Update go116 to 1.16.1, fixing two security issues: - encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by xml.NewTokenDecoder may enter an infinite loop when operating on a custom xml.TokenReader which returns an EOF in the middle of an open XML element. Thanks to Sam Whited for reporting this issue. This issue is CVE-2021-27918 and Go issue golang.org/issue/44913. - archive/zip: panic when calling Reader.Open The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive containing files that start with "../". This issue is CVE-2021-27919 and Go issue golang.org/issue/44916.diff -r1.111 -r1.112 pkgsrc/lang/go/version.mk
(bsiegert)
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | # $NetBSD: version.mk,v 1.111 2021/02/17 08:07:03 bsiegert Exp $ | 1 | # $NetBSD: version.mk,v 1.112 2021/03/10 19:55:17 bsiegert Exp $ | |
2 | 2 | |||
3 | # | 3 | # | |
4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | 4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | |
5 | # file must be included directly in the package prior to bsd.prefs.mk. | 5 | # file must be included directly in the package prior to bsd.prefs.mk. | |
6 | # | 6 | # | |
7 | .include "go-vars.mk" | 7 | .include "go-vars.mk" | |
8 | 8 | |||
9 | GO116_VERSION= 1.16 | 9 | GO116_VERSION= 1.16.1 | |
10 | GO115_VERSION= 1.15.7 | 10 | GO115_VERSION= 1.15.7 | |
11 | GO114_VERSION= 1.14.14 | 11 | GO114_VERSION= 1.14.14 | |
12 | GO113_VERSION= 1.13.15 | 12 | GO113_VERSION= 1.13.15 | |
13 | GO110_VERSION= 1.10.8 | 13 | GO110_VERSION= 1.10.8 | |
14 | GO19_VERSION= 1.9.7 | 14 | GO19_VERSION= 1.9.7 | |
15 | GO14_VERSION= 1.4.3 | 15 | GO14_VERSION= 1.4.3 | |
16 | 16 | |||
17 | .include "../../mk/bsd.prefs.mk" | 17 | .include "../../mk/bsd.prefs.mk" | |
18 | 18 | |||
19 | .if ${OPSYS} == "NetBSD" && ${OS_VERSION:M6.*} | 19 | .if ${OPSYS} == "NetBSD" && ${OS_VERSION:M6.*} | |
20 | # 1.9 is the last Go version to support NetBSD 6 | 20 | # 1.9 is the last Go version to support NetBSD 6 | |
21 | GO_VERSION_DEFAULT?= 19 | 21 | GO_VERSION_DEFAULT?= 19 | |
22 | .elif ${OPSYS} == "Darwin" && ${MACHINE_ARCH} == "aarch64" | 22 | .elif ${OPSYS} == "Darwin" && ${MACHINE_ARCH} == "aarch64" |
@@ -1,10 +1,10 @@ | @@ -1,10 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.3 2021/02/17 08:07:03 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.4 2021/03/10 19:55:17 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (go1.16.src.tar.gz) = 1d2b65415c9061eeb800c888a936511d6af0d6d5 | 3 | SHA1 (go1.16.1.src.tar.gz) = ab7746ed5ec54110f5fbf4f8615a640530990111 | |
4 | RMD160 (go1.16.src.tar.gz) = 1009890b7d4bbf6d8888a6f7adae8b0e42edb7ae | 4 | RMD160 (go1.16.1.src.tar.gz) = cab008285e02e97ab3523239684f9ad0b102da6b | |
5 | SHA512 (go1.16.src.tar.gz) = 9c43e0ebb2d35c694b652cae8d4040ce3f3c8c014abd9496c92c78cc015ecea5b5331e7c2acf098d0c24dec222454ea09d834df4b6bc90d46e9feeac0ac578bf | 5 | SHA512 (go1.16.1.src.tar.gz) = c7674be1a4a03c031d13a52e03a5e134bd2f499fe1bde3083885e363528252fce43b119974b804c8c46ec59e85337bb94e96b7a7183bdb78301898e222b3bba1 | |
6 | Size (go1.16.src.tar.gz) = 20895394 bytes | 6 | Size (go1.16.1.src.tar.gz) = 20897580 bytes | |
7 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | 7 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | |
8 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | 8 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | |
9 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e | 9 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e | |
10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b | 10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b |