Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] go: update to 1.14.5.
@ 2020-07-15  2:15 nilium
  2020-07-15  5:57 ` fosslinux
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: nilium @ 2020-07-15  2:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 395 bytes --]

There is a new pull request by nilium against master on the void-packages repository

https://github.com/nilium/ecks-bops-packages go
https://github.com/void-linux/void-packages/pull/23579

go: update to 1.14.5.
This is a security release for CVE-2020-15586 (and one other that applies to Windows only).

A patch file from https://github.com/void-linux/void-packages/pull/23579.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-go-23579.patch --]
[-- Type: text/x-diff, Size: 918 bytes --]

From 6d02e164d420cbad13cbc0d42725eafcc5fbd329 Mon Sep 17 00:00:00 2001
From: Noel Cower <ncower@nil.dev>
Date: Tue, 14 Jul 2020 19:07:23 -0700
Subject: [PATCH] go: update to 1.14.5.

---
 srcpkgs/go/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/go/template b/srcpkgs/go/template
index 66d872098cf..46400997725 100644
--- a/srcpkgs/go/template
+++ b/srcpkgs/go/template
@@ -1,6 +1,6 @@
 # Template file for 'go'
 pkgname=go
-version=1.14.4
+version=1.14.5
 revision=1
 create_wrksrc=yes
 build_wrksrc=go
@@ -10,7 +10,7 @@ maintainer="Michael Aldridge <maldridge@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://golang.org/"
 distfiles="https://golang.org/dl/go${version}.src.tar.gz"
-checksum=7011af3bbc2ac108d1b82ea8abb87b2e63f78844f0259be20cde4d42c5c40584
+checksum=ca4c080c90735e56152ac52cd77ae57fe573d1debb1a58e03da9cc362440315c
 nostrip=yes
 noverifyrdeps=yes
 

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
  2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
@ 2020-07-15  5:57 ` fosslinux
  2020-07-15  7:11 ` nilium
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: fosslinux @ 2020-07-15  5:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 340 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/pull/23579#issuecomment-658562211

Comment:
Does this need application rebuilds to ensure the change is propagated to programs? I am by no means a go expert and am having trouble making head or tail of the CVE, so I thought I should check...

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
  2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
  2020-07-15  5:57 ` fosslinux
@ 2020-07-15  7:11 ` nilium
  2020-07-17  0:26 ` nilium
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-15  7:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 454 bytes --]

New comment by nilium on void-packages repository

https://github.com/void-linux/void-packages/pull/23579#issuecomment-658589321

Comment:
Possibly Caddy and any other program that uses the ReverseProxy handler or otherwise does what's described in the CVE (concurrently reads from the request body and writes to the response). The likelihood of programs encountering this is somewhat low since it's somewhat uncommon behavior that causes the data race.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
  2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
  2020-07-15  5:57 ` fosslinux
  2020-07-15  7:11 ` nilium
@ 2020-07-17  0:26 ` nilium
  2020-07-17  0:28 ` [PR PATCH] [Updated] " nilium
  2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge
  4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-17  0:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 168 bytes --]

New comment by nilium on void-packages repository

https://github.com/void-linux/void-packages/pull/23579#issuecomment-659752633

Comment:
Amending this for Go 1.14.6.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Updated] go: update to 1.14.5.
  2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
                   ` (2 preceding siblings ...)
  2020-07-17  0:26 ` nilium
@ 2020-07-17  0:28 ` nilium
  2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge
  4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-17  0:28 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 400 bytes --]

There is an updated pull request by nilium against master on the void-packages repository

https://github.com/nilium/ecks-bops-packages go
https://github.com/void-linux/void-packages/pull/23579

go: update to 1.14.5.
This is a security release for CVE-2020-15586 (and one other that applies to Windows only).

A patch file from https://github.com/void-linux/void-packages/pull/23579.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-go-23579.patch --]
[-- Type: text/x-diff, Size: 918 bytes --]

From bcf00e78bf9208352072fc96243f29fb4d72dcf0 Mon Sep 17 00:00:00 2001
From: Noel Cower <ncower@nil.dev>
Date: Tue, 14 Jul 2020 19:07:23 -0700
Subject: [PATCH] go: update to 1.14.6.

---
 srcpkgs/go/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/go/template b/srcpkgs/go/template
index 66d872098cf..e78524d5a32 100644
--- a/srcpkgs/go/template
+++ b/srcpkgs/go/template
@@ -1,6 +1,6 @@
 # Template file for 'go'
 pkgname=go
-version=1.14.4
+version=1.14.6
 revision=1
 create_wrksrc=yes
 build_wrksrc=go
@@ -10,7 +10,7 @@ maintainer="Michael Aldridge <maldridge@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://golang.org/"
 distfiles="https://golang.org/dl/go${version}.src.tar.gz"
-checksum=7011af3bbc2ac108d1b82ea8abb87b2e63f78844f0259be20cde4d42c5c40584
+checksum=73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09
 nostrip=yes
 noverifyrdeps=yes
 

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Closed]: go: update to 1.14.6.
  2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
                   ` (3 preceding siblings ...)
  2020-07-17  0:28 ` [PR PATCH] [Updated] " nilium
@ 2020-07-17 18:45 ` the-maldridge
  4 siblings, 0 replies; 6+ messages in thread
From: the-maldridge @ 2020-07-17 18:45 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

There's a closed pull request on the void-packages repository

go: update to 1.14.6.
https://github.com/void-linux/void-packages/pull/23579

Description:
This also covers Go 1.14.5, which is a security release for CVE-2020-15586 (and one other that applies to Windows only).

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-17 18:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15  2:15 [PR PATCH] go: update to 1.14.5 nilium
2020-07-15  5:57 ` fosslinux
2020-07-15  7:11 ` nilium
2020-07-17  0:26 ` nilium
2020-07-17  0:28 ` [PR PATCH] [Updated] " nilium
2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).