Sync from SUSE:ALP:Source:Standard:1.0 go1.21 revision 89a6f0171a17a57a090e79f7ce50b6f5

This commit is contained in:
Adrian Schröter 2024-04-15 17:16:40 +02:00
parent 170e7824ac
commit 0727755521
4 changed files with 55 additions and 6 deletions

BIN
go1.21.7.src.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
go1.21.9.src.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Wed Apr 3 15:35:16 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.21.9 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the linker, and the
go/types and net/http packages.
Refs boo#1212475 go1.21 release tracking
CVE-2023-45288
* go#65387 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
* go#66254 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
* go#66326 cmd/compile: //go:build file version ignored when using generic function from package "slices" in Go 1.21
* go#66411 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le
-------------------------------------------------------------------
Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.21.8 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and
net/mail packages, as well as bug fixes to the go command and the
runtime.
Refs boo#1212475 go1.21 release tracking
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
* go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
* go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
* go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
* go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
* go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
* go#65475 internal/testenv: support LUCI mobile builders in testenv tests
* go#65478 runtime: don't let the tests leave core files behind
* go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
* go#65851 cmd/go: "missing ziphash" error with go.work
* go#65882 internal/poll: invalid uintptr conversion in call to windows.SetFileInformationByHandle
-------------------------------------------------------------------
Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* Use %patch -P N instead of deprecated %patchN
-------------------------------------------------------------------
Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* boo#1219988 ensure VERSION file is present in GOROOT
as required by go tool dist and go tool distpack
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 6 18:00:12 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com> Tue Feb 6 18:00:12 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>

View File

@ -126,7 +126,7 @@
%endif %endif
Name: go1.21 Name: go1.21
Version: 1.21.7 Version: 1.21.9
Release: 0 Release: 0
Summary: A compiled, garbage-collected, concurrent programming language Summary: A compiled, garbage-collected, concurrent programming language
License: BSD-3-Clause License: BSD-3-Clause
@ -233,14 +233,14 @@ Go standard library compiled to a dynamically loadable shared object libstd.so
# go # go
%setup -q -n go %setup -q -n go
%patch7 -p1 %patch -P 7 -p1
%if %{with gccgo} %if %{with gccgo}
# Currently gcc-go does not manage an update-alternatives entry and will # Currently gcc-go does not manage an update-alternatives entry and will
# never be symlinked as "go", even if gcc-go is the only installed go toolchain. # never be symlinked as "go", even if gcc-go is the only installed go toolchain.
# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8 # Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8
# Substitute defined gcc_go_version into gcc-go.patch # Substitute defined gcc_go_version into gcc-go.patch
sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch
%patch8 -p1 %patch -P 8 -p1
%endif %endif
cp %{SOURCE4} . cp %{SOURCE4} .
@ -367,6 +367,8 @@ for ext in *.{go,c,h,s,S,py,syso,bin}; do
done done
# executable bash scripts called by go tool, etc # executable bash scripts called by go tool, etc
find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
# VERSION file referenced by go tool dist and go tool distpack
find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
# Trace viewer html and javascript files moved from misc/trace in # Trace viewer html and javascript files moved from misc/trace in
# previous versions to src/cmd/trace/static in go1.19. # previous versions to src/cmd/trace/static in go1.19.
# static contains pprof trace viewer html javascript and markdown # static contains pprof trace viewer html javascript and markdown