package/go: security bump to version 1.20.9

Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-10-06 11:51:42 +02:00 · 2023-10-06 11:51:42 +02:00 · 1da113559f
commit 1da113559f
parent 03b44ac6d6
2 changed files with 2 additions and 2 deletions
--- a/package/go/go.hash
+++ b/package/go/go.hash
@ -1,3 +1,3 @@
 # From https://go.dev/dl
-sha256  38d71714fa5279f97240451956d8e47e3c1b6a5de7cb84137949d62b5dd3182e  go1.20.8.src.tar.gz
+sha256  4923920381cd71d68b527761afefa523ea18c5831b4795034c827e18b685cdcf  go1.20.9.src.tar.gz
 sha256  2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
--- a/package/go/go.mk
+++ b/package/go/go.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-GO_VERSION = 1.20.8
+GO_VERSION = 1.20.9
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz