Navigation:
Browse pkgsrc
(this page)
lang go122
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2024-12-04 19:51:39 by Benny Siegert | Files touched by this commit (4) |
Log message: Update Go to 1.22.10, 1.23.4 go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. See the Go 1.23.4 milestone on our issue tracker for details. go1.22.10 (released 2024-12-03) includes fixes to the runtime and the syscall package. See the Go 1.22.10 milestone on our issue tracker for details. |
2024-11-08 20:46:59 by Benny Siegert | Files touched by this commit (5) |  |
Log message: go: update to 1.22.9 and 1.23.2. go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and the net/http, os, and syscall packages. See the Go 1.23.3 milestone on our issue tracker for details. go1.22.9 (released 2024-11-06) includes fixes to the linker. See the Go 1.22.9 milestone on our issue tracker for details. |
| 2024-10-03 17:41:01 by Benny Siegert | Files touched by this commit (6) | |
Log message: go: update go123 to 1.23.2 and go122 to 1.22.8. go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. See the Go 1.23.2 milestone on our issue tracker for details. go1.22.8 (released 2024-10-01) includes fixes to cgo, and the maps and syscall packages. See the Go 1.22.8 milestone on our issue tracker for details. |
| 2024-09-06 20:42:18 by Benny Siegert | Files touched by this commit (2) | |
Log message: go122: update to 1.22.7 This minor release includes 3 security fixes following the security policy: go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply \ nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can \ cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu) for \ reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested \ expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. |
| 2024-08-11 17:44:26 by Benny Siegert | Files touched by this commit (5) | |
Log message: go: update to 1.21.13 and 1.22.6 go1.21.13 (released 2024-08-06) includes fixes to the go command, the covdata command, and the bytes package. go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages. |
| 2024-07-03 08:49:54 by Benny Siegert | Files touched by this commit (5) | |
Log message: go: update to 1.22.5 and 1.21.12 (security) These minor releases include 1 security fix following the security policy: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational \ (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Thanks to Geoff Franks for reporting this issue. This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.5 |
| 2024-06-13 14:55:15 by Benny Siegert | Files touched by this commit (4) | |
Log message: go122: update to 1.22.4 (security) This minor release includes 2 security fixes following the security policy: - archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Thanks to Yufan You (@ouuan) for reporting this issue. This is CVE-2024-24789 and Go issue https://go.dev/issue/66869. - net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Thanks to Enze Wang of Alioth (@zer0yu) and Jianjun Chen of Zhongguancun Lab (@chenjj) for reporting this issue. This is CVE-2024-24790 and Go issue https://go.dev/issue/67680. |
| 2024-04-09 18:57:46 by Jonathan Perkin | Files touched by this commit (2) |
Log message: go122: Support O_DIRECT on illumos. |
New packages: