Sun Mar 6 09:53:43 2022 UTC ()
Update go116 to 1.16.15.

This minor release includes a security fix following the security policy:

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.

Thanks to Juho Nurminen of Mattermost for reporting this.

This is CVE-2022-24921 and https://go.dev/issue/51112.


(bsiegert)
diff -r1.141 -r1.142 pkgsrc/lang/go/version.mk
diff -r1.12 -r1.13 pkgsrc/lang/go116/PLIST
diff -r1.20 -r1.21 pkgsrc/lang/go116/distinfo
cvs diff -r1.141 -r1.142 pkgsrc/lang/go/version.mk (expand / switch to unified diff)

--- pkgsrc/lang/go/version.mk 2022/02/12 20:14:01 1.141
+++ pkgsrc/lang/go/version.mk 2022/03/06 09:53:43 1.142
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: version.mk,v 1.141 2022/02/12 20:14:01 bsiegert Exp $ 1# $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $
2 2
3# 3#
4# If bsd.prefs.mk is included before go-package.mk in a package, then this 4# If bsd.prefs.mk is included before go-package.mk in a package, then this
5# file must be included directly in the package prior to bsd.prefs.mk. 5# file must be included directly in the package prior to bsd.prefs.mk.
6# 6#
7.include "go-vars.mk" 7.include "go-vars.mk"
8 8
9GO117_VERSION= 1.17.7 9GO117_VERSION= 1.17.7
10GO116_VERSION= 1.16.14 10GO116_VERSION= 1.16.15
11GO110_VERSION= 1.10.8 11GO110_VERSION= 1.10.8
12GO19_VERSION= 1.9.7 12GO19_VERSION= 1.9.7
13GO14_VERSION= 1.4.3 13GO14_VERSION= 1.4.3
14 14
15.include "../../mk/bsd.prefs.mk" 15.include "../../mk/bsd.prefs.mk"
16 16
17.if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000 17.if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000
18# 1.9 is the last Go version to support NetBSD 6 18# 1.9 is the last Go version to support NetBSD 6
19GO_VERSION_DEFAULT?= 19 19GO_VERSION_DEFAULT?= 19
20.elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000 20.elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000
21# go 1.11 removed support for osx 10.8 and 10.9 21# go 1.11 removed support for osx 10.8 and 10.9
22# https://github.com/golang/go/issues/23122 22# https://github.com/golang/go/issues/23122
23# darwin version 13.4 is osx 10.9.5 23# darwin version 13.4 is osx 10.9.5
cvs diff -r1.12 -r1.13 pkgsrc/lang/go116/Attic/PLIST (expand / switch to unified diff)

--- pkgsrc/lang/go116/Attic/PLIST 2022/02/12 19:52:40 1.12
+++ pkgsrc/lang/go116/Attic/PLIST 2022/03/06 09:53:43 1.13
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.12 2022/02/12 19:52:40 bsiegert Exp $ 1@comment $NetBSD: PLIST,v 1.13 2022/03/06 09:53:43 bsiegert Exp $
2bin/go${GOVERSSUFFIX} 2bin/go${GOVERSSUFFIX}
3bin/gofmt${GOVERSSUFFIX} 3bin/gofmt${GOVERSSUFFIX}
4go116/AUTHORS 4go116/AUTHORS
5go116/CONTRIBUTING.md 5go116/CONTRIBUTING.md
6go116/CONTRIBUTORS 6go116/CONTRIBUTORS
7go116/LICENSE 7go116/LICENSE
8go116/PATENTS 8go116/PATENTS
9go116/README.md 9go116/README.md
10go116/SECURITY.md 10go116/SECURITY.md
11go116/VERSION 11go116/VERSION
12go116/api/README 12go116/api/README
13go116/api/except.txt 13go116/api/except.txt
14go116/api/go1.1.txt 14go116/api/go1.1.txt
@@ -9227,26 +9227,27 @@ go116/test/fixedbugs/issue4932.dir/state @@ -9227,26 +9227,27 @@ go116/test/fixedbugs/issue4932.dir/state
9227go116/test/fixedbugs/issue4932.go 9227go116/test/fixedbugs/issue4932.go
9228go116/test/fixedbugs/issue49378.go 9228go116/test/fixedbugs/issue49378.go
9229go116/test/fixedbugs/issue4964.dir/a.go 9229go116/test/fixedbugs/issue4964.dir/a.go
9230go116/test/fixedbugs/issue4964.dir/b.go 9230go116/test/fixedbugs/issue4964.dir/b.go
9231go116/test/fixedbugs/issue4964.go 9231go116/test/fixedbugs/issue4964.go
9232go116/test/fixedbugs/issue5002.go 9232go116/test/fixedbugs/issue5002.go
9233go116/test/fixedbugs/issue5056.go 9233go116/test/fixedbugs/issue5056.go
9234go116/test/fixedbugs/issue50671.go 9234go116/test/fixedbugs/issue50671.go
9235go116/test/fixedbugs/issue50854.go 9235go116/test/fixedbugs/issue50854.go
9236go116/test/fixedbugs/issue5089.go 9236go116/test/fixedbugs/issue5089.go
9237go116/test/fixedbugs/issue5105.dir/a.go 9237go116/test/fixedbugs/issue5105.dir/a.go
9238go116/test/fixedbugs/issue5105.dir/b.go 9238go116/test/fixedbugs/issue5105.dir/b.go
9239go116/test/fixedbugs/issue5105.go 9239go116/test/fixedbugs/issue5105.go
 9240go116/test/fixedbugs/issue51101.go
9240go116/test/fixedbugs/issue5125.dir/bug.go 9241go116/test/fixedbugs/issue5125.dir/bug.go
9241go116/test/fixedbugs/issue5125.dir/main.go 9242go116/test/fixedbugs/issue5125.dir/main.go
9242go116/test/fixedbugs/issue5125.go 9243go116/test/fixedbugs/issue5125.go
9243go116/test/fixedbugs/issue5162.go 9244go116/test/fixedbugs/issue5162.go
9244go116/test/fixedbugs/issue5172.go 9245go116/test/fixedbugs/issue5172.go
9245go116/test/fixedbugs/issue5231.go 9246go116/test/fixedbugs/issue5231.go
9246go116/test/fixedbugs/issue5244.go 9247go116/test/fixedbugs/issue5244.go
9247go116/test/fixedbugs/issue5259.dir/bug.go 9248go116/test/fixedbugs/issue5259.dir/bug.go
9248go116/test/fixedbugs/issue5259.dir/main.go 9249go116/test/fixedbugs/issue5259.dir/main.go
9249go116/test/fixedbugs/issue5259.go 9250go116/test/fixedbugs/issue5259.go
9250go116/test/fixedbugs/issue5260.dir/a.go 9251go116/test/fixedbugs/issue5260.dir/a.go
9251go116/test/fixedbugs/issue5260.dir/b.go 9252go116/test/fixedbugs/issue5260.dir/b.go
9252go116/test/fixedbugs/issue5260.go 9253go116/test/fixedbugs/issue5260.go
cvs diff -r1.20 -r1.21 pkgsrc/lang/go116/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/go116/Attic/distinfo 2022/02/12 19:52:40 1.20
+++ pkgsrc/lang/go116/Attic/distinfo 2022/03/06 09:53:43 1.21
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
1$NetBSD: distinfo,v 1.20 2022/02/12 19:52:40 bsiegert Exp $ 1$NetBSD: distinfo,v 1.21 2022/03/06 09:53:43 bsiegert Exp $
2 2
3BLAKE2s (go1.16.14.src.tar.gz) = 4cea58059f72e37c0d72513211f901f2fbe3c9956fb361d2bf82eae389556c7d 3BLAKE2s (go1.16.15.src.tar.gz) = 78b23f96c75e8b159b3f49ff49c7f1930890d88815865bfb2906a70634cf6290
4SHA512 (go1.16.14.src.tar.gz) = cd613d94d3c476a61bf9c3a7bb4f6f6c55a2b5c2732837e31bff4ca1f96941e42b2daa39ce3a8fced1a3808206c9711fc1c6cfe8c950b93b18179116478eef4e 4SHA512 (go1.16.15.src.tar.gz) = 5b7fd234e6eb3db173ec536ac599a8c640eb4b0e8abeb16f7728efb6d7c927c41a7e8631505ba6983f565f0470a37458e60d8df33089f7ab773c250b44413e66
5Size (go1.16.14.src.tar.gz) = 20932846 bytes 5Size (go1.16.15.src.tar.gz) = 20936353 bytes
6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe 6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
7SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e 7SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
8SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e 8SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e
9SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e 9SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e
10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b 10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b