kumquat-buildroot/package/go
Peter Korsgaard 2580a12e5a package/go: security bump to version 1.13.3
Fixes the following security issues (1.33.2):

- CVE-2019-17596: Invalid DSA public keys can cause a panic in dsa.Verify.
  In particular, using crypto/x509.Verify on a crafted X.509 certificate
  chain can lead to a panic, even if the certificates don’t chain to a
  trusted root.  The chain can be delivered via a crypto/tls connection to a
  client, or to a server that accepts and verifies client certificates.
  net/http clients can be made to crash by an HTTPS server, while net/http
  servers that accept client certificates will recover the panic and are
  unaffected.

Additionally, 1.13.3 fixes a number of issues. From the release notes:

Fixes to the go command, the toolchain, the runtime, syscall, net, net/http,
and crypto/ecdsa packages

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-28 08:43:17 +01:00
..
0001-build.go-explicit-option-for-crosscompilation.patch
Config.in.host
go.hash
go.mk