mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-01 09:23:29 +08:00
go: security bump to version 1.7.4
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. This is addressed by https://golang.org/cl/33721, tracked in https://golang.org/issue/18141. Thanks to Xy Ziemba for identifying and reporting this issue. The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. This is addressed by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965. Thanks to Simon Rawet for the report. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
5e2f55d41f
commit
5c9db62171
@ -1,2 +1,2 @@
|
||||
# Locally computed:
|
||||
sha256 ce4f331352313ad7ba9db5daf6f7f81581f3ca9c862d272ae02ee5a3cb294023 go1.7.2.src.tar.gz
|
||||
sha256 4c189111e9ba651a2bb3ee868aa881fab36b2f2da3409e80885ca758a6b614cc go1.7.4.src.tar.gz
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
GO_VERSION = 1.7.2
|
||||
GO_VERSION = 1.7.4
|
||||
GO_SITE = https://storage.googleapis.com/golang
|
||||
GO_SOURCE = go$(GO_VERSION).src.tar.gz
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user