Update go116 to 1.16.6.

This minor release includes a security fix according to the new security policy. crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected. This is issue 47143 and CVE-2021-34558. Thanks to Imre Rad for reporting this issue.
2021-07-13 10:12:00 +00:00 · 2021-07-13 10:12:00 +00:00 · 40b8301d59
commit 40b8301d59
parent a38f56e5c1
4 changed files with 12 additions and 10 deletions
--- a/lang/go/version.mk
+++ b/lang/go/version.mk
@ -1,4 +1,4 @@
-# $NetBSD: version.mk,v 1.121 2021/07/13 10:05:08 bsiegert Exp $
+# $NetBSD: version.mk,v 1.122 2021/07/13 10:12:00 bsiegert Exp $

 #
 # If bsd.prefs.mk is included before go-package.mk in a package, then this
@ -6,7 +6,7 @@
 #
 .include "go-vars.mk"

-GO116_VERSION=	1.16.5
+GO116_VERSION=	1.16.6
 GO115_VERSION=	1.15.14
 GO110_VERSION=	1.10.8
 GO19_VERSION=	1.9.7
--- a/lang/go116/Makefile
+++ b/lang/go116/Makefile
@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.5 2021/05/24 19:52:33 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2021/07/13 10:12:00 bsiegert Exp $

-PKGREVISION= 1
 .include "../../lang/go/version.mk"
 .include "../../lang/go/bootstrap.mk"

--- a/lang/go116/PLIST
+++ b/lang/go116/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2021/06/05 12:40:07 bsiegert Exp $
+@comment $NetBSD: PLIST,v 1.7 2021/07/13 10:12:00 bsiegert Exp $
 bin/go${GOVERSSUFFIX}
 bin/gofmt${GOVERSSUFFIX}
 go116/AUTHORS
@ -9194,6 +9194,9 @@ go116/test/fixedbugs/issue4618.go
 go116/test/fixedbugs/issue4620.go
 go116/test/fixedbugs/issue4654.go
 go116/test/fixedbugs/issue4663.go
+go116/test/fixedbugs/issue46653.dir/bad/bad.go
+go116/test/fixedbugs/issue46653.dir/main.go
+go116/test/fixedbugs/issue46653.go
 go116/test/fixedbugs/issue4667.go
 go116/test/fixedbugs/issue4734.go
 go116/test/fixedbugs/issue4748.go
--- a/lang/go116/distinfo
+++ b/lang/go116/distinfo
@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.8 2021/06/05 12:40:07 bsiegert Exp $
+$NetBSD: distinfo,v 1.9 2021/07/13 10:12:00 bsiegert Exp $

-SHA1 (go1.16.5.src.tar.gz) = b3d00525ea5af180149fafca8da730c6f988f29f
-RMD160 (go1.16.5.src.tar.gz) = dfbe9538c56f60215d699b611aac1db182751e5c
-SHA512 (go1.16.5.src.tar.gz) = ba90ce1f3faa39519eb5437009c4b710b493e42764a14b0821292a8a17b714fe5985ef20e6e3c340f71cb521ff63d45a23570d38fd752526a1262448c641d544
-Size (go1.16.5.src.tar.gz) = 20921372 bytes
+SHA1 (go1.16.6.src.tar.gz) = 047772552a78bb6d20682425e38d43dc4d94ad3f
+RMD160 (go1.16.6.src.tar.gz) = 9e8e85819c17977d8b4ffbe6afe8fa00d2946269
+SHA512 (go1.16.6.src.tar.gz) = 82634763dce636c9e9cba1bbf74a669e8b88e6df095e80672f295edb82cc1fc4b8ffde91a1f56c3470f2c4d9ee0404f65146d7478b645890623f6c463513a61f
+Size (go1.16.6.src.tar.gz) = 20923044 bytes
 SHA1 (patch-misc_ios_clangwrap.sh) = 0a06403609cb7bce2e6f65444fd322f486761afe
 SHA1 (patch-src_cmd_dist_util.go) = 24e6f1b6ded842a8ce322a40e8766f7d344bc47e
 SHA1 (patch-src_crypto_x509_root__bsd.go) = 27636e0d8c121ccec6c46a3a82cd0e0469473a6e