40b8301d59
This minor release includes a security fix according to the new security policy. crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected. This is issue 47143 and CVE-2021-34558. Thanks to Imre Rad for reporting this issue.
111 lines
3.5 KiB
Makefile
111 lines
3.5 KiB
Makefile
# $NetBSD: Makefile,v 1.6 2021/07/13 10:12:00 bsiegert Exp $
|
|
|
|
.include "../../lang/go/version.mk"
|
|
.include "../../lang/go/bootstrap.mk"
|
|
|
|
DISTNAME= go${GO116_VERSION:S/.beta/beta/}.src
|
|
PKGNAME= go116-${GO116_VERSION}
|
|
CATEGORIES= lang
|
|
MASTER_SITES= https://storage.googleapis.com/golang/
|
|
|
|
MAINTAINER= bsiegert@NetBSD.org
|
|
HOMEPAGE= https://golang.org/
|
|
COMMENT= The Go programming language
|
|
LICENSE= modified-bsd
|
|
|
|
GOVERSSUFFIX= 116
|
|
WRKSRC= ${WRKDIR}/go
|
|
USE_TOOLS+= bash:run perl:run pax
|
|
|
|
# cgo compiles under TMPDIR
|
|
TMPDIR?= /tmp
|
|
BUILDLINK_PASSTHRU_DIRS+= ${TMPDIR}
|
|
|
|
GOROOT_FINAL= ${PREFIX}/go${GOVERSSUFFIX}
|
|
INSTALLATION_DIRS= bin go${GOVERSSUFFIX}
|
|
|
|
REPLACE_BASH+= lib/time/update.bash
|
|
REPLACE_BASH+= misc/arm/a
|
|
REPLACE_BASH+= misc/cgo/fortran/test.bash
|
|
REPLACE_BASH+= misc/wasm/go_js_wasm_exec
|
|
REPLACE_BASH+= src/all.bash
|
|
REPLACE_BASH+= src/bootstrap.bash
|
|
REPLACE_BASH+= src/buildall.bash
|
|
REPLACE_BASH+= src/clean.bash
|
|
REPLACE_BASH+= src/cmd/compile/internal/ssa/gen/cover.bash
|
|
REPLACE_BASH+= src/cmd/go/mkalldocs.sh
|
|
REPLACE_BASH+= src/cmd/vendor/golang.org/x/sys/unix/mkall.sh
|
|
REPLACE_BASH+= src/cmd/vendor/golang.org/x/sys/unix/mkerrors.sh
|
|
REPLACE_BASH+= src/internal/trace/mkcanned.bash
|
|
REPLACE_BASH+= src/iostest.bash
|
|
REPLACE_BASH+= src/make.bash
|
|
REPLACE_BASH+= src/race.bash
|
|
REPLACE_BASH+= src/run.bash
|
|
REPLACE_BASH+= src/syscall/mkall.sh
|
|
REPLACE_BASH+= src/syscall/mkerrors.sh
|
|
REPLACE_BASH+= src/syscall/mksysnum_plan9.sh
|
|
|
|
REPLACE_PERL+= src/net/http/cgi/testdata/test.cgi
|
|
REPLACE_PERL+= src/regexp/syntax/make_perl_groups.pl
|
|
REPLACE_PERL+= src/syscall/*.pl
|
|
|
|
# uses own linker, which does not support relro on NetBSD
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/bin/go
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/bin/gofmt
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/pkg/bootstrap/bin/asm
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/pkg/bootstrap/bin/compile
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/pkg/bootstrap/bin/link
|
|
CHECK_RELRO_SKIP+= go${GOVERSSUFFIX}/pkg/bootstrap/bin/cgo
|
|
# also does not support SSP at this time
|
|
CHECK_SSP_SKIP= ${CHECK_RELRO_SKIP}
|
|
|
|
# uses /bin/rc (for Plan 9)
|
|
CHECK_INTERPRETER_SKIP+= go${GOVERSSUFFIX}/include/plan9/mklibc.rc
|
|
CHECK_INTERPRETER_SKIP+= go${GOVERSSUFFIX}/src/all.rc
|
|
CHECK_INTERPRETER_SKIP+= go${GOVERSSUFFIX}/src/clean.rc
|
|
CHECK_INTERPRETER_SKIP+= go${GOVERSSUFFIX}/src/make.rc
|
|
CHECK_INTERPRETER_SKIP+= go${GOVERSSUFFIX}/src/run.rc
|
|
|
|
SUBST_CLASSES+= paths
|
|
SUBST_STAGE.paths= pre-configure
|
|
SUBST_FILES.paths= src/crypto/x509/root_solaris.go
|
|
SUBST_VARS.paths= PKG_SYSCONFDIR
|
|
|
|
PLIST_SUBST+= GOVERSSUFFIX=${GOVERSSUFFIX}
|
|
|
|
PLIST_VARS+= pty route
|
|
|
|
.if ${OPSYS} != "SunOS"
|
|
PLIST.pty= yes
|
|
.endif
|
|
|
|
.if ${OPSYS} != "Linux" && ${OPSYS} != "SunOS"
|
|
PLIST.route= yes
|
|
.endif
|
|
|
|
post-extract:
|
|
${RM} -r -f ${WRKSRC}/test/fixedbugs/issue27836*
|
|
|
|
do-build:
|
|
cd ${WRKSRC}/src && \
|
|
env \
|
|
GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:Q} \
|
|
GOROOT_FINAL=${GOROOT_FINAL:Q} \
|
|
${GOOPT} \
|
|
GOCACHE=${WRKDIR}/.cache/go-build \
|
|
${BASH} ./make.bash
|
|
# for RELRO build:
|
|
# cd ${WRKSRC}/src && env GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:Q} GOROOT_FINAL=${GOROOT_FINAL:Q} GO_LDFLAGS="-buildmode=pie" ${GOOPT} ${BASH} ./make.bash
|
|
|
|
do-install:
|
|
cd ${WRKSRC} && rm -rf pkg/obj pkg/bootstrap
|
|
cd ${WRKSRC} && pax -rw . ${DESTDIR}${PREFIX}/go${GOVERSSUFFIX}
|
|
find ${DESTDIR}${PREFIX}/go${GOVERSSUFFIX} -name \*.orig -exec rm {} \;
|
|
.for cmd in go gofmt
|
|
${LN} -sf ${PREFIX}/go${GOVERSSUFFIX}/bin/${cmd} ${DESTDIR}${PREFIX}/bin/${cmd}${GOVERSSUFFIX}
|
|
.endfor
|
|
|
|
do-test:
|
|
cd ${WRKSRC}/src && GOROOT=${WRKSRC} PATH=${WRKSRC}/bin:${PATH} ${GOOPT} ${BASH} run.bash --no-rebuild --banner ""
|
|
|
|
.include "../../mk/bsd.pkg.mk"
|