Mon Mar 7 08:44:52 2022 UTC ()
Update go117 to 1.17.8 (security).

This minor release includes a security fix following the security policy:

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.

Thanks to Juho Nurminen of Mattermost for reporting this.

This is CVE-2022-24921 and https://go.dev/issue/51112.


(bsiegert)
diff -r1.142 -r1.143 pkgsrc/lang/go/version.mk
diff -r1.6 -r1.7 pkgsrc/lang/go117/PLIST
diff -r1.13 -r1.14 pkgsrc/lang/go117/distinfo
cvs diff -r1.142 -r1.143 pkgsrc/lang/go/version.mk (expand / switch to context diff)
--- pkgsrc/lang/go/version.mk 2022/03/06 09:53:43 1.142
+++ pkgsrc/lang/go/version.mk 2022/03/07 08:44:52 1.143
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $
+# $NetBSD: version.mk,v 1.143 2022/03/07 08:44:52 bsiegert Exp $
 
 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"
 
-GO117_VERSION=	1.17.7
+GO117_VERSION=	1.17.8
 GO116_VERSION=	1.16.15
 GO110_VERSION=	1.10.8
 GO19_VERSION=	1.9.7
cvs diff -r1.6 -r1.7 pkgsrc/lang/go117/Attic/PLIST (expand / switch to context diff)
--- pkgsrc/lang/go117/Attic/PLIST 2022/02/12 20:14:01 1.6
+++ pkgsrc/lang/go117/Attic/PLIST 2022/03/07 08:44:52 1.7
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/02/12 20:14:01 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/03/07 08:44:52 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go117/AUTHORS
@@ -4237,6 +4237,7 @@
 go117/src/crypto/x509/internal/macos/security.s
 go117/src/crypto/x509/name_constraints_test.go
 go117/src/crypto/x509/parser.go
+go117/src/crypto/x509/parser_test.go
 go117/src/crypto/x509/pem_decrypt.go
 go117/src/crypto/x509/pem_decrypt_test.go
 go117/src/crypto/x509/pkcs1.go
@@ -10043,6 +10044,7 @@
 go117/test/fixedbugs/issue5105.dir/a.go
 go117/test/fixedbugs/issue5105.dir/b.go
 go117/test/fixedbugs/issue5105.go
+go117/test/fixedbugs/issue51101.go
 go117/test/fixedbugs/issue5125.dir/bug.go
 go117/test/fixedbugs/issue5125.dir/main.go
 go117/test/fixedbugs/issue5125.go
cvs diff -r1.13 -r1.14 pkgsrc/lang/go117/Attic/distinfo (expand / switch to context diff)
--- pkgsrc/lang/go117/Attic/distinfo 2022/02/12 20:14:01 1.13
+++ pkgsrc/lang/go117/Attic/distinfo 2022/03/07 08:44:52 1.14
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2022/02/12 20:14:01 bsiegert Exp $
+$NetBSD: distinfo,v 1.14 2022/03/07 08:44:52 bsiegert Exp $
 
-BLAKE2s (go1.17.7.src.tar.gz) = 8f04f9f8153f9a0dbd75898a49a9d1298b84a73d486460706a75ba81f9970dac
-SHA512 (go1.17.7.src.tar.gz) = ee20a97d19e501ee2c11930548bcacfa8b1e8499bbae15659231548f4b03c13bc92bb20c4ce879f0956c02268e748c73ba56d8b140ce8f134501c33cc8b58d3c
-Size (go1.17.7.src.tar.gz) = 22195583 bytes
+BLAKE2s (go1.17.8.src.tar.gz) = c974cde147bb2bd4e149b6d06f253be12ae6e4838170957c0a17c94cedaf6830
+SHA512 (go1.17.8.src.tar.gz) = 21d5c51ce62bc3b987dd5bf7c6b7e1a934fe40582bfbbe99ca80c26d41253e796a4b9d02c571f1e5ab3fd7c3950175e23b9929b0d934f421c96a6d6128c44668
+Size (go1.17.8.src.tar.gz) = 22199282 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e