[pkgsrc/trunk]: pkgsrc/lang go119: update to 1.19.1 (security)

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/lang go119: update to 1.19.1 (security)
From: bsiegert <bsiegert%pkgsrc.org@localhost>
Date: Tue, 06 Sep 2022 20:31:27 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/96d4d324b437
branches:  trunk
changeset: 384876:96d4d324b437
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Sep 06 19:11:13 2022 +0000

description:
go119: update to 1.19.1 (security)

This minor release includes 2 security fixes following the security policy:

net/http: handle server errors after sending GOAWAY

A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.

Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.

This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

net/url: JoinPath does not strip relative path components in all circumstances

JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev";, "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.

Thanks to q0jt for reporting this issue.

This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

diffstat:

 lang/go/version.mk  |   4 ++--
 lang/go119/PLIST    |  12 +++++++++++-
 lang/go119/distinfo |   8 ++++----
 3 files changed, 17 insertions(+), 7 deletions(-)

diffs (82 lines):

diff -r 704ce345fe18 -r 96d4d324b437 lang/go/version.mk
--- a/lang/go/version.mk        Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go/version.mk        Tue Sep 06 19:11:13 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.156 2022/08/21 11:42:19 bsiegert Exp $
+# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO119_VERSION= 1.19
+GO119_VERSION= 1.19.1
 GO118_VERSION= 1.18.5
 GO117_VERSION= 1.17.13
 GO116_VERSION= 1.16.15
diff -r 704ce345fe18 -r 96d4d324b437 lang/go119/PLIST
--- a/lang/go119/PLIST  Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go119/PLIST  Tue Sep 06 19:11:13 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go119/CONTRIBUTING.md
@@ -2634,6 +2634,7 @@
 go119/src/cmd/go/testdata/script/import_cycle.txt
 go119/src/cmd/go/testdata/script/import_ignore.txt
 go119/src/cmd/go/testdata/script/import_main.txt
+go119/src/cmd/go/testdata/script/import_unix_tag.txt
 go119/src/cmd/go/testdata/script/index.txt
 go119/src/cmd/go/testdata/script/install_cgo_excluded.txt
 go119/src/cmd/go/testdata/script/install_cleans_build.txt
@@ -3102,6 +3103,7 @@
 go119/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
 go119/src/cmd/go/testdata/script/test_race_install.txt
 go119/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go119/src/cmd/go/testdata/script/test_race_tag.txt
 go119/src/cmd/go/testdata/script/test_rebuildall.txt
 go119/src/cmd/go/testdata/script/test_regexps.txt
 go119/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -11214,7 +11216,12 @@
 go119/test/fixedbugs/issue53635.go
 go119/test/fixedbugs/issue53653.go
 go119/test/fixedbugs/issue53653.out
+go119/test/fixedbugs/issue53702.go
 go119/test/fixedbugs/issue5373.go
+go119/test/fixedbugs/issue53982.go
+go119/test/fixedbugs/issue54220.go
+go119/test/fixedbugs/issue54467.go
+go119/test/fixedbugs/issue54638.go
 go119/test/fixedbugs/issue5470.dir/a.go
 go119/test/fixedbugs/issue5470.dir/b.go
 go119/test/fixedbugs/issue5470.go
@@ -12073,6 +12080,9 @@
 go119/test/typeparam/issue53477.go
 go119/test/typeparam/issue53762.go
 go119/test/typeparam/issue54135.go
+go119/test/typeparam/issue54302.dir/a.go
+go119/test/typeparam/issue54302.dir/main.go
+go119/test/typeparam/issue54302.go
 go119/test/typeparam/list.go
 go119/test/typeparam/list2.go
 go119/test/typeparam/listimp.dir/a.go
diff -r 704ce345fe18 -r 96d4d324b437 lang/go119/distinfo
--- a/lang/go119/distinfo       Tue Sep 06 19:07:54 2022 +0000
+++ b/lang/go119/distinfo       Tue Sep 06 19:11:13 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.1 2022/08/21 11:42:19 bsiegert Exp $
+$NetBSD: distinfo,v 1.2 2022/09/06 19:11:13 bsiegert Exp $
 
-BLAKE2s (go1.19.src.tar.gz) = 2c1b998568e6c3e1eb3ab304635d922d6f5ae769e4ec32091905402a9505d3ea
-SHA512 (go1.19.src.tar.gz) = c4460d54957a0bcf3407ea72cd1c6b3c645ef4ef6cc0fa142a80cb43c06ca4af31d52b0ccd723c81d17a62004bc96559cad23da874a4b668b4d8b168f1da2186
-Size (go1.19.src.tar.gz) = 26521849 bytes
+BLAKE2s (go1.19.1.src.tar.gz) = 58558ab93053577809b2b826edf4e8217a312efcaedbfbff5317beddcd8d4bee
+SHA512 (go1.19.1.src.tar.gz) = 7e8cf557f05d5a537f9305bb9c19cf8ab9ce640376e5ea97ff0d490b016364936e8dfc129462760c4e817af01fdf09e3f815b88412f9985bb254dfa3167752c0
+Size (go1.19.1.src.tar.gz) = 26527375 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated lang/go119 to 1.19.1
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/py-ipython py-ipython: updated to 8.5.0
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated lang/go119 to 1.19.1
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-ipython py-ipython: updated to 8.5.0
Indexes:

Home | Main Index | Thread Index | Old Index