diff --git a/go1.22.2.src.tar.gz b/go1.22.2.src.tar.gz deleted file mode 100644 index b7aa3c6..0000000 --- a/go1.22.2.src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:374ea82b289ec738e968267cac59c7d5ff180f9492250254784b2044e90df5a9 -size 27551470 diff --git a/go1.22.7.src.tar.gz b/go1.22.7.src.tar.gz new file mode 100644 index 0000000..dfdcc9a --- /dev/null +++ b/go1.22.7.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:66432d87d85e0cfac3edffe637d5930fc4ddf5793313fe11e4a0f333023c879f +size 27562038 diff --git a/go1.22.changes b/go1.22.changes index 87b8333..fadd730 100644 --- a/go1.22.changes +++ b/go1.22.changes @@ -1,3 +1,96 @@ +------------------------------------------------------------------- +Thu Sep 5 15:20:28 UTC 2024 - Jeff Kowalczyk + +- go1.22.7 (released 2024-09-05) includes security fixes to the + encoding/gob, go/build/constraint, and go/parser packages, as + well as bug fixes to the fix command and the runtime. + Refs boo#1218424 go1.22 release tracking + CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 + - go#69142 go#69138 boo#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155) + - go#69144 go#69139 boo#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156) + - go#69148 go#69141 boo#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158) + - go#68811 os: TestChtimes failures + - go#68825 cmd/fix: fails to run on modules whose go directive value is in "1.n.m" format introduced in Go 1.21.0 + - go#68972 cmd/cgo: aix c-archive corrupting stack + +------------------------------------------------------------------- +Tue Aug 6 17:39:11 UTC 2024 - Jeff Kowalczyk + +- go1.22.6 (released 2024-08-06) includes fixes to the go command, + the compiler, the linker, the trace command, the covdata command, + and the bytes, go/types, and os/exec packages. + Refs boo#1218424 go1.22 release tracking + * go#68594 cmd/compile: internal compiler error with zero-size types + * go#68546 cmd/trace/v2: pprof profiles always empty + * go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop + * go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm + * go#68370 go/types: assertion failure in recent range statement checking logic + * go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows + * go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race + * go#68222 cmd/go: list with -export and -covermode=atomic fails to build + * go#68198 cmd/link: issues with Xcode 16 beta + +------------------------------------------------------------------- +Tue Jul 2 18:51:45 UTC 2024 - Jeff Kowalczyk + +- go1.22.5 (released 2024-07-02) includes security fixes to the + net/http package, as well as bug fixes to the compiler, cgo, the + go command, the linker, the runtime, and the crypto/tls, + go/types, net, net/http, and os/exec packages. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24791 + * go#68200 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways + * go#65983 cmd/compile: hash of unhashable type + * go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault() + * go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without ".exe" no longer implicitly adds ".exe" in Go 1.22 + * go#67298 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds + * go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders + * go#67798 cmd/compile: internal compiler error: unexpected type: () in for-range + * go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec + * go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0 + * go#67934 net: go DNS resolver fails to connect to local DNS server + * go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure + * go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N) + * go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT)) + +------------------------------------------------------------------- +Tue Jun 4 18:08:59 UTC 2024 - Jeff Kowalczyk + +- go1.22.4 (released 2024-06-04) includes security fixes to the + archive/zip and net/netip packages, as well as bug fixes to the + compiler, the go command, the linker, the runtime, and the os + package. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24789 CVE-2024-24790 + * go#67554 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations + * go#67682 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses + * go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes + * go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 + * go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21' + * go#67258 runtime: unexpected fault address 0 + * go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally + * go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID + * go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections + * go#67460 cmd/compile: internal compiler error: panic with range over integer value + * go#67527 cmd/link: panic: machorelocsect: size mismatch + * go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start + * go#67696 os: RemoveAll susceptible to symlink race + +------------------------------------------------------------------- +Tue May 7 16:00:41 UTC 2024 - Jeff Kowalczyk + +- go1.22.3 (released 2024-05-07) includes security fixes to the go + command and the net package, as well as bug fixes to the + compiler, the runtime, and the net/http package. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24787 CVE-2024-24788 + * go#67122 go#67119 boo#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin + * go#67040 go#66754 boo#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode + * go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le + * go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE + * go#66886 runtime: deterministic fallback hashes across process boundary + * go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 + ------------------------------------------------------------------- Wed Apr 3 15:35:18 UTC 2024 - Jeff Kowalczyk diff --git a/go1.22.spec b/go1.22.spec index 4916211..08c941d 100644 --- a/go1.22.spec +++ b/go1.22.spec @@ -122,7 +122,7 @@ %endif Name: go1.22 -Version: 1.22.2 +Version: 1.22.7 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause