pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2016Q2]: pkgsrc/lang/go Pullup ticket #5064 - requested by bsi...
details: https://anonhg.NetBSD.org/pkgsrc/rev/18240bef549e
branches: pkgsrc-2016Q2
changeset: 408849:18240bef549e
user: spz <spz%pkgsrc.org@localhost>
date: Wed Jul 20 03:02:31 2016 +0000
description:
Pullup ticket #5064 - requested by bsiegert
lang/go: security update
Revisions pulled up:
- lang/go/Makefile 1.43
- lang/go/distinfo 1.37
- lang/go/version.mk 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Jul 18 20:37:40 UTC 2016
Modified Files:
pkgsrc/lang/go: Makefile distinfo version.mk
Log Message:
Update Go to 1.6.3.
A security-related issue was recently reported in Go's net/http/cgi =
package and
net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 =
contain
a fix for this issue.
Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation =
flaw in
the CGI components resulting in the HTTP_PROXY environment variable =
being set
by the incoming Proxy header. This environment variable was also used to =
set
the outgoing proxy, enabling an attacker to insert a proxy into outgoing
requests of a CGI program.
This is CVE-2016-5386 and was addressed by this change:
https://golang.org/cl/25010, tracked in this issue:
https://golang.org/issue/16405
The Go team would like to thank Dominic Scheirlinck for coordinating =
disclosure
of this issue across multiple languages and CGI environments. Read more =
about
"httpoxy" here: https://httpoxy.org/
Go 1.6.3 also adds support for macOS Sierra. See =
https://golang.org/issue/16354
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/go/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/go/version.mk
diffstat:
lang/go/distinfo | 10 +++++-----
lang/go/version.mk | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (32 lines):
diff -r 2c411fc950c5 -r 18240bef549e lang/go/distinfo
--- a/lang/go/distinfo Wed Jul 20 02:55:36 2016 +0000
+++ b/lang/go/distinfo Wed Jul 20 03:02:31 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.36 2016/04/30 11:22:28 bsiegert Exp $
+$NetBSD: distinfo,v 1.36.2.1 2016/07/20 03:02:31 spz Exp $
-SHA1 (go1.6.2.src.tar.gz) = 09232ac0e76635cc9e0a1f33a81bf03ae9cb9db5
-RMD160 (go1.6.2.src.tar.gz) = 012b5845dad83c47cbc2d915ab062bf4341803cb
-SHA512 (go1.6.2.src.tar.gz) = e148022f9e18b5d5b05744f1aa9fa3ef82e255752179545711ade077e271216aa5b450859a764fdfb028ae4faa26adad8d0a0a5268b31396ab9d14de3cb2f20a
-Size (go1.6.2.src.tar.gz) = 12617724 bytes
+SHA1 (go1.6.3.src.tar.gz) = b487b9127afba37e6c62305165bf840758d6adaf
+RMD160 (go1.6.3.src.tar.gz) = 215142f0c2f67a49fec97056974113caca95672b
+SHA512 (go1.6.3.src.tar.gz) = 43e9b01220788112a185500bd53f091e7a0023a790092f428e2f40fc1a334dd148558b99d2a1c871b8cc79ad7d2d87a092b93eee7b5a27c2ee675c494de35306
+Size (go1.6.3.src.tar.gz) = 12617426 bytes
SHA1 (patch-lib_time_update.bash) = bcf565b97ae7898a9e5cef7686fe42c69bc0bba1
SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
SHA1 (patch-src_cmd_go_pkg.go) = ccc470577951bd00741c39229599c0c06be52d0a
diff -r 2c411fc950c5 -r 18240bef549e lang/go/version.mk
--- a/lang/go/version.mk Wed Jul 20 02:55:36 2016 +0000
+++ b/lang/go/version.mk Wed Jul 20 03:02:31 2016 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: version.mk,v 1.14 2016/04/30 11:22:28 bsiegert Exp $
+# $NetBSD: version.mk,v 1.14.2.1 2016/07/20 03:02:31 spz Exp $
.include "../../mk/bsd.prefs.mk"
-GO_VERSION= 1.6.2
+GO_VERSION= 1.6.3
GO14_VERSION= 1.4.3
ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-evbarm
Home |
Main Index |
Thread Index |
Old Index