Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 5373E7A346 for ; Sun, 4 Dec 2016 16:08:57 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id BB0F78557F; Sun, 4 Dec 2016 16:08:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4B54F8557E for ; Sun, 4 Dec 2016 16:08:56 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id nVcX04RNlq62 for ; Sun, 4 Dec 2016 16:08:55 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id C3B5384D04 for ; Sun, 4 Dec 2016 16:08:55 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id BED51FBA6; Sun, 4 Dec 2016 16:08:55 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1480867735185240" MIME-Version: 1.0 Date: Sun, 4 Dec 2016 16:08:55 +0000 From: "Benny Siegert" Subject: CVS commit: pkgsrc/lang/go To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20161204160855.BED51FBA6@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk This is a multi-part message in MIME format. --_----------=_1480867735185240 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sun Dec 4 16:08:55 UTC 2016 Modified Files: pkgsrc/lang/go: distinfo version.mk Log Message: Update Go to 1.7.4. Two security-related issues were recently reported, and to address these issues we have just released Go 1.6.4 and Go 1.7.4. We recommend that all users update to one of these releases (if you're not sure which, choose Go 1.7.4). The issues addressed by these releases are: On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. This is addressed by https://golang.org/cl/33721, tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for identifying and reporting this issue. The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. This is addressed by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965. Thanks to Simon Rawet for the report. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 pkgsrc/lang/go/distinfo cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/go/version.mk Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1480867735185240 Content-Disposition: inline Content-Length: 1810 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/go/distinfo diff -u pkgsrc/lang/go/distinfo:1.41 pkgsrc/lang/go/distinfo:1.42 --- pkgsrc/lang/go/distinfo:1.41 Thu Oct 27 18:58:00 2016 +++ pkgsrc/lang/go/distinfo Sun Dec 4 16:08:55 2016 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.41 2016/10/27 18:58:00 bsiegert Exp $ +$NetBSD: distinfo,v 1.42 2016/12/04 16:08:55 bsiegert Exp $ -SHA1 (go1.7.3.src.tar.gz) = a862e865e9fbfcae21deef3687543fbd16198e26 -RMD160 (go1.7.3.src.tar.gz) = a1fbbf8e0805989e2ca74d66912c87e58328c6b5 -SHA512 (go1.7.3.src.tar.gz) = 9289c7720a551725643be757df0b676b7ec3add73e5f01af5e3ac1d81e2b31a304aca6e86d395ddc06fc3982099814478b5ec693124a3327f79399db7bcd73eb -Size (go1.7.3.src.tar.gz) = 14196345 bytes +SHA1 (go1.7.4.src.tar.gz) = 0fb305c827c8794cfda7e437befa6101a2d06b2e +RMD160 (go1.7.4.src.tar.gz) = 8de5ff1fd50a6f0b6bc16e0de0f1e13185f291f0 +SHA512 (go1.7.4.src.tar.gz) = dc9950c3ea7100e536ad58fd93505d584276b7c50d4b8fe2ba7f20fd043dcf0d315b735c48945302055e91517594cc2b0061ccec9478a8ab48f1f2836c20afb3 +Size (go1.7.4.src.tar.gz) = 14198817 bytes SHA1 (patch-lib_time_update.bash) = 17d28ba574dd08735b58cf73487104a5df3b7684 SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0eca1eafa967268ae9b224be4aeda347ebc91901 Index: pkgsrc/lang/go/version.mk diff -u pkgsrc/lang/go/version.mk:1.20 pkgsrc/lang/go/version.mk:1.21 --- pkgsrc/lang/go/version.mk:1.20 Fri Dec 2 20:26:01 2016 +++ pkgsrc/lang/go/version.mk Sun Dec 4 16:08:55 2016 @@ -1,8 +1,8 @@ -# $NetBSD: version.mk,v 1.20 2016/12/02 20:26:01 maya Exp $ +# $NetBSD: version.mk,v 1.21 2016/12/04 16:08:55 bsiegert Exp $ .include "../../mk/bsd.prefs.mk" -GO_VERSION= 1.7.3 +GO_VERSION= 1.7.4 GO14_VERSION= 1.4.3 ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-*arm* --_----------=_1480867735185240--