pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2025Q1] pkgsrc/lang

Module Name:    pkgsrc
Committed By:   maya
Date:           Fri May 16 14:05:02 UTC 2025

Modified Files:
        pkgsrc/lang/go [pkgsrc-2025Q1]: version.mk
        pkgsrc/lang/go123 [pkgsrc-2025Q1]: PLIST distinfo
        pkgsrc/lang/go124 [pkgsrc-2025Q1]: PLIST distinfo

Log Message:
Pullup ticket #6963 - requested by bsiegert
lang/go124: Security fix
lang/go123: Not a security fix, but doesn't hurt

Revisions pulled up:
- lang/go/version.mk                                            1.231
- lang/go123/PLIST                                              1.9
- lang/go123/distinfo                                           1.11
- lang/go124/PLIST                                              1.4
- lang/go124/distinfo                                           1.4

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Thu May  8 18:55:53 UTC 2025

   Modified Files:
            pkgsrc/lang/go: version.mk
            pkgsrc/lang/go123: PLIST distinfo
            pkgsrc/lang/go124: PLIST distinfo

   Log Message:
   go: update go123 to 1.23.9 and go124 to 1.24.3.

   The Go 1.24.3 minor release includes 1 security fix following the security
   policy:

   -   os: Root permits access to parent directory

        It was possible to improperly access the parent directory of an os.Root
        by opening a filename ending in "../". For example,
   Root.Open("../") would
        open the parent directory of the Root. This escape only permits opening
        the parent directory itself, not ancestors of the parent or files
   contained
        within the parent.

        Root now correctly returns an error in this case.

        This is CVE-2025-22873 and Go issue https://go.dev/issue/73555.

        Thanks to Dan Sebastian Thrane of SDU eScience Center for reporting
   this
        issue.

   This security fix only applies to Go 1.24.x releases. Go 1.23.x releases are
   not affected by this.

   go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker.


To generate a diff of this commit:
cvs rdiff -u -r1.228.2.1 -r1.228.2.2 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.7.2.1 -r1.7.2.2 pkgsrc/lang/go123/PLIST
cvs rdiff -u -r1.9.2.1 -r1.9.2.2 pkgsrc/lang/go123/distinfo
cvs rdiff -u -r1.2.2.1 -r1.2.2.2 pkgsrc/lang/go124/PLIST \
    pkgsrc/lang/go124/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.228.2.1 pkgsrc/lang/go/version.mk:1.228.2.2
--- pkgsrc/lang/go/version.mk:1.228.2.1 Wed Apr  2 02:19:08 2025
+++ pkgsrc/lang/go/version.mk   Fri May 16 14:05:01 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.228.2.1 2025/04/02 02:19:08 maya Exp $
+# $NetBSD: version.mk,v 1.228.2.2 2025/05/16 14:05:01 maya Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO124_VERSION= 1.24.2
-GO123_VERSION= 1.23.8
+GO124_VERSION= 1.24.3
+GO123_VERSION= 1.23.9
 GO122_VERSION= 1.22.12
 GO121_VERSION= 1.21.13
 GO120_VERSION= 1.20.14

Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.7.2.1 pkgsrc/lang/go123/PLIST:1.7.2.2
--- pkgsrc/lang/go123/PLIST:1.7.2.1     Wed Apr  2 02:19:08 2025
+++ pkgsrc/lang/go123/PLIST     Fri May 16 14:05:02 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7.2.1 2025/04/02 02:19:08 maya Exp $
+@comment $NetBSD: PLIST,v 1.7.2.2 2025/05/16 14:05:02 maya Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go123/CONTRIBUTING.md
@@ -3417,6 +3417,7 @@ go123/src/cmd/link/testdata/linkname/fas
 go123/src/cmd/link/testdata/linkname/ok.go
 go123/src/cmd/link/testdata/linkname/p/p.go
 go123/src/cmd/link/testdata/linkname/push.go
+go123/src/cmd/link/testdata/linkname/sched.go
 go123/src/cmd/link/testdata/pe-binutils/main.go
 go123/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
 go123/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso

Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.9.2.1 pkgsrc/lang/go123/distinfo:1.9.2.2
--- pkgsrc/lang/go123/distinfo:1.9.2.1  Wed Apr  2 02:19:08 2025
+++ pkgsrc/lang/go123/distinfo  Fri May 16 14:05:02 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.9.2.1 2025/04/02 02:19:08 maya Exp $
+$NetBSD: distinfo,v 1.9.2.2 2025/05/16 14:05:02 maya Exp $
 
 BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
 SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
 Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.8.src.tar.gz) = 2cef7c1512b3878d657a9316990a39cfd6ce1922bde0e656dbb12e007ccf56ed
-SHA512 (go1.23.8.src.tar.gz) = 8e352a01484c168894026080ee4501180e327d734fb3d892ab17daac193964fcd5fd90033c9cf86d6ffe8b7e4da64bda83ba4501a6c05919bcefbe9e2467c771
-Size (go1.23.8.src.tar.gz) = 28182772 bytes
+BLAKE2s (go1.23.9.src.tar.gz) = 0baa261abe5d019650942e21285b18b0332781baa139e0ed417ea58981701049
+SHA512 (go1.23.9.src.tar.gz) = 0f80680caabbf50a4f55555d0515530c55e297f38bf193a9da531e640f069719e3c7a5670b72f7629fada8162f978305ae1e4e6398369b8021cfe6dc9157254a
+Size (go1.23.9.src.tar.gz) = 28182928 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Index: pkgsrc/lang/go124/PLIST
diff -u pkgsrc/lang/go124/PLIST:1.2.2.1 pkgsrc/lang/go124/PLIST:1.2.2.2
--- pkgsrc/lang/go124/PLIST:1.2.2.1     Wed Apr  2 02:19:08 2025
+++ pkgsrc/lang/go124/PLIST     Fri May 16 14:05:02 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2.2.1 2025/04/02 02:19:08 maya Exp $
+@comment $NetBSD: PLIST,v 1.2.2.2 2025/05/16 14:05:02 maya Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go124/CONTRIBUTING.md
@@ -3501,6 +3501,7 @@ go124/src/cmd/link/testdata/linkname/fas
 go124/src/cmd/link/testdata/linkname/ok.go
 go124/src/cmd/link/testdata/linkname/p/p.go
 go124/src/cmd/link/testdata/linkname/push.go
+go124/src/cmd/link/testdata/linkname/sched.go
 go124/src/cmd/link/testdata/pe-binutils/main.go
 go124/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
 go124/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso
Index: pkgsrc/lang/go124/distinfo
diff -u pkgsrc/lang/go124/distinfo:1.2.2.1 pkgsrc/lang/go124/distinfo:1.2.2.2
--- pkgsrc/lang/go124/distinfo:1.2.2.1  Wed Apr  2 02:19:08 2025
+++ pkgsrc/lang/go124/distinfo  Fri May 16 14:05:02 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.2.2.1 2025/04/02 02:19:08 maya Exp $
+$NetBSD: distinfo,v 1.2.2.2 2025/05/16 14:05:02 maya Exp $
 
-BLAKE2s (go1.24.2.src.tar.gz) = 40e468465c036116332e888fed7943ca92b5893a5b6835e32cbd87cbb3435b9f
-SHA512 (go1.24.2.src.tar.gz) = 6366a32f6678e7908b138f62dafeed96f7144b3b93505e75fba374b33727da8b1d087c1f979f493382b319758ebfcbeb30e9d7dadcb2923b628c8abe7db41c6f
-Size (go1.24.2.src.tar.gz) = 30787666 bytes
+BLAKE2s (go1.24.3.src.tar.gz) = 7dadd01b0239f154d455cff91e10225f8532b34e69a2459296966495b3ce363f
+SHA512 (go1.24.3.src.tar.gz) = 05d19372fb923eeea19395b4de569d2ecfec7fadf2d8236d47cd667982de51c569e9816372cb79e32166553f9bcbe68f7bc2a6ded5655809b1caf5bd941011e7
+Size (go1.24.3.src.tar.gz) = 30789282 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home | Main Index | Thread Index | Old Index