git.openwrt.org Git - feed/packages.git/commit

author	Jeffery To <jeffery.to@gmail.com>
	Thu, 16 Mar 2023 03:19:10 +0000 (11:19 +0800)
committer	Jeffery To <jeffery.to@gmail.com>
	Mon, 20 Mar 2023 06:43:52 +0000 (14:43 +0800)
commit	8711653f1edfca0203006eb0203f26310c864b9d
tree	5d66e2a43a91826122a89726b6a87c32d75c4400	tree \| snapshot
parent	a71341148c47b4e8a0f00c38a60c41f4888d2ff2	commit \| diff

golang: Update to 1.20.2, refresh patch

Includes fixes for:

* 1.20.1:
  * CVE-2022-41722: path/filepath: path traversal in filepath.Clean on
    Windows
  * CVE-2022-41723: net/http: avoid quadratic complexity in HPACK
    decoding
  * CVE-2022-41724: crypto/tls: large handshake records may cause panics
  * CVE-2022-41725: net/http, mime/multipart: denial of service from
    excessive resource consumption

* 1.20.2:
  * CVE-2023-24532: crypto/elliptic: specific unreduced P-256 scalars
    produce incorrect results

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

lang/golang/golang-compiler.mk		diff \| blob \| history
lang/golang/golang-values.mk		diff \| blob \| history
lang/golang/golang/Makefile		diff \| blob \| history
lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch		diff \| blob \| history