Subject: CVS commit: pkgsrc/lang
From: Benny Siegert
Date: 2022-03-06 10:53:43
Message id: 20220306095343.EF159FB24@cvs.NetBSD.org

Log Message:
Update go116 to 1.16.15.

This minor release includes a security fix following the security policy:

regexp: stack exhaustion compiling deeply nested expressions

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.

Thanks to Juho Nurminen of Mattermost for reporting this.

This is CVE-2022-24921 and https://go.dev/issue/51112.

Files:
RevisionActionfile
1.21modifypkgsrc/lang/go116/distinfo
1.13modifypkgsrc/lang/go116/PLIST
1.142modifypkgsrc/lang/go/version.mk