pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
go124: update to 1.24rc3
Module Name: pkgsrc-wip
Committed By: Benny Siegert <bsiegert%gmail.com@localhost>
Pushed By: bsiegert
Date: Sat Feb 8 15:50:24 2025 +0100
Changeset: e465652d01446e34e7ad96dfa2c31d4e3a9cd65b
Modified Files:
go124/Makefile
go124/PLIST
go124/distinfo
Log Message:
go124: update to 1.24rc3
This release candidate includes 2 security fixes following the security policy:
- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary
code execution when using the Apple version of ld, due to usage of the
@executable_path, @loader_path, or @rpath special values in a "#cgo
LDFLAGS" directive.
This issue only affected go1.24rc2.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2025-22867 and Go issue https://go.dev/issue/71476.
- crypto/elliptic: timing sidechannel for P-256 on ppc64le
Due to the usage of a variable time instruction in the assembly
implementation of an internal function, a small number of bits of secret
scalars are leaked on the ppc64le architecture. Due to the way this
function is used, we do not believe this leakage is enough to allow
recovery of the private key when P-256 is used in any well known
protocols.
This is CVE-2025-22866 and Go issue https://go.dev/issue/71383.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=e465652d01446e34e7ad96dfa2c31d4e3a9cd65b
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
go124/Makefile | 2 +-
go124/PLIST | 16 ++++++++++++++--
go124/distinfo | 6 +++---
3 files changed, 18 insertions(+), 6 deletions(-)
diffs:
diff --git a/go124/Makefile b/go124/Makefile
index d993495fa7..33023d63f1 100644
--- a/go124/Makefile
+++ b/go124/Makefile
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.5 2024/12/04 18:51:39 bsiegert Exp $
-GO124_VERSION= 1.24rc2
+GO124_VERSION= 1.24rc3
.include "../../lang/go/version.mk"
GO_BOOTSTRAP_REQD= 122
.include "../../lang/go/bootstrap.mk"
diff --git a/go124/PLIST b/go124/PLIST
index 5fd1058802..cb75146f20 100644
--- a/go124/PLIST
+++ b/go124/PLIST
@@ -56,6 +56,7 @@ go124/go.env
go124/lib/fips140/Makefile
go124/lib/fips140/README.md
go124/lib/fips140/fips140.sum
+go124/lib/fips140/v1.0.0.zip
go124/lib/time/README
go124/lib/time/mkzip.go
go124/lib/time/update.bash
@@ -1412,6 +1413,7 @@ go124/src/cmd/compile/internal/types2/termlist.go
go124/src/cmd/compile/internal/types2/termlist_test.go
go124/src/cmd/compile/internal/types2/testdata/local/issue47996.go
go124/src/cmd/compile/internal/types2/testdata/local/issue68183.go
+go124/src/cmd/compile/internal/types2/testdata/local/issue71254.go
go124/src/cmd/compile/internal/types2/testdata/manual.go
go124/src/cmd/compile/internal/types2/tuple.go
go124/src/cmd/compile/internal/types2/type.go
@@ -1567,6 +1569,7 @@ go124/src/cmd/go/internal/auth/auth.go
go124/src/cmd/go/internal/auth/auth_test.go
go124/src/cmd/go/internal/auth/gitauth.go
go124/src/cmd/go/internal/auth/gitauth_test.go
+go124/src/cmd/go/internal/auth/httputils.go
go124/src/cmd/go/internal/auth/netrc.go
go124/src/cmd/go/internal/auth/netrc_test.go
go124/src/cmd/go/internal/auth/userauth.go
@@ -1678,8 +1681,10 @@ go124/src/cmd/go/internal/lockedfile/mutex.go
go124/src/cmd/go/internal/lockedfile/transform_test.go
go124/src/cmd/go/internal/mmap/mmap.go
go124/src/cmd/go/internal/mmap/mmap_other.go
+go124/src/cmd/go/internal/mmap/mmap_test.go
go124/src/cmd/go/internal/mmap/mmap_unix.go
go124/src/cmd/go/internal/mmap/mmap_windows.go
+go124/src/cmd/go/internal/mmap/testdata/small_file.txt
go124/src/cmd/go/internal/modcmd/download.go
go124/src/cmd/go/internal/modcmd/edit.go
go124/src/cmd/go/internal/modcmd/graph.go
@@ -2204,6 +2209,7 @@ go124/src/cmd/go/testdata/script/cover_cgo_xtest.txt
go124/src/cmd/go/testdata/script/cover_coverpkg_partial.txt
go124/src/cmd/go/testdata/script/cover_coverpkg_with_init.txt
go124/src/cmd/go/testdata/script/cover_coverprofile_multipkg.txt
+go124/src/cmd/go/testdata/script/cover_coverprofile_nocoverpkg.txt
go124/src/cmd/go/testdata/script/cover_dash_c.txt
go124/src/cmd/go/testdata/script/cover_dep_loop.txt
go124/src/cmd/go/testdata/script/cover_dot_import.txt
@@ -2685,6 +2691,7 @@ go124/src/cmd/go/testdata/script/mod_tidy_version_tooold.txt
go124/src/cmd/go/testdata/script/mod_tool_70582.txt
go124/src/cmd/go/testdata/script/mod_toolchain.txt
go124/src/cmd/go/testdata/script/mod_toolchain_slash.txt
+go124/src/cmd/go/testdata/script/mod_unknown_block.txt
go124/src/cmd/go/testdata/script/mod_update_sum_readonly.txt
go124/src/cmd/go/testdata/script/mod_upgrade_patch.txt
go124/src/cmd/go/testdata/script/mod_vcs_missing.txt
@@ -4842,6 +4849,7 @@ go124/src/crypto/internal/fips140deps/cpu/cpu.go
go124/src/crypto/internal/fips140deps/fipsdeps.go
go124/src/crypto/internal/fips140deps/fipsdeps_test.go
go124/src/crypto/internal/fips140deps/godebug/godebug.go
+go124/src/crypto/internal/fips140hash/hash.go
go124/src/crypto/internal/fips140only/fips140only.go
go124/src/crypto/internal/fips140test/acvp_capabilities.json
go124/src/crypto/internal/fips140test/acvp_test.config.json
@@ -4895,8 +4903,8 @@ go124/src/crypto/md5/md5block_loong64.s
go124/src/crypto/md5/md5block_ppc64x.s
go124/src/crypto/md5/md5block_riscv64.s
go124/src/crypto/md5/md5block_s390x.s
-go124/src/crypto/mlkem/mlkem1024.go
-go124/src/crypto/mlkem/mlkem768.go
+go124/src/crypto/mlkem/example_test.go
+go124/src/crypto/mlkem/mlkem.go
go124/src/crypto/mlkem/mlkem_test.go
go124/src/crypto/pbkdf2/pbkdf2.go
go124/src/crypto/pbkdf2/pbkdf2_test.go
@@ -7805,6 +7813,9 @@ go124/src/internal/types/testdata/fixedbugs/issue69955.go
go124/src/internal/types/testdata/fixedbugs/issue70150.go
go124/src/internal/types/testdata/fixedbugs/issue70417.go
go124/src/internal/types/testdata/fixedbugs/issue70526.go
+go124/src/internal/types/testdata/fixedbugs/issue71131.go
+go124/src/internal/types/testdata/fixedbugs/issue71198.go
+go124/src/internal/types/testdata/fixedbugs/issue71284.go
go124/src/internal/types/testdata/spec/assignability.go
go124/src/internal/types/testdata/spec/comparable.go
go124/src/internal/types/testdata/spec/comparable1.19.go
@@ -9225,6 +9236,7 @@ go124/src/runtime/libfuzzer.go
go124/src/runtime/libfuzzer_amd64.s
go124/src/runtime/libfuzzer_arm64.s
go124/src/runtime/linkname.go
+go124/src/runtime/linkname_swiss.go
go124/src/runtime/linkname_unix.go
go124/src/runtime/lock_futex.go
go124/src/runtime/lock_futex_tristate.go
diff --git a/go124/distinfo b/go124/distinfo
index 073c5ff8ea..79cdc12ccf 100644
--- a/go124/distinfo
+++ b/go124/distinfo
@@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.5 2024/12/04 18:51:39 bsiegert Exp $
-BLAKE2s (go1.24rc2.src.tar.gz) = 21c733753a7b65b754dab5bac126dd4fe5498ac447ed7cc6468784ddb22a5437
-SHA512 (go1.24rc2.src.tar.gz) = 767c5c030a3fd84be7c449d431148df5da5fb5cf3d19886e238ea1c535a36f25b3a3433dfc690ef0dac2fc4e9fc9f899bc748494bc1339710267ba02de178676
-Size (go1.24rc2.src.tar.gz) = 30043161 bytes
+BLAKE2s (go1.24rc3.src.tar.gz) = 3768678764ce9a3635d95a1656fe68b13877a5dfdf249e40c5ceaa49dd5b3713
+SHA512 (go1.24rc3.src.tar.gz) = becb7cb54515553360b4c4232298ec5f6c0ad176ac1044810e8239d00bf23ae3b61dae1af4fdb1f4b73d9fc194c18e4399dcc19301093eacf69af7adffc78159
+Size (go1.24rc3.src.tar.gz) = 30663220 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 28ea4426336155d6720f7e16b43f0207b47a6dd8
SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
Home |
Main Index |
Thread Index |
Old Index