From 98e0452ebb7cb25311d4f615e07df89a5776268b Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Tue, 14 Feb 2023 23:29:23 -0800 Subject: [PATCH] package/go: security bump to version 1.19.6 go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the go command, the linker, the runtime, and the crypto/x509, net/http, and time packages. See the Go 1.19.6 milestone on the Go issue tracker for details. CVE-2022-41725: net/http, mime/multipart: denial of service from excessive resource consumption CVE-2022-41724: crypto/tls: large handshake records may cause panics CVE-2022-41723: net/http: avoid quadratic complexity in HPACK decoding https://go.dev/doc/devel/release#go1.19.minor Signed-off-by: Christian Stewart Signed-off-by: Peter Korsgaard --- package/go/go.hash | 2 +- package/go/go.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/go/go.hash b/package/go/go.hash index 4c22f0f274..8254a91524 100644 --- a/package/go/go.hash +++ b/package/go/go.hash @@ -1,3 +1,3 @@ # From https://go.dev/dl -sha256 8e486e8e85a281fc5ce3f0bedc5b9d2dbf6276d7db0b25d3ec034f313da0375f go1.19.5.src.tar.gz +sha256 d7f0013f82e6d7f862cc6cb5c8cdb48eef5f2e239b35baa97e2f1a7466043767 go1.19.6.src.tar.gz sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE diff --git a/package/go/go.mk b/package/go/go.mk index c38ae0b99c..a9056da47b 100644 --- a/package/go/go.mk +++ b/package/go/go.mk @@ -4,7 +4,7 @@ # ################################################################################ -GO_VERSION = 1.19.5 +GO_VERSION = 1.19.6 GO_SITE = https://storage.googleapis.com/golang GO_SOURCE = go$(GO_VERSION).src.tar.gz