head	1.11;
access;
symbols
	pkgsrc-2019Q4:1.10.0.6
	pkgsrc-2019Q4-base:1.10
	pkgsrc-2019Q3:1.10.0.2
	pkgsrc-2019Q3-base:1.10
	pkgsrc-2019Q2:1.8.0.2
	pkgsrc-2019Q2-base:1.8
	pkgsrc-2019Q1:1.6.0.2
	pkgsrc-2019Q1-base:1.6
	pkgsrc-2018Q4:1.4.0.2
	pkgsrc-2018Q4-base:1.4
	pkgsrc-2018Q3:1.1.0.2
	pkgsrc-2018Q3-base:1.1;
locks; strict;
comment	@# @;


1.11
date	2020.01.04.12.58.19;	author bsiegert;	state dead;
branches;
next	1.10;
commitid	Jbqjn9k3W3BucnRB;

1.10
date	2019.08.14.15.17.41;	author bsiegert;	state Exp;
branches;
next	1.9;
commitid	mbxjDkt2DPwNy0zB;

1.9
date	2019.07.14.12.25.18;	author bsiegert;	state Exp;
branches;
next	1.8;
commitid	3JrSjQFGXnjAy0vB;

1.8
date	2019.05.27.14.33.10;	author bsiegert;	state Exp;
branches;
next	1.7;
commitid	Y5MeY23Z7eGiRQoB;

1.7
date	2019.04.16.18.13.49;	author bsiegert;	state Exp;
branches;
next	1.6;
commitid	l4fWFYQqPC2ooBjB;

1.6
date	2019.03.16.08.19.00;	author bsiegert;	state Exp;
branches;
next	1.5;
commitid	Jn2Y3NmPpOPq6zfB;

1.5
date	2019.01.24.09.26.21;	author bsiegert;	state Exp;
branches;
next	1.4;
commitid	O45Xy8TGUTNL619B;

1.4
date	2018.12.19.15.27.03;	author bsiegert;	state Exp;
branches
	1.4.2.1;
next	1.3;
commitid	zQg1j4EX6pCFgq4B;

1.3
date	2018.11.04.18.22.17;	author bsiegert;	state Exp;
branches;
next	1.2;
commitid	UBR1Lv6MRZmJGEYA;

1.2
date	2018.10.02.18.19.56;	author bsiegert;	state Exp;
branches;
next	1.1;
commitid	r9tLLw8VND1cJpUA;

1.1
date	2018.09.18.16.22.14;	author bsiegert;	state Exp;
branches;
next	;
commitid	lpfMcpEgsDifwBSA;

1.4.2.1
date	2019.02.08.11.31.19;	author spz;	state Exp;
branches;
next	;
commitid	tPOlSoJ9cslvkXaB;


desc
@@


1.11
log
@We say goodbye to lang/go111.

Replacement: the two supported versions, go112 and go113.
@
text
@$NetBSD: distinfo,v 1.10 2019/08/14 15:17:41 bsiegert Exp $

SHA1 (go1.11.13.src.tar.gz) = 3039af0d0714db1902059add729f6b36390a9776
RMD160 (go1.11.13.src.tar.gz) = 19d71fb4c196bd5bb03cab40cc99b35f312aaefc
SHA512 (go1.11.13.src.tar.gz) = a5dc8ec2bdad226e2498fdfb3560d6e7e19a84711cc1adb91675a8563a0b1fd153513397ca2a2b8cf266d718a6964ad143dfa588313dcf7fe350dd4a24efc3e9
Size (go1.11.13.src.tar.gz) = 21114296 bytes
SHA1 (patch-misc_io_clangwrap.sh) = cd91c47ba0fe7b6eb8009dd261c0c26c7d581c29
SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
SHA1 (patch-src_cmd_link_internal_ld_elf.go) = 990a54e3baf239916e4c7f0c1d54240e2898601a
SHA1 (patch-src_crypto_x509_root__bsd.go) = 93a2de7c685a0919fe93f5bc99f156e105dace4d
SHA1 (patch-src_runtime_os__netbsd.go) = 9b80de94667e3f8d8d1ae3648ab1fe43dd55d577
SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b
@


1.10
log
@go111: update to 1.11.13 (security release).

net/http: Denial of Service vulnerabilities in the HTTP/2 implementation

net/http and golang.org/x/net/http2 servers that accept direct connections from
untrusted clients could be remotely made to allocate an unlimited amount of
memory, until the program crashes. Servers will now close connections if the
send queue accumulates too many control messages.

The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.

This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.

net/url: parsing validation issue

url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.

The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
for discovering and reporting this issue.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.9 2019/07/14 12:25:18 bsiegert Exp $
@


1.9
log
@Update go111 to 1.11.12.

go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package.
See the Go 1.11.11 milestone on our issue tracker for details.

go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker.
See the Go 1.11.12 milestone on our issue tracker for details.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.8 2019/05/27 14:33:10 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.12.src.tar.gz) = 8a84f7eda08fbcc9b1c4f7133bb6cf13c774b4c0
RMD160 (go1.11.12.src.tar.gz) = b2cdeab4dba28597782596a4abf59891f42cbcf1
SHA512 (go1.11.12.src.tar.gz) = ff74678d7002be20c994702cc778d2447bbe4aad2ecf906e4cde9cf00c0c226c2f0def25146acd24f86fddf397b47602c1e5509c21b0d7b856cf933a05e19a6d
Size (go1.11.12.src.tar.gz) = 21113396 bytes
@


1.8
log
@Update go111 to 1.11.10.

This release includes fixes to the compiler, the linker, the go command, the
runtime, and the os package.

While here, remove pkg/bootstrap from the package, as it is only used
for bootstrapping.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.7 2019/04/16 18:13:49 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.10.src.tar.gz) = 91ae724de252021ae7f0d1cc6f69a5ac34a81f02
RMD160 (go1.11.10.src.tar.gz) = af6628ce1698b41a456d6b5f181059926d436435
SHA512 (go1.11.10.src.tar.gz) = 8fab3b96d1c47b8f75b135da9d1a104c485098f6f42041b69336216a57cfd49c0785c8cfa7b016020ded5f0aadd279d7a76feeca33038321a4930139aee28cc8
Size (go1.11.10.src.tar.gz) = 21113259 bytes
@


1.7
log
@Update go111 to 1.11.9.

go1.11.7 (released 2019/04/05) includes fixes to the runtime and the net
packages. See the Go 1.11.7 milestone on our issue tracker for details.

go1.11.8 (released 2019/04/08) was accidentally released without its intended
fix. It is identical to go1.11.7, except for its version number. The intended
fix is in go1.11.9.

go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt binary
releases on older versions of GNU/Linux led to failures when linking programs
that used cgo. Only Linux users who hit this issue need to update.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.6 2019/03/16 08:19:00 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.9.src.tar.gz) = 3790ca6533cce6933eafd34b2a74a7025e3caba7
RMD160 (go1.11.9.src.tar.gz) = 9e1f689f88ce8dbffba9588e69cfaf098633e3a0
SHA512 (go1.11.9.src.tar.gz) = 97593b382ae49388dfc1178dd2438888dc24fba27d3267fd772ecbe10c35f44b1cd3a0987219cca3dd38dcc23ce2c9669fd7da26cc2e5719e2ce77650f877156
Size (go1.11.9.src.tar.gz) = 21113156 bytes
@


1.6
log
@Update go111 to 1.11.6.

go1.11.6 (released 2019/03/14) includes fixes to cgo, the compiler, linker,
runtime, go command, and the crypto/x509, encoding/json, net, and net/url
packages. See the Go 1.11.6 milestone on our issue tracker for details.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.5 2019/01/24 09:26:21 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.6.src.tar.gz) = 3da44308ca85c4b78b62b735060ebb2479ec1dcf
RMD160 (go1.11.6.src.tar.gz) = 247ba7b9f3340dcdab4e300920762c7d58a5d1a2
SHA512 (go1.11.6.src.tar.gz) = bc29df69a08a4e9e703de72b5eda5f2d63b78f18f3e7a1173eae5c6dd767f29f1b865a2fc3f692e15277df2d45e74ee17875b275eb3fc50aac2b88082e618bf5
Size (go1.11.6.src.tar.gz) = 21113406 bytes
@


1.5
log
@Update go111 to 1.11.5 (security).

This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.

These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.

The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.4 2018/12/19 15:27:03 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.5.src.tar.gz) = 94ca79ff63fa5118cb4c7a7113b153d043e7bbf3
RMD160 (go1.11.5.src.tar.gz) = 72ce2f34def54143595157f9e51b731757495272
SHA512 (go1.11.5.src.tar.gz) = 63500238e8d73e4b29279ee3eb9242960de93ccd3b52bacc4009f45cf123cb8edfe5f519d38c5b07bdf2a810925758511ff3255310a056113d0169f78be1d2f6
Size (go1.11.5.src.tar.gz) = 21108339 bytes
@


1.4
log
@Update go111 to 1.11.4 (security update).

go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
runtime, documentation, go command, and the net/http and go/types packages. It
includes a fix to a bug introduced in Go 1.11.3 that broke go get for import
path patterns containing "...". See the Go 1.11.4 milestone on our issue
tracker for details.

go1.11.3 (released 2018/12/12) includes three security fixes to "go get" and
the crypto/x509 package. See the Go 1.11.3 milestone on our issue tracker for
details.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.3 2018/11/04 18:22:17 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.4.src.tar.gz) = 2a24c96d951fedfa70d9774982071b9e6914d976
RMD160 (go1.11.4.src.tar.gz) = 04059a897adae2783c566a7287eda172926309e9
SHA512 (go1.11.4.src.tar.gz) = 9aa2e1800807841ec0432289b672c1607bdcb295f29c02d38adfaf1e3bf043040c9f916e4cb170875d92fe168c5ba6baef2b3d1f824a56ff9138ca2cdcc646e0
Size (go1.11.4.src.tar.gz) = 21108067 bytes
@


1.4.2.1
log
@Pullup ticket #5906 - requested by bsiegert
lang/go111: security update

Revisions pulled up:
- lang/go/version.mk                                            1.54
- lang/go111/distinfo                                           1.5

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   bsiegert
   Date:           Thu Jan 24 09:26:21 UTC 2019

   Modified Files:
           pkgsrc/lang/go: version.mk
           pkgsrc/lang/go111: distinfo

   Log Message:
   Update go111 to 1.11.5 (security).

   This release addresses a recently supported security issue. This DoS
   vulnerability in the crypto/elliptic implementations of the P-521 and P-384
   elliptic curves may let an attacker craft inputs that consume excessive
   amounts of CPU.

   These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
   tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
   key is reused more than once, the attack can also lead to key recovery.

   The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
   See the Go issue for more details.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/lang/go/version.mk
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/go111/distinfo
@
text
@d1 1
a1 1
$NetBSD$
d3 4
a6 4
SHA1 (go1.11.5.src.tar.gz) = 94ca79ff63fa5118cb4c7a7113b153d043e7bbf3
RMD160 (go1.11.5.src.tar.gz) = 72ce2f34def54143595157f9e51b731757495272
SHA512 (go1.11.5.src.tar.gz) = 63500238e8d73e4b29279ee3eb9242960de93ccd3b52bacc4009f45cf123cb8edfe5f519d38c5b07bdf2a810925758511ff3255310a056113d0169f78be1d2f6
Size (go1.11.5.src.tar.gz) = 21108339 bytes
@


1.3
log
@Update go111 to 1.11.2.

go1.11.2 (released 2018/11/02) includes fixes to the compiler, linker,
documentation, go command, and the database/sql and go/types packages. See the
Go 1.11.2 milestone on our issue tracker for details.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.2 2018/10/02 18:19:56 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.2.src.tar.gz) = 54ec8a444b8ea702e82fac35c702336dc162b476
RMD160 (go1.11.2.src.tar.gz) = 0d8b326bd451123d6c838563068903b750aeea7c
SHA512 (go1.11.2.src.tar.gz) = 3d9b182718c7615975a4b47cecb9ff2a8ce62156461e4112452c14617ea226121e7ab736a469050f14c89861cc4934ddd2df295b80fffff0a2dd6c155eaf0aee
Size (go1.11.2.src.tar.gz) = 21100145 bytes
@


1.2
log
@Update go111 to 1.11.1.

go1.11.1 (released 2018/10/01) includes fixes to the compiler, documentation,
go command, runtime, and the crypto/x509, encoding/json, go/types, net,
net/http, and reflect packages. See the Go 1.11.1 milestone on our issue
tracker for details.

Also correct the PLIST and use ln -sf instead of ln -s.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.1 2018/09/18 16:22:14 bsiegert Exp $
d3 4
a6 4
SHA1 (go1.11.1.src.tar.gz) = 70ea29428af285e75a1f7edbf884bc04a450ee0d
RMD160 (go1.11.1.src.tar.gz) = 33f170df80b3044aebee39f055452f4830bb45fd
SHA512 (go1.11.1.src.tar.gz) = 9c19f40b24f2180563705511a5692932c0db3585939053e6d78eea1f394902d37f05b0386f0e7d0c0266178de7e9bd7b003324ed232ce2e5050c9faafafdd979
Size (go1.11.1.src.tar.gz) = 21097206 bytes
@


1.1
log
@Add Go 1.11 as lang/go111.

This installs the go tool as go111; all the supporting files go under
$PREFIX/go111, so it does not conflict with other Go versions. Go packages
in pkgsrc do not use it to build yet.

Changes:

There are many changes and improvements to the toolchain, runtime, and
libraries, but two features stand out as being especially exciting: modules
and WebAssembly support.

This release adds preliminary support for a new concept called "modules," an
alternative to GOPATH with integrated support for versioning and package
distribution. Module support is considered experimental, and there are still
a few rough edges to smooth out, so please make liberal use of the issue
tracker.

Go 1.11 also adds an experimental port to WebAssembly (js/wasm). This allows
programmers to compile Go programs to a binary format compatible with four
major web browsers.
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.63 2018/09/14 09:24:30 fhajny Exp $
d3 4
a6 4
SHA1 (go1.11.src.tar.gz) = def1c60c20344fb3406645c1adf16997a7e23732
RMD160 (go1.11.src.tar.gz) = a6fdba26dfc8def6e0bb29f50fbe78309f8e71e5
SHA512 (go1.11.src.tar.gz) = 2758b7924b4b8cffc30b56fbf039b8e23d1a3c42506ed4997bd64531ba742e2c60e95d1fa70cae2ccda45d1959fadccfd2404af87d962530e4b1d3556c4aaf43
Size (go1.11.src.tar.gz) = 21091932 bytes
@