kumquat-buildroot/package/go
Peter Korsgaard d810fee306 package/go: security bump to version 1.11.4
go 1.11.3 fixes the following security issues:

cmd/go: remote command execution during "go get -u"
The issue is CVE-2018-16873 and Go issue golang.org/issue/29230. See the Go issue for details.
Thanks to Etienne Stalmans from the Heroku platform security team for discovering and reporting this issue.

cmd/go: directory traversal in "go get" via curly braces in import paths
The issue is CVE-2018-16874 and Go issue golang.org/issue/29231. See the Go issue for details.
Thanks to ztz of Tencent Security Platform for discovering and reporting this issue.

crypto/x509: CPU denial of service in chain validation
The issue is CVE-2018-16875 and Go issue golang.org/issue/29233. See the Go issue for details.
Thanks to Netflix for discovering and reporting this issue.

go 1.11.4 fixes issues, including regressions introduced by 1.11.3:

1.11.4 includes fixes to cgo, the compiler, linker, runtime, documentation, go
command, and the net/http and go/types packages.  It includes a fix to a bug
introduced in Go 1.11.3 that broke go get for import path patterns
containing "...".

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-16 12:17:47 +01:00
..
0001-build.go-explicit-option-for-crosscompilation.patch
Config.in.host
go.hash package/go: security bump to version 1.11.4 2018-12-16 12:17:47 +01:00
go.mk package/go: security bump to version 1.11.4 2018-12-16 12:17:47 +01:00