Update go113 to 1.13.1.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: Update go113 to 1.13.1.
From: Benny Siegert <bsiegert%gmail.com@localhost>
Date: Thu, 26 Sep 2019 20:33:41 +0000

Module Name:	pkgsrc-wip
Committed By:	Benny Siegert <bsiegert%gmail.com@localhost>
Pushed By:	bsiegert
Date:		Thu Sep 26 20:33:41 2019 +0000
Changeset:	1e1375458abb1db7b0205db2805e2f0e1807ba38

Modified Files:
	go113/Makefile
	go113/distinfo

Log Message:
Update go113 to 1.13.1.

net/http (through net/textproto) used to accept and normalize invalid
HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If
a Go server is used behind an uncommon reverse proxy that accepts and
forwards but doesn't normalize such invalid headers, the reverse proxy and
the server can interpret the headers differently. This can lead to filter
bypasses or request smuggling, the latter if requests from separate clients
are multiplexed onto the same upstream connection by the proxy. Such invalid
headers are now rejected by Go servers, and passed without normalization to
Go client applications.

The issue is CVE-2019-16276 and Go issue golang.org/issue/34540.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=1e1375458abb1db7b0205db2805e2f0e1807ba38

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 go113/Makefile | 2 +-
 go113/distinfo | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/go113/Makefile b/go113/Makefile
index b7b6891e53..c26e5161ab 100644
--- a/go113/Makefile
+++ b/go113/Makefile
@@ -3,7 +3,7 @@
 .include "../../lang/go/version.mk"
 
 # This should go into version.mk
-GO113_VERSION=	1.13
+GO113_VERSION=	1.13.1
 
 DISTNAME=	go${GO113_VERSION}.src
 PKGNAME=	go113-${GO113_VERSION}
diff --git a/go113/distinfo b/go113/distinfo
index ee9ba75c56..d63df80dc7 100644
--- a/go113/distinfo
+++ b/go113/distinfo
@@ -1,9 +1,9 @@
 $NetBSD: distinfo,v 1.4 2019/05/27 15:16:38 bsiegert Exp $
 
-SHA1 (go1.13.src.tar.gz) = 402cb0d9c0c7af03e885fc800015f772b8cac123
-RMD160 (go1.13.src.tar.gz) = 50244f6be4dd3eaa6afc7e06a91b9f6c9cb3b5d7
-SHA512 (go1.13.src.tar.gz) = c6346b1ab256cb743dd98625d8b16cdcc1365b186e039e99747d6c18041045daa065f6bdce17cca0a9800be2dbb34e90adf5518d5295693f80435c02fe5b2cd8
-Size (go1.13.src.tar.gz) = 21621948 bytes
+SHA1 (go1.13.1.src.tar.gz) = d1d5b23cbc7b83f873f97daedd45789c009cca9b
+RMD160 (go1.13.1.src.tar.gz) = 1f21e0bb10a3ef1fade44bd4c86849741540c950
+SHA512 (go1.13.1.src.tar.gz) = 696fc735271bd76ae59c5015c8efa52121243257f4ffcc1460fd79cf9a5e167db0b30d04137ec71a8789742673c2288bd62d55b546c2d2b2a05e8b3669af8616
+Size (go1.13.1.src.tar.gz) = 21622361 bytes
 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_cmd_link_internal_ld_elf.go) = 990a54e3baf239916e4c7f0c1d54240e2898601a

Prev by Date: Revbump Go packages after 1.12.10 update.
Next by Date: eureka-devel: Import git revision 25b14606cd896f30c19a6793b51732f60ba7bd92
Previous by Thread: Revbump Go packages after 1.12.10 update.
Next by Thread: eureka-devel: Import git revision 25b14606cd896f30c19a6793b51732f60ba7bd92
Indexes:

Home | Main Index | Thread Index | Old Index