[BACK]Return to distinfo CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / lang / go116

File: [cvs.NetBSD.org] / pkgsrc / lang / go116 / Attic / distinfo (download)

Revision 1.9, Tue Jul 13 10:12:00 2021 UTC (2 years, 8 months ago) by bsiegert
Branch: MAIN
Changes since 1.8: +5 -5 lines

Update go116 to 1.16.6.

This minor release includes a security fix according to the new security policy.

crypto/tls clients can panic when provided a certificate of the wrong type for
the negotiated parameters. net/http clients performing HTTPS requests are also
affected. The panic can be triggered by an attacker in a privileged network
position without access to the server certificate's private key, as long as a
trusted ECDSA or Ed25519 certificate for the server exists (or can be issued),
or the client is configured with Config.InsecureSkipVerify. Clients that
disable all TLS_RSA cipher suites (that is, TLS 1.0ур.2 cipher
suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.

This is issue 47143 and CVE-2021-34558. Thanks to Imre Rad for reporting this
issue.

$NetBSD: distinfo,v 1.9 2021/07/13 10:12:00 bsiegert Exp $

SHA1 (go1.16.6.src.tar.gz) = 047772552a78bb6d20682425e38d43dc4d94ad3f
RMD160 (go1.16.6.src.tar.gz) = 9e8e85819c17977d8b4ffbe6afe8fa00d2946269
SHA512 (go1.16.6.src.tar.gz) = 82634763dce636c9e9cba1bbf74a669e8b88e6df095e80672f295edb82cc1fc4b8ffde91a1f56c3470f2c4d9ee0404f65146d7478b645890623f6c463513a61f
Size (go1.16.6.src.tar.gz) = 20923044 bytes
SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e
SHA1 (patch-src_crypto_x509_root__solaris.go) = cce8d78a5a3712a0e7a620ead232a779e4a4b21e
SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b