Update go116 to 1.16.15. This minor release includes a security fix following the security policy: regexp: stack exhaustion compiling deeply nested expressions On 64-bit platforms, an extremely deeply nested expression can cause regexp.Compile to cause goroutine stack exhaustion, forcing the program to exit. Note this applies to very large expressions, on the order of 2MB. Thanks to Juho Nurminen of Mattermost for reporting this. This is CVE-2022-24921 and https://go.dev/issue/51112.diff -r1.141 -r1.142 pkgsrc/lang/go/version.mk
(bsiegert)
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | # $NetBSD: version.mk,v 1.141 2022/02/12 20:14:01 bsiegert Exp $ | 1 | # $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $ | |
2 | 2 | |||
3 | # | 3 | # | |
4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | 4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | |
5 | # file must be included directly in the package prior to bsd.prefs.mk. | 5 | # file must be included directly in the package prior to bsd.prefs.mk. | |
6 | # | 6 | # | |
7 | .include "go-vars.mk" | 7 | .include "go-vars.mk" | |
8 | 8 | |||
9 | GO117_VERSION= 1.17.7 | 9 | GO117_VERSION= 1.17.7 | |
10 | GO116_VERSION= 1.16.14 | 10 | GO116_VERSION= 1.16.15 | |
11 | GO110_VERSION= 1.10.8 | 11 | GO110_VERSION= 1.10.8 | |
12 | GO19_VERSION= 1.9.7 | 12 | GO19_VERSION= 1.9.7 | |
13 | GO14_VERSION= 1.4.3 | 13 | GO14_VERSION= 1.4.3 | |
14 | 14 | |||
15 | .include "../../mk/bsd.prefs.mk" | 15 | .include "../../mk/bsd.prefs.mk" | |
16 | 16 | |||
17 | .if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000 | 17 | .if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000 | |
18 | # 1.9 is the last Go version to support NetBSD 6 | 18 | # 1.9 is the last Go version to support NetBSD 6 | |
19 | GO_VERSION_DEFAULT?= 19 | 19 | GO_VERSION_DEFAULT?= 19 | |
20 | .elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000 | 20 | .elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000 | |
21 | # go 1.11 removed support for osx 10.8 and 10.9 | 21 | # go 1.11 removed support for osx 10.8 and 10.9 | |
22 | # https://github.com/golang/go/issues/23122 | 22 | # https://github.com/golang/go/issues/23122 | |
23 | # darwin version 13.4 is osx 10.9.5 | 23 | # darwin version 13.4 is osx 10.9.5 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.12 2022/02/12 19:52:40 bsiegert Exp $ | 1 | @comment $NetBSD: PLIST,v 1.13 2022/03/06 09:53:43 bsiegert Exp $ | |
2 | bin/go${GOVERSSUFFIX} | 2 | bin/go${GOVERSSUFFIX} | |
3 | bin/gofmt${GOVERSSUFFIX} | 3 | bin/gofmt${GOVERSSUFFIX} | |
4 | go116/AUTHORS | 4 | go116/AUTHORS | |
5 | go116/CONTRIBUTING.md | 5 | go116/CONTRIBUTING.md | |
6 | go116/CONTRIBUTORS | 6 | go116/CONTRIBUTORS | |
7 | go116/LICENSE | 7 | go116/LICENSE | |
8 | go116/PATENTS | 8 | go116/PATENTS | |
9 | go116/README.md | 9 | go116/README.md | |
10 | go116/SECURITY.md | 10 | go116/SECURITY.md | |
11 | go116/VERSION | 11 | go116/VERSION | |
12 | go116/api/README | 12 | go116/api/README | |
13 | go116/api/except.txt | 13 | go116/api/except.txt | |
14 | go116/api/go1.1.txt | 14 | go116/api/go1.1.txt | |
@@ -9227,26 +9227,27 @@ go116/test/fixedbugs/issue4932.dir/state | @@ -9227,26 +9227,27 @@ go116/test/fixedbugs/issue4932.dir/state | |||
9227 | go116/test/fixedbugs/issue4932.go | 9227 | go116/test/fixedbugs/issue4932.go | |
9228 | go116/test/fixedbugs/issue49378.go | 9228 | go116/test/fixedbugs/issue49378.go | |
9229 | go116/test/fixedbugs/issue4964.dir/a.go | 9229 | go116/test/fixedbugs/issue4964.dir/a.go | |
9230 | go116/test/fixedbugs/issue4964.dir/b.go | 9230 | go116/test/fixedbugs/issue4964.dir/b.go | |
9231 | go116/test/fixedbugs/issue4964.go | 9231 | go116/test/fixedbugs/issue4964.go | |
9232 | go116/test/fixedbugs/issue5002.go | 9232 | go116/test/fixedbugs/issue5002.go | |
9233 | go116/test/fixedbugs/issue5056.go | 9233 | go116/test/fixedbugs/issue5056.go | |
9234 | go116/test/fixedbugs/issue50671.go | 9234 | go116/test/fixedbugs/issue50671.go | |
9235 | go116/test/fixedbugs/issue50854.go | 9235 | go116/test/fixedbugs/issue50854.go | |
9236 | go116/test/fixedbugs/issue5089.go | 9236 | go116/test/fixedbugs/issue5089.go | |
9237 | go116/test/fixedbugs/issue5105.dir/a.go | 9237 | go116/test/fixedbugs/issue5105.dir/a.go | |
9238 | go116/test/fixedbugs/issue5105.dir/b.go | 9238 | go116/test/fixedbugs/issue5105.dir/b.go | |
9239 | go116/test/fixedbugs/issue5105.go | 9239 | go116/test/fixedbugs/issue5105.go | |
9240 | go116/test/fixedbugs/issue51101.go | |||
9240 | go116/test/fixedbugs/issue5125.dir/bug.go | 9241 | go116/test/fixedbugs/issue5125.dir/bug.go | |
9241 | go116/test/fixedbugs/issue5125.dir/main.go | 9242 | go116/test/fixedbugs/issue5125.dir/main.go | |
9242 | go116/test/fixedbugs/issue5125.go | 9243 | go116/test/fixedbugs/issue5125.go | |
9243 | go116/test/fixedbugs/issue5162.go | 9244 | go116/test/fixedbugs/issue5162.go | |
9244 | go116/test/fixedbugs/issue5172.go | 9245 | go116/test/fixedbugs/issue5172.go | |
9245 | go116/test/fixedbugs/issue5231.go | 9246 | go116/test/fixedbugs/issue5231.go | |
9246 | go116/test/fixedbugs/issue5244.go | 9247 | go116/test/fixedbugs/issue5244.go | |
9247 | go116/test/fixedbugs/issue5259.dir/bug.go | 9248 | go116/test/fixedbugs/issue5259.dir/bug.go | |
9248 | go116/test/fixedbugs/issue5259.dir/main.go | 9249 | go116/test/fixedbugs/issue5259.dir/main.go | |
9249 | go116/test/fixedbugs/issue5259.go | 9250 | go116/test/fixedbugs/issue5259.go | |
9250 | go116/test/fixedbugs/issue5260.dir/a.go | 9251 | go116/test/fixedbugs/issue5260.dir/a.go | |
9251 | go116/test/fixedbugs/issue5260.dir/b.go | 9252 | go116/test/fixedbugs/issue5260.dir/b.go | |
9252 | go116/test/fixedbugs/issue5260.go | 9253 | go116/test/fixedbugs/issue5260.go |
@@ -1,10 +1,10 @@ | @@ -1,10 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.20 2022/02/12 19:52:40 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.21 2022/03/06 09:53:43 bsiegert Exp $ | |
2 | 2 | |||
3 | BLAKE2s (go1.16.14.src.tar.gz) = 4cea58059f72e37c0d72513211f901f2fbe3c9956fb361d2bf82eae389556c7d | 3 | BLAKE2s (go1.16.15.src.tar.gz) = 78b23f96c75e8b159b3f49ff49c7f1930890d88815865bfb2906a70634cf6290 | |
4 | SHA512 (go1.16.14.src.tar.gz) = cd613d94d3c476a61bf9c3a7bb4f6f6c55a2b5c2732837e31bff4ca1f96941e42b2daa39ce3a8fced1a3808206c9711fc1c6cfe8c950b93b18179116478eef4e | 4 | SHA512 (go1.16.15.src.tar.gz) = 5b7fd234e6eb3db173ec536ac599a8c640eb4b0e8abeb16f7728efb6d7c927c41a7e8631505ba6983f565f0470a37458e60d8df33089f7ab773c250b44413e66 | |
5 | Size (go1.16.14.src.tar.gz) = 20932846 bytes | 5 | Size (go1.16.15.src.tar.gz) = 20936353 bytes | |
6 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | 6 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | |
7 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | 7 | SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e | |
8 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e | 8 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e | |
9 | SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e | 9 | SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e | |
10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b | 10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b |