From 901f80aae7d14b48e1ff94b59ef03eeeae7b0900 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 19 Nov 2021 03:40:17 +0800 Subject: [PATCH] golang: Update to 1.17.3 Contains fixes for: * CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat) accesses a memory location after the end of a buffer * CVE-2021-41772: archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field Signed-off-by: Jeffery To --- lang/golang/golang/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index a9048186d..30979fe7c 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.17 -GO_VERSION_PATCH:=2 +GO_VERSION_PATCH:=3 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=2255eb3e4e824dd7d5fcdc2e7f84534371c186312e546fb1086a34c17752f431 +PKG_HASH:=705c64251e5b25d5d55ede1039c6aa22bea40a7a931d14c370339853643c3df0 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause