Sync from SUSE:SLFO:Main go1.21 revision 2bc16c93d53608db4765cca8ac71cf33

This commit is contained in:
Adrian Schröter 2024-07-22 17:05:10 +02:00
parent 4fad662bed
commit 13ddd08a0c
4 changed files with 40 additions and 4 deletions

BIN
go1.21.10.src.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
go1.21.12.src.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Tue Jul 2 18:51:48 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.21.12 (released 2024-07-02) includes security fixes to the
net/http package, as well as bug fixes to the compiler, the go
command, the runtime, and the crypto/x509, net/http, net/netip,
and os packages.
Refs boo#1212475 go1.21 release tracking
CVE-2024-24791
* go#68199 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
* go#67297 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds
* go#67426 cmd/link: need to handle new-style loong64 relocs
* go#67714 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
* go#67849 go/internal/gccgoimporter: go building failing with gcc 14.1.0
* go#67933 net: go DNS resolver fails to connect to local DNS server
* go#67944 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
* go#68051 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)
-------------------------------------------------------------------
Tue Jun 4 18:11:01 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.21.11 (released 2024-06-04) includes security fixes to the
archive/zip and net/netip packages, as well as bug fixes to the
compiler, the go command, the runtime, and the os package.
Refs boo#1212475 go1.21 release tracking
CVE-2024-24789 CVE-2024-24790
* go#67553 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
* go#67681 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
* go#64586 cmd/go: spurious "v1.x.y is not a tag" error when a tag's commit was previously download without the tag
* go#67164 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
* go#67187 runtime/metrics: /memory/classes/heap/unused:bytes spikes
* go#67235 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
* go#67310 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
* go#67351 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
* go#67695 os: RemoveAll susceptible to symlink race
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 7 16:00:50 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com> Tue May 7 16:00:50 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>

View File

@ -126,7 +126,7 @@
%endif %endif
Name: go1.21 Name: go1.21
Version: 1.21.10 Version: 1.21.12
Release: 0 Release: 0
Summary: A compiled, garbage-collected, concurrent programming language Summary: A compiled, garbage-collected, concurrent programming language
License: BSD-3-Clause License: BSD-3-Clause