Path to this page:
./
lang/go,
The Go programming language
Branch: pkgsrc-2016Q2,
Version: 1.6.3,
Package name: go-1.6.3,
Maintainer: bsiegertThe Go programming language is an open source project to make
programmers more productive.
Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.
Required to run:[
lang/perl5] [
shells/bash]
Required to build:[
lang/go14]
Master sites:
SHA1: b487b9127afba37e6c62305165bf840758d6adaf
RMD160: 215142f0c2f67a49fec97056974113caca95672b
Filesize: 12321.705 KB
Version history: (Expand)
- (2016-07-20) Updated to version: go-1.6.3
- (2016-07-07) Package has been reborn
- (2016-07-06) Package added to pkgsrc.se, version go-1.6.2 (created)
CVS history: (Expand)
2016-07-20 05:02:31 by S.P.Zeidler | Files touched by this commit (2) | |
Log message:
Pullup ticket #5064 - requested by bsiegert
lang/go: security update
Revisions pulled up:
- lang/go/Makefile 1.43
- lang/go/distinfo 1.37
- lang/go/version.mk 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: bsiegert
Date: Mon Jul 18 20:37:40 UTC 2016
Modified Files:
pkgsrc/lang/go: Makefile distinfo version.mk
Log message:
Update Go to 1.6.3.
A security-related issue was recently reported in Go's net/http/cgi =
package and
net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 =
contain
a fix for this issue.
Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation =
flaw in
the CGI components resulting in the HTTP_PROXY environment variable =
being set
by the incoming Proxy header. This environment variable was also used to =
set
the outgoing proxy, enabling an attacker to insert a proxy into outgoing
requests of a CGI program.
This is CVE-2016-5386 and was addressed by this change:
https://golang.org/cl/25010, tracked in this issue:
https://golang.org/issue/16405
The Go team would like to thank Dominic Scheirlinck for coordinating =
disclosure
of this issue across multiple languages and CGI environments. Read more =
about
"httpoxy" here: https://httpoxy.org/
Go 1.6.3 also adds support for macOS Sierra. See =
https://golang.org/issue/16354
for details.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/go/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/go/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/go/version.mk
|