pkgsrc.se | The NetBSD package collection

./lang/go, The Go programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2016Q2, Version: 1.6.3, Package name: go-1.6.3, Maintainer: bsiegert

The Go programming language is an open source project to make
programmers more productive.

Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.

Required to run:
[lang/perl5] [shells/bash]

Required to build:
[lang/go14]

Master sites:

https://storage.googleapis.com/golang/ (Download)

SHA1: b487b9127afba37e6c62305165bf840758d6adaf
RMD160: 215142f0c2f67a49fec97056974113caca95672b
Filesize: 12321.705 KB

Version history: (Expand)

(2016-07-20) Updated to version: go-1.6.3
(2016-07-07) Package has been reborn
(2016-07-06) Package added to pkgsrc.se, version go-1.6.2 (created)

CVS history: (Expand)

2016-07-20 05:02:31 by S.P.Zeidler | Files touched by this commit (2) | Package updated

Log message:
Pullup ticket #5064 - requested by bsiegert
lang/go: security update

Revisions pulled up:
- lang/go/Makefile                                              1.43
- lang/go/distinfo                                              1.37
- lang/go/version.mk                                            1.15

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Mon Jul 18 20:37:40 UTC 2016

   Modified Files:
           pkgsrc/lang/go: Makefile distinfo version.mk

   Log message:
   Update Go to 1.6.3.

   A security-related issue was recently reported in Go's net/http/cgi =
   package and
   net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 =
   contain
   a fix for this issue.

   Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation =
   flaw in
   the CGI components resulting in the HTTP_PROXY environment variable =
   being set
   by the incoming Proxy header. This environment variable was also used to =
   set
   the outgoing proxy, enabling an attacker to insert a proxy into outgoing
   requests of a CGI program.

   This is CVE-2016-5386 and was addressed by this change:
   https://golang.org/cl/25010, tracked in this issue:
   https://golang.org/issue/16405

   The Go team would like to thank Dominic Scheirlinck for coordinating =
   disclosure
   of this issue across multiple languages and CGI environments. Read more =
   about
   "httpoxy" here: https://httpoxy.org/

   Go 1.6.3 also adds support for macOS Sierra. See =
   https://golang.org/issue/16354
   for details.

   To generate a diff of this commit:
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/go/Makefile
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/go/distinfo
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/go/version.mk