CVS commit: [pkgsrc-2025Q1] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2025Q1] pkgsrc/lang
From: "Maya Rashish" <maya%netbsd.org@localhost>
Date: Sun, 8 Jun 2025 19:00:23 +0000

Module Name:    pkgsrc
Committed By:   maya
Date:           Sun Jun  8 19:00:23 UTC 2025

Modified Files:
        pkgsrc/lang/go [pkgsrc-2025Q1]: version.mk
        pkgsrc/lang/go123 [pkgsrc-2025Q1]: PLIST distinfo
        pkgsrc/lang/go124 [pkgsrc-2025Q1]: PLIST distinfo

Log Message:
Pullup ticket #6971 - requested by bsiegert
lang/go123: Security fix
lang/go124: Security fix

Revisions pulled up:
- lang/go/version.mk                                            1.232
- lang/go123/PLIST                                              1.10
- lang/go123/distinfo                                           1.12
- lang/go124/PLIST                                              1.5
- lang/go124/distinfo                                           1.5

---
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Fri Jun  6 13:45:15 UTC 2025

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go123: PLIST distinfo
           pkgsrc/lang/go124: PLIST distinfo

   Log Message:
   Update go123 to 1.23.10 and go124 to 1.24.4 (security)

   These minor releases include 3 security fixes following the security policy=
   :

   -   net/http: sensitive headers not cleared on cross-origin redirect

       Proxy-Authorization and Proxy-Authenticate headers persisted on
       cross-origin redirects potentially leaking sensitive information.

       Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporti=
   ng
       this issue.

       This is CVE-2025-4673 and Go issue https://go.dev/issue/73816.

   -   os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows

       os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and
       Windows systems when the target path was a dangling symlink. On Unix
       systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks=
   .
       On Windows, when the target path was a symlink to a nonexistent locatio=
   n,
       OpenFile would create a file in that location.

       OpenFile now always returns an error when the O_CREATE and O_EXCL flags
       are both set and the target path is a symlink.

       Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab for
       discovering this issue.

       This is CVE-2025-0913 and Go issue https://go.dev/issue/73702.

   -   crypto/x509: usage of ExtKeyUsageAny disables policy validation

       Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsage=
   Any
       unintentionally disabledpolicy validation. This only affected certifica=
   te
       chains which contain policy graphs, which are rather uncommon.

       Thanks to Krzysztof Skrz=C4=99tnicki (@Tener) of Teleport for reporting=
    this
       issue.

       This is CVE-2025-22874 and Go issue https://go.dev/issue/73612.

   View the release notes for more information:
   https://go.dev/doc/devel/release#go1.24.4


To generate a diff of this commit:
cvs rdiff -u -r1.228.2.2 -r1.228.2.3 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.7.2.2 -r1.7.2.3 pkgsrc/lang/go123/PLIST
cvs rdiff -u -r1.9.2.2 -r1.9.2.3 pkgsrc/lang/go123/distinfo
cvs rdiff -u -r1.2.2.2 -r1.2.2.3 pkgsrc/lang/go124/PLIST \
    pkgsrc/lang/go124/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.228.2.2 pkgsrc/lang/go/version.mk:1.228.2.3
--- pkgsrc/lang/go/version.mk:1.228.2.2 Fri May 16 14:05:01 2025
+++ pkgsrc/lang/go/version.mk   Sun Jun  8 19:00:23 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.228.2.2 2025/05/16 14:05:01 maya Exp $
+# $NetBSD: version.mk,v 1.228.2.3 2025/06/08 19:00:23 maya Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO124_VERSION= 1.24.3
-GO123_VERSION= 1.23.9
+GO124_VERSION= 1.24.4
+GO123_VERSION= 1.23.10
 GO122_VERSION= 1.22.12
 GO121_VERSION= 1.21.13
 GO120_VERSION= 1.20.14

Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.7.2.2 pkgsrc/lang/go123/PLIST:1.7.2.3
--- pkgsrc/lang/go123/PLIST:1.7.2.2     Fri May 16 14:05:02 2025
+++ pkgsrc/lang/go123/PLIST     Sun Jun  8 19:00:23 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7.2.2 2025/05/16 14:05:02 maya Exp $
+@comment $NetBSD: PLIST,v 1.7.2.3 2025/06/08 19:00:23 maya Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go123/CONTRIBUTING.md
@@ -3418,6 +3418,8 @@ go123/src/cmd/link/testdata/linkname/ok.
 go123/src/cmd/link/testdata/linkname/p/p.go
 go123/src/cmd/link/testdata/linkname/push.go
 go123/src/cmd/link/testdata/linkname/sched.go
+go123/src/cmd/link/testdata/linkname/textvar/asm.s
+go123/src/cmd/link/testdata/linkname/textvar/main.go
 go123/src/cmd/link/testdata/pe-binutils/main.go
 go123/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
 go123/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso

Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.9.2.2 pkgsrc/lang/go123/distinfo:1.9.2.3
--- pkgsrc/lang/go123/distinfo:1.9.2.2  Fri May 16 14:05:02 2025
+++ pkgsrc/lang/go123/distinfo  Sun Jun  8 19:00:23 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.9.2.2 2025/05/16 14:05:02 maya Exp $
+$NetBSD: distinfo,v 1.9.2.3 2025/06/08 19:00:23 maya Exp $
 
 BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
 SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
 Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.9.src.tar.gz) = 0baa261abe5d019650942e21285b18b0332781baa139e0ed417ea58981701049
-SHA512 (go1.23.9.src.tar.gz) = 0f80680caabbf50a4f55555d0515530c55e297f38bf193a9da531e640f069719e3c7a5670b72f7629fada8162f978305ae1e4e6398369b8021cfe6dc9157254a
-Size (go1.23.9.src.tar.gz) = 28182928 bytes
+BLAKE2s (go1.23.10.src.tar.gz) = 15ae1f8f571ac69bfb71a67724772d1e0ab0a2e2efb66af17b067e5a22a91e30
+SHA512 (go1.23.10.src.tar.gz) = 20639185b05720aa8bb295c54e3eaa7cf56739763544d28ce14a6f0323bf890900d5fad13086032291fbefad4482f1442772875bbdf16a94e2286eb405c8f327
+Size (go1.23.10.src.tar.gz) = 28183775 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Index: pkgsrc/lang/go124/PLIST
diff -u pkgsrc/lang/go124/PLIST:1.2.2.2 pkgsrc/lang/go124/PLIST:1.2.2.3
--- pkgsrc/lang/go124/PLIST:1.2.2.2     Fri May 16 14:05:02 2025
+++ pkgsrc/lang/go124/PLIST     Sun Jun  8 19:00:23 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2.2.2 2025/05/16 14:05:02 maya Exp $
+@comment $NetBSD: PLIST,v 1.2.2.3 2025/06/08 19:00:23 maya Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go124/CONTRIBUTING.md
@@ -56,6 +56,7 @@ go124/go.env
 go124/lib/fips140/Makefile
 go124/lib/fips140/README.md
 go124/lib/fips140/fips140.sum
+go124/lib/fips140/inprocess.txt
 go124/lib/fips140/v1.0.0.zip
 go124/lib/time/README
 go124/lib/time/mkzip.go
@@ -3502,6 +3503,8 @@ go124/src/cmd/link/testdata/linkname/ok.
 go124/src/cmd/link/testdata/linkname/p/p.go
 go124/src/cmd/link/testdata/linkname/push.go
 go124/src/cmd/link/testdata/linkname/sched.go
+go124/src/cmd/link/testdata/linkname/textvar/asm.s
+go124/src/cmd/link/testdata/linkname/textvar/main.go
 go124/src/cmd/link/testdata/pe-binutils/main.go
 go124/src/cmd/link/testdata/pe-binutils/rsrc_386.syso
 go124/src/cmd/link/testdata/pe-binutils/rsrc_amd64.syso
Index: pkgsrc/lang/go124/distinfo
diff -u pkgsrc/lang/go124/distinfo:1.2.2.2 pkgsrc/lang/go124/distinfo:1.2.2.3
--- pkgsrc/lang/go124/distinfo:1.2.2.2  Fri May 16 14:05:02 2025
+++ pkgsrc/lang/go124/distinfo  Sun Jun  8 19:00:23 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.2.2.2 2025/05/16 14:05:02 maya Exp $
+$NetBSD: distinfo,v 1.2.2.3 2025/06/08 19:00:23 maya Exp $
 
-BLAKE2s (go1.24.3.src.tar.gz) = 7dadd01b0239f154d455cff91e10225f8532b34e69a2459296966495b3ce363f
-SHA512 (go1.24.3.src.tar.gz) = 05d19372fb923eeea19395b4de569d2ecfec7fadf2d8236d47cd667982de51c569e9816372cb79e32166553f9bcbe68f7bc2a6ded5655809b1caf5bd941011e7
-Size (go1.24.3.src.tar.gz) = 30789282 bytes
+BLAKE2s (go1.24.4.src.tar.gz) = 1338f7e0026c21a04feceefe7ccfbcb2c69102162cb26915852aa18b9a707470
+SHA512 (go1.24.4.src.tar.gz) = b785583fc53d62094b2de793a0e3281a26d2de17897a35b378fc2d13cb912ca473c37a7bae54a50660141809d5d0a70a97663d406cf30d7f0221ecbb5ffddec6
+Size (go1.24.4.src.tar.gz) = 30788576 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2025Q1] pkgsrc/databases
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2025Q1] pkgsrc/databases
Indexes:

Home | Main Index | Thread Index | Old Index