Sync from SUSE:SLFO:Main go1.21-openssl revision be0e6a7a42fd00aa9ef26053c600b45a
This commit is contained in:
parent
d6515252b0
commit
dc8db3e77b
@ -1,3 +1,142 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 1 00:31:42 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
- Packaging improvements:
|
||||
Refs jsc#SLE-18320
|
||||
* Iterate over all patches in the upstream patch set. In addition
|
||||
to the two large primary patches 000-initial-setup.patch and
|
||||
001-initial-openssl-for-fips.patch, various fixes are being
|
||||
applied in smaller patches. Ensure that we apply all of these.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 16 16:09:28 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.13.4 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.13-4-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Update update initial openssl patch to reflect the previous
|
||||
update (1.21.13.2) to the openssl bindings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 12 12:55:39 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.13.3 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.13-3-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Backport CVE fixes from Go 1.22.7 (#230)
|
||||
Upstream creates backports since go1.23-openssl not yet branched
|
||||
* go#69142 go#69138 boo#1230252 security: fixes CVE-2024-34155 go/parser: track depth in nested element lists
|
||||
* go#69144 go#69139 boo#1230253 security: fixes CVE-2024-34156 encoding/gob: cover missed cases when checking ignore depth
|
||||
* go#69148 go#69141 boo#1230254 security: fixes CVE-2024-34158 go/build/constraint: add parsing limits
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 4 13:29:02 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.13.2 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.13-2-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Fast forward golang-fips/openssl to latest v1 (#225)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 19 11:32:12 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.13.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.13-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Update to go1.21.13
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 6 17:39:08 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.13 (released 2024-08-06) includes fixes to the go command,
|
||||
the covdata command, and the bytes package.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
* go#68491 cmd/covdata: too many open files due to defer f.Close() in for loop
|
||||
* go#68474 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
|
||||
* go#68221 cmd/go: list with -export and -covermode=atomic fails to build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 2 18:51:48 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.12 (released 2024-07-02) includes security fixes to the
|
||||
net/http package, as well as bug fixes to the compiler, the go
|
||||
command, the runtime, and the crypto/x509, net/http, net/netip,
|
||||
and os packages.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
CVE-2024-24791
|
||||
* go#68199 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
|
||||
* go#67297 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds
|
||||
* go#67426 cmd/link: need to handle new-style loong64 relocs
|
||||
* go#67714 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
|
||||
* go#67849 go/internal/gccgoimporter: go building failing with gcc 14.1.0
|
||||
* go#67933 net: go DNS resolver fails to connect to local DNS server
|
||||
* go#67944 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
|
||||
* go#68051 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 5 19:13:50 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
- Update to version 1.21.11.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.11-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Update to go1.21.11
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 4 18:11:01 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.11 (released 2024-06-04) includes security fixes to the
|
||||
archive/zip and net/netip packages, as well as bug fixes to the
|
||||
compiler, the go command, the runtime, and the os package.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
CVE-2024-24789 CVE-2024-24790
|
||||
* go#67553 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
|
||||
* go#67681 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
|
||||
* go#64586 cmd/go: spurious "v1.x.y is not a tag" error when a tag's commit was previously download without the tag
|
||||
* go#67164 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
|
||||
* go#67187 runtime/metrics: /memory/classes/heap/unused:bytes spikes
|
||||
* go#67235 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
|
||||
* go#67310 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
|
||||
* go#67351 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
|
||||
* go#67695 os: RemoveAll susceptible to symlink race
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 22 13:12:33 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
- Update to version 1.21.10.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.10-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Update to go1.21.10
|
||||
* backport of fix linkage in RHEL builds to go1.21
|
||||
* Skip broken PKCS overlong message test
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 7 16:00:50 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.10 (released 2024-05-07) includes security fixes to the go
|
||||
command, as well as bug fixes to the net/http package.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
CVE-2024-24787
|
||||
* go#67121 go#67119 boo#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin
|
||||
* go#66697 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 4 19:11:07 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.9.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.9-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Update to go1.21.9
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 3 15:35:16 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.9 (released 2024-04-03) includes a security fix to the
|
||||
net/http package, as well as bug fixes to the linker, and the
|
||||
go/types and net/http packages.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
CVE-2023-45288
|
||||
* go#65387 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
|
||||
* go#66254 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
|
||||
* go#66326 cmd/compile: //go:build file version ignored when using generic function from package "slices" in Go 1.21
|
||||
* go#66411 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 13 14:06:49 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
@ -11,6 +150,27 @@ Wed Mar 13 14:06:49 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
* Feature go build -buildmode=shared is deprecated by upstream,
|
||||
but not yet removed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.21.8 (released 2024-03-05) includes security fixes to the
|
||||
crypto/x509, html/template, net/http, net/http/cookiejar, and
|
||||
net/mail packages, as well as bug fixes to the go command and the
|
||||
runtime.
|
||||
Refs boo#1212475 go1.21 release tracking
|
||||
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
|
||||
* go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
|
||||
* go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
|
||||
* go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
|
||||
* go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
|
||||
* go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
|
||||
* go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
|
||||
* go#65475 internal/testenv: support LUCI mobile builders in testenv tests
|
||||
* go#65478 runtime: don't let the tests leave core files behind
|
||||
* go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
|
||||
* go#65851 cmd/go: "missing ziphash" error with go.work
|
||||
* go#65882 internal/poll: invalid uintptr conversion in call to windows.SetFileInformationByHandle
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
@ -20,7 +180,7 @@ Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 8 13:19:41 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.7.1 cut from the go1.21-openssl-fips
|
||||
- Update to version 1.21.7.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.7-1-openssl-fips.
|
||||
* Update to go1.21.7
|
||||
|
||||
@ -69,7 +229,7 @@ Tue Jan 9 18:40:15 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 7 19:15:40 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.5.1 cut from the go1.21-openssl-fips
|
||||
- Update to version 1.21.5.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.5-1-openssl-fips.
|
||||
* Update to go1.21.5
|
||||
|
||||
@ -97,7 +257,7 @@ Tue Dec 5 19:03:51 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 7 22:51:37 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.21.4.1 cut from the go1.21-openssl-fips
|
||||
- Update to version 1.21.4.1 cut from the go1.21-fips-release
|
||||
branch at the revision tagged go1.21.4-1-openssl-fips.
|
||||
* Update to go1.21.4
|
||||
|
||||
@ -123,7 +283,7 @@ Tue Nov 7 19:29:09 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
Thu Oct 19 13:08:42 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Initial package go1.21-openssl version 1.21.3.1 cut from the
|
||||
go1.21-openssl-fips branch at the revision tagged
|
||||
go1.21-fips-release branch at the revision tagged
|
||||
go1.21.3-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Go upstream merged branch dev.boringcrypto in go1.19+.
|
||||
|
||||
@ -126,9 +126,9 @@
|
||||
%endif
|
||||
|
||||
Name: go1.21-openssl
|
||||
Version: 1.21.7.1
|
||||
Version: 1.21.13.4
|
||||
# Drop our added final dot and digit to define upstream version
|
||||
%define shortversion 1.21.7
|
||||
%define shortversion 1.21.13
|
||||
Release: 0
|
||||
Summary: A compiled, garbage-collected, concurrent programming language
|
||||
License: BSD-3-Clause
|
||||
@ -238,8 +238,12 @@ cp %{SOURCE4} .
|
||||
|
||||
# Apply golang-fips OpenSSL patch set to upstream go1.x sources
|
||||
%setup -q -D -T -b 10 -n go
|
||||
patch -p1 <patches/000-initial-setup.patch
|
||||
patch -p1 <patches/001-initial-openssl-for-fips.patch
|
||||
# The patchset is comprised of two large primary patches plus accumulated fixes
|
||||
for file in patches/*.patch; do
|
||||
if [ -f "$file" ]; then
|
||||
patch -p1 <"$file"
|
||||
fi
|
||||
done
|
||||
|
||||
%build
|
||||
# Remove the pre-included .sysos, to avoid shipping things we didn't compile
|
||||
|
||||
BIN
go1.21.13.4-openssl.src.tar.gz
(Stored with Git LFS)
Normal file
BIN
go1.21.13.4-openssl.src.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
go1.21.13.src.tar.gz
(Stored with Git LFS)
Normal file
BIN
go1.21.13.src.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
go1.21.7.1-openssl.src.tar.gz
(Stored with Git LFS)
BIN
go1.21.7.1-openssl.src.tar.gz
(Stored with Git LFS)
Binary file not shown.
BIN
go1.21.7.src.tar.gz
(Stored with Git LFS)
BIN
go1.21.7.src.tar.gz
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user