2021-03-21 23:26:32 by Leonardo Taccari | Files touched by this commit (1) |
Log message:
go116: Remove outdated note/warning
(Go 1.16.2 is no longer a beta release only for Darwin/aarch64.)
|
2021-03-14 19:15:16 by Benny Siegert | Files touched by this commit (3) |
Log message:
Update go116 to 1.16.2.
go1.16.2 (released 2021/03/11) includes fixes to cgo, the compiler, linker,
the go command, and the syscall and time packages. See the Go 1.16.2 milestone
on our issue tracker for details.
|
2021-03-10 20:55:17 by Benny Siegert | Files touched by this commit (2) |
Log message:
Update go116 to 1.16.1, fixing two security issues:
- encoding/xml: infinite loop when using xml.NewTokenDecoder with a
custom TokenReader
The Decode, DecodeElement, and Skip methods of an xml.Decoder provided by
xml.NewTokenDecoder may enter an infinite loop when operating on a custom
xml.TokenReader which returns an EOF in the middle of an open XML element.
Thanks to Sam Whited for reporting this issue.
This issue is CVE-2021-27918 and Go issue golang.org/issue/44913.
- archive/zip: panic when calling Reader.Open
The Reader.Open API, new in Go 1.16, will panic when used on a ZIP archive
containing files that start with "../".
This issue is CVE-2021-27919 and Go issue golang.org/issue/44916.
|
2021-02-18 12:05:42 by Thomas Klausner | Files touched by this commit (3) |
Log message:
go11*: switch from gtar to using bsdtar
Tested on NetBSD current.
Ok bsiegert
|
2021-02-17 09:07:03 by Benny Siegert | Files touched by this commit (3) | |
Log message:
go116: update to the final 1.16 release
I did not find a detailed changelog from rc1.
|
2021-01-29 18:22:30 by Benny Siegert | Files touched by this commit (3) | |
Log message:
Update go116 to 1.16 RC1.
This RC contains the recent security updates for Go and fixes a number
of bugs.
|