diff --git a/go1.22.0.src.tar.gz b/go1.22.0.src.tar.gz deleted file mode 100644 index 1237c6f..0000000 --- a/go1.22.0.src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d196c3d41a0d6c1dfc64d04e3cc1f608b0c436bd87b7060ce3e23234e1f4d5c -size 27544122 diff --git a/go1.22.2.src.tar.gz b/go1.22.2.src.tar.gz new file mode 100644 index 0000000..b7aa3c6 --- /dev/null +++ b/go1.22.2.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:374ea82b289ec738e968267cac59c7d5ff180f9492250254784b2044e90df5a9 +size 27551470 diff --git a/go1.22.changes b/go1.22.changes index 8c58c75..87b8333 100644 --- a/go1.22.changes +++ b/go1.22.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Wed Apr 3 15:35:18 UTC 2024 - Jeff Kowalczyk + +- go1.22.2 (released 2024-04-03) includes a security fix to the + net/http package, as well as bug fixes to the compiler, the go + command, the linker, and the encoding/gob, go/types, net/http, + and runtime/trace packages. + Refs boo#1218424 go1.22 release tracking + CVE-2023-45288 + * go#66298 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers + * go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1 + * go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation + * go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64 + * go#66134 cmd/compile: go test . results in CLOSURE ... : internal compiler error: assertion failed + * go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument + * go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr + * go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows + * go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock + * go#66256 cmd/go: git shallow fetches broken at CL 556358 + * go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22 + * go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le + +------------------------------------------------------------------- +Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk + +- go1.22.1 (released 2024-03-05) includes security fixes to the + crypto/x509, html/template, net/http, net/http/cookiejar, and + net/mail packages, as well as bug fixes to the compiler, the go + command, the runtime, the trace command, and the go/types and + net/http packages. + Refs boo#1218424 go1.22 release tracking + CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 + * go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm + * go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled + * go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm + * go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + * go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping + * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module + * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders + * go#65474 internal/testenv: support LUCI mobile builders in testenv tests + * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently + * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change + * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0 + * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing + * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer + * go#65728 go/types: nil pointer dereference in Alias.Underlying() + * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22 + * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux + * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer + * go#65852 cmd/go: "missing ziphash" error with go.work + * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms + +------------------------------------------------------------------- +Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * Use %patch -P N instead of deprecated %patchN + +------------------------------------------------------------------- +Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * boo#1219988 ensure VERSION file is present in GOROOT + as required by go tool dist and go tool distpack + ------------------------------------------------------------------- Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk diff --git a/go1.22.spec b/go1.22.spec index ec734fb..4916211 100644 --- a/go1.22.spec +++ b/go1.22.spec @@ -122,7 +122,7 @@ %endif Name: go1.22 -Version: 1.22.0 +Version: 1.22.2 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause @@ -224,14 +224,14 @@ Go standard library compiled to a dynamically loadable shared object libstd.so # go %setup -q -n go -%patch7 -p1 +%patch -P 7 -p1 %if %{with gccgo} # Currently gcc-go does not manage an update-alternatives entry and will # never be symlinked as "go", even if gcc-go is the only installed go toolchain. # Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8 # Substitute defined gcc_go_version into gcc-go.patch sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch -%patch8 -p1 +%patch -P 8 -p1 %endif cp %{SOURCE4} . @@ -358,6 +358,8 @@ for ext in *.{go,c,h,s,S,py,syso,bin}; do done # executable bash scripts called by go tool, etc find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# VERSION file referenced by go tool dist and go tool distpack +find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; # Trace viewer html and javascript files have moved in recent Go versions # Prior to go1.19 misc/trace # go1.19 to go1.21 src/cmd/trace/static