Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 27A821A921F
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Mon,  7 Mar 2022 08:44:55 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 5705984FA6; Mon,  7 Mar 2022 08:44:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 9158984EBB
	for <pkgsrc-changes@NetBSD.org>; Mon,  7 Mar 2022 08:44:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id jYVh2f53WIgM for <pkgsrc-changes@netbsd.org>;
	Mon,  7 Mar 2022 08:44:53 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id EA22384D55
	for <pkgsrc-changes@NetBSD.org>; Mon,  7 Mar 2022 08:44:52 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id DDF36FB24; Mon,  7 Mar 2022 08:44:52 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1646642692292970"
MIME-Version: 1.0
Date: Mon, 7 Mar 2022 08:44:52 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20220307084452.DDF36FB24@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1646642692292970
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Mon Mar  7 08:44:52 UTC 2022

Modified Files:
	pkgsrc/lang/go: version.mk
	pkgsrc/lang/go117: PLIST distinfo

Log Message:
Update go117 to 1.17.8 (security).

This minor release includes a security fix following the security policy:

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.

Thanks to Juho Nurminen of Mattermost for reporting this.

This is CVE-2022-24921 and https://go.dev/issue/51112.


To generate a diff of this commit:
cvs rdiff -u -r1.142 -r1.143 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/go117/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/go117/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1646642692292970
Content-Disposition: inline
Content-Length: 2936
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.142 pkgsrc/lang/go/version.mk:1.143
--- pkgsrc/lang/go/version.mk:1.142	Sun Mar  6 09:53:43 2022
+++ pkgsrc/lang/go/version.mk	Mon Mar  7 08:44:52 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $
+# $NetBSD: version.mk,v 1.143 2022/03/07 08:44:52 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO117_VERSION=	1.17.7
+GO117_VERSION=	1.17.8
 GO116_VERSION=	1.16.15
 GO110_VERSION=	1.10.8
 GO19_VERSION=	1.9.7

Index: pkgsrc/lang/go117/PLIST
diff -u pkgsrc/lang/go117/PLIST:1.6 pkgsrc/lang/go117/PLIST:1.7
--- pkgsrc/lang/go117/PLIST:1.6	Sat Feb 12 20:14:01 2022
+++ pkgsrc/lang/go117/PLIST	Mon Mar  7 08:44:52 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/02/12 20:14:01 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/03/07 08:44:52 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go117/AUTHORS
@@ -4237,6 +4237,7 @@ go117/src/crypto/x509/internal/macos/sec
 go117/src/crypto/x509/internal/macos/security.s
 go117/src/crypto/x509/name_constraints_test.go
 go117/src/crypto/x509/parser.go
+go117/src/crypto/x509/parser_test.go
 go117/src/crypto/x509/pem_decrypt.go
 go117/src/crypto/x509/pem_decrypt_test.go
 go117/src/crypto/x509/pkcs1.go
@@ -10043,6 +10044,7 @@ go117/test/fixedbugs/issue5089.go
 go117/test/fixedbugs/issue5105.dir/a.go
 go117/test/fixedbugs/issue5105.dir/b.go
 go117/test/fixedbugs/issue5105.go
+go117/test/fixedbugs/issue51101.go
 go117/test/fixedbugs/issue5125.dir/bug.go
 go117/test/fixedbugs/issue5125.dir/main.go
 go117/test/fixedbugs/issue5125.go

Index: pkgsrc/lang/go117/distinfo
diff -u pkgsrc/lang/go117/distinfo:1.13 pkgsrc/lang/go117/distinfo:1.14
--- pkgsrc/lang/go117/distinfo:1.13	Sat Feb 12 20:14:01 2022
+++ pkgsrc/lang/go117/distinfo	Mon Mar  7 08:44:52 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2022/02/12 20:14:01 bsiegert Exp $
+$NetBSD: distinfo,v 1.14 2022/03/07 08:44:52 bsiegert Exp $
 
-BLAKE2s (go1.17.7.src.tar.gz) = 8f04f9f8153f9a0dbd75898a49a9d1298b84a73d486460706a75ba81f9970dac
-SHA512 (go1.17.7.src.tar.gz) = ee20a97d19e501ee2c11930548bcacfa8b1e8499bbae15659231548f4b03c13bc92bb20c4ce879f0956c02268e748c73ba56d8b140ce8f134501c33cc8b58d3c
-Size (go1.17.7.src.tar.gz) = 22195583 bytes
+BLAKE2s (go1.17.8.src.tar.gz) = c974cde147bb2bd4e149b6d06f253be12ae6e4838170957c0a17c94cedaf6830
+SHA512 (go1.17.8.src.tar.gz) = 21d5c51ce62bc3b987dd5bf7c6b7e1a934fe40582bfbbe99ca80c26d41253e796a4b9d02c571f1e5ab3fd7c3950175e23b9929b0d934f421c96a6d6128c44668
+Size (go1.17.8.src.tar.gz) = 22199282 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e


--_----------=_1646642692292970--