pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Aug 15 12:46:31 UTC 2025
Modified Files:
pkgsrc/lang/go: version.mk
pkgsrc/lang/go123: distinfo
pkgsrc/lang/go124: distinfo
Log Message:
go: update to 1.23.12 and 1.24.6 (security)
These minor releases include 2 security fixes following the security policy:
- os/exec: LookPath may return unexpected paths
If the PATH environment variable contains paths which are executables
(rather than just directories), passing certain strings to LookPath ("", ".",
and ".."), can result in the binaries listed in the PATH being unexpectedly
returned.
Thanks to Olivier Mengué for reporting this issue.
This is CVE-2025-47906 and Go issue https://go.dev/issue/74466.
- database/sql: incorrect results returned from Rows.Scan
Cancelling a query (e.g. by cancelling the context passed to one of the
query methods) during a call to the Scan method of the returned Rows can
result in unexpected results if other queries are being made in parallel.
This can result in a race condition that may overwrite the expected results
with those of another query, causing the call to Scan to return either
unexpected results from the other query or an error.
We believe this affects most database/sql drivers.
Thanks to Spike Curtis from Coder for reporting this issue.
This is CVE-2025-47907 and https://go.dev/issue/74831.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.6
To generate a diff of this commit:
cvs rdiff -u -r1.233 -r1.234 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/go123/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/go124/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.233 pkgsrc/lang/go/version.mk:1.234
--- pkgsrc/lang/go/version.mk:1.233 Wed Jul 9 07:41:35 2025
+++ pkgsrc/lang/go/version.mk Fri Aug 15 12:46:30 2025
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.233 2025/07/09 07:41:35 bsiegert Exp $
+# $NetBSD: version.mk,v 1.234 2025/08/15 12:46:30 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
#
.include "go-vars.mk"
-GO124_VERSION= 1.24.5
-GO123_VERSION= 1.23.11
+GO124_VERSION= 1.24.6
+GO123_VERSION= 1.23.12
GO122_VERSION= 1.22.12
GO120_VERSION= 1.20.14
GO118_VERSION= 1.18.10
Index: pkgsrc/lang/go123/distinfo
diff -u pkgsrc/lang/go123/distinfo:1.13 pkgsrc/lang/go123/distinfo:1.14
--- pkgsrc/lang/go123/distinfo:1.13 Wed Jul 9 07:41:35 2025
+++ pkgsrc/lang/go123/distinfo Fri Aug 15 12:46:30 2025
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.13 2025/07/09 07:41:35 bsiegert Exp $
+$NetBSD: distinfo,v 1.14 2025/08/15 12:46:30 bsiegert Exp $
BLAKE2s (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 80c77c55780bbd3b61f54698a5790169566a5c1c142ea9cf6b3de4ff261375f6
SHA512 (80344887818a2321296ce7fa71cca8ca2520611d.diff) = a72fe9c2bba6191df1fb796fe55cc0fea2eb1809f7a4f148230a8be798e3b6820405e48a92a57da59d8fbe23d7d624b49cef9761852a62b4e81ba9dcaa7deaa6
Size (80344887818a2321296ce7fa71cca8ca2520611d.diff) = 3273 bytes
-BLAKE2s (go1.23.11.src.tar.gz) = 1dcbc120e60fe40f920bb440fbcf914434b085115d0c716cc6b7303267d13a59
-SHA512 (go1.23.11.src.tar.gz) = 108b86d384de01617b7c58fba8a2c6446f6d1e8d07b720de2c49854e664c8c2660f6a3700827bf77cb7f018f78c7f3dc4f9c9f3a8fba8ca5e91cadde2df98a95
-Size (go1.23.11.src.tar.gz) = 28185977 bytes
+BLAKE2s (go1.23.12.src.tar.gz) = 4e8b5d7ed67ccafb8a5dd50f7e08c038355fa40675ddfee8f15b019618fba1be
+SHA512 (go1.23.12.src.tar.gz) = c7f2125328da13aa956b58e5238ff4bba6bd94f2e93dac88c1b96c0556c1de3de28c512197a780366806bba92fb4ec03f1ccd14b606b8544b16bb08df106cb50
+Size (go1.23.12.src.tar.gz) = 28185486 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Index: pkgsrc/lang/go124/distinfo
diff -u pkgsrc/lang/go124/distinfo:1.6 pkgsrc/lang/go124/distinfo:1.7
--- pkgsrc/lang/go124/distinfo:1.6 Wed Jul 9 07:41:36 2025
+++ pkgsrc/lang/go124/distinfo Fri Aug 15 12:46:30 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.6 2025/07/09 07:41:36 bsiegert Exp $
+$NetBSD: distinfo,v 1.7 2025/08/15 12:46:30 bsiegert Exp $
-BLAKE2s (go1.24.5.src.tar.gz) = c6e8ca8692a0f6fdadfa9e1484a345017480d48aced9c40387cb344857aea29d
-SHA512 (go1.24.5.src.tar.gz) = 917cd6ac83e3370227da40f8490697e8638847e9279ed1806044a173d3b52829c67c429990db92d8aadcfba6a37bfc00114c1ecec3ac387a781bb7edc8dcab22
-Size (go1.24.5.src.tar.gz) = 30792943 bytes
+BLAKE2s (go1.24.6.src.tar.gz) = 58cbdca8e7c9de658a6213de8d2003dc140bfee43316d27a478e4b5045374b14
+SHA512 (go1.24.6.src.tar.gz) = 65f535c722f4a0f6111c9ed829677621e456a5bc969ccb99009da1ade096b2b1a648a44ccfa913543677c220baeaf1afe634ba8ba165d9474ac9433ac249c914
+Size (go1.24.6.src.tar.gz) = 30794139 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index