Update Go to 1.9.4. By using the clang or gcc plugin mechanism, it was possible for an attacker to trick the ���go get��� command into executing arbitrary code. The go command now restricts the set of allowed host compiler and linker arguments in cgo source files to a list of allowed flags, in particular disallowing -fplugin= and -plugin=. The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go issue for details. Thanks to Christopher Brown of Mattermost for reporting this problem.diff -r1.37 -r1.38 pkgsrc/lang/go/PLIST
(bsiegert)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.37 2018/01/28 11:31:03 bsiegert Exp $ | 1 | @comment $NetBSD: PLIST,v 1.38 2018/02/08 19:32:17 bsiegert Exp $ | |
2 | bin/go | 2 | bin/go | |
3 | bin/gofmt | 3 | bin/gofmt | |
4 | go/AUTHORS | 4 | go/AUTHORS | |
5 | go/CONTRIBUTING.md | 5 | go/CONTRIBUTING.md | |
6 | go/CONTRIBUTORS | 6 | go/CONTRIBUTORS | |
7 | go/LICENSE | 7 | go/LICENSE | |
8 | go/PATENTS | 8 | go/PATENTS | |
9 | go/README.md | 9 | go/README.md | |
10 | go/VERSION | 10 | go/VERSION | |
11 | go/api/README | 11 | go/api/README | |
12 | go/api/except.txt | 12 | go/api/except.txt | |
13 | go/api/go1.1.txt | 13 | go/api/go1.1.txt | |
14 | go/api/go1.2.txt | 14 | go/api/go1.2.txt | |
@@ -1779,26 +1779,28 @@ go/src/cmd/go/internal/load/testgo.go | @@ -1779,26 +1779,28 @@ go/src/cmd/go/internal/load/testgo.go | |||
1779 | go/src/cmd/go/internal/run/run.go | 1779 | go/src/cmd/go/internal/run/run.go | |
1780 | go/src/cmd/go/internal/str/str.go | 1780 | go/src/cmd/go/internal/str/str.go | |
1781 | go/src/cmd/go/internal/test/test.go | 1781 | go/src/cmd/go/internal/test/test.go | |
1782 | go/src/cmd/go/internal/test/testflag.go | 1782 | go/src/cmd/go/internal/test/testflag.go | |
1783 | go/src/cmd/go/internal/tool/tool.go | 1783 | go/src/cmd/go/internal/tool/tool.go | |
1784 | go/src/cmd/go/internal/version/version.go | 1784 | go/src/cmd/go/internal/version/version.go | |
1785 | go/src/cmd/go/internal/vet/vet.go | 1785 | go/src/cmd/go/internal/vet/vet.go | |
1786 | go/src/cmd/go/internal/vet/vetflag.go | 1786 | go/src/cmd/go/internal/vet/vetflag.go | |
1787 | go/src/cmd/go/internal/web/bootstrap.go | 1787 | go/src/cmd/go/internal/web/bootstrap.go | |
1788 | go/src/cmd/go/internal/web/http.go | 1788 | go/src/cmd/go/internal/web/http.go | |
1789 | go/src/cmd/go/internal/web/security.go | 1789 | go/src/cmd/go/internal/web/security.go | |
1790 | go/src/cmd/go/internal/work/build.go | 1790 | go/src/cmd/go/internal/work/build.go | |
1791 | go/src/cmd/go/internal/work/build_test.go | 1791 | go/src/cmd/go/internal/work/build_test.go | |
1792 | go/src/cmd/go/internal/work/security.go | |||
1793 | go/src/cmd/go/internal/work/security_test.go | |||
1792 | go/src/cmd/go/internal/work/testgo.go | 1794 | go/src/cmd/go/internal/work/testgo.go | |
1793 | go/src/cmd/go/main.go | 1795 | go/src/cmd/go/main.go | |
1794 | go/src/cmd/go/mkalldocs.sh | 1796 | go/src/cmd/go/mkalldocs.sh | |
1795 | go/src/cmd/go/note_test.go | 1797 | go/src/cmd/go/note_test.go | |
1796 | go/src/cmd/go/testdata/dep_test.go | 1798 | go/src/cmd/go/testdata/dep_test.go | |
1797 | go/src/cmd/go/testdata/example1_test.go | 1799 | go/src/cmd/go/testdata/example1_test.go | |
1798 | go/src/cmd/go/testdata/example2_test.go | 1800 | go/src/cmd/go/testdata/example2_test.go | |
1799 | go/src/cmd/go/testdata/failssh/ssh | 1801 | go/src/cmd/go/testdata/failssh/ssh | |
1800 | go/src/cmd/go/testdata/flag_test.go | 1802 | go/src/cmd/go/testdata/flag_test.go | |
1801 | go/src/cmd/go/testdata/generate/test1.go | 1803 | go/src/cmd/go/testdata/generate/test1.go | |
1802 | go/src/cmd/go/testdata/generate/test2.go | 1804 | go/src/cmd/go/testdata/generate/test2.go | |
1803 | go/src/cmd/go/testdata/generate/test3.go | 1805 | go/src/cmd/go/testdata/generate/test3.go | |
1804 | go/src/cmd/go/testdata/generate/test4.go | 1806 | go/src/cmd/go/testdata/generate/test4.go |
@@ -1,12 +1,12 @@ | @@ -1,12 +1,12 @@ | |||
1 | $NetBSD: distinfo,v 1.56 2018/01/28 11:31:03 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.57 2018/02/08 19:32:17 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (go1.9.3.src.tar.gz) = e1854548e8e2defca7d63ab752ff46f38eb7db2a | 3 | SHA1 (go1.9.4.src.tar.gz) = 12b0ecee83525cd594f4fbf30380d4832e06f189 | |
4 | RMD160 (go1.9.3.src.tar.gz) = 0088a287f3a3c4bd4c152101f684e22173c59fa4 | 4 | RMD160 (go1.9.4.src.tar.gz) = 801d6a8a57d2dc0fefba283ea1ae456b869a7398 | |
5 | SHA512 (go1.9.3.src.tar.gz) = 31c564af58b78c648c9bece8fa2ed3334feb80316b07b16f6286319e26d317da90d1af0464c3a2f776a3da72d31b22b063dbc620b93114bf142a11e8a625e527 | 5 | SHA512 (go1.9.4.src.tar.gz) = 1a7c830e07507ff7b89025adfb5c713444d97301f8ad47ef2564722c1e28186e946350f07e22777fbdd6f2f589c334eb01dfd589e97cb8a86f73669547badb0b | |
6 | Size (go1.9.3.src.tar.gz) = 16385451 bytes | 6 | Size (go1.9.4.src.tar.gz) = 16392325 bytes | |
7 | SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29 | 7 | SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29 | |
8 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | 8 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | |
9 | SHA1 (patch-src_cmd_link_internal_ld_elf.go) = acc8d92b7eae1b77470bd3e88af93d458695ac76 | 9 | SHA1 (patch-src_cmd_link_internal_ld_elf.go) = acc8d92b7eae1b77470bd3e88af93d458695ac76 | |
10 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 93a2de7c685a0919fe93f5bc99f156e105dace4d | 10 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 93a2de7c685a0919fe93f5bc99f156e105dace4d | |
11 | SHA1 (patch-src_runtime_os__netbsd.go) = 9b80de94667e3f8d8d1ae3648ab1fe43dd55d577 | 11 | SHA1 (patch-src_runtime_os__netbsd.go) = 9b80de94667e3f8d8d1ae3648ab1fe43dd55d577 | |
12 | SHA1 (patch-src_runtime_rt0__netbsd__arm.s) = 45e727f4e89470505664e7c38bdb8ebd314bcaf5 | 12 | SHA1 (patch-src_runtime_rt0__netbsd__arm.s) = 45e727f4e89470505664e7c38bdb8ebd314bcaf5 |
@@ -1,20 +1,20 @@ | @@ -1,20 +1,20 @@ | |||
1 | # $NetBSD: version.mk,v 1.33 2018/01/30 17:05:21 jperkin Exp $ | 1 | # $NetBSD: version.mk,v 1.34 2018/02/08 19:32:17 bsiegert Exp $ | |
2 | 2 | |||
3 | SSP_SUPPORTED= no | 3 | SSP_SUPPORTED= no | |
4 | 4 | |||
5 | .include "../../mk/bsd.prefs.mk" | 5 | .include "../../mk/bsd.prefs.mk" | |
6 | 6 | |||
7 | GO_VERSION= 1.9.3 | 7 | GO_VERSION= 1.9.4 | |
8 | GO14_VERSION= 1.4.3 | 8 | GO14_VERSION= 1.4.3 | |
9 | 9 | |||
10 | ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-earmv[67]hf | 10 | ONLY_FOR_PLATFORM= *-*-i386 *-*-x86_64 *-*-earmv[67]hf | |
11 | NOT_FOR_PLATFORM= SunOS-*-i386 | 11 | NOT_FOR_PLATFORM= SunOS-*-i386 | |
12 | .if ${MACHINE_ARCH} == "i386" | 12 | .if ${MACHINE_ARCH} == "i386" | |
13 | GOARCH= 386 | 13 | GOARCH= 386 | |
14 | GOCHAR= 8 | 14 | GOCHAR= 8 | |
15 | .elif ${MACHINE_ARCH} == "x86_64" | 15 | .elif ${MACHINE_ARCH} == "x86_64" | |
16 | GOARCH= amd64 | 16 | GOARCH= amd64 | |
17 | GOCHAR= 6 | 17 | GOCHAR= 6 | |
18 | .elif ${MACHINE_ARCH} == "earmv6hf" || ${MACHINE_ARCH} == "earmv7hf" | 18 | .elif ${MACHINE_ARCH} == "earmv6hf" || ${MACHINE_ARCH} == "earmv7hf" | |
19 | GOARCH= arm | 19 | GOARCH= arm | |
20 | GOCHAR= 5 | 20 | GOCHAR= 5 |