Received: by mail.netbsd.org (Postfix, from userid 605)
	id C88B284D66; Tue,  1 Nov 2022 17:41:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 0250284D4A
	for <pkgsrc-changes@NetBSD.org>; Tue,  1 Nov 2022 17:41:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id VMRZvVy9q6DU for <pkgsrc-changes@netbsd.org>;
	Tue,  1 Nov 2022 17:41:12 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 065FC84D00
	for <pkgsrc-changes@NetBSD.org>; Tue,  1 Nov 2022 17:41:11 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id E9AB1FA90; Tue,  1 Nov 2022 17:41:11 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_166732447176330"
MIME-Version: 1.0
Date: Tue, 1 Nov 2022 17:41:11 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20221101174111.E9AB1FA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_166732447176330
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Tue Nov  1 17:41:11 UTC 2022

Modified Files:
	pkgsrc/lang/go: version.mk
	pkgsrc/lang/go119: PLIST distinfo

Log Message:
go119: update to 1.19.3

This release includes 1 security fixes following the security policy:

syscall, os/exec: unsanitized NUL in environment variables

On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for
invalid environment variable values. A malicious environment variable value
could exploit this behavior to set a value for a different environment
variable. For example, the environment variable string "A=B\x00C=D" set the
variables "A=B" and "C=D".

Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this issue.

This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.3


To generate a diff of this commit:
cvs rdiff -u -r1.164 -r1.165 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go119/PLIST pkgsrc/lang/go119/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_166732447176330
Content-Disposition: inline
Content-Length: 2772
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.164 pkgsrc/lang/go/version.mk:1.165
--- pkgsrc/lang/go/version.mk:1.164	Tue Nov  1 17:26:16 2022
+++ pkgsrc/lang/go/version.mk	Tue Nov  1 17:41:11 2022
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.164 2022/11/01 17:26:16 bsiegert Exp $
+# $NetBSD: version.mk,v 1.165 2022/11/01 17:41:11 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO119_VERSION=	1.19.2
+GO119_VERSION=	1.19.3
 GO118_VERSION=	1.18.8
 GO117_VERSION=	1.17.13
 GO116_VERSION=	1.16.15

Index: pkgsrc/lang/go119/PLIST
diff -u pkgsrc/lang/go119/PLIST:1.3 pkgsrc/lang/go119/PLIST:1.4
--- pkgsrc/lang/go119/PLIST:1.3	Wed Oct  5 11:20:24 2022
+++ pkgsrc/lang/go119/PLIST	Tue Nov  1 17:41:11 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2022/10/05 11:20:24 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.4 2022/11/01 17:41:11 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go119/CONTRIBUTING.md
@@ -11235,10 +11235,12 @@ go119/test/fixedbugs/issue5515.go
 go119/test/fixedbugs/issue5581.go
 go119/test/fixedbugs/issue5607.go
 go119/test/fixedbugs/issue5609.go
+go119/test/fixedbugs/issue56105.go
 go119/test/fixedbugs/issue5614.dir/rethinkgo.go
 go119/test/fixedbugs/issue5614.dir/x.go
 go119/test/fixedbugs/issue5614.dir/y.go
 go119/test/fixedbugs/issue5614.go
+go119/test/fixedbugs/issue56141.go
 go119/test/fixedbugs/issue5698.go
 go119/test/fixedbugs/issue5704.go
 go119/test/fixedbugs/issue5753.go
Index: pkgsrc/lang/go119/distinfo
diff -u pkgsrc/lang/go119/distinfo:1.3 pkgsrc/lang/go119/distinfo:1.4
--- pkgsrc/lang/go119/distinfo:1.3	Wed Oct  5 11:20:24 2022
+++ pkgsrc/lang/go119/distinfo	Tue Nov  1 17:41:11 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.3 2022/10/05 11:20:24 bsiegert Exp $
+$NetBSD: distinfo,v 1.4 2022/11/01 17:41:11 bsiegert Exp $
 
-BLAKE2s (go1.19.2.src.tar.gz) = 09640c7d9fafd3e5a58de1696940e4e5e4102d15d567fff98077c75e7e6afd7f
-SHA512 (go1.19.2.src.tar.gz) = 72901e5eaf1857b22bf62a82690579aa4bd8b8130f16416313d249600c99e1ae3c1451ac5c53138ce41dd39dd72dcf8d0f3592b98f4239754efcf4f8b0103cb4
-Size (go1.19.2.src.tar.gz) = 26534465 bytes
+BLAKE2s (go1.19.3.src.tar.gz) = c602788f22c90df6db30b8a6493ea7ae28068824a64612e415967a47ed87d627
+SHA512 (go1.19.3.src.tar.gz) = 9aa8548597d52455afad8bf3b882eeeb9992814721ff2b9d8ed1f0e1ee0fec74aecd9d4e8c9c00eafbfe690bcdc50f3ad0b00bc4818b87e9d584cce7df97ee76
+Size (go1.19.3.src.tar.gz) = 26535494 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35


--_----------=_166732447176330--