Path to this page:
NOTICE: This package has been removed from pkgsrc./
lang/go119,
The Go programming language
Branch: CURRENT,
Version: 1.19.13,
Package name: go119-1.19.13,
Maintainer: bsiegertThe Go programming language is an open source project to make
programmers more productive.
Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.
Master sites:
Filesize: 25955.203 KB
Version history: (Expand)
- (2025-04-02) Package deleted from pkgsrc
- (2023-09-08) Updated to version: go119-1.19.13
- (2023-08-12) Updated to version: go119-1.19.12
- (2023-07-15) Updated to version: go119-1.19.11nb1
- (2023-06-06) Updated to version: go119-1.19.10
- (2023-05-03) Updated to version: go119-1.19.9
CVS history: (Expand)
2025-04-01 19:47:20 by Benny Siegert | Files touched by this commit (26) |  |
Log message:
go119, go121: remove
go124 is the current version. go123 is still supported.
To build go124 from source, the chain is
go14 - go118 - go120 - go122 - go124
Thus, nothing needs go119 and go121.
agreed by maya@ on tech-pkg
|
2023-09-25 01:45:39 by Thomas Klausner | Files touched by this commit (1) |
Log message:
go119: add missing file to PLIST
|
2023-09-08 21:02:04 by Benny Siegert | Files touched by this commit (2) |  |
Log message:
go119: update to 1.19.13
go1.19.13 (released 2023-09-06) includes fixes to the go command, and the
crypto/tls and net/http packages. See the Go 1.19.13 milestone on our issue
tracker for details.
|
2023-08-12 15:02:54 by Benny Siegert | Files touched by this commit (3) |
Log message:
Update go119 to 1.19.12 (security).
crypto/tls: restrict RSA keys in certificates to <= 8192 bits
Extremely large RSA keys in certificate chains can cause a client/server
to expend significant CPU time verifying signatures. Limit this by
restricting the size of RSA keys transmitted during handshakes to <=
8192 bits.
Based on a survey of publicly trusted RSA keys, there are currently only
three certificates in circulation with keys larger than this, and all
three appear to be test certificates that are not actively deployed. It
is possible there are larger keys in use in private PKIs, but we target
the web PKI, so causing breakage here in the interests of increasing the
default safety of users of crypto/tls seems reasonable.
Thanks to Mateusz Poliwczak for reporting this issue.
|
2023-07-15 12:53:10 by Benny Siegert | Files touched by this commit (151) |  |
Log message:
Revbump all Go packages after go120 update
|
2023-07-15 12:35:14 by Benny Siegert | Files touched by this commit (3) |  |
Log message:
go119: update to 1.19.11 (security)
This minor release includes 1 security fix following the security policy:
net/http: insufficient sanitization of Host header
The HTTP/1 client did not fully validate the contents of the Host header. A
maliciously crafted Host header could inject additional headers or entire
requests. The HTTP/1 client now refuses to send requests containing an invalid
Request.Host or Request.URL.Host value.
Thanks to Bartek Nowotarski for reporting this issue.
Includes security fixes for CVE-2023-29406 and Go issue
https://go.dev/issue/60374
|
2023-06-06 20:49:04 by Benny Siegert | Files touched by this commit (3) |  |
Log message:
go119: update to 1.19.10 (security)
This minor release includes 3 security fixes following the security policy:
- cmd/go: cgo code injection
The go command may generate unexpected code at build time when using cgo. This
may result in unexpected behavior when running a go program which uses cgo.
This may occur when running an untrusted module which contains directories
with newline characters in their names. Modules which are retrieved using the
go command, i.e. via "go get", are not affected (modules retrieved using
GOPATH-mode, i.e. GO111MODULE=off, may be affected).
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-29402 and Go issue https://go.dev/issue/60167.
- runtime: unexpected behavior of setuid/setgid binaries
The Go runtime didn't act any differently when a binary had the setuid/setgid
bit set. On Unix platforms, if a setuid/setgid binary was executed with
standard I/O file descriptors closed, opening any files could result in
unexpected content being read/written with elevated prilieges. Similarly if a
setuid/setgid program was terminated, either via panic or signal, it could
leak the contents of its registers.
Thanks to Vincent Dehors from Synacktiv for reporting this issue.
This is CVE-2023-29403 and Go issue https://go.dev/issue/60272.
- cmd/go: improper sanitization of LDFLAGS
The go command may execute arbitrary code at build time when using cgo. This
may occur when running "go get" on a malicious module, or when \
running any
other command which builds untrusted code. This is can by triggered by linker
flags, specified via a "#cgo LDFLAGS" directive.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-29404 and CVE-2023-29405 and Go issues
https://go.dev/issue/60305 and https://go.dev/issue/60306.
|
2023-05-03 21:24:54 by Benny Siegert | Files touched by this commit (3) |  |
Log message:
go119: update to 1.19.9 (security)
This minor release includes 3 security fixes following the security policy:
* html/template: improper sanitization of CSS values
Angle brackets (<>) were not considered dangerous characters when inserted
into CSS contexts. Templates containing multiple actions separated by a '/'
character could result in unexpectedly closing the CSS context and allowing
for injection of unexpected HMTL, if executed with untrusted input.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
* html/template: improper handling of JavaScript whitespace
Not all valid JavaScript whitespace characters were considered to be
whitespace. Templates containing whitespace characters outside of the
character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts \
that also
contain actions may not be properly sanitized during execution.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-24540 and Go issue https://go.dev/issue/59721.
* html/template: improper handling of empty HTML attributes
Templates containing actions in unquoted HTML attributes (e.g. \
"attr={{.}}")
executed with empty input could result in output that would have unexpected
results when parsed due to HTML normalization rules. This may allow injection
of arbitrary attributes into tags.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
This is CVE-2023-29400 and Go issue https://go.dev/issue/59722.
|