pkgsrc.se | The NetBSD package collection

./lang/go, The Go programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2016Q3, Version: 1.7.4, Package name: go-1.7.4, Maintainer: bsiegert

The Go programming language is an open source project to make
programmers more productive.

Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.

Required to run:
[shells/bash] [lang/perl5]

Required to build:
[lang/go14]

Master sites:

https://storage.googleapis.com/golang/ (Download)

SHA1: 0fb305c827c8794cfda7e437befa6101a2d06b2e
RMD160: 8de5ff1fd50a6f0b6bc16e0de0f1e13185f291f0
Filesize: 13866.032 KB

Version history: (Expand)

(2016-12-12) Updated to version: go-1.7.4
(2016-10-03) Package added to pkgsrc.se, version go-1.7.1nb1 (created)

CVS history: (Expand)

2016-12-12 07:50:03 by S.P.Zeidler | Files touched by this commit (5) | Package updated

Log message:
Pullup ticket #5170 - requested by bsiegert
lang/go: security update

Revisions pulled up:
- lang/go/Makefile                                              1.48
- lang/go/PLIST                                                 1.28
- lang/go/distinfo                                              1.42,1.41
- lang/go/patches/patch-src_net_http_h2__bundle.go              deleted
- lang/go/version.mk                                            1.21,1.18

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sun Dec  4 16:08:55 UTC 2016

   Modified Files:
           pkgsrc/lang/go: distinfo version.mk

   Log message:
   Update Go to 1.7.4.

   Two security-related issues were recently reported, and to address these issues
   we have just released Go 1.6.4 and Go 1.7.4.

   We recommend that all users update to one of these releases (if you're not sure
   which, choose Go 1.7.4).

   The issues addressed by these releases are:

   On Darwin, user's trust preferences for root certificates were not honored. If
   the user had a root certificate loaded in their Keychain that was explicitly
   not trusted, a Go program would still verify a connection using that root
   certificate.  This is addressed by https://golang.org/cl/33721, tracked in
   https://golang.org/issue/18141.
   Thanks to Xy Ziemba for identifying and reporting this issue.

   The net/http package's Request.ParseMultipartForm method starts writing to
   temporary files once the request body size surpasses the given \ 
"maxMemory"
   limit. It was possible for an attacker to generate a multipart request crafted
   such that the server ran out of file descriptors.  This is addressed by
   https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
   Thanks to Simon Rawet for the report.

   To generate a diff of this commit:
   cvs rdiff -u -r1.41 -r1.42 pkgsrc/lang/go/distinfo
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/go/version.mk

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Thu Oct 27 18:58:00 UTC 2016

   Modified Files:
           pkgsrc/lang/go: Makefile PLIST distinfo version.mk
   Removed Files:
           pkgsrc/lang/go/patches: patch-src_net_http_h2__bundle.go

   Log message:
   Update Go to 1.7.3.

   go1.7.2 should not be used. It was tagged but not fully released. The release
   was deferred due to a last minute bug report. Use go1.7.3 instead, and refer to
   the summary of changes below.

   go1.7.3 (released 2016/10/19) includes fixes to the compiler, runtime, and the
   crypto/cipher, crypto/tls, net/http, and strings packages. See the Go 1.7.3
   milestone on our issue tracker for details.

   To generate a diff of this commit:
   cvs rdiff -u -r1.47 -r1.48 pkgsrc/lang/go/Makefile
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/lang/go/PLIST
   cvs rdiff -u -r1.40 -r1.41 pkgsrc/lang/go/distinfo
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.1 -r0 \
       pkgsrc/lang/go/patches/patch-src_net_http_h2__bundle.go