Sat Jul 15 10:40:37 2023 UTC ()
go120: update to 1.20.6 (security)

This minor release includes 1 security fix following the security policy:

net/http: insufficient sanitization of Host header

The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.

Thanks to Bartek Nowotarski for reporting this issue.

Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374


(bsiegert)
diff -r1.182 -r1.183 pkgsrc/lang/go/version.mk
diff -r1.6 -r1.7 pkgsrc/lang/go120/PLIST
diff -r1.6 -r1.7 pkgsrc/lang/go120/distinfo
cvs diff -r1.182 -r1.183 pkgsrc/lang/go/version.mk (expand / switch to unified diff)

--- pkgsrc/lang/go/version.mk 2023/07/15 10:35:14 1.182
+++ pkgsrc/lang/go/version.mk 2023/07/15 10:40:37 1.183
@@ -1,22 +1,22 @@ @@ -1,22 +1,22 @@
1# $NetBSD: version.mk,v 1.182 2023/07/15 10:35:14 bsiegert Exp $ 1# $NetBSD: version.mk,v 1.183 2023/07/15 10:40:37 bsiegert Exp $
2 2
3# 3#
4# If bsd.prefs.mk is included before go-package.mk in a package, then this 4# If bsd.prefs.mk is included before go-package.mk in a package, then this
5# file must be included directly in the package prior to bsd.prefs.mk. 5# file must be included directly in the package prior to bsd.prefs.mk.
6# 6#
7.include "go-vars.mk" 7.include "go-vars.mk"
8 8
9GO120_VERSION= 1.20.5 9GO120_VERSION= 1.20.6
10GO119_VERSION= 1.19.11 10GO119_VERSION= 1.19.11
11GO118_VERSION= 1.18.10 11GO118_VERSION= 1.18.10
12GO14_VERSION= 1.4.3 12GO14_VERSION= 1.4.3
13 13
14.include "../../mk/bsd.prefs.mk" 14.include "../../mk/bsd.prefs.mk"
15 15
16GO_VERSION_DEFAULT?= 120 16GO_VERSION_DEFAULT?= 120
17 17
18.if !empty(GO_VERSION_DEFAULT) 18.if !empty(GO_VERSION_DEFAULT)
19GOVERSSUFFIX= ${GO_VERSION_DEFAULT} 19GOVERSSUFFIX= ${GO_VERSION_DEFAULT}
20.endif 20.endif
21 21
22# How to find the Go tool 22# How to find the Go tool
cvs diff -r1.6 -r1.7 pkgsrc/lang/go120/PLIST (expand / switch to unified diff)

--- pkgsrc/lang/go120/PLIST 2023/06/10 11:41:31 1.6
+++ pkgsrc/lang/go120/PLIST 2023/07/15 10:40:37 1.7
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.6 2023/06/10 11:41:31 bsiegert Exp $ 1@comment $NetBSD: PLIST,v 1.7 2023/07/15 10:40:37 bsiegert Exp $
2bin/go${GOVERSSUFFIX} 2bin/go${GOVERSSUFFIX}
3bin/gofmt${GOVERSSUFFIX} 3bin/gofmt${GOVERSSUFFIX}
4go120/CONTRIBUTING.md 4go120/CONTRIBUTING.md
5go120/LICENSE 5go120/LICENSE
6go120/PATENTS 6go120/PATENTS
7go120/README.md 7go120/README.md
8go120/SECURITY.md 8go120/SECURITY.md
9go120/VERSION 9go120/VERSION
10go120/api/README 10go120/api/README
11go120/api/except.txt 11go120/api/except.txt
12go120/api/go1.1.txt 12go120/api/go1.1.txt
13go120/api/go1.10.txt 13go120/api/go1.10.txt
14go120/api/go1.11.txt 14go120/api/go1.11.txt
@@ -2071,26 +2071,27 @@ go120/src/cmd/go/testdata/script/link_ma @@ -2071,26 +2071,27 @@ go120/src/cmd/go/testdata/script/link_ma
2071go120/src/cmd/go/testdata/script/link_syso_deps.txt 2071go120/src/cmd/go/testdata/script/link_syso_deps.txt
2072go120/src/cmd/go/testdata/script/link_syso_issue33139.txt 2072go120/src/cmd/go/testdata/script/link_syso_issue33139.txt
2073go120/src/cmd/go/testdata/script/linkname.txt 2073go120/src/cmd/go/testdata/script/linkname.txt
2074go120/src/cmd/go/testdata/script/list_all_gobuild.txt 2074go120/src/cmd/go/testdata/script/list_all_gobuild.txt
2075go120/src/cmd/go/testdata/script/list_ambiguous_path.txt 2075go120/src/cmd/go/testdata/script/list_ambiguous_path.txt
2076go120/src/cmd/go/testdata/script/list_bad_import.txt 2076go120/src/cmd/go/testdata/script/list_bad_import.txt
2077go120/src/cmd/go/testdata/script/list_case_collision.txt 2077go120/src/cmd/go/testdata/script/list_case_collision.txt
2078go120/src/cmd/go/testdata/script/list_cgo_compiled_importmap.txt 2078go120/src/cmd/go/testdata/script/list_cgo_compiled_importmap.txt
2079go120/src/cmd/go/testdata/script/list_compiled_files_issue28749.txt 2079go120/src/cmd/go/testdata/script/list_compiled_files_issue28749.txt
2080go120/src/cmd/go/testdata/script/list_compiled_imports.txt 2080go120/src/cmd/go/testdata/script/list_compiled_imports.txt
2081go120/src/cmd/go/testdata/script/list_compiler_output.txt 2081go120/src/cmd/go/testdata/script/list_compiler_output.txt
2082go120/src/cmd/go/testdata/script/list_constraints.txt 2082go120/src/cmd/go/testdata/script/list_constraints.txt
2083go120/src/cmd/go/testdata/script/list_dedup_packages.txt 2083go120/src/cmd/go/testdata/script/list_dedup_packages.txt
 2084go120/src/cmd/go/testdata/script/list_empty_import.txt
2084go120/src/cmd/go/testdata/script/list_err_cycle.txt 2085go120/src/cmd/go/testdata/script/list_err_cycle.txt
2085go120/src/cmd/go/testdata/script/list_err_stack.txt 2086go120/src/cmd/go/testdata/script/list_err_stack.txt
2086go120/src/cmd/go/testdata/script/list_export_e.txt 2087go120/src/cmd/go/testdata/script/list_export_e.txt
2087go120/src/cmd/go/testdata/script/list_find.txt 2088go120/src/cmd/go/testdata/script/list_find.txt
2088go120/src/cmd/go/testdata/script/list_find_nodeps.txt 2089go120/src/cmd/go/testdata/script/list_find_nodeps.txt
2089go120/src/cmd/go/testdata/script/list_gofile_in_goroot.txt 2090go120/src/cmd/go/testdata/script/list_gofile_in_goroot.txt
2090go120/src/cmd/go/testdata/script/list_gomod_in_gopath.txt 2091go120/src/cmd/go/testdata/script/list_gomod_in_gopath.txt
2091go120/src/cmd/go/testdata/script/list_goroot_symlink.txt 2092go120/src/cmd/go/testdata/script/list_goroot_symlink.txt
2092go120/src/cmd/go/testdata/script/list_importmap.txt 2093go120/src/cmd/go/testdata/script/list_importmap.txt
2093go120/src/cmd/go/testdata/script/list_issue_56509.txt 2094go120/src/cmd/go/testdata/script/list_issue_56509.txt
2094go120/src/cmd/go/testdata/script/list_json_fields.txt 2095go120/src/cmd/go/testdata/script/list_json_fields.txt
2095go120/src/cmd/go/testdata/script/list_json_with_f.txt 2096go120/src/cmd/go/testdata/script/list_json_with_f.txt
2096go120/src/cmd/go/testdata/script/list_legacy_mod.txt 2097go120/src/cmd/go/testdata/script/list_legacy_mod.txt
@@ -2381,26 +2382,27 @@ go120/src/cmd/go/testdata/script/mod_tid @@ -2381,26 +2382,27 @@ go120/src/cmd/go/testdata/script/mod_tid
2381go120/src/cmd/go/testdata/script/mod_tidy_compat_added.txt 2382go120/src/cmd/go/testdata/script/mod_tidy_compat_added.txt
2382go120/src/cmd/go/testdata/script/mod_tidy_compat_ambiguous.txt 2383go120/src/cmd/go/testdata/script/mod_tidy_compat_ambiguous.txt
2383go120/src/cmd/go/testdata/script/mod_tidy_compat_deleted.txt 2384go120/src/cmd/go/testdata/script/mod_tidy_compat_deleted.txt
2384go120/src/cmd/go/testdata/script/mod_tidy_compat_implicit.txt 2385go120/src/cmd/go/testdata/script/mod_tidy_compat_implicit.txt
2385go120/src/cmd/go/testdata/script/mod_tidy_compat_incompatible.txt 2386go120/src/cmd/go/testdata/script/mod_tidy_compat_incompatible.txt
2386go120/src/cmd/go/testdata/script/mod_tidy_compat_irrelevant.txt 2387go120/src/cmd/go/testdata/script/mod_tidy_compat_irrelevant.txt
2387go120/src/cmd/go/testdata/script/mod_tidy_convergence.txt 2388go120/src/cmd/go/testdata/script/mod_tidy_convergence.txt
2388go120/src/cmd/go/testdata/script/mod_tidy_convergence_loop.txt 2389go120/src/cmd/go/testdata/script/mod_tidy_convergence_loop.txt
2389go120/src/cmd/go/testdata/script/mod_tidy_cycle.txt 2390go120/src/cmd/go/testdata/script/mod_tidy_cycle.txt
2390go120/src/cmd/go/testdata/script/mod_tidy_downgrade_ambiguous.txt 2391go120/src/cmd/go/testdata/script/mod_tidy_downgrade_ambiguous.txt
2391go120/src/cmd/go/testdata/script/mod_tidy_duplicates.txt 2392go120/src/cmd/go/testdata/script/mod_tidy_duplicates.txt
2392go120/src/cmd/go/testdata/script/mod_tidy_error.txt 2393go120/src/cmd/go/testdata/script/mod_tidy_error.txt
2393go120/src/cmd/go/testdata/script/mod_tidy_indirect.txt 2394go120/src/cmd/go/testdata/script/mod_tidy_indirect.txt
 2395go120/src/cmd/go/testdata/script/mod_tidy_issue60313.txt
2394go120/src/cmd/go/testdata/script/mod_tidy_lazy_self.txt 2396go120/src/cmd/go/testdata/script/mod_tidy_lazy_self.txt
2395go120/src/cmd/go/testdata/script/mod_tidy_newroot.txt 2397go120/src/cmd/go/testdata/script/mod_tidy_newroot.txt
2396go120/src/cmd/go/testdata/script/mod_tidy_old.txt 2398go120/src/cmd/go/testdata/script/mod_tidy_old.txt
2397go120/src/cmd/go/testdata/script/mod_tidy_oldgo.txt 2399go120/src/cmd/go/testdata/script/mod_tidy_oldgo.txt
2398go120/src/cmd/go/testdata/script/mod_tidy_quote.txt 2400go120/src/cmd/go/testdata/script/mod_tidy_quote.txt
2399go120/src/cmd/go/testdata/script/mod_tidy_replace.txt 2401go120/src/cmd/go/testdata/script/mod_tidy_replace.txt
2400go120/src/cmd/go/testdata/script/mod_tidy_replace_old.txt 2402go120/src/cmd/go/testdata/script/mod_tidy_replace_old.txt
2401go120/src/cmd/go/testdata/script/mod_tidy_sum.txt 2403go120/src/cmd/go/testdata/script/mod_tidy_sum.txt
2402go120/src/cmd/go/testdata/script/mod_tidy_support_buildx.txt 2404go120/src/cmd/go/testdata/script/mod_tidy_support_buildx.txt
2403go120/src/cmd/go/testdata/script/mod_tidy_symlink_issue35941.txt 2405go120/src/cmd/go/testdata/script/mod_tidy_symlink_issue35941.txt
2404go120/src/cmd/go/testdata/script/mod_tidy_temp.txt 2406go120/src/cmd/go/testdata/script/mod_tidy_temp.txt
2405go120/src/cmd/go/testdata/script/mod_tidy_too_new.txt 2407go120/src/cmd/go/testdata/script/mod_tidy_too_new.txt
2406go120/src/cmd/go/testdata/script/mod_tidy_version.txt 2408go120/src/cmd/go/testdata/script/mod_tidy_version.txt
@@ -8005,26 +8007,28 @@ go120/src/runtime/testdata/testprogcgo/t @@ -8005,26 +8007,28 @@ go120/src/runtime/testdata/testprogcgo/t
8005go120/src/runtime/testdata/testprogcgo/windows/win.go 8007go120/src/runtime/testdata/testprogcgo/windows/win.go
8006go120/src/runtime/testdata/testprognet/main.go 8008go120/src/runtime/testdata/testprognet/main.go
8007go120/src/runtime/testdata/testprognet/net.go 8009go120/src/runtime/testdata/testprognet/net.go
8008go120/src/runtime/testdata/testprognet/signal.go 8010go120/src/runtime/testdata/testprognet/signal.go
8009go120/src/runtime/testdata/testprognet/signalexec.go 8011go120/src/runtime/testdata/testprognet/signalexec.go
8010go120/src/runtime/testdata/testsuid/main.go 8012go120/src/runtime/testdata/testsuid/main.go
8011go120/src/runtime/testdata/testwinlib/main.c 8013go120/src/runtime/testdata/testwinlib/main.c
8012go120/src/runtime/testdata/testwinlib/main.go 8014go120/src/runtime/testdata/testwinlib/main.go
8013go120/src/runtime/testdata/testwinlibsignal/dummy.go 8015go120/src/runtime/testdata/testwinlibsignal/dummy.go
8014go120/src/runtime/testdata/testwinlibsignal/main.c 8016go120/src/runtime/testdata/testwinlibsignal/main.c
8015go120/src/runtime/testdata/testwinlibthrow/main.go 8017go120/src/runtime/testdata/testwinlibthrow/main.go
8016go120/src/runtime/testdata/testwinlibthrow/veh.c 8018go120/src/runtime/testdata/testwinlibthrow/veh.c
8017go120/src/runtime/testdata/testwinsignal/main.go 8019go120/src/runtime/testdata/testwinsignal/main.go
 8020go120/src/runtime/testdata/testwintls/main.c
 8021go120/src/runtime/testdata/testwintls/main.go
8018go120/src/runtime/textflag.h 8022go120/src/runtime/textflag.h
8019go120/src/runtime/time.go 8023go120/src/runtime/time.go
8020go120/src/runtime/time_fake.go 8024go120/src/runtime/time_fake.go
8021go120/src/runtime/time_linux_amd64.s 8025go120/src/runtime/time_linux_amd64.s
8022go120/src/runtime/time_nofake.go 8026go120/src/runtime/time_nofake.go
8023go120/src/runtime/time_test.go 8027go120/src/runtime/time_test.go
8024go120/src/runtime/time_windows.h 8028go120/src/runtime/time_windows.h
8025go120/src/runtime/time_windows_386.s 8029go120/src/runtime/time_windows_386.s
8026go120/src/runtime/time_windows_amd64.s 8030go120/src/runtime/time_windows_amd64.s
8027go120/src/runtime/time_windows_arm.s 8031go120/src/runtime/time_windows_arm.s
8028go120/src/runtime/time_windows_arm64.s 8032go120/src/runtime/time_windows_arm64.s
8029go120/src/runtime/timeasm.go 8033go120/src/runtime/timeasm.go
8030go120/src/runtime/timestub.go 8034go120/src/runtime/timestub.go
@@ -11025,26 +11029,27 @@ go120/test/fixedbugs/issue59293.go @@ -11025,26 +11029,27 @@ go120/test/fixedbugs/issue59293.go
11025go120/test/fixedbugs/issue59334.go 11029go120/test/fixedbugs/issue59334.go
11026go120/test/fixedbugs/issue59367.go 11030go120/test/fixedbugs/issue59367.go
11027go120/test/fixedbugs/issue59378.go 11031go120/test/fixedbugs/issue59378.go
11028go120/test/fixedbugs/issue5957.dir/a.go 11032go120/test/fixedbugs/issue5957.dir/a.go
11029go120/test/fixedbugs/issue5957.dir/b.go 11033go120/test/fixedbugs/issue5957.dir/b.go
11030go120/test/fixedbugs/issue5957.dir/c.go 11034go120/test/fixedbugs/issue5957.dir/c.go
11031go120/test/fixedbugs/issue5957.go 11035go120/test/fixedbugs/issue5957.go
11032go120/test/fixedbugs/issue59572.go 11036go120/test/fixedbugs/issue59572.go
11033go120/test/fixedbugs/issue59572.out 11037go120/test/fixedbugs/issue59572.out
11034go120/test/fixedbugs/issue5963.go 11038go120/test/fixedbugs/issue5963.go
11035go120/test/fixedbugs/issue6004.go 11039go120/test/fixedbugs/issue6004.go
11036go120/test/fixedbugs/issue6036.go 11040go120/test/fixedbugs/issue6036.go
11037go120/test/fixedbugs/issue6055.go 11041go120/test/fixedbugs/issue6055.go
 11042go120/test/fixedbugs/issue60601.go
11038go120/test/fixedbugs/issue6131.go 11043go120/test/fixedbugs/issue6131.go
11039go120/test/fixedbugs/issue6140.go 11044go120/test/fixedbugs/issue6140.go
11040go120/test/fixedbugs/issue6247.go 11045go120/test/fixedbugs/issue6247.go
11041go120/test/fixedbugs/issue6269.go 11046go120/test/fixedbugs/issue6269.go
11042go120/test/fixedbugs/issue6295.dir/p0.go 11047go120/test/fixedbugs/issue6295.dir/p0.go
11043go120/test/fixedbugs/issue6295.dir/p1.go 11048go120/test/fixedbugs/issue6295.dir/p1.go
11044go120/test/fixedbugs/issue6295.dir/p2.go 11049go120/test/fixedbugs/issue6295.dir/p2.go
11045go120/test/fixedbugs/issue6295.go 11050go120/test/fixedbugs/issue6295.go
11046go120/test/fixedbugs/issue6298.go 11051go120/test/fixedbugs/issue6298.go
11047go120/test/fixedbugs/issue6399.go 11052go120/test/fixedbugs/issue6399.go
11048go120/test/fixedbugs/issue6402.go 11053go120/test/fixedbugs/issue6402.go
11049go120/test/fixedbugs/issue6403.go 11054go120/test/fixedbugs/issue6403.go
11050go120/test/fixedbugs/issue6405.go 11055go120/test/fixedbugs/issue6405.go
cvs diff -r1.6 -r1.7 pkgsrc/lang/go120/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/go120/distinfo 2023/06/10 11:41:31 1.6
+++ pkgsrc/lang/go120/distinfo 2023/07/15 10:40:37 1.7
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
1$NetBSD: distinfo,v 1.6 2023/06/10 11:41:31 bsiegert Exp $ 1$NetBSD: distinfo,v 1.7 2023/07/15 10:40:37 bsiegert Exp $
2 2
3BLAKE2s (go1.20.5.src.tar.gz) = a739ed4608461945d17e7198d148bfb9ebee68c72debb61fda6059b5d45e3a46 3BLAKE2s (go1.20.6.src.tar.gz) = ec2db20ad86617288f47694668a7ccd79e07acabf0f8a1c35f57b1b9d1580fb5
4SHA512 (go1.20.5.src.tar.gz) = 94cecb366cd9d9722b53e52ea3b0a5715a9e9dc21da0273dd3db9354557f71b9501b018125ef073dacc2e59125335f436cea1151cd8df0d60e2ad513f841905c 4SHA512 (go1.20.6.src.tar.gz) = 509ade7c2a76bd46b26dda4522692ceef5023aae21461b866006341f98544e7ea755aee230a9fea789ed7afb1c49a693c34c8337892e308dfb051aef2b08c975
5Size (go1.20.5.src.tar.gz) = 26192951 bytes 5Size (go1.20.6.src.tar.gz) = 26194491 bytes
6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe 6SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
7SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 7SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7
8SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35 8SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35
9SHA1 (patch-src_crypto_x509_root__solaris.go) = d636a1599ede225ac339388fba2b6e253112d461 9SHA1 (patch-src_crypto_x509_root__solaris.go) = d636a1599ede225ac339388fba2b6e253112d461
10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b 10SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b