From 07277555212fd1bf579c180d83baa79d9c08b997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 15 Apr 2024 17:16:40 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 go1.21 revision 89a6f0171a17a57a090e79f7ce50b6f5 --- go1.21.7.src.tar.gz | 3 --- go1.21.9.src.tar.gz | 3 +++ go1.21.changes | 47 +++++++++++++++++++++++++++++++++++++++++++++ go1.21.spec | 8 +++++--- 4 files changed, 55 insertions(+), 6 deletions(-) delete mode 100644 go1.21.7.src.tar.gz create mode 100644 go1.21.9.src.tar.gz diff --git a/go1.21.7.src.tar.gz b/go1.21.7.src.tar.gz deleted file mode 100644 index 28b3faa..0000000 --- a/go1.21.7.src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:00197ab20f33813832bff62fd93cca1c42a08cc689a32a6672ca49591959bff6 -size 26991014 diff --git a/go1.21.9.src.tar.gz b/go1.21.9.src.tar.gz new file mode 100644 index 0000000..00c3f57 --- /dev/null +++ b/go1.21.9.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58f0c5ced45a0012bce2ff7a9df03e128abcc8818ebabe5027bb92bafe20e421 +size 26993426 diff --git a/go1.21.changes b/go1.21.changes index 7ea018d..ea97efb 100644 --- a/go1.21.changes +++ b/go1.21.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Wed Apr 3 15:35:16 UTC 2024 - Jeff Kowalczyk + +- go1.21.9 (released 2024-04-03) includes a security fix to the + net/http package, as well as bug fixes to the linker, and the + go/types and net/http packages. + Refs boo#1212475 go1.21 release tracking + CVE-2023-45288 + * go#65387 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers + * go#66254 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock + * go#66326 cmd/compile: //go:build file version ignored when using generic function from package "slices" in Go 1.21 + * go#66411 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le + +------------------------------------------------------------------- +Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk + +- go1.21.8 (released 2024-03-05) includes security fixes to the + crypto/x509, html/template, net/http, net/http/cookiejar, and + net/mail packages, as well as bug fixes to the go command and the + runtime. + Refs boo#1212475 go1.21 release tracking + CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 + * go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + * go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm + * go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm + * go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled + * go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping + * go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders + * go#65475 internal/testenv: support LUCI mobile builders in testenv tests + * go#65478 runtime: don't let the tests leave core files behind + * go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing + * go#65851 cmd/go: "missing ziphash" error with go.work + * go#65882 internal/poll: invalid uintptr conversion in call to windows.SetFileInformationByHandle + +------------------------------------------------------------------- +Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * Use %patch -P N instead of deprecated %patchN + +------------------------------------------------------------------- +Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * boo#1219988 ensure VERSION file is present in GOROOT + as required by go tool dist and go tool distpack + ------------------------------------------------------------------- Tue Feb 6 18:00:12 UTC 2024 - Jeff Kowalczyk diff --git a/go1.21.spec b/go1.21.spec index 8037ef2..fa55af2 100644 --- a/go1.21.spec +++ b/go1.21.spec @@ -126,7 +126,7 @@ %endif Name: go1.21 -Version: 1.21.7 +Version: 1.21.9 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause @@ -233,14 +233,14 @@ Go standard library compiled to a dynamically loadable shared object libstd.so # go %setup -q -n go -%patch7 -p1 +%patch -P 7 -p1 %if %{with gccgo} # Currently gcc-go does not manage an update-alternatives entry and will # never be symlinked as "go", even if gcc-go is the only installed go toolchain. # Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8 # Substitute defined gcc_go_version into gcc-go.patch sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch -%patch8 -p1 +%patch -P 8 -p1 %endif cp %{SOURCE4} . @@ -367,6 +367,8 @@ for ext in *.{go,c,h,s,S,py,syso,bin}; do done # executable bash scripts called by go tool, etc find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# VERSION file referenced by go tool dist and go tool distpack +find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; # Trace viewer html and javascript files moved from misc/trace in # previous versions to src/cmd/trace/static in go1.19. # static contains pprof trace viewer html javascript and markdown