a -${PLIST.route}go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/route.a +go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/net/route.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/sys/cpu.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/text/secure/bidirule.a go117/pkg/${GO_PLATFORM}/vendor/golang.org/x/text/transform.a diff --git a/lang/go117/distinfo b/lang/go117/distinfo index 08b6914ca11..4c2b0a26006 100644 --- a/lang/go117/distinfo +++ b/lang/go117/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.14 2022/03/07 08:44:52 bsiegert Exp $ +$NetBSD: distinfo,v 1.15 2022/04/13 07:36:53 bsiegert Exp $ -BLAKE2s (go1.17.8.src.tar.gz) = c974cde147bb2bd4e149b6d06f253be12ae6e4838170957c0a17c94cedaf6830 -SHA512 (go1.17.8.src.tar.gz) = 21d5c51ce62bc3b987dd5bf7c6b7e1a934fe40582bfbbe99ca80c26d41253e796a4b9d02c571f1e5ab3fd7c3950175e23b9929b0d934f421c96a6d6128c44668 -Size (go1.17.8.src.tar.gz) = 22199282 bytes +BLAKE2s (go1.17.9.src.tar.gz) = e5c413e7ce5ed7521af79b7e46f86d727bc4b8230dae3ad4c3e9cf436e2f5a7c +SHA512 (go1.17.9.src.tar.gz) = 70c7a6b43531c445cce13963644cc766e5d167597452a1324eacb2ee95bdd9c860ef62f13261bfc4c6baae5773f8953ce6cda9fae21eb7ac0e90bae1ca044a02 +Size (go1.17.9.src.tar.gz) = 22200358 bytes SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e |