Fri Aug 12 15:48:36 2022 UTC ()
go117: update to 1.17.13 (security).

1 security fix following the security policy:

encoding/gob & math/big: decoding big.Float and big.Rat can panic

Decoding big.Float and big.Rat types can panic if the encoded message is too
short.
This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.


(bsiegert)
diff -r1.153 -r1.154 pkgsrc/lang/go/version.mk
diff -r1.11 -r1.12 pkgsrc/lang/go117/PLIST
diff -r1.18 -r1.19 pkgsrc/lang/go117/distinfo
cvs diff -r1.153 -r1.154 pkgsrc/lang/go/version.mk (expand / switch to unified diff)

--- pkgsrc/lang/go/version.mk 2022/07/13 15:02:02 1.153
+++ pkgsrc/lang/go/version.mk 2022/08/12 15:48:35 1.154
@@ -1,23 +1,23 @@ @@ -1,23 +1,23 @@
1# $NetBSD: version.mk,v 1.153 2022/07/13 15:02:02 bsiegert Exp $ 1# $NetBSD: version.mk,v 1.154 2022/08/12 15:48:35 bsiegert Exp $
2 2
3# 3#
4# If bsd.prefs.mk is included before go-package.mk in a package, then this 4# If bsd.prefs.mk is included before go-package.mk in a package, then this
5# file must be included directly in the package prior to bsd.prefs.mk. 5# file must be included directly in the package prior to bsd.prefs.mk.
6# 6#
7.include "go-vars.mk" 7.include "go-vars.mk"
8 8
9GO118_VERSION= 1.18.4 9GO118_VERSION= 1.18.4
10GO117_VERSION= 1.17.12 10GO117_VERSION= 1.17.13
11GO116_VERSION= 1.16.15 11GO116_VERSION= 1.16.15
12GO110_VERSION= 1.10.8 12GO110_VERSION= 1.10.8
13GO19_VERSION= 1.9.7 13GO19_VERSION= 1.9.7
14GO14_VERSION= 1.4.3 14GO14_VERSION= 1.4.3
15 15
16.include "../../mk/bsd.prefs.mk" 16.include "../../mk/bsd.prefs.mk"
17 17
18.if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000 18.if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 070000
19# 1.9 is the last Go version to support NetBSD 6 19# 1.9 is the last Go version to support NetBSD 6
20GO_VERSION_DEFAULT?= 19 20GO_VERSION_DEFAULT?= 19
21.elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000 21.elif ${OPSYS} == "Darwin" && ${OPSYS_VERSION} < 101000
22# go 1.11 removed support for osx 10.8 and 10.9 22# go 1.11 removed support for osx 10.8 and 10.9
23# https://github.com/golang/go/issues/23122 23# https://github.com/golang/go/issues/23122
cvs diff -r1.11 -r1.12 pkgsrc/lang/go117/Attic/PLIST (expand / switch to unified diff)

--- pkgsrc/lang/go117/Attic/PLIST 2022/07/13 14:14:18 1.11
+++ pkgsrc/lang/go117/Attic/PLIST 2022/08/12 15:48:35 1.12
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.11 2022/07/13 14:14:18 bsiegert Exp $ 1@comment $NetBSD: PLIST,v 1.12 2022/08/12 15:48:35 bsiegert Exp $
2bin/go${GOVERSSUFFIX} 2bin/go${GOVERSSUFFIX}
3bin/gofmt${GOVERSSUFFIX} 3bin/gofmt${GOVERSSUFFIX}
4go117/AUTHORS 4go117/AUTHORS
5go117/CONTRIBUTING.md 5go117/CONTRIBUTING.md
6go117/CONTRIBUTORS 6go117/CONTRIBUTORS
7go117/LICENSE 7go117/LICENSE
8go117/PATENTS 8go117/PATENTS
9go117/README.md 9go117/README.md
10go117/SECURITY.md 10go117/SECURITY.md
11go117/VERSION 11go117/VERSION
12go117/api/README 12go117/api/README
13go117/api/except.txt 13go117/api/except.txt
14go117/api/go1.1.txt 14go117/api/go1.1.txt
@@ -10056,28 +10056,31 @@ go117/test/fixedbugs/issue5125.go @@ -10056,28 +10056,31 @@ go117/test/fixedbugs/issue5125.go
10056go117/test/fixedbugs/issue5162.go 10056go117/test/fixedbugs/issue5162.go
10057go117/test/fixedbugs/issue5172.go 10057go117/test/fixedbugs/issue5172.go
10058go117/test/fixedbugs/issue5231.go 10058go117/test/fixedbugs/issue5231.go
10059go117/test/fixedbugs/issue5244.go 10059go117/test/fixedbugs/issue5244.go
10060go117/test/fixedbugs/issue5259.dir/bug.go 10060go117/test/fixedbugs/issue5259.dir/bug.go
10061go117/test/fixedbugs/issue5259.dir/main.go 10061go117/test/fixedbugs/issue5259.dir/main.go
10062go117/test/fixedbugs/issue5259.go 10062go117/test/fixedbugs/issue5259.go
10063go117/test/fixedbugs/issue5260.dir/a.go 10063go117/test/fixedbugs/issue5260.dir/a.go
10064go117/test/fixedbugs/issue5260.dir/b.go 10064go117/test/fixedbugs/issue5260.dir/b.go
10065go117/test/fixedbugs/issue5260.go 10065go117/test/fixedbugs/issue5260.go
10066go117/test/fixedbugs/issue5291.dir/pkg1.go 10066go117/test/fixedbugs/issue5291.dir/pkg1.go
10067go117/test/fixedbugs/issue5291.dir/prog.go 10067go117/test/fixedbugs/issue5291.dir/prog.go
10068go117/test/fixedbugs/issue5291.go 10068go117/test/fixedbugs/issue5291.go
 10069go117/test/fixedbugs/issue52953.go
10069go117/test/fixedbugs/issue53454.go 10070go117/test/fixedbugs/issue53454.go
10070go117/test/fixedbugs/issue5358.go 10071go117/test/fixedbugs/issue5358.go
 10072go117/test/fixedbugs/issue53600.go
 10073go117/test/fixedbugs/issue53600.out
10071go117/test/fixedbugs/issue5373.go 10074go117/test/fixedbugs/issue5373.go
10072go117/test/fixedbugs/issue5470.dir/a.go 10075go117/test/fixedbugs/issue5470.dir/a.go
10073go117/test/fixedbugs/issue5470.dir/b.go 10076go117/test/fixedbugs/issue5470.dir/b.go
10074go117/test/fixedbugs/issue5470.go 10077go117/test/fixedbugs/issue5470.go
10075go117/test/fixedbugs/issue5493.go 10078go117/test/fixedbugs/issue5493.go
10076go117/test/fixedbugs/issue5515.go 10079go117/test/fixedbugs/issue5515.go
10077go117/test/fixedbugs/issue5581.go 10080go117/test/fixedbugs/issue5581.go
10078go117/test/fixedbugs/issue5607.go 10081go117/test/fixedbugs/issue5607.go
10079go117/test/fixedbugs/issue5609.go 10082go117/test/fixedbugs/issue5609.go
10080go117/test/fixedbugs/issue5614.dir/rethinkgo.go 10083go117/test/fixedbugs/issue5614.dir/rethinkgo.go
10081go117/test/fixedbugs/issue5614.dir/x.go 10084go117/test/fixedbugs/issue5614.dir/x.go
10082go117/test/fixedbugs/issue5614.dir/y.go 10085go117/test/fixedbugs/issue5614.dir/y.go
10083go117/test/fixedbugs/issue5614.go 10086go117/test/fixedbugs/issue5614.go
cvs diff -r1.18 -r1.19 pkgsrc/lang/go117/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/go117/Attic/distinfo 2022/07/13 14:14:18 1.18
+++ pkgsrc/lang/go117/Attic/distinfo 2022/08/12 15:48:35 1.19
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
1$NetBSD: distinfo,v 1.18 2022/07/13 14:14:18 bsiegert Exp $ 1$NetBSD: distinfo,v 1.19 2022/08/12 15:48:35 bsiegert Exp $
2 2
3BLAKE2s (go1.17.12.src.tar.gz) = 061cbbc13a599a2bba01fccd6c6686c5174f4f4f6cbac8cb515ffd233ef6ad2a 3BLAKE2s (go1.17.13.src.tar.gz) = 5c01becc260a43790a30faf468deacb8d2185292effa84f402fca3a57bbb2e64
4SHA512 (go1.17.12.src.tar.gz) = d2bcea2a33723af5c2ae871f5c44694c69d37c74c62e81eddeaf4bfedf124feea2752997d3a359990071bf01f88942fc66b21cb092385946ad4ae9410854c8b9 4SHA512 (go1.17.13.src.tar.gz) = 2820bdd679fdb5e37d4c601b26c246bab23d4e8e1b226ac37c38e90a68b693e877bff944275eb25e3296ee772e7b40ef7d71dd49cca524df4cb8e721bfb50c33
5Size (go1.17.12.src.tar.gz) = 22205674 bytes 5Size (go1.17.13.src.tar.gz) = 22206518 bytes
6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe 6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
7SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 7SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
8SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e 8SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e
9SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e 9SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e
10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b 10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b