From e0238d30911698b59ddc33f2bf23613ea3f3c3c3 Mon Sep 17 00:00:00 2001 From: Stanislav Petrashov Date: Thu, 20 Oct 2022 22:18:19 +0200 Subject: [PATCH] golang: update to v1.19.2 Includes fixes for security vulnerabilities: * [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) net/http: handle server errors after sending GOAWAY * [CVE-2022-32190](https://github.com/golang/go/issues/54385) net/url: JoinPath does not strip relative path components in all circumstances * [CVE-2022-2879](https://github.com/golang/go/issues/54853) archive/tar: unbounded memory consumption when reading headers * [CVE-2022-2880](https://github.com/golang/go/issues/54663) net/http/httputil: ReverseProxy should not forward unparseable query parameters * [CVE-2022-41715](https://github.com/golang/go/issues/55949) regexp/syntax: limit memory used by parsing regexps Addresses the build failure: * https://github.com/openwrt/packages/pull/19613 Signed-off-by: Stanislav Petrashov (cherry picked from commit 0ad7a2fe1841a46107b88026a3b95b54571afb88) --- lang/golang/golang/Makefile | 6 +++--- ...nk-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index 73bfbb2512..3faa93e82d 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk -GO_VERSION_MAJOR_MINOR:=1.18 -GO_VERSION_PATCH:=8 +GO_VERSION_MAJOR_MINOR:=1.19 +GO_VERSION_PATCH:=2 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=1f79802305015479e77d8c641530bc54ec994657d5c5271e0172eb7118346a12 +PKG_HASH:=2ce930d70a931de660fdaf271d70192793b1b240272645bf0275779f6704df6b PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause diff --git a/lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch b/lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch index d65cd98568..7eb40a4749 100644 --- a/lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch +++ b/lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch @@ -13,7 +13,7 @@ Fixes #22040. --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go -@@ -1392,25 +1392,20 @@ func (ctxt *Link) hostlink() { +@@ -1502,25 +1502,20 @@ func (ctxt *Link) hostlink() { } if ctxt.Arch.InFamily(sys.ARM, sys.ARM64) && buildcfg.GOOS == "linux" { -- 2.30.2