CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Thu, 9 Dec 2021 17:25:56 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Dec  9 17:25:56 UTC 2021

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go117: PLIST distinfo

Log Message:
Update go117 to 1.17.5.

go1.17.4 (released 2021-12-02) includes fixes to the compiler, linker, runtime,
and the go/types, net/http, and time packages. See the Go 1.17.4 milestone on
our issue tracker for details.

go1.17.5 (released 2021-12-09) includes security fixes to the syscall and
net/http packages. See the Go 1.17.5 milestone on our issue tracker for
details.

When a Go program running on a Unix system is out of file descriptors and calls
syscall.ForkExec (including indirectly by using the os/exec package),
syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or
can be provoked) repeatedly, it can result in misdirected I/O such as writing
network traffic intended for one connection to a different connection, or
content intended for one file to a different one.

This is CVE-2021-44717 and is fixed in Go 1.17.5 and Go 1.16.12.

An attacker can cause unbounded memory growth in a Go server accepting HTTP/2
requests.

This is CVE-2021-44716 and is fixed in Go 1.17.5 and Go 1.16.12.


To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.137 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go117/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/go117/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.136 pkgsrc/lang/go/version.mk:1.137
--- pkgsrc/lang/go/version.mk:1.136     Thu Dec  9 17:13:49 2021
+++ pkgsrc/lang/go/version.mk   Thu Dec  9 17:25:56 2021
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.136 2021/12/09 17:13:49 bsiegert Exp $
+# $NetBSD: version.mk,v 1.137 2021/12/09 17:25:56 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO117_VERSION= 1.17.3
+GO117_VERSION= 1.17.5
 GO116_VERSION= 1.16.12
 GO110_VERSION= 1.10.8
 GO19_VERSION=  1.9.7

Index: pkgsrc/lang/go117/PLIST
diff -u pkgsrc/lang/go117/PLIST:1.3 pkgsrc/lang/go117/PLIST:1.4
--- pkgsrc/lang/go117/PLIST:1.3 Fri Nov  5 19:35:00 2021
+++ pkgsrc/lang/go117/PLIST     Thu Dec  9 17:25:56 2021
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2021/11/05 19:35:00 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.4 2021/12/09 17:25:56 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go117/AUTHORS
@@ -4987,6 +4987,7 @@ go117/src/go/types/testdata/fixedbugs/is
 go117/src/go/types/testdata/fixedbugs/issue45985.go2
 go117/src/go/types/testdata/fixedbugs/issue46403.src
 go117/src/go/types/testdata/fixedbugs/issue46404.go1
+go117/src/go/types/testdata/fixedbugs/issue48819.src
 go117/src/go/types/testdata/fixedbugs/issue6977.src
 go117/src/go/types/token_test.go
 go117/src/go/types/type.go
@@ -10013,6 +10014,7 @@ go117/test/fixedbugs/issue48088.dir/a.go
 go117/test/fixedbugs/issue48088.dir/b.go
 go117/test/fixedbugs/issue48088.go
 go117/test/fixedbugs/issue4813.go
+go117/test/fixedbugs/issue48289.go
 go117/test/fixedbugs/issue4847.go
 go117/test/fixedbugs/issue48473.go
 go117/test/fixedbugs/issue48476.go
@@ -10021,10 +10023,13 @@ go117/test/fixedbugs/issue4879.dir/b.go
 go117/test/fixedbugs/issue4879.go
 go117/test/fixedbugs/issue4909a.go
 go117/test/fixedbugs/issue4909b.go
+go117/test/fixedbugs/issue49122.go
+go117/test/fixedbugs/issue49249.go
 go117/test/fixedbugs/issue4932.dir/foo.go
 go117/test/fixedbugs/issue4932.dir/state.go
 go117/test/fixedbugs/issue4932.dir/state2.go
 go117/test/fixedbugs/issue4932.go
+go117/test/fixedbugs/issue49378.go
 go117/test/fixedbugs/issue4964.dir/a.go
 go117/test/fixedbugs/issue4964.dir/b.go
 go117/test/fixedbugs/issue4964.go

Index: pkgsrc/lang/go117/distinfo
diff -u pkgsrc/lang/go117/distinfo:1.10 pkgsrc/lang/go117/distinfo:1.11
--- pkgsrc/lang/go117/distinfo:1.10     Fri Nov  5 19:35:00 2021
+++ pkgsrc/lang/go117/distinfo  Thu Dec  9 17:25:56 2021
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.10 2021/11/05 19:35:00 bsiegert Exp $
+$NetBSD: distinfo,v 1.11 2021/12/09 17:25:56 bsiegert Exp $
 
-BLAKE2s (go1.17.3.src.tar.gz) = 18b2f8031ebfd8fcc074c5d72239410d018fb8780ebbfa3b107812f175a9c3c0
-SHA512 (go1.17.3.src.tar.gz) = a2793efefe3f7e89054453cada03c25a900a4a6b71b2dfa0f5f33c1d8946711c983067dd54021faa5605074708db8e4225d104be703d307f3dbcc6035410acbd
-Size (go1.17.3.src.tar.gz) = 22183309 bytes
+BLAKE2s (go1.17.5.src.tar.gz) = 6b93a04ae6f017ffe52a7281e41227203310c56c1bc26028e5d5a4de673b702d
+SHA512 (go1.17.5.src.tar.gz) = 6c833455fe79476c29a0565ae3b5ede452abb75689d52cbaa524743549f6f12681b6b5035dc4048387bd738c15b7cd8bdc4c875d54232ca2343c7404a4326884
+Size (go1.17.5.src.tar.gz) = 22186577 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e

Prev by Date: CVS commit: pkgsrc/lang
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index