Navigation:
Browse pkgsrc
(this page)| 2016-10-27 20:58:00 by Benny Siegert | Files touched by this commit (5) |
Log message: Update Go to 1.7.3. go1.7.2 should not be used. It was tagged but not fully released. The release was deferred due to a last minute bug report. Use go1.7.3 instead, and refer to the summary of changes below. go1.7.3 (released 2016/10/19) includes fixes to the compiler, runtime, and the crypto/cipher, crypto/tls, net/http, and strings packages. See the Go 1.7.3 milestone on our issue tracker for details. |
| 2016-09-17 17:56:58 by Benny Siegert | Files touched by this commit (4) |
Log message: Patch a subtle data corruption issue where the HTTP/2 client sometimes swallows the first byte of the request body. This will also be in the next point release. |
| 2016-09-10 11:09:23 by Benny Siegert | Files touched by this commit (3) |
Log message: Update go to 1.7.1. go1.7.1 (released 2016/09/07) includes fixes to the compiler, runtime, documentation, and the compress/flate, hash/crc32, io, net, net/http, path/filepath, reflect, and syscall packages. See the Go 1.7.1 milestone on our issue tracker for details. |
| 2016-08-31 16:15:33 by Jonathan Perkin | Files touched by this commit (2) |
Log message: Fix install on Linux and SunOS. |
| 2016-08-20 08:22:38 by Thomas Klausner | Files touched by this commit (1) |
Log message: Update REPLACE_BASH patterns so this builds with PKG_DEVELOPER set on machines without /bin/bash. |
2016-08-19 11:38:06 by Benny Siegert | Files touched by this commit (5) |  |
Log message: Update Go to 1.7. The latest Go release, version 1.7, arrives six months after 1.6. Most of its changes are in the implementation of the toolchain, runtime, and libraries. There is one minor change to the language specification. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. There is one tiny language change in this release. The section on terminating statements clarifies that to determine whether a statement list ends in a terminating statement, the âfinal non-empty statementâ is considered \ the end, matching the existing behavior of the gc and gccgo compiler toolchains. In earlier releases the definition referred only to the âfinal \ statement,â leaving the effect of trailing empty statements at the least unclear. The go/types package has been updated to match the gc and gccgo compiler toolchains in this respect. This change has no effect on the correctness of existing programs. Go 1.7 adds support for macOS 10.12 Sierra. This support was backported to Go 1.6.3. Binaries built with versions of Go before 1.6.3 will not work correctly on Sierra. |
| 2016-07-18 22:37:40 by Benny Siegert | Files touched by this commit (3) |
Log message: Update Go to 1.6.3. A security-related issue was recently reported in Go's net/http/cgi package and net/http package when used in a CGI environment. Go 1.6.3 and Go 1.7rc2 contain a fix for this issue. Go versions 1.0-1.6.2 and 1.7rc1 are vulnerable to an input validation flaw in the CGI components resulting in the HTTP_PROXY environment variable being set by the incoming Proxy header. This environment variable was also used to set the outgoing proxy, enabling an attacker to insert a proxy into outgoing requests of a CGI program. This is CVE-2016-5386 and was addressed by this change: https://golang.org/cl/25010, tracked in this issue: https://golang.org/issue/16405 The Go team would like to thank Dominic Scheirlinck for coordinating disclosure of this issue across multiple languages and CGI environments. Read more about "httpoxy" here: https://httpoxy.org/ Go 1.6.3 also adds support for macOS Sierra. See https://golang.org/issue/16354 for details. |
| 2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message: Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. |
| 2016-04-30 13:22:28 by Benny Siegert | Files touched by this commit (3) |
Log message:
Update Go to 1.6.2.
This release includes fixes to the compiler, runtime, tools, documentation, and
the mime/multipart, net/http, and sort packages.
https://golang.org/doc/devel/release.html#go1.6.minor
|
| 2016-04-13 09:12:00 by Benny Siegert | Files touched by this commit (5) | |
Log message: Update Go to 1.6.1. Two security-related issues were recently reported, and to address these issues we have just released Go 1.6.1 and Go 1.5.4. We recommend that all users update to one of these releases (if you're not sure which, choose Go 1.6.1). The issues addressed by these releases are: On Windows, Go loads system DLLs by name with LoadLibrary, making it vulnerable to DLL preloading attacks. For instance, if a user runs a Go executable from a Downloads folder, malicious DLL files also downloaded to that folder could be loaded into that executable. This is CVE-2016-3958 and was addressed by this change: https://golang.org/cl/21428 Thanks to Taru Karttunen for identifying this issue. Go's crypto libraries passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go SSH server libraries are both exposed to this vulnerability. This is CVE-2016-3959 and was addressed by this change: https://golang.org/cl/21533 Thanks to David Wong for identifying this issue. |
New packages: