From 10a6452b8718ebc1216c660e85d1fedad15d84f7 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Mon, 18 Jul 2022 17:35:11 +0800 Subject: [PATCH] golang: Update to 1.18.4 Includes fixes for: * CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: io/fs: stack exhaustion in Glob * CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: path/filepath: stack exhaustion in Glob * CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working Signed-off-by: Jeffery To (cherry picked from commit 60168651a2c7279a4a169be6b3d61be57e871e55) --- lang/golang/golang/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index bf98b25944..97cab65567 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.18 -GO_VERSION_PATCH:=3 +GO_VERSION_PATCH:=4 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=0012386ddcbb5f3350e407c679923811dbd283fcdc421724931614a842ecbc2d +PKG_HASH:=4525aa6b0e3cecb57845f4060a7075aafc9ab752bb7b6b4cf8a212d43078e1e4 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause -- 2.30.2