git.openwrt.org Git - feed/packages.git/commit

author	Stanislav Petrashov <s@petrashov.ru>
	Thu, 20 Oct 2022 20:18:19 +0000 (22:18 +0200)
committer	Josef Schlehofer <pepe.schlehofer@gmail.com>
	Sat, 3 Dec 2022 11:51:33 +0000 (12:51 +0100)
commit	e0238d30911698b59ddc33f2bf23613ea3f3c3c3
tree	a77b79cd8039a829f1330520e804af8623aa1f85	tree \| snapshot
parent	e5083a9dba86aeb4aa2fc07089af9a0f121e8070	commit \| diff

golang: update to v1.19.2

Includes fixes for security vulnerabilities:
* [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) net/http: handle server errors after sending GOAWAY
* [CVE-2022-32190](https://github.com/golang/go/issues/54385) net/url: JoinPath does not strip relative path components in all circumstances
* [CVE-2022-2879](https://github.com/golang/go/issues/54853) archive/tar: unbounded memory consumption when reading headers
* [CVE-2022-2880](https://github.com/golang/go/issues/54663) net/http/httputil: ReverseProxy should not forward unparseable query parameters
* [CVE-2022-41715](https://github.com/golang/go/issues/55949) regexp/syntax: limit memory used by parsing regexps

Addresses the build failure:
* https://github.com/openwrt/packages/pull/19613

Signed-off-by: Stanislav Petrashov <s@petrashov.ru>
(cherry picked from commit 0ad7a2fe1841a46107b88026a3b95b54571afb88)

lang/golang/golang/Makefile		diff \| blob \| history
lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch		diff \| blob \| history