pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang go118: update to 1.18.6 (security)
details: https://anonhg.NetBSD.org/pkgsrc/rev/0c65d1defed8
branches: trunk
changeset: 384914:0c65d1defed8
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Wed Sep 07 06:36:32 2022 +0000
description:
go118: update to 1.18.6 (security)
This minor release includes 2 security fixes following the security policy:
net/http: handle server errors after sending GOAWAY
A closing HTTP/2 server connection could hang forever waiting for a clean
shutdown that was preempted by a subsequent fatal error. This failure mode
could be exploited to cause a denial of service.
Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
and Kaan Onarlioglu for reporting this.
This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.
net/url: JoinPath does not strip relative path components in all circumstances
JoinPath and URL.JoinPath would not remove ../ path components appended to a
relative path. For example, JoinPath("https://go.dev";, "../go") returned the
URL https://go.dev/../go, despite the JoinPath documentation stating that ../
path elements are cleaned from the result.
Thanks to q0jt for reporting this issue.
This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.
diffstat:
lang/go/version.mk | 4 ++--
lang/go118/PLIST | 30 ++++++++++++++++++++++++------
lang/go118/distinfo | 8 ++++----
3 files changed, 30 insertions(+), 12 deletions(-)
diffs (122 lines):
diff -r db5a8cb56bde -r 0c65d1defed8 lang/go/version.mk
--- a/lang/go/version.mk Wed Sep 07 02:57:19 2022 +0000
+++ b/lang/go/version.mk Wed Sep 07 06:36:32 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.157 2022/09/06 19:11:13 bsiegert Exp $
+# $NetBSD: version.mk,v 1.158 2022/09/07 06:36:32 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
.include "go-vars.mk"
GO119_VERSION= 1.19.1
-GO118_VERSION= 1.18.5
+GO118_VERSION= 1.18.6
GO117_VERSION= 1.17.13
GO116_VERSION= 1.16.15
GO110_VERSION= 1.10.8
diff -r db5a8cb56bde -r 0c65d1defed8 lang/go118/PLIST
--- a/lang/go118/PLIST Wed Sep 07 02:57:19 2022 +0000
+++ b/lang/go118/PLIST Wed Sep 07 06:36:32 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go118/AUTHORS
@@ -585,7 +585,6 @@
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/symbolz.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/internal/transport.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/profile.a
-go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/google/pprof/third_party/svgpan.a
go118/pkg/${GO_PLATFORM}/cmd/vendor/github.com/ianlancetaylor/demangle.a
@@ -3014,6 +3013,7 @@
go118/src/cmd/go/testdata/script/test_race_cover_mode_issue20435.txt
go118/src/cmd/go/testdata/script/test_race_install.txt
go118/src/cmd/go/testdata/script/test_race_install_cgo.txt
+go118/src/cmd/go/testdata/script/test_race_tag.txt
go118/src/cmd/go/testdata/script/test_rebuildall.txt
go118/src/cmd/go/testdata/script/test_regexps.txt
go118/src/cmd/go/testdata/script/test_relative_cmdline.txt
@@ -3531,6 +3531,14 @@
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/fetch.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flags.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/flamegraph.go
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.css
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/common.js
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/flamegraph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/graph.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/header.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/plaintext.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/source.html
+go118/src/cmd/vendor/github.com/google/pprof/internal/driver/html/top.html
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/interactive.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/options.go
go118/src/cmd/vendor/github.com/google/pprof/internal/driver/settings.go
@@ -3560,11 +3568,15 @@
go118/src/cmd/vendor/github.com/google/pprof/profile/profile.go
go118/src/cmd/vendor/github.com/google/pprof/profile/proto.go
go118/src/cmd/vendor/github.com/google/pprof/profile/prune.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/LICENSE
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/README.md
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3/d3.go
-go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_FLAME_GRAPH_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/D3_LICENSE
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/README.md
go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/d3_flame_graph.go
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/index.js
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package-lock.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package.json
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/update.sh
+go118/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/webpack.config.js
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/LICENSE
go118/src/cmd/vendor/github.com/google/pprof/third_party/svgpan/svgpan.go
go118/src/cmd/vendor/github.com/ianlancetaylor/demangle/.gitignore
@@ -3756,6 +3768,7 @@
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_illumos.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
go118/src/cmd/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -10787,6 +10800,9 @@
go118/test/fixedbugs/issue5260.dir/b.go
go118/test/fixedbugs/issue5260.go
go118/test/fixedbugs/issue52612.go
+go118/test/fixedbugs/issue52788.go
+go118/test/fixedbugs/issue52788a.go
+go118/test/fixedbugs/issue52788a.out
go118/test/fixedbugs/issue5291.dir/pkg1.go
go118/test/fixedbugs/issue5291.dir/prog.go
go118/test/fixedbugs/issue5291.go
@@ -10797,7 +10813,9 @@
go118/test/fixedbugs/issue5358.go
go118/test/fixedbugs/issue53600.go
go118/test/fixedbugs/issue53600.out
+go118/test/fixedbugs/issue53702.go
go118/test/fixedbugs/issue5373.go
+go118/test/fixedbugs/issue54467.go
go118/test/fixedbugs/issue5470.dir/a.go
go118/test/fixedbugs/issue5470.dir/b.go
go118/test/fixedbugs/issue5470.go
diff -r db5a8cb56bde -r 0c65d1defed8 lang/go118/distinfo
--- a/lang/go118/distinfo Wed Sep 07 02:57:19 2022 +0000
+++ b/lang/go118/distinfo Wed Sep 07 06:36:32 2022 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2022/08/12 16:15:04 bsiegert Exp $
+$NetBSD: distinfo,v 1.7 2022/09/07 06:36:33 bsiegert Exp $
-BLAKE2s (go1.18.5.src.tar.gz) = 7c859789d63ca8a99845582df0ff049ab368d3f1c188699b3060391f2bdae527
-SHA512 (go1.18.5.src.tar.gz) = 4ba69ad49b5c17963fdc39ae7f5360fa38950db39ec1fb9b52744d6a209abf177dab6bd587e7457c83a4fd265589907ec241d8b09d0eac76cf984243a14500ef
-Size (go1.18.5.src.tar.gz) = 22847094 bytes
+BLAKE2s (go1.18.6.src.tar.gz) = 71c3a452522d81e751845cc89a341a7164d80c2d3368d36c6bf71191185117b2
+SHA512 (go1.18.6.src.tar.gz) = 2af66b09bfe033b413eb7603a73a490319bf49fec0a2e20c40350e60b9ef35250a6dc8544c5fc67bd1ede55e242d056e7749f69ef500a38b1efe4b8f93078de3
+Size (go1.18.6.src.tar.gz) = 22865753 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index