golang: Update to 1.17.3 17151/head
authorJeffery To <jeffery.to@gmail.com>
Thu, 18 Nov 2021 19:40:17 +0000 (03:40 +0800)
committerJeffery To <jeffery.to@gmail.com>
Thu, 18 Nov 2021 19:40:17 +0000 (03:40 +0800)
Contains fixes for:

* CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
  accesses a memory location after the end of a buffer

* CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP
  archive containing an invalid name or an empty filename field

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/golang/golang/Makefile

index a9048186d5edd3fba11f1a72bbb6ddd3044c806a..30979fe7c6aee30732423f275249ffe24094e553 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 GO_VERSION_MAJOR_MINOR:=1.17
-GO_VERSION_PATCH:=2
+GO_VERSION_PATCH:=3
 
 PKG_NAME:=golang
 PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH))
@@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \
 
 PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz
 PKG_SOURCE_URL:=$(GO_SOURCE_URLS)
-PKG_HASH:=2255eb3e4e824dd7d5fcdc2e7f84534371c186312e546fb1086a34c17752f431
+PKG_HASH:=705c64251e5b25d5d55ede1039c6aa22bea40a7a931d14c370339853643c3df0
 
 PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
 PKG_LICENSE:=BSD-3-Clause