go120: update to 1.20.9 (security). cmd/go: line directives allows arbitrary execution during build "//line" directives can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compliation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploting this issue significantly more complex. This is CVE-2023-39323 and Go issue https://go.dev/issue/63211. View the release notes for more information: https://go.dev/doc/devel/release#go1.20.9diff -r1.189 -r1.190 pkgsrc/lang/go/version.mk
(bsiegert)
| @@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
| 1 | # $NetBSD: version.mk,v 1.189 2023/09/08 19:02:04 bsiegert Exp $ | 1 | # $NetBSD: version.mk,v 1.190 2023/10/07 18:09:35 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | # | 3 | # | |
| 4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | 4 | # If bsd.prefs.mk is included before go-package.mk in a package, then this | |
| 5 | # file must be included directly in the package prior to bsd.prefs.mk. | 5 | # file must be included directly in the package prior to bsd.prefs.mk. | |
| 6 | # | 6 | # | |
| 7 | .include "go-vars.mk" | 7 | .include "go-vars.mk" | |
| 8 | 8 | |||
| 9 | GO121_VERSION= 1.21.1 | 9 | GO121_VERSION= 1.21.1 | |
| 10 | GO120_VERSION= 1.20.8 | 10 | GO120_VERSION= 1.20.9 | |
| 11 | GO119_VERSION= 1.19.13 | 11 | GO119_VERSION= 1.19.13 | |
| 12 | GO118_VERSION= 1.18.10 | 12 | GO118_VERSION= 1.18.10 | |
| 13 | GO14_VERSION= 1.4.3 | 13 | GO14_VERSION= 1.4.3 | |
| 14 | 14 | |||
| 15 | .include "../../mk/bsd.prefs.mk" | 15 | .include "../../mk/bsd.prefs.mk" | |
| 16 | 16 | |||
| 17 | GO_VERSION_DEFAULT?= 120 | 17 | GO_VERSION_DEFAULT?= 120 | |
| 18 | 18 | |||
| 19 | .if !empty(GO_VERSION_DEFAULT) | 19 | .if !empty(GO_VERSION_DEFAULT) | |
| 20 | GOVERSSUFFIX= ${GO_VERSION_DEFAULT} | 20 | GOVERSSUFFIX= ${GO_VERSION_DEFAULT} | |
| 21 | .endif | 21 | .endif | |
| 22 | 22 | |||
| 23 | # How to find the Go tool | 23 | # How to find the Go tool |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.8 2023/09/08 18:49:45 bsiegert Exp $ | 1 | @comment $NetBSD: PLIST,v 1.9 2023/10/07 18:09:35 bsiegert Exp $ | |
| 2 | bin/go${GOVERSSUFFIX} | 2 | bin/go${GOVERSSUFFIX} | |
| 3 | bin/gofmt${GOVERSSUFFIX} | 3 | bin/gofmt${GOVERSSUFFIX} | |
| 4 | go120/CONTRIBUTING.md | 4 | go120/CONTRIBUTING.md | |
| 5 | go120/LICENSE | 5 | go120/LICENSE | |
| 6 | go120/PATENTS | 6 | go120/PATENTS | |
| 7 | go120/README.md | 7 | go120/README.md | |
| 8 | go120/SECURITY.md | 8 | go120/SECURITY.md | |
| 9 | go120/VERSION | 9 | go120/VERSION | |
| 10 | go120/api/README | 10 | go120/api/README | |
| 11 | go120/api/except.txt | 11 | go120/api/except.txt | |
| 12 | go120/api/go1.1.txt | 12 | go120/api/go1.1.txt | |
| 13 | go120/api/go1.10.txt | 13 | go120/api/go1.10.txt | |
| 14 | go120/api/go1.11.txt | 14 | go120/api/go1.11.txt | |
| @@ -42,26 +42,27 @@ go120/lib/time/README | @@ -42,26 +42,27 @@ go120/lib/time/README | |||
| 42 | go120/lib/time/mkzip.go | 42 | go120/lib/time/mkzip.go | |
| 43 | go120/lib/time/update.bash | 43 | go120/lib/time/update.bash | |
| 44 | go120/lib/time/zoneinfo.zip | 44 | go120/lib/time/zoneinfo.zip | |
| 45 | go120/misc/android/README | 45 | go120/misc/android/README | |
| 46 | go120/misc/android/go_android_exec.go | 46 | go120/misc/android/go_android_exec.go | |
| 47 | go120/misc/arm/a | 47 | go120/misc/arm/a | |
| 48 | go120/misc/cgo/errors/argposition_test.go | 48 | go120/misc/cgo/errors/argposition_test.go | |
| 49 | go120/misc/cgo/errors/badsym_test.go | 49 | go120/misc/cgo/errors/badsym_test.go | |
| 50 | go120/misc/cgo/errors/errors_test.go | 50 | go120/misc/cgo/errors/errors_test.go | |
| 51 | go120/misc/cgo/errors/ptr_test.go | 51 | go120/misc/cgo/errors/ptr_test.go | |
| 52 | go120/misc/cgo/errors/testdata/err1.go | 52 | go120/misc/cgo/errors/testdata/err1.go | |
| 53 | go120/misc/cgo/errors/testdata/err2.go | 53 | go120/misc/cgo/errors/testdata/err2.go | |
| 54 | go120/misc/cgo/errors/testdata/err4.go | 54 | go120/misc/cgo/errors/testdata/err4.go | |
| 55 | go120/misc/cgo/errors/testdata/err5.go | |||
| 55 | go120/misc/cgo/errors/testdata/issue11097a.go | 56 | go120/misc/cgo/errors/testdata/issue11097a.go | |
| 56 | go120/misc/cgo/errors/testdata/issue11097b.go | 57 | go120/misc/cgo/errors/testdata/issue11097b.go | |
| 57 | go120/misc/cgo/errors/testdata/issue14669.go | 58 | go120/misc/cgo/errors/testdata/issue14669.go | |
| 58 | go120/misc/cgo/errors/testdata/issue18452.go | 59 | go120/misc/cgo/errors/testdata/issue18452.go | |
| 59 | go120/misc/cgo/errors/testdata/issue18889.go | 60 | go120/misc/cgo/errors/testdata/issue18889.go | |
| 60 | go120/misc/cgo/errors/testdata/issue28069.go | 61 | go120/misc/cgo/errors/testdata/issue28069.go | |
| 61 | go120/misc/cgo/errors/testdata/issue28721.go | 62 | go120/misc/cgo/errors/testdata/issue28721.go | |
| 62 | go120/misc/cgo/errors/testdata/issue33061.go | 63 | go120/misc/cgo/errors/testdata/issue33061.go | |
| 63 | go120/misc/cgo/errors/testdata/issue42580.go | 64 | go120/misc/cgo/errors/testdata/issue42580.go | |
| 64 | go120/misc/cgo/errors/testdata/issue50710.go | 65 | go120/misc/cgo/errors/testdata/issue50710.go | |
| 65 | go120/misc/cgo/errors/testdata/long_double_size.go | 66 | go120/misc/cgo/errors/testdata/long_double_size.go | |
| 66 | go120/misc/cgo/errors/testdata/malloc.go | 67 | go120/misc/cgo/errors/testdata/malloc.go | |
| 67 | go120/misc/cgo/fortran/fortran_test.go | 68 | go120/misc/cgo/fortran/fortran_test.go |
| @@ -1,10 +1,10 @@ | @@ -1,10 +1,10 @@ | |||
| 1 | $NetBSD: distinfo,v 1.9 2023/09/08 18:49:45 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.10 2023/10/07 18:09:35 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (go1.20.8.src.tar.gz) = 1a6eac2f36972598741a5ca8b1758e1840beed5e17f5362d8ad687cef3bb0109 | 3 | BLAKE2s (go1.20.9.src.tar.gz) = 5336075b906fa3871f9cf0debda08a43ba9eb0f2ea4f4b3dca655d1b98f02e4d | |
| 4 | SHA512 (go1.20.8.src.tar.gz) = 858d0289b3cd709e71e14aed9a36fd3d462fb3aa72cc1108eef0c70ab583742ab2eff99a24f8bfd72d42d1cc741adc1d3619073fbed943f8aea20e453ed479d3 | 4 | SHA512 (go1.20.9.src.tar.gz) = 7234d187f8e0d2c6bcd3c4681b2a26509a65a3bd244bfdb1407b65ec87255744202ff992d6b20ec028904678a9ab8a4403b646343dfb000006daa8ce4e0644a2 | |
| 5 | Size (go1.20.8.src.tar.gz) = 26197375 bytes | 5 | Size (go1.20.9.src.tar.gz) = 26198118 bytes | |
| 6 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | 6 | SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe | |
| 7 | SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 | 7 | SHA1 (patch-src_cmd_dist_util.go) = 2d9c2f59e27672d56f5f1a0e3f9d5101a05546a7 | |
| 8 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35 | 8 | SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35 | |
| 9 | SHA1 (patch-src_crypto_x509_root__solaris.go) = d636a1599ede225ac339388fba2b6e253112d461 | 9 | SHA1 (patch-src_crypto_x509_root__solaris.go) = d636a1599ede225ac339388fba2b6e253112d461 | |
| 10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b | 10 | SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b |