./lang/go, Meta package providing the current release of the Go language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.13.7, Package name: go-1.13.7, Maintainer: pkgsrc-users

This is a meta package providing the latest release of the Go
programming language that is available for the host system.

The actual Go programming language is provided by packages such as
lang/go111, lang/go110, etc. This package merely allows users to
install "go" instead of having to figure out the exact package name.

No package should depend on this package directly.


Required to run:
[lang/go113]

Required to build:
[pkgtools/cwrappers]

Master sites:


Version history: (Expand)


CVS history: (Expand)


   2020-02-18 19:02:58 by Maya Rashish | Files touched by this commit (1)
Log message:
Forcibly turn off Go module support.

We don't currently build any packages using modules, and the switch to
newer versions of Go has resulted in the default changing to modules
being sometimes enabled.
This now causes random packages to begin fetching from the Internet during
builds, which goes against pkgsrc policy.

Doesn't seem to harm the ability to build a random subset of the Go packages
in pkgsrc.
   2020-02-02 10:36:41 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Update go113 to 1.13.7 (security release).

Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.

The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.

Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue.

The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of
golang.org/x/crypto/cryptobyte.
   2020-02-02 10:26:39 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Update go112 to 1.12.16 (security release).

Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte

On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.

The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.

Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue.

The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

This is also fixed in version v0.0.0-20200124225646-8b5121be2f68 of
golang.org/x/crypto/cryptobyte.
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-10 13:56:35 by Benny Siegert | Files touched by this commit (1)
Log message:
go: use go113 as the default for building packages.

I did a preliminary bulk build to find build failures resulting from this
change and fixed the fallout in www/grafana. Everything else seemed to be
ok.
   2020-01-10 13:53:02 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Update go112 to 1.12.15.

These releases include fixes to the runtime and to the
net/http package.

The macOS releases enable the Hardened Runtime. See
https://golang.org/issue/34986 for details.

View the release notes for more information:
    https://golang.org/doc/devel/release.html#go1.13.minor
   2020-01-10 13:40:43 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Update go113 to 1.13.6.

These releases include fixes to the runtime and to the
net/http package.

The macOS releases enable the Hardened Runtime. See
https://golang.org/issue/34986 for details.

View the release notes for more information:
    https://golang.org/doc/devel/release.html#go1.13.minor
   2019-12-13 08:39:33 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
Update go112 to 1.12.14.

go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where
the non-notarized installer and binaries were being rejected by Gatekeeper.
Only macOS users who hit this issue need to update.

go1.12.14 (released 2019/12/04) includes a fix to the runtime. See the Go
1.12.14 milestone on our issue tracker for details.