* [PR PATCH] go: update to 1.14.5.
@ 2020-07-15 2:15 nilium
2020-07-15 5:57 ` fosslinux
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: nilium @ 2020-07-15 2:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 395 bytes --]
There is a new pull request by nilium against master on the void-packages repository
https://github.com/nilium/ecks-bops-packages go
https://github.com/void-linux/void-packages/pull/23579
go: update to 1.14.5.
This is a security release for CVE-2020-15586 (and one other that applies to Windows only).
A patch file from https://github.com/void-linux/void-packages/pull/23579.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-go-23579.patch --]
[-- Type: text/x-diff, Size: 918 bytes --]
From 6d02e164d420cbad13cbc0d42725eafcc5fbd329 Mon Sep 17 00:00:00 2001
From: Noel Cower <ncower@nil.dev>
Date: Tue, 14 Jul 2020 19:07:23 -0700
Subject: [PATCH] go: update to 1.14.5.
---
srcpkgs/go/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/go/template b/srcpkgs/go/template
index 66d872098cf..46400997725 100644
--- a/srcpkgs/go/template
+++ b/srcpkgs/go/template
@@ -1,6 +1,6 @@
# Template file for 'go'
pkgname=go
-version=1.14.4
+version=1.14.5
revision=1
create_wrksrc=yes
build_wrksrc=go
@@ -10,7 +10,7 @@ maintainer="Michael Aldridge <maldridge@voidlinux.org>"
license="BSD-3-Clause"
homepage="http://golang.org/"
distfiles="https://golang.org/dl/go${version}.src.tar.gz"
-checksum=7011af3bbc2ac108d1b82ea8abb87b2e63f78844f0259be20cde4d42c5c40584
+checksum=ca4c080c90735e56152ac52cd77ae57fe573d1debb1a58e03da9cc362440315c
nostrip=yes
noverifyrdeps=yes
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
@ 2020-07-15 5:57 ` fosslinux
2020-07-15 7:11 ` nilium
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: fosslinux @ 2020-07-15 5:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 340 bytes --]
New comment by fosslinux on void-packages repository
https://github.com/void-linux/void-packages/pull/23579#issuecomment-658562211
Comment:
Does this need application rebuilds to ensure the change is propagated to programs? I am by no means a go expert and am having trouble making head or tail of the CVE, so I thought I should check...
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
2020-07-15 5:57 ` fosslinux
@ 2020-07-15 7:11 ` nilium
2020-07-17 0:26 ` nilium
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-15 7:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 454 bytes --]
New comment by nilium on void-packages repository
https://github.com/void-linux/void-packages/pull/23579#issuecomment-658589321
Comment:
Possibly Caddy and any other program that uses the ReverseProxy handler or otherwise does what's described in the CVE (concurrently reads from the request body and writes to the response). The likelihood of programs encountering this is somewhat low since it's somewhat uncommon behavior that causes the data race.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: go: update to 1.14.5.
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
2020-07-15 5:57 ` fosslinux
2020-07-15 7:11 ` nilium
@ 2020-07-17 0:26 ` nilium
2020-07-17 0:28 ` [PR PATCH] [Updated] " nilium
2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge
4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-17 0:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 168 bytes --]
New comment by nilium on void-packages repository
https://github.com/void-linux/void-packages/pull/23579#issuecomment-659752633
Comment:
Amending this for Go 1.14.6.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Updated] go: update to 1.14.5.
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
` (2 preceding siblings ...)
2020-07-17 0:26 ` nilium
@ 2020-07-17 0:28 ` nilium
2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge
4 siblings, 0 replies; 6+ messages in thread
From: nilium @ 2020-07-17 0:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 400 bytes --]
There is an updated pull request by nilium against master on the void-packages repository
https://github.com/nilium/ecks-bops-packages go
https://github.com/void-linux/void-packages/pull/23579
go: update to 1.14.5.
This is a security release for CVE-2020-15586 (and one other that applies to Windows only).
A patch file from https://github.com/void-linux/void-packages/pull/23579.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-go-23579.patch --]
[-- Type: text/x-diff, Size: 918 bytes --]
From bcf00e78bf9208352072fc96243f29fb4d72dcf0 Mon Sep 17 00:00:00 2001
From: Noel Cower <ncower@nil.dev>
Date: Tue, 14 Jul 2020 19:07:23 -0700
Subject: [PATCH] go: update to 1.14.6.
---
srcpkgs/go/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/go/template b/srcpkgs/go/template
index 66d872098cf..e78524d5a32 100644
--- a/srcpkgs/go/template
+++ b/srcpkgs/go/template
@@ -1,6 +1,6 @@
# Template file for 'go'
pkgname=go
-version=1.14.4
+version=1.14.6
revision=1
create_wrksrc=yes
build_wrksrc=go
@@ -10,7 +10,7 @@ maintainer="Michael Aldridge <maldridge@voidlinux.org>"
license="BSD-3-Clause"
homepage="http://golang.org/"
distfiles="https://golang.org/dl/go${version}.src.tar.gz"
-checksum=7011af3bbc2ac108d1b82ea8abb87b2e63f78844f0259be20cde4d42c5c40584
+checksum=73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09
nostrip=yes
noverifyrdeps=yes
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Closed]: go: update to 1.14.6.
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
` (3 preceding siblings ...)
2020-07-17 0:28 ` [PR PATCH] [Updated] " nilium
@ 2020-07-17 18:45 ` the-maldridge
4 siblings, 0 replies; 6+ messages in thread
From: the-maldridge @ 2020-07-17 18:45 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 275 bytes --]
There's a closed pull request on the void-packages repository
go: update to 1.14.6.
https://github.com/void-linux/void-packages/pull/23579
Description:
This also covers Go 1.14.5, which is a security release for CVE-2020-15586 (and one other that applies to Windows only).
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-07-17 18:45 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 2:15 [PR PATCH] go: update to 1.14.5 nilium
2020-07-15 5:57 ` fosslinux
2020-07-15 7:11 ` nilium
2020-07-17 0:26 ` nilium
2020-07-17 0:28 ` [PR PATCH] [Updated] " nilium
2020-07-17 18:45 ` [PR PATCH] [Closed]: go: update to 1.14.6 the-maldridge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).