Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id B87EBA5809 for ; Fri, 26 Sep 2014 13:54:31 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 67D0514A1B3; Fri, 26 Sep 2014 13:54:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 254A614A1B2 for ; Fri, 26 Sep 2014 13:54:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id DalK6vgWZPAC for ; Fri, 26 Sep 2014 13:54:28 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 9A08E14A179 for ; Fri, 26 Sep 2014 13:54:28 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 9497A98; Fri, 26 Sep 2014 13:54:28 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 26 Sep 2014 13:54:28 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/lang/go To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20140926135428.9497A98@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: wiz Date: Fri Sep 26 13:54:28 UTC 2014 Modified Files: pkgsrc/lang/go: Makefile PLIST distinfo Log Message: Update to 1.3.2 for a security fix: We've just released Go version 1.3.2, a minor point release. This release includes bug fixes to cgo and the crypto/tls package. https://golang.org/doc/devel/release.html#go1.3.minor The crpyto/tls fix addresses a security bug that affects programs that use crypto/tls to implement a TLS server from Go 1.1 onwards. If the server enables TLS client authentication using certificates (this is rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config, then a malicious client can falsely assert ownership of any client certificate it wishes. This issue was discovered internally and there is no evidence of exploitation. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/go/Makefile cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/go/PLIST cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.