From 13ddd08a0c74dcdf3c350729b8a74e8be262213f46b8e617938c0e100c400a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 22 Jul 2024 17:05:10 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main go1.21 revision 2bc16c93d53608db4765cca8ac71cf33 --- go1.21.10.src.tar.gz | 3 --- go1.21.12.src.tar.gz | 3 +++ go1.21.changes | 36 ++++++++++++++++++++++++++++++++++++ go1.21.spec | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) delete mode 100644 go1.21.10.src.tar.gz create mode 100644 go1.21.12.src.tar.gz diff --git a/go1.21.10.src.tar.gz b/go1.21.10.src.tar.gz deleted file mode 100644 index 8b1f978..0000000 --- a/go1.21.10.src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:900e0afe8900c1ee65a8a8c4f0c5a3ca02dcf85c1d1cb13a652be22c21399394 -size 26993576 diff --git a/go1.21.12.src.tar.gz b/go1.21.12.src.tar.gz new file mode 100644 index 0000000..13e7a3a --- /dev/null +++ b/go1.21.12.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:30e68af27bc1f1df231e3ab74f3d17d3b8d52a089c79bcaab573b4f1b807ed4f +size 26997443 diff --git a/go1.21.changes b/go1.21.changes index ddff9d7..2a3f67d 100644 --- a/go1.21.changes +++ b/go1.21.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Tue Jul 2 18:51:48 UTC 2024 - Jeff Kowalczyk + +- go1.21.12 (released 2024-07-02) includes security fixes to the + net/http package, as well as bug fixes to the compiler, the go + command, the runtime, and the crypto/x509, net/http, net/netip, + and os packages. + Refs boo#1212475 go1.21 release tracking + CVE-2024-24791 + * go#68199 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways + * go#67297 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds + * go#67426 cmd/link: need to handle new-style loong64 relocs + * go#67714 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders + * go#67849 go/internal/gccgoimporter: go building failing with gcc 14.1.0 + * go#67933 net: go DNS resolver fails to connect to local DNS server + * go#67944 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure + * go#68051 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N) + +------------------------------------------------------------------- +Tue Jun 4 18:11:01 UTC 2024 - Jeff Kowalczyk + +- go1.21.11 (released 2024-06-04) includes security fixes to the + archive/zip and net/netip packages, as well as bug fixes to the + compiler, the go command, the runtime, and the os package. + Refs boo#1212475 go1.21 release tracking + CVE-2024-24789 CVE-2024-24790 + * go#67553 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations + * go#67681 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses + * go#64586 cmd/go: spurious "v1.x.y is not a tag" error when a tag's commit was previously download without the tag + * go#67164 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 + * go#67187 runtime/metrics: /memory/classes/heap/unused:bytes spikes + * go#67235 cmd/go: mod tidy reports toolchain not available with 'go 1.21' + * go#67310 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally + * go#67351 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections + * go#67695 os: RemoveAll susceptible to symlink race + ------------------------------------------------------------------- Tue May 7 16:00:50 UTC 2024 - Jeff Kowalczyk diff --git a/go1.21.spec b/go1.21.spec index 6f323a0..339c95b 100644 --- a/go1.21.spec +++ b/go1.21.spec @@ -126,7 +126,7 @@ %endif Name: go1.21 -Version: 1.21.10 +Version: 1.21.12 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause