* [Buildroot] [PATCH] package/go: security bump to version 1.21.2
@ 2023-10-06 9:37 Peter Korsgaard
2023-10-08 16:00 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2023-10-06 9:37 UTC (permalink / raw)
To: buildroot; +Cc: Anisse Astier, Christian Stewart
Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
flags to be passed during compilation. This can result in unexpected
execution of arbitrary code when running "go build".
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/go/go.hash | 2 +-
package/go/go.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/go/go.hash b/package/go/go.hash
index be8af438b3..a2ec6b5923 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
# From https://go.dev/dl
-sha256 bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99 go1.21.1.src.tar.gz
+sha256 45e59de173baec39481854490d665b726cec3e5b159f6b4172e5ec7780b2c201 go1.21.2.src.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 6f080be5c0..2c32e90817 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GO_VERSION = 1.21.1
+GO_VERSION = 1.21.2
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH] package/go: security bump to version 1.21.2
2023-10-06 9:37 [Buildroot] [PATCH] package/go: security bump to version 1.21.2 Peter Korsgaard
@ 2023-10-08 16:00 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2023-10-08 16:00 UTC (permalink / raw)
To: buildroot; +Cc: Anisse Astier, Christian Stewart
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
> restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
> flags to be passed during compilation. This can result in unexpected
> execution of arbitrary code when running "go build".
> go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
> package, as well as bug fixes to the compiler, the go command, the linker,
> the runtime, and the runtime/metrics package.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-08 16:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-06 9:37 [Buildroot] [PATCH] package/go: security bump to version 1.21.2 Peter Korsgaard
2023-10-08 16:00 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox