NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/go: security bump to version 1.12.12

Browse Source 
Fixes the following security issues (1.12.11):

- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
  In particular, using crypto/x509.Verify on a crafted X.509 certificate
  chain can lead to a panic, even if the certificates don’t chain to a
  trusted root.  The chain can be delivered via a crypto/tls connection to a
  client, or to a server that accepts and verifies client certificates.
  net/http clients can be made to crash by an HTTPS server, while net/http
  servers that accept client certificates will recover the panic and are
  naffected.

Additionally, 1.12.11 fixes a number of issues. From the release notes:

fixes to the go command, runtime, syscall and net packages.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2019-10-31 16:02:43 +01:00
parent fac363fa13
commit a3882d58aa
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/go/go.hash
View File

@ -1,3 +1,3 @@
# From https://golang.org/dl/
sha256 f56e48fce80646d3c94dcf36d3e3f490f6d541a92070ad409b87b6bbb9da3954 go1.12.10.src.tar.gz
sha256 fcb33b5290fa9bcc52be3211501540df7483d7276b031fc77528672a3c705b99 go1.12.12.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE

2
package/go/go.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
GO_VERSION = 1.12.10
GO_VERSION = 1.12.12
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz