Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 379D084E76
	for <pkgsrc-changes@NetBSD.org>; Sat,  7 Oct 2023 18:09:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id By5Hd-fLT_bI for <pkgsrc-changes@netbsd.org>;
	Sat,  7 Oct 2023 18:09:35 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 8E84484D6B
	for <pkgsrc-changes@NetBSD.org>; Sat,  7 Oct 2023 18:09:35 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 82217FBDB; Sat,  7 Oct 2023 18:09:35 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1696702175217740"
MIME-Version: 1.0
Date: Sat, 7 Oct 2023 18:09:35 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20231007180935.82217FBDB@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_1696702175217740
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Sat Oct  7 18:09:35 UTC 2023

Modified Files:
	pkgsrc/lang/go: version.mk
	pkgsrc/lang/go120: PLIST distinfo

Log Message:
go120: update to 1.20.9 (security).

cmd/go: line directives allows arbitrary execution during build

"//line" directives can be used to bypass the restrictions on "//go:cgo_"
directives, allowing blocked linker and compiler flags to be passed during
compliation. This can result in unexpected execution of arbitrary code when
running "go build". The line directive requires the absolute path of the file in
which the directive lives, which makes exploting this issue significantly more
complex.

This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.9


To generate a diff of this commit:
cvs rdiff -u -r1.189 -r1.190 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go120/PLIST
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go120/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1696702175217740
Content-Disposition: inline
Content-Length: 2637
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.189 pkgsrc/lang/go/version.mk:1.190
--- pkgsrc/lang/go/version.mk:1.189	Fri Sep  8 19:02:04 2023
+++ pkgsrc/lang/go/version.mk	Sat Oct  7 18:09:35 2023
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.189 2023/09/08 19:02:04 bsiegert Exp $
+# $NetBSD: version.mk,v 1.190 2023/10/07 18:09:35 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -7,7 +7,7 @@
 .include "go-vars.mk"
 
 GO121_VERSION=	1.21.1
-GO120_VERSION=	1.20.8
+GO120_VERSION=	1.20.9
 GO119_VERSION=	1.19.13
 GO118_VERSION=	1.18.10
 GO14_VERSION=	1.4.3

Index: pkgsrc/lang/go120/PLIST
diff -u pkgsrc/lang/go120/PLIST:1.8 pkgsrc/lang/go120/PLIST:1.9
--- pkgsrc/lang/go120/PLIST:1.8	Fri Sep  8 18:49:45 2023
+++ pkgsrc/lang/go120/PLIST	Sat Oct  7 18:09:35 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2023/09/08 18:49:45 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.9 2023/10/07 18:09:35 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go120/CONTRIBUTING.md
@@ -52,6 +52,7 @@ go120/misc/cgo/errors/ptr_test.go
 go120/misc/cgo/errors/testdata/err1.go
 go120/misc/cgo/errors/testdata/err2.go
 go120/misc/cgo/errors/testdata/err4.go
+go120/misc/cgo/errors/testdata/err5.go
 go120/misc/cgo/errors/testdata/issue11097a.go
 go120/misc/cgo/errors/testdata/issue11097b.go
 go120/misc/cgo/errors/testdata/issue14669.go

Index: pkgsrc/lang/go120/distinfo
diff -u pkgsrc/lang/go120/distinfo:1.9 pkgsrc/lang/go120/distinfo:1.10
--- pkgsrc/lang/go120/distinfo:1.9	Fri Sep  8 18:49:45 2023
+++ pkgsrc/lang/go120/distinfo	Sat Oct  7 18:09:35 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.9 2023/09/08 18:49:45 bsiegert Exp $
+$NetBSD: distinfo,v 1.10 2023/10/07 18:09:35 bsiegert Exp $
 
-BLAKE2s (go1.20.8.src.tar.gz) = 1a6eac2f36972598741a5ca8b1758e1840beed5e17f5362d8ad687cef3bb0109
-SHA512 (go1.20.8.src.tar.gz) = 858d0289b3cd709e71e14aed9a36fd3d462fb3aa72cc1108eef0c70ab583742ab2eff99a24f8bfd72d42d1cc741adc1d3619073fbed943f8aea20e453ed479d3
-Size (go1.20.8.src.tar.gz) = 26197375 bytes
+BLAKE2s (go1.20.9.src.tar.gz) = 5336075b906fa3871f9cf0debda08a43ba9eb0f2ea4f4b3dca655d1b98f02e4d
+SHA512 (go1.20.9.src.tar.gz) = 7234d187f8e0d2c6bcd3c4681b2a26509a65a3bd244bfdb1407b65ec87255744202ff992d6b20ec028904678a9ab8a4403b646343dfb000006daa8ce4e0644a2
+Size (go1.20.9.src.tar.gz) = 26198118 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35


--_----------=_1696702175217740--