pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jun 6 13:45:15 UTC 2025
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go123: PLIST distinfo
pkgsrc/lang/go124: PLIST distinfo
Log Message:
Update go123 to 1.23.10 and go124 to 1.24.4 (security)
These minor releases include 3 security fixes following the security policy:
- net/http: sensitive headers not cleared on cross-origin redirect
Proxy-Authorization and Proxy-Authenticate headers persisted on
cross-origin redirects potentially leaking sensitive information.
Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting
this issue.
This is CVE-2025-4673 and Go issue https://go.dev/issue/73816.
- os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and
Windows systems when the target path was a dangling symlink. On Unix
systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks.
On Windows, when the target path was a symlink to a nonexistent location,
OpenFile would create a file in that location.
OpenFile now always returns an error when the O_CREATE and O_EXCL flags
are both set and the target path is a symlink.
Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab for
discovering this issue.
This is CVE-2025-0913 and Go issue https://go.dev/issue/73702.
- crypto/x509: usage of ExtKeyUsageAny disables policy validation
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny
unintentionally disabledpolicy validation. This only affected certificate
chains which contain policy graphs, which are rather uncommon.
Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this
issue.
This is CVE-2025-22874 and Go issue https://go.dev/issue/73612.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.4
To generate a diff of this commit:
cvs rdiff -u -r1.231 -r1.232 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go123/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go123/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go124/PLIST pkgsrc/lang/go124/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.231 pkgsrc/lang/go/version.mk:1.232
--- pkgsrc/lang/go/version.mk:1.231 Thu May 8 18:55:52 2025
+++ pkgsrc/lang/go/version.mk Fri Jun 6 13:45:14 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.231 2025/05/08 18:55:52 bsiegert Exp $
+# $NetBSD: version.mk,v 1.232 2025/06/06 13:45:14 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
#
.include "go-vars.mk"
-GO124_VERSION= 1.24.3
-GO123_VERSION= 1.23.9
+GO124_VERSION= 1.24.4
+GO123_VERSION= 1.23.10
GO122_VERSION= 1.22.12
GO120_VERSION= 1.20.14
GO118_VERSION= 1.18.10
Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.9 pkgsrc/lang/go123/PLIST:1.10
--- pkgsrc/lang/go123/PLIST:1.9 Thu May 8 18:55:52 2025
+++ pkgsrc/lang/go123/PLIST Fri Jun 6 13:45:14 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2025/05/08 18:55:52 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.10 2025/06/06 13:45:14 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go123/CONTRIBUTING.md
@@ -3418,6 +3418,8 @@ go123/src/cmd/link/testdata/linkname/ok.
go123/src/cmd/link/testdata/linkname/p/p.go
go123/src/cmd/link/testdata/linkname/push.go
go123/src/cmd/link/testdata/linkname/sched.go
+go123/src/cmd/link/testdata/linkname/textvar/asm.s
+go123/src/cmd/link/testdata/linkname/textvar/main.go
go123/src/cmd/link/testdata/pe-binutils/main.go
go123/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
go123/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.11 pkgsrc/lang/go123/distinfo:1.12
--- pkgsrc/lang/go123/distinfo:1.11 Thu May 8 18:55:52 2025
+++ pkgsrc/lang/go123/distinfo Fri Jun 6 13:45:14 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.11 2025/05/08 18:55:52 bsiegert Exp $
+$NetBSD: distinfo,v 1.12 2025/06/06 13:45:14 bsiegert Exp $
BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.9.src.tar.gz) = 0baa261abe5d019650942e21285b18b0332781baa139e0ed417ea58981701049
-SHA512 (go1.23.9.src.tar.gz) = 0f80680caabbf50a4f55555d0515530c55e297f38bf193a9da531e640f069719e3c7a5670b72f7629fada8162f978305ae1e4e6398369b8021cfe6dc9157254a
-Size (go1.23.9.src.tar.gz) = 28182928 bytes
+BLAKE2s (go1.23.10.src.tar.gz) = 15ae1f8f571ac69bfb71a67724772d1e0ab0a2e2efb66af17b067e5a22a91e30
+SHA512 (go1.23.10.src.tar.gz) = 20639185b05720aa8bb295c54e3eaa7cf56739763544d28ce14a6f0323bf890900d5fad13086032291fbefad4482f1442772875bbdf16a94e2286eb405c8f327
+Size (go1.23.10.src.tar.gz) = 28183775 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Index: pkgsrc/lang/go124/PLIST
diff -u pkgsrc/lang/go124/PLIST:1.4 pkgsrc/lang/go124/PLIST:1.5
--- pkgsrc/lang/go124/PLIST:1.4 Thu May 8 18:55:52 2025
+++ pkgsrc/lang/go124/PLIST Fri Jun 6 13:45:14 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2025/05/08 18:55:52 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.5 2025/06/06 13:45:14 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go124/CONTRIBUTING.md
@@ -56,6 +56,7 @@ go124/go.env
go124/lib/fips140/Makefile
go124/lib/fips140/README.md
go124/lib/fips140/fips140.sum
+go124/lib/fips140/inprocess.txt
go124/lib/fips140/v1.0.0.zip
go124/lib/time/README
go124/lib/time/mkzip.go
@@ -3502,6 +3503,8 @@ go124/src/cmd/link/testdata/linkname/ok.
go124/src/cmd/link/testdata/linkname/p/p.go
go124/src/cmd/link/testdata/linkname/push.go
go124/src/cmd/link/testdata/linkname/sched.go
+go124/src/cmd/link/testdata/linkname/textvar/asm.s
+go124/src/cmd/link/testdata/linkname/textvar/main.go
go124/src/cmd/link/testdata/pe-binutils/main.go
go124/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
go124/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso
Index: pkgsrc/lang/go124/distinfo
diff -u pkgsrc/lang/go124/distinfo:1.4 pkgsrc/lang/go124/distinfo:1.5
--- pkgsrc/lang/go124/distinfo:1.4 Thu May 8 18:55:52 2025
+++ pkgsrc/lang/go124/distinfo Fri Jun 6 13:45:14 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.4 2025/05/08 18:55:52 bsiegert Exp $
+$NetBSD: distinfo,v 1.5 2025/06/06 13:45:14 bsiegert Exp $
-BLAKE2s (go1.24.3.src.tar.gz) = 7dadd01b0239f154d455cff91e10225f8532b34e69a2459296966495b3ce363f
-SHA512 (go1.24.3.src.tar.gz) = 05d19372fb923eeea19395b4de569d2ecfec7fadf2d8236d47cd667982de51c569e9816372cb79e32166553f9bcbe68f7bc2a6ded5655809b1caf5bd941011e7
-Size (go1.24.3.src.tar.gz) = 30789282 bytes
+BLAKE2s (go1.24.4.src.tar.gz) = 1338f7e0026c21a04feceefe7ccfbcb2c69102162cb26915852aa18b9a707470
+SHA512 (go1.24.4.src.tar.gz) = b785583fc53d62094b2de793a0e3281a26d2de17897a35b378fc2d13cb912ca473c37a7bae54a50660141809d5d0a70a97663d406cf30d7f0221ecbb5ffddec6
+Size (go1.24.4.src.tar.gz) = 30788576 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index