Mon Mar 7 08:44:52 2022 UTC ()
Update go117 to 1.17.8 (security).
This minor release includes a security fix following the security policy:
regexp: stack exhaustion compiling deeply nested expressions
On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.
Thanks to Juho Nurminen of Mattermost for reporting this.
This is CVE-2022-24921 and https://go.dev/issue/51112.
(bsiegert)
diff -r1.142 -r1.143 pkgsrc/lang/go/version.mk
diff -r1.6 -r1.7 pkgsrc/lang/go117/PLIST
diff -r1.13 -r1.14 pkgsrc/lang/go117/distinfo
--- pkgsrc/lang/go/version.mk 2022/03/06 09:53:43 1.142
+++ pkgsrc/lang/go/version.mk 2022/03/07 08:44:52 1.143
@@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.142 2022/03/06 09:53:43 bsiegert Exp $
+# $NetBSD: version.mk,v 1.143 2022/03/07 08:44:52 bsiegert Exp $
#
# If bsd.prefs.mk is included before go-package.mk in a package, then this
@@ -6,7 +6,7 @@
#
.include "go-vars.mk"
-GO117_VERSION= 1.17.7
+GO117_VERSION= 1.17.8
GO116_VERSION= 1.16.15
GO110_VERSION= 1.10.8
GO19_VERSION= 1.9.7
--- pkgsrc/lang/go117/Attic/PLIST 2022/02/12 20:14:01 1.6
+++ pkgsrc/lang/go117/Attic/PLIST 2022/03/07 08:44:52 1.7
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2022/02/12 20:14:01 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/03/07 08:44:52 bsiegert Exp $
bin/go${GOVERSSUFFIX}
bin/gofmt${GOVERSSUFFIX}
go117/AUTHORS
@@ -4237,6 +4237,7 @@
go117/src/crypto/x509/internal/macos/security.s
go117/src/crypto/x509/name_constraints_test.go
go117/src/crypto/x509/parser.go
+go117/src/crypto/x509/parser_test.go
go117/src/crypto/x509/pem_decrypt.go
go117/src/crypto/x509/pem_decrypt_test.go
go117/src/crypto/x509/pkcs1.go
@@ -10043,6 +10044,7 @@
go117/test/fixedbugs/issue5105.dir/a.go
go117/test/fixedbugs/issue5105.dir/b.go
go117/test/fixedbugs/issue5105.go
+go117/test/fixedbugs/issue51101.go
go117/test/fixedbugs/issue5125.dir/bug.go
go117/test/fixedbugs/issue5125.dir/main.go
go117/test/fixedbugs/issue5125.go
--- pkgsrc/lang/go117/Attic/distinfo 2022/02/12 20:14:01 1.13
+++ pkgsrc/lang/go117/Attic/distinfo 2022/03/07 08:44:52 1.14
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.13 2022/02/12 20:14:01 bsiegert Exp $
+$NetBSD: distinfo,v 1.14 2022/03/07 08:44:52 bsiegert Exp $
-BLAKE2s (go1.17.7.src.tar.gz) = 8f04f9f8153f9a0dbd75898a49a9d1298b84a73d486460706a75ba81f9970dac
-SHA512 (go1.17.7.src.tar.gz) = ee20a97d19e501ee2c11930548bcacfa8b1e8499bbae15659231548f4b03c13bc92bb20c4ce879f0956c02268e748c73ba56d8b140ce8f134501c33cc8b58d3c
-Size (go1.17.7.src.tar.gz) = 22195583 bytes
+BLAKE2s (go1.17.8.src.tar.gz) = c974cde147bb2bd4e149b6d06f253be12ae6e4838170957c0a17c94cedaf6830
+SHA512 (go1.17.8.src.tar.gz) = 21d5c51ce62bc3b987dd5bf7c6b7e1a934fe40582bfbbe99ca80c26d41253e796a4b9d02c571f1e5ab3fd7c3950175e23b9929b0d934f421c96a6d6128c44668
+Size (go1.17.8.src.tar.gz) = 22199282 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e