golang: Update to 1.18.4
authorJeffery To <jeffery.to@gmail.com>
Mon, 18 Jul 2022 09:35:11 +0000 (17:35 +0800)
committerRosen Penev <rosenp@gmail.com>
Wed, 20 Jul 2022 09:38:33 +0000 (02:38 -0700)
Includes fixes for:

* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
  header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
  X-Forwarded-For not working

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 60168651a2c7279a4a169be6b3d61be57e871e55)

lang/golang/golang/Makefile

index bf98b259443ec998c3d392641f120b2beb37092b..97cab65567ebc6a0d71d5be4185d1e7684867493 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 GO_VERSION_MAJOR_MINOR:=1.18
-GO_VERSION_PATCH:=3
+GO_VERSION_PATCH:=4
 
 PKG_NAME:=golang
 PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH))
@@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \
 
 PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz
 PKG_SOURCE_URL:=$(GO_SOURCE_URLS)
-PKG_HASH:=0012386ddcbb5f3350e407c679923811dbd283fcdc421724931614a842ecbc2d
+PKG_HASH:=4525aa6b0e3cecb57845f4060a7075aafc9ab752bb7b6b4cf8a212d43078e1e4
 
 PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
 PKG_LICENSE:=BSD-3-Clause