git.openwrt.org Git - feed/packages.git/commit

author	Stanislav Petrashov <s@petrashov.ru>
	Thu, 20 Oct 2022 20:18:19 +0000 (22:18 +0200)
committer	Stanislav Petrashov <s@petrashov.ru>
	Mon, 14 Nov 2022 19:23:44 +0000 (20:23 +0100)
commit	0ad7a2fe1841a46107b88026a3b95b54571afb88
tree	cf420ba1c5307eb012265e16d3feacf4e78827c5	tree \| snapshot
parent	4d667ec8e8ffb23e2d42a42c58f0318b3d248dff	commit \| diff

golang: update to v1.19.2

Includes fixes for security vulnerabilities:
* [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) net/http: handle server errors after sending GOAWAY
* [CVE-2022-32190](https://github.com/golang/go/issues/54385) net/url: JoinPath does not strip relative path components in all circumstances
* [CVE-2022-2879](https://github.com/golang/go/issues/54853) archive/tar: unbounded memory consumption when reading headers
* [CVE-2022-2880](https://github.com/golang/go/issues/54663) net/http/httputil: ReverseProxy should not forward unparseable query parameters
* [CVE-2022-41715](https://github.com/golang/go/issues/55949) regexp/syntax: limit memory used by parsing regexps

Addresses the build failure:
* https://github.com/openwrt/packages/pull/19613

Signed-off-by: Stanislav Petrashov <s@petrashov.ru>

lang/golang/golang/Makefile		diff \| blob \| history
lang/golang/golang/patches/001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch		diff \| blob \| history