pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat Oct  7 18:09:35 UTC 2023

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go120: PLIST distinfo

Log Message:
go120: update to 1.20.9 (security).

cmd/go: line directives allows arbitrary execution during build

"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.

This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9


To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.189 pkgsrc/lang/go/version.mk:1.190
--- pkgsrc/lang/go/version.mk:1.189     Fri Sep  8 19:02:04 2023
+++ pkgsrc/lang/go/version.mk   Sat Oct  7 18:09:35 2023
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.189 2023/09/08 19:02:04 bsiegert Exp $
+# $NetBSD: version.mk,v 1.190 2023/10/07 18:09:35 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO121_VERSION= 1.21.1
-GO120_VERSION= 1.20.8
+GO120_VERSION= 1.20.9
 GO119_VERSION= 1.19.13
 GO118_VERSION= 1.18.10
 GO14_VERSION=  1.4.3

Index: pkgsrc/lang/go120/PLIST
diff -u pkgsrc/lang/go120/PLIST:1.8 pkgsrc/lang/go120/PLIST:1.9
--- pkgsrc/lang/go120/PLIST:1.8 Fri Sep  8 18:49:45 2023
+++ pkgsrc/lang/go120/PLIST     Sat Oct  7 18:09:35 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2023/09/08 18:49:45 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.9 2023/10/07 18:09:35 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go120/CONTRIBUTING.md
@@ -52,6 +52,7 @@ go120/misc/cgo/errors/ptr_test.go
 go120/misc/cgo/errors/testdata/err1.go
 go120/misc/cgo/errors/testdata/err2.go
 go120/misc/cgo/errors/testdata/err4.go
+go120/misc/cgo/errors/testdata/err5.go
 go120/misc/cgo/errors/testdata/issue11097a.go
 go120/misc/cgo/errors/testdata/issue11097b.go
 go120/misc/cgo/errors/testdata/issue14669.go

Index: pkgsrc/lang/go120/distinfo
diff -u pkgsrc/lang/go120/distinfo:1.9 pkgsrc/lang/go120/distinfo:1.10
--- pkgsrc/lang/go120/distinfo:1.9      Fri Sep  8 18:49:45 2023
+++ pkgsrc/lang/go120/distinfo  Sat Oct  7 18:09:35 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.9 2023/09/08 18:49:45 bsiegert Exp $
+$NetBSD: distinfo,v 1.10 2023/10/07 18:09:35 bsiegert Exp $
 
-BLAKE2s (go1.20.8.src.tar.gz) = 1a6eac2f36972598741a5ca8b1758e1840beed5e17f5362d8ad687cef3bb0109
-SHA512 (go1.20.8.src.tar.gz) = 858d0289b3cd709e71e14aed9a36fd3d462fb3aa72cc1108eef0c70ab583742ab2eff99a24f8bfd72d42d1cc741adc1d3619073fbed943f8aea20e453ed479d3
-Size (go1.20.8.src.tar.gz) = 26197375 bytes
+BLAKE2s (go1.20.9.src.tar.gz) = 5336075b906fa3871f9cf0debda08a43ba9eb0f2ea4f4b3dca655d1b98f02e4d
+SHA512 (go1.20.9.src.tar.gz) = 7234d187f8e0d2c6bcd3c4681b2a26509a65a3bd244bfdb1407b65ec87255744202ff992d6b20ec028904678a9ab8a4403b646343dfb000006daa8ce4e0644a2
+Size (go1.20.9.src.tar.gz) = 26198118 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home | Main Index | Thread Index | Old Index