Authentication-Results: name.execsw.org;
	dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=rkrbOgwZ;
	dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=EXIhto5S
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 236D184E6B; Tue,  7 May 2024 18:18:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1715105888;
	bh=otAVS33gtXBf20zOjI8cXKky8b5gdcqQUp5TvbpY2Ws=;
	h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe;
	b=rkrbOgwZPjec23kTQOAe6irf8raw+x2LGAbYHFoHUd3OAxa2y1pzgFvlo3cAIt2Gl
	 QyEmaf3d5bMmGmxfMW2JxAwLTpFAwERwUvvh+5qWEwCIg0MKlOkdsaOfudDyDjdekE
	 qXb5FVT/AnZtWvPX2YFTfv8E+Y69z3uxXX7cSowI=
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 0E0D684E60
	for <pkgsrc-changes@NetBSD.org>; Tue,  7 May 2024 18:18:07 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id 6AsalfBTqiTm for <pkgsrc-changes@netbsd.org>;
	Tue,  7 May 2024 18:18:06 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 3038184D00
	for <pkgsrc-changes@NetBSD.org>; Tue,  7 May 2024 18:18:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1715105886;
	bh=otAVS33gtXBf20zOjI8cXKky8b5gdcqQUp5TvbpY2Ws=;
	h=Date:From:Subject:To:Reply-To;
	b=EXIhto5SG5rRDDl0QqGEHLMS4vRn5UptZr5AQbAqSoenoI0Oks5UDDkUIMoExmlPn
	 Z+85Of5eFlnH8pW7HFnjxC34wuE3NDoS8IBuH7Tg96Fe1gY7XfNnOLdIDyncDAZ7oJ
	 cXOI2ApQkdfwxGTb4FXnDs5mZd6aJ9o1llM4WEyE=
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 2B5C3FA2C; Tue,  7 May 2024 18:18:06 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_171510588693520"
MIME-Version: 1.0
Date: Tue, 7 May 2024 18:18:06 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20240507181806.2B5C3FA2C@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_171510588693520
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Tue May  7 18:18:06 UTC 2024

Modified Files:
	pkgsrc/lang/go: version.mk
	pkgsrc/lang/go121: PLIST distinfo
	pkgsrc/lang/go122: PLIST distinfo

Log Message:
go: update to 1.21.10 and 1.22.3 (security)

These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin

  On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple
  version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

  Thanks to Juho Forsén of Mattermost for reporting this issue.

  This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop

  A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite
  loop.

  Thanks to @long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak
  for bringing the issue to our attention.

  This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.


To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.207 pkgsrc/lang/go/version.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/go121/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/go121/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go122/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/go122/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_171510588693520
Content-Disposition: inline
Content-Length: 5601
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/go/version.mk
diff -u pkgsrc/lang/go/version.mk:1.206 pkgsrc/lang/go/version.mk:1.207
--- pkgsrc/lang/go/version.mk:1.206	Fri Apr  5 19:07:55 2024
+++ pkgsrc/lang/go/version.mk	Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.206 2024/04/05 19:07:55 bsiegert Exp $
+# $NetBSD: version.mk,v 1.207 2024/05/07 18:18:05 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,8 +6,8 @@
 #
 .include "go-vars.mk"
 
-GO122_VERSION=	1.22.2
-GO121_VERSION=	1.21.9
+GO122_VERSION=	1.22.3
+GO121_VERSION=	1.21.10
 GO120_VERSION=	1.20.14
 GO119_VERSION=	1.19.13
 GO118_VERSION=	1.18.10

Index: pkgsrc/lang/go121/PLIST
diff -u pkgsrc/lang/go121/PLIST:1.9 pkgsrc/lang/go121/PLIST:1.10
--- pkgsrc/lang/go121/PLIST:1.9	Fri Apr  5 19:07:55 2024
+++ pkgsrc/lang/go121/PLIST	Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2024/04/05 19:07:55 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.10 2024/05/07 18:18:05 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go121/CONTRIBUTING.md
@@ -2124,6 +2124,7 @@ go121/src/cmd/go/testdata/script/cover_t
 go121/src/cmd/go/testdata/script/cover_test_race_issue56370.txt
 go121/src/cmd/go/testdata/script/cover_var_init_order.txt
 go121/src/cmd/go/testdata/script/cpu_profile_twice.txt
+go121/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
 go121/src/cmd/go/testdata/script/devnull.txt
 go121/src/cmd/go/testdata/script/dist_list_missing.txt
 go121/src/cmd/go/testdata/script/doc.txt

Index: pkgsrc/lang/go121/distinfo
diff -u pkgsrc/lang/go121/distinfo:1.12 pkgsrc/lang/go121/distinfo:1.13
--- pkgsrc/lang/go121/distinfo:1.12	Tue Apr  9 16:55:55 2024
+++ pkgsrc/lang/go121/distinfo	Tue May  7 18:18:05 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2024/04/09 16:55:55 jperkin Exp $
+$NetBSD: distinfo,v 1.13 2024/05/07 18:18:05 bsiegert Exp $
 
-BLAKE2s (go1.21.9.src.tar.gz) = 089cdce5fe54fe3f1cab7c8ddb573b1c41e021a2f0c39456e8a40eb8b68020ea
-SHA512 (go1.21.9.src.tar.gz) = e1cf7e458d41f8b343c34b7d35dc4a1696bacbad2ad64abac36dbbeaf1e0a1b71cdb32cebb1686c6e5c90bf0ad3474714d09acea010d6c074730c59d71e79f4e
-Size (go1.21.9.src.tar.gz) = 26993426 bytes
+BLAKE2s (go1.21.10.src.tar.gz) = 5203975dc6fd4bfc94a20962873f586d144d360cf375c373e060b87a58311fa0
+SHA512 (go1.21.10.src.tar.gz) = 90105f977c86a0d5ea4d31e4e699d8611a74178db1e443ddc57679b7a2a648baa328e7fa9ea4a732727487cc29afe07e9597a1e2eb0184cb270973f403349f5a
+Size (go1.21.10.src.tar.gz) = 26993576 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35

Index: pkgsrc/lang/go122/PLIST
diff -u pkgsrc/lang/go122/PLIST:1.3 pkgsrc/lang/go122/PLIST:1.4
--- pkgsrc/lang/go122/PLIST:1.3	Fri Apr  5 18:51:52 2024
+++ pkgsrc/lang/go122/PLIST	Tue May  7 18:18:05 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2024/04/05 18:51:52 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.4 2024/05/07 18:18:05 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go122/CONTRIBUTING.md
@@ -1904,7 +1904,7 @@ go122/src/cmd/go/testdata/mod/golang.org
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.18.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.0.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.1.linux-amd64.txt
-go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.3.linux-amd64.txt
+go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go${PKGVERSION}.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.5.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.7.linux-amd64.txt
 go122/src/cmd/go/testdata/mod/golang.org_toolchain_v0.0.1-go1.22.9.linux-amd64.txt
@@ -2157,6 +2157,7 @@ go122/src/cmd/go/testdata/script/cover_t
 go122/src/cmd/go/testdata/script/cover_test_race_issue56370.txt
 go122/src/cmd/go/testdata/script/cover_var_init_order.txt
 go122/src/cmd/go/testdata/script/cpu_profile_twice.txt
+go122/src/cmd/go/testdata/script/darwin_lto_library_ldflag.txt
 go122/src/cmd/go/testdata/script/devnull.txt
 go122/src/cmd/go/testdata/script/dist_list_missing.txt
 go122/src/cmd/go/testdata/script/doc.txt

Index: pkgsrc/lang/go122/distinfo
diff -u pkgsrc/lang/go122/distinfo:1.5 pkgsrc/lang/go122/distinfo:1.6
--- pkgsrc/lang/go122/distinfo:1.5	Tue Apr  9 16:57:45 2024
+++ pkgsrc/lang/go122/distinfo	Tue May  7 18:18:05 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.5 2024/04/09 16:57:45 jperkin Exp $
+$NetBSD: distinfo,v 1.6 2024/05/07 18:18:05 bsiegert Exp $
 
-BLAKE2s (go1.22.2.src.tar.gz) = 1cda38de9b035db9c153c21042f23f62bc3ad1cd516b012916a446ca09b94d70
-SHA512 (go1.22.2.src.tar.gz) = f2491d2b5d4ef2dd86ca7820503a2534cd1860822049dc01a6cb40b556a0812cfc4196fa83173765816060253ac949f4165b0fb4b2bed5d45e30d03bb69e434d
-Size (go1.22.2.src.tar.gz) = 27551470 bytes
+BLAKE2s (go1.22.3.src.tar.gz) = fc915cdf74ff63831716b752f88dde2bf42d82117761303bb063cc0226977a67
+SHA512 (go1.22.3.src.tar.gz) = e6756866d3cf195f1afd3d852015f32dfb2de3648e30a78e9238a863eae192e9e7ccbcfd19fd97b1d552f35d51d62bf2104d81e35b8854a40400b0d61cf93672
+Size (go1.22.3.src.tar.gz) = 27552410 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35


--_----------=_171510588693520--