Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id 3286F1A921F for ; Sun, 6 Mar 2022 09:53:46 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 6A68484EEE; Sun, 6 Mar 2022 09:53:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 9E3D484EEE for ; Sun, 6 Mar 2022 09:53:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id kywFLAJJW3rq for ; Sun, 6 Mar 2022 09:53:44 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 06F2384D22 for ; Sun, 6 Mar 2022 09:53:44 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id EF159FB24; Sun, 6 Mar 2022 09:53:43 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1646560423150580" MIME-Version: 1.0 Date: Sun, 6 Mar 2022 09:53:43 +0000 From: "Benny Siegert" Subject: CVS commit: pkgsrc/lang To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20220306095343.EF159FB24@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1646560423150580 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sun Mar 6 09:53:43 UTC 2022 Modified Files: pkgsrc/lang/go: version.mk pkgsrc/lang/go116: PLIST distinfo Log Message: Update go116 to 1.16.15. This minor release includes a security fix following the security policy: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. Thanks to Juho Nurminen of Mattermost for reporting this. This is CVE-2022-24921 and https://go.dev/issue/51112. To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/go/version.mk cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go116/PLIST cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/go116/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1646560423150580 Content-Disposition: inline Content-Length: 2620 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/go/version.mk diff -u pkgsrc/lang/go/version.mk:1.141 pkgsrc/lang/go/version.mk:1.142 --- pkgsrc/lang/go/version.mk:1.141 Sat Feb 12 20:14:01 2022 +++ pkgsrc/lang/go/version.mk Sun Mar 6 09:53:43 2022 @@ -1,4 +1,4 @@ -# $NetBSD: version.mk,v 1.141 2022/02/12 20:14:01 bsiegert Exp $ +# $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $ # # If bsd.prefs.mk is included before go-package.mk in a package, then this @@ -7,7 +7,7 @@ .include "go-vars.mk" GO117_VERSION= 1.17.7 -GO116_VERSION= 1.16.14 +GO116_VERSION= 1.16.15 GO110_VERSION= 1.10.8 GO19_VERSION= 1.9.7 GO14_VERSION= 1.4.3 Index: pkgsrc/lang/go116/PLIST diff -u pkgsrc/lang/go116/PLIST:1.12 pkgsrc/lang/go116/PLIST:1.13 --- pkgsrc/lang/go116/PLIST:1.12 Sat Feb 12 19:52:40 2022 +++ pkgsrc/lang/go116/PLIST Sun Mar 6 09:53:43 2022 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.12 2022/02/12 19:52:40 bsiegert Exp $ +@comment $NetBSD: PLIST,v 1.13 2022/03/06 09:53:43 bsiegert Exp $ bin/go${GOVERSSUFFIX} bin/gofmt${GOVERSSUFFIX} go116/AUTHORS @@ -9237,6 +9237,7 @@ go116/test/fixedbugs/issue5089.go go116/test/fixedbugs/issue5105.dir/a.go go116/test/fixedbugs/issue5105.dir/b.go go116/test/fixedbugs/issue5105.go +go116/test/fixedbugs/issue51101.go go116/test/fixedbugs/issue5125.dir/bug.go go116/test/fixedbugs/issue5125.dir/main.go go116/test/fixedbugs/issue5125.go Index: pkgsrc/lang/go116/distinfo diff -u pkgsrc/lang/go116/distinfo:1.20 pkgsrc/lang/go116/distinfo:1.21 --- pkgsrc/lang/go116/distinfo:1.20 Sat Feb 12 19:52:40 2022 +++ pkgsrc/lang/go116/distinfo Sun Mar 6 09:53:43 2022 @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.20 2022/02/12 19:52:40 bsiegert Exp $ +$NetBSD: distinfo,v 1.21 2022/03/06 09:53:43 bsiegert Exp $ -BLAKE2s (go1.16.14.src.tar.gz) = 4cea58059f72e37c0d72513211f901f2fbe3c9956fb361d2bf82eae389556c7d -SHA512 (go1.16.14.src.tar.gz) = cd613d94d3c476a61bf9c3a7bb4f6f6c55a2b5c2732837e31bff4ca1f96941e42b2daa39ce3a8fced1a3808206c9711fc1c6cfe8c950b93b18179116478eef4e -Size (go1.16.14.src.tar.gz) = 20932846 bytes +BLAKE2s (go1.16.15.src.tar.gz) = 78b23f96c75e8b159b3f49ff49c7f1930890d88815865bfb2906a70634cf6290 +SHA512 (go1.16.15.src.tar.gz) = 5b7fd234e6eb3db173ec536ac599a8c640eb4b0e8abeb16f7728efb6d7c927c41a7e8631505ba6983f565f0470a37458e60d8df33089f7ab773c250b44413e66 +Size (go1.16.15.src.tar.gz) = 20936353 bytes SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e --_----------=_1646560423150580--