head 1.15; access; symbols pkgsrc-2026Q1:1.15.0.10 pkgsrc-2026Q1-base:1.15 pkgsrc-2025Q4:1.15.0.8 pkgsrc-2025Q4-base:1.15 pkgsrc-2025Q3:1.15.0.6 pkgsrc-2025Q3-base:1.15 pkgsrc-2025Q2:1.15.0.4 pkgsrc-2025Q2-base:1.15 pkgsrc-2025Q1:1.15.0.2 pkgsrc-2025Q1-base:1.15 pkgsrc-2024Q4:1.13.0.2 pkgsrc-2024Q4-base:1.13 pkgsrc-2024Q3:1.10.0.2 pkgsrc-2024Q3-base:1.10 pkgsrc-2024Q2:1.7.0.2 pkgsrc-2024Q2-base:1.7 pkgsrc-2024Q1:1.2.0.2 pkgsrc-2024Q1-base:1.2; locks; strict; comment @# @; 1.15 date 2025.02.07.10.17.49; author bsiegert; state Exp; branches; next 1.14; commitid ywNJTsY2ed3luwIF; 1.14 date 2025.01.17.10.33.08; author bsiegert; state Exp; branches; next 1.13; commitid 93PzS0JOzVXmfPFF; 1.13 date 2024.12.04.18.51.39; author bsiegert; state Exp; branches 1.13.2.1; next 1.12; commitid KUxSi1QX7YOlqdAF; 1.12 date 2024.11.08.19.46.59; author bsiegert; state Exp; branches; next 1.11; commitid EhFJF6T8Jrl9zSwF; 1.11 date 2024.10.03.15.41.00; author bsiegert; state Exp; branches; next 1.10; commitid YoOQLIt16iWBmesF; 1.10 date 2024.09.06.18.42.18; author bsiegert; state Exp; branches; next 1.9; commitid xcyJ7A5Pl2NIeMoF; 1.9 date 2024.08.11.15.44.26; author bsiegert; state Exp; branches; next 1.8; commitid uhaQTJcqDKZB5qlF; 1.8 date 2024.07.03.06.49.54; author bsiegert; state Exp; branches; next 1.7; commitid iYU3jxXLRpDznmgF; 1.7 date 2024.06.13.12.55.15; author bsiegert; state Exp; branches; next 1.6; commitid wuJgVUAa1J913PdF; 1.6 date 2024.05.07.18.18.05; author bsiegert; state Exp; branches; next 1.5; commitid oYK3ow5Chn0v069F; 1.5 date 2024.04.09.16.57.45; author jperkin; state Exp; branches; next 1.4; commitid Jq7PyUu0bAdStu5F; 1.4 date 2024.04.05.18.51.52; author bsiegert; state Exp; branches; next 1.3; commitid 8j89Olh2JfwWeZ4F; 1.3 date 2024.04.02.14.12.57; author jperkin; state Exp; branches; next 1.2; commitid sK3vNgc3KBdgNz4F; 1.2 date 2024.03.05.19.37.52; author bsiegert; state Exp; branches; next 1.1; commitid FaPNGXvv5bKru01F; 1.1 date 2024.02.09.20.34.10; author bsiegert; state Exp; branches; next ; commitid IHpwSNzlQojdBNXE; 1.13.2.1 date 2025.02.06.15.33.18; author maya; state Exp; branches; next ; commitid YxXhbO7DqE23hqIF; desc @@ 1.15 log @Update go122 to 1.22.12 and go123 to 1.23.6. This is a security update but it only applies on the ppc64le platform. These minor releases include 1 security fix following the security policy: - crypto/elliptic: timing sidechannel for P-256 on ppc64le Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. This is CVE-2025-22866 and Go issue https://go.dev/issue/71383. @ text @$NetBSD: distinfo,v 1.14 2025/01/17 10:33:08 bsiegert Exp $ BLAKE2s (go1.22.12.src.tar.gz) = 72a07834496d592e3aa4af763643d80ac55276fe482a086ee411bc58d346738b SHA512 (go1.22.12.src.tar.gz) = de498f72c398c5587abb6e6943a21b1b9835fde16dbda4d64a1ad847f5b2399ed289fe327255dcde104ad9e7f3fd6c520ddb13ee1900ba5d5c45aa5e1c1e30c8 Size (go1.22.12.src.tar.gz) = 27566409 bytes SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe SHA1 (patch-src_cmd_dist_build.go) = cbb9576f832806b0cbef121ea38ba6a54db95bc3 SHA1 (patch-src_crypto_x509_root__bsd.go) = 0b5dead901450967109303f873a2696c65ccac35 SHA1 (patch-src_crypto_x509_root__solaris.go) = d636a1599ede225ac339388fba2b6e253112d461 SHA1 (patch-src_syscall_syscall__solaris.go) = a23052ad13e128578c1c0cf46812f26d2d8ccdd1 SHA1 (patch-src_syscall_zerrors__solaris__amd64.go) = 9500319cf717106e1b4bb2ba28861358dffc781e SHA1 (patch-src_syscall_zsysnum__solaris__amd64.go) = ec28a0fa37ba9599ec1651c8e9337a2efc48a26b @ 1.14 log @Update go122 to 1.22.11 and go123 to 1.23.5. These minor releases include 2 security fixes following the security policy: - crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. Thanks to Juho Forsén of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after cross-domain redirect The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. Thanks to Kyle Seely for reporting this issue. This is CVE-2024-45336 and Go issue https://go.dev/issue/70530. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2024/12/04 18:51:39 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.11.src.tar.gz) = b28d7f23e094ac9b99e0a1b858ba9e76deb26f362a27f7875cbaba5a5abf17cb SHA512 (go1.22.11.src.tar.gz) = 40c133d6008df7c7cc3bb95a41c29f7442a6af2dd78b807007daf732471c88e2c641aed32878414d57be3904e5efa580d2ecd13fff5412ee668e753e50f1356e Size (go1.22.11.src.tar.gz) = 27565913 bytes @ 1.13 log @Update Go to 1.22.10, 1.23.4 go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. See the Go 1.23.4 milestone on our issue tracker for details. go1.22.10 (released 2024-12-03) includes fixes to the runtime and the syscall package. See the Go 1.22.10 milestone on our issue tracker for details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2024/11/08 19:46:59 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.10.src.tar.gz) = d1e119124684dfa0cb025aa5e976147260f09e64d5a0bf9773358fa6e7acafd6 SHA512 (go1.22.10.src.tar.gz) = 0ccf4a42a8bf40c94f21b014fea3ea002d46e8ecb1142be7444148c4937b3d10ce863fb5556f2c1a8f4b51d34d85efe16efa892255eeb4447108c44ac080ce13 Size (go1.22.10.src.tar.gz) = 27565306 bytes @ 1.13.2.1 log @Pullup ticket #6939 - requested by bsiegert lang/go122: Security fix lang/go123: Security fix Revisions pulled up: - lang/go/version.mk 1.221 - lang/go122/distinfo 1.14 - lang/go123/PLIST 1.6 - lang/go123/distinfo 1.7 --- Module Name: pkgsrc Committed By: bsiegert Date: Fri Jan 17 10:33:09 UTC 2025 Modified Files: pkgsrc/lang/go: version.mk pkgsrc/lang/go122: distinfo pkgsrc/lang/go123: PLIST distinfo Log Message: Update go122 to 1.22.11 and go123 to 1.23.5. These minor releases include 2 security fixes following the security policy= : - crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. Thanks to Juho Fors=C3=A9n of Mattermost for reporting this issue. This is CVE-2024-45341 and Go issue https://go.dev/issue/71156. - net/http: sensitive headers incorrectly sent after cross-domain redirect The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. Thanks to Kyle Seely for reporting this issue. This is CVE-2024-45336 and Go issue https://go.dev/issue/70530. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (go1.22.11.src.tar.gz) = b28d7f23e094ac9b99e0a1b858ba9e76deb26f362a27f7875cbaba5a5abf17cb SHA512 (go1.22.11.src.tar.gz) = 40c133d6008df7c7cc3bb95a41c29f7442a6af2dd78b807007daf732471c88e2c641aed32878414d57be3904e5efa580d2ecd13fff5412ee668e753e50f1356e Size (go1.22.11.src.tar.gz) = 27565913 bytes @ 1.12 log @go: update to 1.22.9 and 1.23.2. go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and the net/http, os, and syscall packages. See the Go 1.23.3 milestone on our issue tracker for details. go1.22.9 (released 2024-11-06) includes fixes to the linker. See the Go 1.22.9 milestone on our issue tracker for details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2024/10/03 15:41:00 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.9.src.tar.gz) = 7d3a8f242c3e993441ef78b213985fb41b2417611ca45439c5e375112e12270d SHA512 (go1.22.9.src.tar.gz) = d9237212e82f6acb40685fdbe75f3e5c6a6340329c31a885e7f241a5868b5835052e90063db849a5960c8242da2971c55a3a3cab2c0e0e62754b8c33344887cf Size (go1.22.9.src.tar.gz) = 27565135 bytes @ 1.11 log @go: update go123 to 1.23.2 and go122 to 1.22.8. go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. See the Go 1.23.2 milestone on our issue tracker for details. go1.22.8 (released 2024-10-01) includes fixes to cgo, and the maps and syscall packages. See the Go 1.22.8 milestone on our issue tracker for details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2024/09/06 18:42:18 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.8.src.tar.gz) = 7c49a3c0c8496ff1b08621a1f8192ee7c555daccf19f1cf44c7434f7eb1cedac SHA512 (go1.22.8.src.tar.gz) = ee63cdec73e63924449c56a5ea223a4ad05ec4839823591937889fb36052ebd34357f892a57193c6f697bf16cd9d8168e8fcb560472658b7b167c41b8557146f Size (go1.22.8.src.tar.gz) = 27563052 bytes @ 1.10 log @go122: update to 1.22.7 This minor release includes 3 security fixes following the security policy: go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. This is CVE-2024-34155 and Go issue https://go.dev/issue/69138. encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Thanks to Md Sakib Anwar of The Ohio State University (anwar.40@@osu.edu) for reporting this issue. This is CVE-2024-34156 and Go issue https://go.dev/issue/69139. go/build/constraint: stack exhaustion in Parse Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. This is CVE-2024-34158 and Go issue https://go.dev/issue/69141. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2024/08/11 15:44:26 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.7.src.tar.gz) = 8bec5dc1aa82ae1784195f9f2c7345c161a72167ed7869e57576403509665719 SHA512 (go1.22.7.src.tar.gz) = 60b37916e31c3482e8395580a29757971df5e1783dc13a9914261007e07aa8b1b9c1a0b874883e297903e16c7831117b8f814aeff0a0d4398948c97c9d73b73a Size (go1.22.7.src.tar.gz) = 27562038 bytes @ 1.9 log @go: update to 1.21.13 and 1.22.6 go1.21.13 (released 2024-08-06) includes fixes to the go command, the covdata command, and the bytes package. go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2024/07/03 06:49:54 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.6.src.tar.gz) = 48dc497e2ccd4343475cbbc119daf24b031cadbbeced81dfb27f85236155c75a SHA512 (go1.22.6.src.tar.gz) = 59f84ba390203271d9fe2d3f04624449d54d3bb73c2b6e54b5f7dc9e9e2dce2192bae07ef56a2afee871cff84d457b90f8a00f4433e072028b97af987f3799e1 Size (go1.22.6.src.tar.gz) = 27561569 bytes @ 1.8 log @go: update to 1.22.5 and 1.21.12 (security) These minor releases include 1 security fix following the security policy: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Thanks to Geoff Franks for reporting this issue. This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. View the release notes for more information: https://go.dev/doc/devel/release#go1.22.5 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2024/06/13 12:55:15 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.5.src.tar.gz) = 0407b536f7f26d7ef9b006a32ac072201b7b42750bc056d6c84ac645cf677fe7 SHA512 (go1.22.5.src.tar.gz) = 798c2bd5d59be1fb5d7af98893fa7bb68322117facfdee546a37175ec5e8be634f2bed2d8d0e7d4d0555b354c8e9d72b3829c39670d3be2d2328376a00a48576 Size (go1.22.5.src.tar.gz) = 27559458 bytes @ 1.7 log @go122: update to 1.22.4 (security) This minor release includes 2 security fixes following the security policy: - archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Thanks to Yufan You (@@ouuan) for reporting this issue. This is CVE-2024-24789 and Go issue https://go.dev/issue/66869. - net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Thanks to Enze Wang of Alioth (@@zer0yu) and Jianjun Chen of Zhongguancun Lab (@@chenjj) for reporting this issue. This is CVE-2024-24790 and Go issue https://go.dev/issue/67680. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2024/05/07 18:18:05 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.4.src.tar.gz) = 0634d5823abbb1ba4dd5f320f55f33156ca8f8a0482fbdfb5804b28f9aceb38b SHA512 (go1.22.4.src.tar.gz) = 4855ba7e277b2eb79eb52e3ad2a52f18b3a4cd3adc20b7a17d29fabae74141265bf31399307b8d3f35110031d11ad7f583016aa903f3e36eeb6d1f64cfc8a5ad Size (go1.22.4.src.tar.gz) = 27555503 bytes @ 1.6 log @go: update to 1.21.10 and 1.22.3 (security) These minor releases include 2 security fixes following the security policy: - cmd/go: arbitrary code execution during build on darwin On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. Thanks to Juho Forsén of Mattermost for reporting this issue. This is CVE-2024-24787 and Go issue https://go.dev/issue/67119. - net: malformed DNS message can cause infinite loop A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. Thanks to @@long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to our attention. This is CVE-2024-24788 and Go issue https://go.dev/issue/66754. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2024/04/09 16:57:45 jperkin Exp $ d3 3 a5 3 BLAKE2s (go1.22.3.src.tar.gz) = fc915cdf74ff63831716b752f88dde2bf42d82117761303bb063cc0226977a67 SHA512 (go1.22.3.src.tar.gz) = e6756866d3cf195f1afd3d852015f32dfb2de3648e30a78e9238a863eae192e9e7ccbcfd19fd97b1d552f35d51d62bf2104d81e35b8854a40400b0d61cf93672 Size (go1.22.3.src.tar.gz) = 27552410 bytes d11 1 a11 1 SHA1 (patch-src_syscall_zerrors__solaris__amd64.go) = f2a10b7436e1abedfe9491f8bde4c0bf3b2a893f @ 1.5 log @go122: Support O_DIRECT on illumos. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2024/04/05 18:51:52 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.2.src.tar.gz) = 1cda38de9b035db9c153c21042f23f62bc3ad1cd516b012916a446ca09b94d70 SHA512 (go1.22.2.src.tar.gz) = f2491d2b5d4ef2dd86ca7820503a2534cd1860822049dc01a6cb40b556a0812cfc4196fa83173765816060253ac949f4165b0fb4b2bed5d45e30d03bb69e434d Size (go1.22.2.src.tar.gz) = 27551470 bytes @ 1.4 log @This minor release includes 1 security fix following the security policy: http2: close connections when receiving too many headers Maintaining HPACK state requires that we parse and process all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, we don't allocate memory to store the excess headers but we do parse them. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. Set a limit on the amount of excess header frames we will process before closing a connection. Thanks to Bartek Nowotarski (https://nowotarski.info/) for reporting this issue. This is CVE-2023-45288 and Go issue https://go.dev/issue/65051. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2024/04/02 14:12:57 jperkin Exp $ d11 1 @ 1.3 log @go122: Implement syscall.Mkfifo() on illumos. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2024/03/05 19:37:52 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.1.src.tar.gz) = 87e9705c9221285dc0362891b320252da5ca380f73329e564026133807f7205f SHA512 (go1.22.1.src.tar.gz) = 627530c3fa2ea872478e1df8ee20db2ddc3c94581fff4e66bda21ca45a643e9915f97115401f79667cd7e856ccca1b40a842f4c0b509a472c75696e3bdb3a908 Size (go1.22.1.src.tar.gz) = 27548577 bytes @ 1.2 log @go122: update to 1.22.1 (security) This minor release includes 5 security fixes following the security policy: - crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. Thanks to John Howard (Google) for reporting this issue. This is CVE-2024-24783 and Go issue https://go.dev/issue/65390. - net/http: memory exhaustion in Request.ParseMultipartForm When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. ParseMultipartForm now correctly limits the maximum size of form lines. Thanks to Bartek Nowotarski for reporting this issue. This is CVE-2023-45290 and Go issue https://go.dev/issue/65383. - net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Thanks to Juho Nurminen of Mattermost for reporting this issue. This is CVE-2023-45289 and Go issue https://go.dev/issue/65065. - html/template: errors returned from MarshalJSON methods may break template escaping If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Thanks to RyotaK (https://ryotak.net) for reporting this issue. This is CVE-2024-24785 and Go issue https://go.dev/issue/65697. - net/mail: comments in display names are incorrectly handled The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. Thanks to Juho Nurminen of Mattermost and Slonser (https://github.com/Slonser) for reporting this issue. This is CVE-2024-24784 and Go issue https://go.dev/issue/65083. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2024/02/09 20:34:10 bsiegert Exp $ d10 1 @ 1.1 log @Add a new package for go122-1.22.0 The latest Go release, version 1.22, arrives six months after Go 1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Release notes: https://go.dev/doc/go1.22 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2023/12/08 14:57:37 bsiegert Exp $ d3 3 a5 3 BLAKE2s (go1.22.0.src.tar.gz) = cebb4bbf403a754d03a5a47dc4121f70ab796e692ba40704ae785aeecc6cef9b SHA512 (go1.22.0.src.tar.gz) = f47fdac3281463757b3db9f6ab747f86ed7263beed52c820ec2571375a578034df02c0b76912c19fab3a58df3b04d79b6aae084163d1d5847c907aeb30b936e3 Size (go1.22.0.src.tar.gz) = 27544122 bytes @