openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/go: security bump to version 1.23.10

Browse Source 
go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker.

go1.23.10 (released 2025-06-05) includes security fixes to the net/http and
os packages, as well as bug fixes to the linker.

Fixes the following security vulnerabilities:

- CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin
  redirect

  Proxy-Authorization and Proxy-Authenticate headers persisted on
  cross-origin redirects potentially leaking sensitive information

- CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and
  Windows

  os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and
  Windows systems when the target path was a dangling symlink.  On Unix
  systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks.
  On Windows, when the target path was a symlink to a nonexistent location,
  OpenFile would create a file in that location.

- CVE-2025-22874: crypto/x509: usage of ExtKeyUsageAny disables policy validation

  Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny
  unintentionally disabled policy validation.  This only affected
  certificate chains which contain policy graphs, which are rather uncommon.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 00f0fca15a)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Peter Korsgaard
2025-06-07 14:19:47 +02:00
committed by Thomas Perale
parent ed5585a03c
commit 78a9b41ded
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
package/go/go.hash
View File

@@ -1,9 +1,9 @@
# sha256 checksum from https://go.dev/dl/
sha256 0ca1f1e37ea255e3ce283af3f4e628502fb444587da987a5bb96d6c6f15930d4 go1.23.8.src.tar.gz
sha256 714b9d004063bfa27686f9ff0e5648bb190b3a5bc1e86b0aa16c134d8d8c315f go1.23.8.linux-386.tar.gz
sha256 45b87381172a58d62c977f27c4683c8681ef36580abecd14fd124d24ca306d3f go1.23.8.linux-amd64.tar.gz
sha256 9d6d938422724a954832d6f806d397cf85ccfde8c581c201673e50e634fdc992 go1.23.8.linux-arm64.tar.gz
sha256 d14e0bea9fb25344a0460f395880d5589bbcd413ffd5555be48e46c0de084437 go1.23.8.linux-armv6l.tar.gz
sha256 0cadab469e612b159f5f68b1a30d75aa7b7e1ed5292746005a6a3c8ff04e6f35 go1.23.8.linux-ppc64le.tar.gz
sha256 cbe954ee534eb02aa782639716d8c25706dd171445f7c8336bd2fc0b8f6fe38e go1.23.8.linux-s390x.tar.gz
sha256 800a7ae1bff179a227b653a2f644517c800443b8b4abf3273af5e1cb7113de59 go1.23.10.src.tar.gz
sha256 ded3c0a8d6d2a0ea5e7599c49678efa05cda139d31baaaf7d8d536a9e4cc19b2 go1.23.10.linux-386.tar.gz
sha256 535f9f81802499f2a7dbfa70abb8fda3793725fcc29460f719815f6e10b5fd60 go1.23.10.linux-amd64.tar.gz
sha256 bfb1f1df7173f44648ee070a39ab0481068632f595305a699d89cd56a33b8081 go1.23.10.linux-arm64.tar.gz
sha256 b6e00c9a72406d394b9f167e74670e28b72ed559cca8115b21be1cb9d5316cb4 go1.23.10.linux-armv6l.tar.gz
sha256 8fb94455cfa5e9a5e8af2bfbc7323a6fed2dabaffda1a69dae5dd41b669bbb57 go1.23.10.linux-ppc64le.tar.gz
sha256 7d0e8651eb54fce5cfe2d4b412ddfa50144ce21907f72192a6549ffe03db4e1f go1.23.10.linux-s390x.tar.gz
sha256 2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067 LICENSE

2
package/go/go.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
GO_VERSION = 1.23.8
GO_VERSION = 1.23.10
HOST_GO_GOPATH = $(HOST_DIR)/share/go-path
HOST_GO_HOST_CACHE = $(HOST_DIR)/share/host-go-cache