pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2025Q2] pkgsrc/lang
Module Name: pkgsrc
Committed By: maya
Date: Wed Jul 9 14:42:51 UTC 2025
Modified Files:
pkgsrc/lang/go [pkgsrc-2025Q2]: version.mk
pkgsrc/lang/go123 [pkgsrc-2025Q2]: PLIST distinfo
pkgsrc/lang/go124 [pkgsrc-2025Q2]: PLIST distinfo
Log Message:
Pullup ticket #6983 - requested by bsiegert
lang/go123: Security fix
lang/go124: Security fix
Revisions pulled up:
- lang/go/version.mk 1.233
- lang/go123/PLIST 1.11
- lang/go123/distinfo 1.13
- lang/go124/PLIST 1.6
- lang/go124/distinfo 1.6
---
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Jul 9 07:41:36 UTC 2025
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go123: PLIST distinfo
pkgsrc/lang/go124: PLIST distinfo
Log Message:
go: update to 1.23.11 and 1.24.5
These minor releases include 1 security fixes following the security policy=
:
cmd/go: unexpected command execution in untrusted VCS repositories
Various uses of the Go toolchain in untrusted VCS repositories can resu=
lt in
unexpected code execution. When using the Go toolchain in
directories fetched
using various VCS tools (such as directly cloning Git or Mercurial
repositories)
can cause the toolchain to execute unexpected commands, if said directo=
ry
contains multiple VCS configuration metadata (such as a ".hg"
directory in a Git
repository). This is due to how the Go toolchain attempts to
resolve which VCS
is being used in order to embed build information in binaries and deter=
mine
module versions.
The toolchain will now abort attempting to resolve which VCS is
being used if it
detects multiple VCS configuration metadata in a module directory
or nested VCS
configuration metadata (such as a ".git" directoy in a parent
directory and a
".hg" directory in a child directory). This will not prevent the
toolchain from
building modules, but will result in binaries omitting VCS related buil=
d
information.
If this behavior is expected by the user, the old behavior can be
re-enabled by
setting GODEBUG=3Dallowmultiplevcs=3D1. This should only be done in tru=
sted
repositories.
Thanks to RyotaK (https://ryotak.net) of GMO Flatt Security Inc
for reporting
this issue.
This is CVE-2025-4674 and https://go.dev/issue/74380.
To generate a diff of this commit:
cvs rdiff -u -r1.232 -r1.232.2.1 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.10 -r1.10.2.1 pkgsrc/lang/go123/PLIST
cvs rdiff -u -r1.12 -r1.12.2.1 pkgsrc/lang/go123/distinfo
cvs rdiff -u -r1.5 -r1.5.2.1 pkgsrc/lang/go124/PLIST \
pkgsrc/lang/go124/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.232 pkgsrc/lang/go/version.mk:1.232.2.1
--- pkgsrc/lang/go/version.mk:1.232 Fri Jun 6 13:45:14 2025
+++ pkgsrc/lang/go/version.mk Wed Jul 9 14:42:51 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.232 2025/06/06 13:45:14 bsiegert Exp $
+# $NetBSD: version.mk,v 1.232.2.1 2025/07/09 14:42:51 maya Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
#
.include "go-vars.mk"
-GO124_VERSION= 1.24.4
-GO123_VERSION= 1.23.10
+GO124_VERSION= 1.24.5
+GO123_VERSION= 1.23.11
GO122_VERSION= 1.22.12
GO120_VERSION= 1.20.14
GO118_VERSION= 1.18.10
Index: pkgsrc/lang/go123/PLIST
diff -u pkgsrc/lang/go123/PLIST:1.10 pkgsrc/lang/go123/PLIST:1.10.2.1
--- pkgsrc/lang/go123/PLIST:1.10 Fri Jun 6 13:45:14 2025
+++ pkgsrc/lang/go123/PLIST Wed Jul 9 14:42:51 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.10 2025/06/06 13:45:14 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.10.2.1 2025/07/09 14:42:51 maya Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go123/CONTRIBUTING.md
@@ -635,6 +635,10 @@ go123/src/cmd/cgo/internal/testsanitizer
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global3_fail.go
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global4_fail.go
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global5.go
+go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm/asm.s
+go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm/main.go
+go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm2_fail/asm.s
+go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm2_fail/main.go
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_linkerx/main.go
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_linkerx/p/p.go
go123/src/cmd/cgo/internal/testsanitizers/testdata/asan_unsafe_fail1.go
@@ -2786,6 +2790,7 @@ go123/src/cmd/go/testdata/script/test_ma
go123/src/cmd/go/testdata/script/test_match_only_subtests_parallel.txt
go123/src/cmd/go/testdata/script/test_match_only_tests.txt
go123/src/cmd/go/testdata/script/test_minus_n.txt
+go123/src/cmd/go/testdata/script/test_multivcs.txt
go123/src/cmd/go/testdata/script/test_n_cover_std.txt
go123/src/cmd/go/testdata/script/test_no_run_example.txt
go123/src/cmd/go/testdata/script/test_no_tests.txt
@@ -12354,6 +12359,8 @@ go123/test/fixedbugs/issue7310.go
go123/test/fixedbugs/issue7316.go
go123/test/fixedbugs/issue7346.go
go123/test/fixedbugs/issue7366.go
+go123/test/fixedbugs/issue73748a.go
+go123/test/fixedbugs/issue73748b.go
go123/test/fixedbugs/issue7405.go
go123/test/fixedbugs/issue7419.go
go123/test/fixedbugs/issue7525.go
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.12 pkgsrc/lang/go123/distinfo:1.12.2.1
--- pkgsrc/lang/go123/distinfo:1.12 Fri Jun 6 13:45:14 2025
+++ pkgsrc/lang/go123/distinfo Wed Jul 9 14:42:51 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.12 2025/06/06 13:45:14 bsiegert Exp $
+$NetBSD: distinfo,v 1.12.2.1 2025/07/09 14:42:51 maya Exp $
BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.10.src.tar.gz) = 15ae1f8f571ac69bfb71a67724772d1e0ab0a2e2efb66af17b067e5a22a91e30
-SHA512 (go1.23.10.src.tar.gz) = 20639185b05720aa8bb295c54e3eaa7cf56739763544d28ce14a6f0323bf890900d5fad13086032291fbefad4482f1442772875bbdf16a94e2286eb405c8f327
-Size (go1.23.10.src.tar.gz) = 28183775 bytes
+BLAKE2s (go1.23.11.src.tar.gz) = 1dcbc120e60fe40f920bb440fbcf914434b085115d0c716cc6b7303267d13a59
+SHA512 (go1.23.11.src.tar.gz) = 108b86d384de01617b7c58fba8a2c6446f6d1e8d07b720de2c49854e664c8c2660f6a3700827bf77cb7f018f78c7f3dc4f9c9f3a8fba8ca5e91cadde2df98a95
+Size (go1.23.11.src.tar.gz) = 28185977 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Index: pkgsrc/lang/go124/PLIST
diff -u pkgsrc/lang/go124/PLIST:1.5 pkgsrc/lang/go124/PLIST:1.5.2.1
--- pkgsrc/lang/go124/PLIST:1.5 Fri Jun 6 13:45:14 2025
+++ pkgsrc/lang/go124/PLIST Wed Jul 9 14:42:51 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2025/06/06 13:45:14 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.5.2.1 2025/07/09 14:42:51 maya Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go124/CONTRIBUTING.md
@@ -647,6 +647,10 @@ go124/src/cmd/cgo/internal/testsanitizer
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global3_fail.go
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global4_fail.go
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global5.go
+go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm/asm.s
+go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm/main.go
+go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm2_fail/asm.s
+go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_global_asm2_fail/main.go
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_linkerx/main.go
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_linkerx/p/p.go
go124/src/cmd/cgo/internal/testsanitizers/testdata/asan_unsafe_fail1.go
@@ -2840,6 +2844,7 @@ go124/src/cmd/go/testdata/script/test_ma
go124/src/cmd/go/testdata/script/test_match_only_subtests_parallel.txt
go124/src/cmd/go/testdata/script/test_match_only_tests.txt
go124/src/cmd/go/testdata/script/test_minus_n.txt
+go124/src/cmd/go/testdata/script/test_multivcs.txt
go124/src/cmd/go/testdata/script/test_n_cover_std.txt
go124/src/cmd/go/testdata/script/test_no_run_example.txt
go124/src/cmd/go/testdata/script/test_no_tests.txt
@@ -13242,6 +13247,8 @@ go124/test/fixedbugs/issue7310.go
go124/test/fixedbugs/issue7316.go
go124/test/fixedbugs/issue7346.go
go124/test/fixedbugs/issue7366.go
+go124/test/fixedbugs/issue73748a.go
+go124/test/fixedbugs/issue73748b.go
go124/test/fixedbugs/issue7405.go
go124/test/fixedbugs/issue7419.go
go124/test/fixedbugs/issue7525.go
Index: pkgsrc/lang/go124/distinfo
diff -u pkgsrc/lang/go124/distinfo:1.5 pkgsrc/lang/go124/distinfo:1.5.2.1
--- pkgsrc/lang/go124/distinfo:1.5 Fri Jun 6 13:45:14 2025
+++ pkgsrc/lang/go124/distinfo Wed Jul 9 14:42:51 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.5 2025/06/06 13:45:14 bsiegert Exp $
+$NetBSD: distinfo,v 1.5.2.1 2025/07/09 14:42:51 maya Exp $
-BLAKE2s (go1.24.4.src.tar.gz) = 1338f7e0026c21a04feceefe7ccfbcb2c69102162cb26915852aa18b9a707470
-SHA512 (go1.24.4.src.tar.gz) = b785583fc53d62094b2de793a0e3281a26d2de17897a35b378fc2d13cb912ca473c37a7bae54a50660141809d5d0a70a97663d406cf30d7f0221ecbb5ffddec6
-Size (go1.24.4.src.tar.gz) = 30788576 bytes
+BLAKE2s (go1.24.5.src.tar.gz) = c6e8ca8692a0f6fdadfa9e1484a345017480d48aced9c40387cb344857aea29d
+SHA512 (go1.24.5.src.tar.gz) = 917cd6ac83e3370227da40f8490697e8638847e9279ed1806044a173d3b52829c67c429990db92d8aadcfba6a37bfc00114c1ecec3ac387a781bb7edc8dcab22
+Size (go1.24.5.src.tar.gz) = 30792943 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index