Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2015-10-06 18:37:05 by S.P.Zeidler | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #4819 - requested by bsiegert
lang/go14: security update

Revisions pulled up:
- lang/go/version.mk                                            1.9
- lang/go14/Makefile                                            1.5
- lang/go14/PLIST                                               1.2
- lang/go14/distinfo                                            1.3

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tnn
   Date:           Sun Sep 27 00:36:02 UTC 2015

   Modified Files:
           pkgsrc/lang/go14: Makefile

   Log message:
   more REPLACE_BASH

   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go14/Makefile

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Sat Sep 26 17:37:01 UTC 2015

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go14: Makefile PLIST distinfo

   Log message:
   Update go14 to 1.4.3. It fixes four security-related issues.

   The issues were reported in Go's net/http package. They affect programs usi=
   ng
   that package to proxy HTTP requests. We recommend that all users upgrade to=
    Go
   1.5, which fixes these issues. For users unable to upgrade to Go 1.5, we ha=
   ve
   released version 1.4.3, which is based on Go 1.4.2 plus fixes for these iss=
   ues.
   Affected Go programs=E2=80=94those that use the net/http package as a proxy=
    server=E2=80=94must
   be recompiled with Go 1.5 or Go 1.4.3 to receive the fixes.

   The CVE issue descriptions and fixes are linked below.

   CVE-2015-5739
   "Content Length" treated as valid header:
   https://go-review.googlesource.com/#/c/11772/

   CVE-2015-5740
   Double content-length headers does not return 400 error:
   https://go-review.googlesource.com/#/c/11810/

   CVE-2015-5741
   Additional hardening, not sending Content-Length w/Transfer-Encoding,
   Closing connections:
   https://go-review.googlesource.com/#/c/11810/
   https://go-review.googlesource.com/#/c/12865/
   https://go-review.googlesource.com/#/c/13148/

   The Go team would like to thank Jed Denlea and R=C3=A9gis Leroy for their
   contributions to this release. They have been awarded 1337 USD under the Go=
   ogle
   Security Bounty program.

   To generate a diff of this commit:
   cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/go14/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/go14/PLIST
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/go14/distinfo

Next | Query returned 1 messages, browsing 1 to 10 | previous