From 7f2db681f13900863781798bd2a77bbe6c674519 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 11 Jun 2021 16:26:56 +0800 Subject: [PATCH] golang: Update to 1.16.5 1.16.1 included fixes for: * CVE-2021-27918 - encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader * CVE-2021-27919 - archive/zip: can panic when calling Reader.Open 1.16.4 included fixes for: * CVE-2021-31525 - net/http: ReadRequest can stack overflow due to recursion with very large headers 1.16.5 includes fixes for: * CVE-2021-33195 - net: Lookup functions may return invalid host names * CVE-2021-33196 - archive/zip: malformed archive may cause panic or memory exhaustion * CVE-2021-33197 - net/http/httputil: ReverseProxy forwards Connection headers if first one is empty Signed-off-by: Jeffery To (cherry picked from commit fe3c49fe07dfcdd3794c588af916ba6a2c03db28) --- lang/golang/golang/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index bd5b0b4248..655a06d393 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.16 -GO_VERSION_PATCH:= +GO_VERSION_PATCH:=5 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=7688063d55656105898f323d90a79a39c378d86fe89ae192eb3b7fc46347c95a +PKG_HASH:=7bfa7e5908c7cc9e75da5ddf3066d7cbcf3fd9fa51945851325eebc17f50ba80 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause -- 2.30.2