Received: by mail.netbsd.org (Postfix, from userid 605) id C2AE584DB8; Thu, 26 Sep 2019 18:36:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 48F4184D5E for ; Thu, 26 Sep 2019 18:36:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id R8mW_SkaNGor for ; Thu, 26 Sep 2019 18:36:46 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id A76B484D31 for ; Thu, 26 Sep 2019 18:36:46 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id A4AFAFBF4; Thu, 26 Sep 2019 18:36:46 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1569523006226420" MIME-Version: 1.0 Date: Thu, 26 Sep 2019 18:36:46 +0000 From: "Benny Siegert" Subject: CVS commit: pkgsrc/lang To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20190926183646.A4AFAFBF4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1569523006226420 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Thu Sep 26 18:36:46 UTC 2019 Modified Files: pkgsrc/lang/go: version.mk pkgsrc/lang/go112: PLIST distinfo Log Message: Update go112 to 1.12.10. Commit ok'd by wiz@ for PMC. Go 1.12.10: net/http (through net/textproto) used to accept and normalize invalid HTTP/1.1 headers with a space before the colon, in violation of RFC 7230. If a Go server is used behind an uncommon reverse proxy that accepts and forwards but doesn't normalize such invalid headers, the reverse proxy and the server can interpret the headers differently. This can lead to filter bypasses or request smuggling, the latter if requests from separate clients are multiplexed onto the same upstream connection by the proxy. Such invalid headers are now rejected by Go servers, and passed without normalization to Go client applications. The issue is CVE-2019-16276 and Go issue golang.org/issue/34540. Go 1.12.9: go1.12.9 (released 2019/08/15) includes fixes to the linker, and the os and math/big packages. See the Go 1.12.9 milestone on our issue tracker for details. To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 pkgsrc/lang/go/version.mk cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/go112/PLIST pkgsrc/lang/go112/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1569523006226420 Content-Disposition: inline Content-Length: 3111 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/go/version.mk diff -u pkgsrc/lang/go/version.mk:1.68 pkgsrc/lang/go/version.mk:1.69 --- pkgsrc/lang/go/version.mk:1.68 Tue Sep 17 04:39:20 2019 +++ pkgsrc/lang/go/version.mk Thu Sep 26 18:36:46 2019 @@ -1,4 +1,4 @@ -# $NetBSD: version.mk,v 1.68 2019/09/17 04:39:20 dbj Exp $ +# $NetBSD: version.mk,v 1.69 2019/09/26 18:36:46 bsiegert Exp $ CTF_SUPPORTED= no SSP_SUPPORTED= no @@ -6,7 +6,7 @@ STRIP_DEBUG_SUPPORTED= no .include "../../mk/bsd.prefs.mk" -GO112_VERSION= 1.12.8 +GO112_VERSION= 1.12.10 GO111_VERSION= 1.11.13 GO110_VERSION= 1.10.8 GO19_VERSION= 1.9.7 Index: pkgsrc/lang/go112/PLIST diff -u pkgsrc/lang/go112/PLIST:1.6 pkgsrc/lang/go112/PLIST:1.7 --- pkgsrc/lang/go112/PLIST:1.6 Sun Jul 14 15:19:55 2019 +++ pkgsrc/lang/go112/PLIST Thu Sep 26 18:36:46 2019 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2019/07/14 15:19:55 bsiegert Exp $ +@comment $NetBSD: PLIST,v 1.7 2019/09/26 18:36:46 bsiegert Exp $ bin/go${GOVERSSUFFIX} bin/gofmt${GOVERSSUFFIX} go112/AUTHORS @@ -549,6 +549,8 @@ go112/misc/cgo/testshared/src/iface_i/i. go112/misc/cgo/testshared/src/implicit/implicit.go go112/misc/cgo/testshared/src/implicitcmd/implicitcmd.go go112/misc/cgo/testshared/src/issue25065/a.go +go112/misc/cgo/testshared/src/issue30768/issue30768lib/lib.go +go112/misc/cgo/testshared/src/issue30768/x_test.go go112/misc/cgo/testshared/src/trivial/trivial.go go112/misc/cgo/testsigfwd/main.go go112/misc/cgo/testso/cgoso.c @@ -8356,6 +8358,7 @@ go112/test/fixedbugs/issue32477.go go112/test/fixedbugs/issue32560.go go112/test/fixedbugs/issue32680.go go112/test/fixedbugs/issue32680.out +go112/test/fixedbugs/issue33555.go go112/test/fixedbugs/issue3552.dir/one.go go112/test/fixedbugs/issue3552.dir/two.go go112/test/fixedbugs/issue3552.go Index: pkgsrc/lang/go112/distinfo diff -u pkgsrc/lang/go112/distinfo:1.6 pkgsrc/lang/go112/distinfo:1.7 --- pkgsrc/lang/go112/distinfo:1.6 Wed Aug 14 15:42:52 2019 +++ pkgsrc/lang/go112/distinfo Thu Sep 26 18:36:46 2019 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.6 2019/08/14 15:42:52 bsiegert Exp $ +$NetBSD: distinfo,v 1.7 2019/09/26 18:36:46 bsiegert Exp $ -SHA1 (go1.12.8.src.tar.gz) = f8f35a7af2795b721d62578b55f43ce638db90db -RMD160 (go1.12.8.src.tar.gz) = e620fc04e023d88e534c32e6c8334d5c49fbdb87 -SHA512 (go1.12.8.src.tar.gz) = 193a9b08752aa2479c19f5b56fdfe2296c7e6097e0c583290f0fce754ac7571e2ff345f66b69774d8e22f2caa147a3dc15658148017b09e5e7f49fd4569373d4 -Size (go1.12.8.src.tar.gz) = 21978756 bytes +SHA1 (go1.12.10.src.tar.gz) = 6c11be6b4cef09457b2567bd078a203fad19d675 +RMD160 (go1.12.10.src.tar.gz) = cc0a112d2a6110af11a44a317954eeab428b5c1b +SHA512 (go1.12.10.src.tar.gz) = 9d40cf8d71daffe43f5872597b316cd1150ae640d852ff0f0be3126cc7bb40b9a0290bb02d7fabdf808f40ab3f67a56d2eaeba3b32299fa9b0a3df03899f6ac2 +Size (go1.12.10.src.tar.gz) = 21980044 bytes SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e SHA1 (patch-src_cmd_link_internal_ld_elf.go) = 990a54e3baf239916e4c7f0c1d54240e2898601a --_----------=_1569523006226420--