golang: Update to 1.21.1
authorJeffery To <jeffery.to@gmail.com>
Sun, 10 Sep 2023 19:57:45 +0000 (03:57 +0800)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Wed, 27 Sep 2023 17:54:25 +0000 (19:54 +0200)
Includes fixes for:

* CVE-2023-39318: html/template: improper handling of HTML-like comments
  within script contexts

* CVE-2023-39319: html/template: improper handling of special tags
  within script contexts

* CVE-2023-39320: cmd/go: go.mod toolchain directive allows arbitrary
  execution

* CVE-2023-39321 and CVE-2023-39322: crypto/tls: panic when processing
  partial post-handshake message in QUICConn.HandleData

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit d9a999521ea3113f3c48b65d468917bf94f83821)

lang/golang/golang/Makefile

index 1022a645674ad8ba59dd12e0aea6a8596cdd5c2e..e91f346541ef3c3fabd03357bec5ed2af9e97365 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 GO_VERSION_MAJOR_MINOR:=1.21
-GO_VERSION_PATCH:=0
+GO_VERSION_PATCH:=1
 
 PKG_NAME:=golang
 PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH))
@@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \
 
 PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz
 PKG_SOURCE_URL:=$(GO_SOURCE_URLS)
-PKG_HASH:=818d46ede85682dd551ad378ef37a4d247006f12ec59b5b755601d2ce114369a
+PKG_HASH:=bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99
 
 PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
 PKG_LICENSE:=BSD-3-Clause