CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Wed, 8 Mar 2023 13:14:59 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Wed Mar  8 13:14:59 UTC 2023

Modified Files:
        pkgsrc/lang/go: version.mk
        pkgsrc/lang/go119: distinfo

Log Message:
go119: update to 1.19.7

This minor release includes 1 security fix following the security policy:

crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
incorrect result if called with some specific unreduced scalars (a scalar larger
than the order of the curve).

This does not impact usages of crypto/ecdsa or crypto/ecdh.

Thanks to Guido Vranken for repoting this issue via the Ethereum Foundation bug
bounty program.

This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.


To generate a diff of this commit:
cvs rdiff -u -r1.174 -r1.175 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go119/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.174 pkgsrc/lang/go/version.mk:1.175
--- pkgsrc/lang/go/version.mk:1.174     Wed Mar  8 08:51:16 2023
+++ pkgsrc/lang/go/version.mk   Wed Mar  8 13:14:58 2023
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.174 2023/03/08 08:51:16 bsiegert Exp $
+# $NetBSD: version.mk,v 1.175 2023/03/08 13:14:58 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO120_VERSION= 1.20.2
-GO119_VERSION= 1.19.6
+GO119_VERSION= 1.19.7
 GO118_VERSION= 1.18.10
 GO14_VERSION=  1.4.3
 

Index: pkgsrc/lang/go119/distinfo
diff -u pkgsrc/lang/go119/distinfo:1.8 pkgsrc/lang/go119/distinfo:1.9
--- pkgsrc/lang/go119/distinfo:1.8      Thu Feb 16 13:55:55 2023
+++ pkgsrc/lang/go119/distinfo  Wed Mar  8 13:14:59 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2023/02/16 13:55:55 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2023/03/08 13:14:59 bsiegert Exp $
 
-BLAKE2s (go1.19.6.src.tar.gz) = fbcfbd573d45170d63282843ef07ffc033c4ba78425abdc11d02f76f8810cd18
-SHA512 (go1.19.6.src.tar.gz) = f817ea6bcd83b60d9bf2ae9d0afdaa21651ac6cf5a32c260f40a691cd0ccce556ec9a483e10fa1a5dc244d6ea512407f5dae9c99ac004393b196a80284e63977
-Size (go1.19.6.src.tar.gz) = 26549360 bytes
+BLAKE2s (go1.19.7.src.tar.gz) = f3a78d0c99bf153166e4f5869efba139d65fc2ae4954279f09e26392e5790702
+SHA512 (go1.19.7.src.tar.gz) = e6f0df2d381a424cf43e8ea0306a58a46a96464cff4665ca3da73f713d4f039687a6c9659cef577000b1fadca7c1a2114fac34ffb2017d6335f537ac235de823
+Size (go1.19.7.src.tar.gz) = 26550385 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index