CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Thu, 9 Dec 2021 17:13:49 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Dec  9 17:13:49 UTC 2021

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go116: distinfo

Log Message:
Update go116 to 1.16.12.

go1.16.12 (released 2021-12-09) includes security fixes to the syscall and
net/http packages. See the Go 1.16.12 milestone on our issue tracker for
details.

When a Go program running on a Unix system is out of file descriptors and calls
syscall.ForkExec (including indirectly by using the os/exec package),
syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or
can be provoked) repeatedly, it can result in misdirected I/O such as writing
network traffic intended for one connection to a different connection, or
content intended for one file to a different one.

This is CVE-2021-44717 and is fixed in Go 1.17.5 and Go 1.16.12.

An attacker can cause unbounded memory growth in a Go server accepting HTTP/2
requests.

This is CVE-2021-44716 and is fixed in Go 1.17.5 and Go 1.16.12.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/go116/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.135 pkgsrc/lang/go/version.mk:1.136
--- pkgsrc/lang/go/version.mk:1.135     Fri Dec  3 17:08:35 2021
+++ pkgsrc/lang/go/version.mk   Thu Dec  9 17:13:49 2021
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.135 2021/12/03 17:08:35 bsiegert Exp $
+# $NetBSD: version.mk,v 1.136 2021/12/09 17:13:49 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO117_VERSION= 1.17.3
-GO116_VERSION= 1.16.11
+GO116_VERSION= 1.16.12
 GO110_VERSION= 1.10.8
 GO19_VERSION=  1.9.7
 GO14_VERSION=  1.4.3

Index: pkgsrc/lang/go116/distinfo
diff -u pkgsrc/lang/go116/distinfo:1.17 pkgsrc/lang/go116/distinfo:1.18
--- pkgsrc/lang/go116/distinfo:1.17     Fri Dec  3 17:08:35 2021
+++ pkgsrc/lang/go116/distinfo  Thu Dec  9 17:13:49 2021
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.17 2021/12/03 17:08:35 bsiegert Exp $
+$NetBSD: distinfo,v 1.18 2021/12/09 17:13:49 bsiegert Exp $
 
-BLAKE2s (go1.16.11.src.tar.gz) = 5ca8645341b6e233738513c70953f25f8c3ccdeb59877b6a9e012a274f2db9e7
-SHA512 (go1.16.11.src.tar.gz) = bf3ed7d95945f3afa92478e737e1782078419165f2d9f76b21b8f144c2ba529cf7a3665da1f46c7633721fe5eb67bdf848dd5b30440b6f86a12f5acd2766abbd
-Size (go1.16.11.src.tar.gz) = 20918537 bytes
+BLAKE2s (go1.16.12.src.tar.gz) = 6e3f7dff5441b01bdded03b666843a6fe25100df58b0173e83f0334374d92198
+SHA512 (go1.16.12.src.tar.gz) = 01a641b1c52890ff375f62761db4d87f7207297c7971951ba9305aa99313b5ba3014cb7555096a8fd04c97c208d2432d71d94aa9134d1617f8bedb203aa91b58
+Size (go1.16.12.src.tar.gz) = 20918701 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/lang
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/lang
Indexes:

Home | Main Index | Thread Index | Old Index