pkgsrc.se | The NetBSD package collection

./lang/go14, The Go programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2015Q3, Version: 1.4.3, Package name: go14-1.4.3, Maintainer: bsiegert

The Go programming language is an open source project to make
programmers more productive.

Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.

This package contains the (legacy) 1.4 release of Go.

Required to run:
[lang/perl5] [shells/bash]

Required to build:
[shells/bash]

Master sites:

https://storage.googleapis.com/golang/ (Download)

SHA1: 486db10dc571a55c8d795365070f66d343458c48
RMD160: b1fbb2805a777c8107e7c946f36a881303ac5e35
Filesize: 10620.283 KB

Version history: (Expand)

(2015-10-06) Updated to version: go14-1.4.3
(2015-09-30) Package added to pkgsrc.se, version go14-1.4.2nb2 (created)

CVS history: (Expand)

2015-10-06 18:37:05 by S.P.Zeidler | Files touched by this commit (4) | Package updated

Log message:
Pullup ticket #4819 - requested by bsiegert
lang/go14: security update

Revisions pulled up:
- lang/go/version.mk                                            1.9
- lang/go14/Makefile                                            1.5
- lang/go14/PLIST                                               1.2
- lang/go14/distinfo                                            1.3

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tnn
   Date:           Sun Sep 27 00:36:02 UTC 2015

   Modified Files:
           pkgsrc/lang/go14: Makefile

   Log message:
   more REPLACE_BASH

   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go14/Makefile

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sat Sep 26 17:37:01 UTC 2015

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go14: Makefile PLIST distinfo

   Log message:
   Update go14 to 1.4.3. It fixes four security-related issues.

   The issues were reported in Go's net/http package. They affect programs usi=
   ng
   that package to proxy HTTP requests. We recommend that all users upgrade to=
    Go
   1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we ha=
   ve
   released version 1.4.3, which is based on Go 1.4.2 plus fixes for these iss=
   ues.
   Affected Go programs=E2=80=94those that use the net/http package as a proxy=
    server=E2=80=94must
   be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.

   The CVE issue descriptions and fixes are linked below.

   CVE-2015-5739
   "Content Length" treated as valid header:
   https://go-review.googlesource.com/#/c/11772/

   CVE-2015-5740
   Double content-length headers does not return 400 error:
   https://go-review.googlesource.com/#/c/11810/

   CVE-2015-5741
   Additional hardening, not sending Content-Length w/Transfer-Encoding,
   Closing connections:
   https://go-review.googlesource.com/#/c/11810/
   https://go-review.googlesource.com/#/c/12865/
   https://go-review.googlesource.com/#/c/13148/

   The Go team would like to thank Jed Denlea and R=C3=A9gis Leroy for their
   contributions to this release. They have been awarded 1337 USD under the Go=
   ogle
   Security Bounty program.

   To generate a diff of this commit:
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go14/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go14/PLIST
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go14/distinfo