Navigation:
Browse pkgsrc
(this page)| 2018-02-08 20:32:17 by Benny Siegert | Files touched by this commit (3) |
Log message: Update Go to 1.9.4. By using the clang or gcc plugin mechanism, it was possible for an attacker to trick the “go get” command into executing arbitrary code. The go command now restricts the set of allowed host compiler and linker arguments in cgo source files to a list of allowed flags, in particular disallowing -fplugin= and -plugin=. The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go issue for details. Thanks to Christopher Brown of Mattermost for reporting this problem. |
| 2018-01-30 18:05:22 by Jonathan Perkin | Files touched by this commit (3) |
Log message: go*: Disable SSP support completely. It's not supported by the go linker, and can cause issues when building third-party modules if the SSP libraries are handled by pkgsrc. |
| 2018-01-28 12:31:03 by Benny Siegert | Files touched by this commit (4) |
Log message:
Update Go to 1.9.3.
This release includes fixes to the compiler, runtime, and the database/sql,
math/big, net/http, and net/url packages.
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.9.minor
|
| 2018-01-27 16:49:30 by Roland Illig | Files touched by this commit (1) |
Log message: lang/go: add examples to the go-package.mk documentation |
| 2018-01-21 02:28:39 by Ryo ONODERA | Files touched by this commit (1) |
Log message: Fix packaging |
| 2018-01-20 19:13:25 by Christos Zoulas | Files touched by this commit (2) |
Log message: fix the path |
| 2018-01-20 17:55:06 by Christos Zoulas | Files touched by this commit (8) |
Log message:
Add Yasushi Oshima patches for arm from:
https://github.com/oshimaya/pkgsrc/tree/master/lang/go
|
| 2017-11-14 10:53:53 by Thomas Klausner | Files touched by this commit (1) |
Log message: lang/go: remove references to non-existent files |
| 2017-10-28 20:20:14 by Benny Siegert | Files touched by this commit (3) |
Log message: Update Go to 1.9.2. This release includes fixes to the compiler, linker, runtime, documentation, go command, and the crypto/x509, database/sql, log, and net/smtp packages. It includes a fix to a bug introduced in Go 1.9.1 that broke "go get" of non-Git repositories under certain conditions. |
2017-10-06 20:38:25 by Benny Siegert | Files touched by this commit (2) |  |
Log message: Update Go to 1.9.1 (security fix). Two security-related issues were recently reported. To address this issue, we have just released Go 1.8.4 and Go 1.9.1. We recommend that all users update to one of these releases (if you're not sure which, choose Go 1.9.1). The issues addressed by these releases are: By nesting a git checkout inside another version control repository, it was possible for an attacker to trick the "go get" command into executing \ arbitrary code. The go command now refuses to use version control checkouts found inside other version control systems, with an exception for git submodules (git inside git). The issue is tracked as https://golang.org/issue/22125 (Go 1.8.4) and https://golang.org/issue/22131 (Go 1.9.1). Fixes are linked from the issues. Thanks to Simon Rawet for the report. In the smtp package, PlainAuth is documented as sending credentials only over authenticated, encrypted TLS connections, but it was changed in Go 1.1 to also send credentials on non-TLS connections when the remote server advertises that PLAIN authentication is supported. The change was meant to allow use of PLAIN authentication on localhost, but it has the effect of allowing a man-in-the-middle attacker to harvest credentials. PlainAuth now requires either TLS or a localhost connection before sending credentials, regardless of what the remote server claims. This issue is tracked as https://golang.org/issue/22134 (Go 1.8.4) and https://golang.org/issue/22133 (Go 1.9.1). Fixes are linked from the issues. Thanks to Stevie Johnstone for the report. |
New packages: