CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Tue, 6 Sep 2022 19:11:14 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Sep  6 19:11:13 UTC 2022

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go119: PLIST distinfo

Log Message:
go119: update to 1.19.1 (security)

This minor release includes 2 security fixes following the security policy:

net/http: handle server errors after sending GOAWAY

A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.

Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.

This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

net/url: JoinPath does not strip relative path components in all circumstances

JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev";, "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.

Thanks to q0jt for reporting this issue.

This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.


To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go119/PLIST pkgsrc/lang/go119/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.156 pkgsrc/lang/go/version.mk:1.157
--- pkgsrc/lang/go/version.mk:1.156     Sun Aug 21 11:42:19 2022
+++ pkgsrc/lang/go/version.mk   Tue Sep  6 19:11:13 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.156 2022/08/21 11:42:19 bsiegert Exp $
+# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO119_VERSION= 1.19
+GO119_VERSION= 1.19.1
 GO118_VERSION= 1.18.5
 GO117_VERSION= 1.17.13
 GO116_VERSION= 1.16.15

Index: pkgsrc/lang/go119/PLIST
diff -u pkgsrc/lang/go119/PLIST:1.1 pkgsrc/lang/go119/PLIST:1.2
--- pkgsrc/lang/go119/PLIST:1.1 Sun Aug 21 11:42:19 2022
+++ pkgsrc/lang/go119/PLIST     Tue Sep  6 19:11:13 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go119/CONTRIBUTING.md
@@ -2634,6 +2634,7 @@ go119/src/cmd/go/testdata/script/help.tx
 go119/src/cmd/go/testdata/script/import_cycle.txt
 go119/src/cmd/go/testdata/script/import_ignore.txt
 go119/src/cmd/go/testdata/script/import_main.txt
+go119/src/cmd/go/testdata/script/import_unix_tag.txt
 go119/src/cmd/go/testdata/script/index.txt
 go119/src/cmd/go/testdata/script/install_cgo_excluded.txt
 go119/src/cmd/go/testdata/script/install_cleans_build.txt
@@ -3102,6 +3103,7 @@ go119/src/cmd/go/testdata/script/test_ra
 go119/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
 go119/src/cmd/go/testdata/script/test_race_install.txt
 go119/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go119/src/cmd/go/testdata/script/test_race_tag.txt
 go119/src/cmd/go/testdata/script/test_rebuildall.txt
 go119/src/cmd/go/testdata/script/test_regexps.txt
 go119/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -11214,7 +11216,12 @@ go119/test/fixedbugs/issue53619.go
 go119/test/fixedbugs/issue53635.go
 go119/test/fixedbugs/issue53653.go
 go119/test/fixedbugs/issue53653.out
+go119/test/fixedbugs/issue53702.go
 go119/test/fixedbugs/issue5373.go
+go119/test/fixedbugs/issue53982.go
+go119/test/fixedbugs/issue54220.go
+go119/test/fixedbugs/issue54467.go
+go119/test/fixedbugs/issue54638.go
 go119/test/fixedbugs/issue5470.dir/a.go
 go119/test/fixedbugs/issue5470.dir/b.go
 go119/test/fixedbugs/issue5470.go
@@ -12073,6 +12080,9 @@ go119/test/typeparam/issue53419.go
 go119/test/typeparam/issue53477.go
 go119/test/typeparam/issue53762.go
 go119/test/typeparam/issue54135.go
+go119/test/typeparam/issue54302.dir/a.go
+go119/test/typeparam/issue54302.dir/main.go
+go119/test/typeparam/issue54302.go
 go119/test/typeparam/list.go
 go119/test/typeparam/list2.go
 go119/test/typeparam/listimp.dir/a.go
Index: pkgsrc/lang/go119/distinfo
diff -u pkgsrc/lang/go119/distinfo:1.1 pkgsrc/lang/go119/distinfo:1.2
--- pkgsrc/lang/go119/distinfo:1.1      Sun Aug 21 11:42:19 2022
+++ pkgsrc/lang/go119/distinfo  Tue Sep  6 19:11:13 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+$NetBSD: distinfo,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
 
-BLAKE2s (go1.19.src.tar.gz) = 2c1b998568e6c3e1eb3ab304635d922d6f5ae769e4ec32091905402a9505d3ea
-SHA512 (go1.19.src.tar.gz) = c4460d54957a0bcf3407ea72cd1c6b3c645ef4ef6cc0fa142a80cb43c06ca4af31d52b0ccd723c81d17a62004bc96559cad23da874a4b668b4d8b168f1da2186
-Size (go1.19.src.tar.gz) = 26521849 bytes
+BLAKE2s (go1.19.1.src.tar.gz) = 58558ab93053577809b2b826edf4e8217a312efcaedbfbff5317beddcd8d4bee
+SHA512 (go1.19.1.src.tar.gz) = 7e8cf557f05d5a537f9305bb9c19cf8ab9ce640376e5ea97ff0d490b016364936e8dfc129462760c4e817af01fdf09e3f815b88412f9985bb254dfa3167752c0
+Size (go1.19.1.src.tar.gz) = 26527375 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: CVS commit: pkgsrc/devel/py-astroid
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/py-astroid
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index