Accepting request 980418 from home:jfkw:branches:devel:languages:go

- go1.18.3 (released 2022-06-01) includes security fixes to the crypto/rand, crypto/tls, os/exec, and path/filepath packages, as well as bug fixes to the compiler, and the crypto/tls and text/template/parse packages. Refs boo#1193742 go1.18 release tracking CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 * boo#1200134 go#52561 CVE-2022-30634 * go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1 * boo#1200135 go#52814 CVE-2022-30629 * go#52833 crypto/tls: randomly generate ticket_age_add * boo#1200136 go#52574 CVE-2022-30580 * go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset * boo#1200137 go#52476 CVE-2022-29804 * go#52479 path/filepath: Clean(.\c:) returns c: on Windows * go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2 * go#52242 cmd/compile: compiler crash on valid code * go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated" * go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17 * go#52878 text/template: break/continue require no whitespace around them * go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12 * go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11 OBS-URL: https://build.opensuse.org/request/show/980418 OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=21
2022-06-02 00:20:02 +00:00 · 2022-06-02 00:20:02 +00:00 · 6295af7dc3
commit 6295af7dc3
parent 9b2b528d2a
4 changed files with 29 additions and 4 deletions
--- a/go1.18.2.src.tar.gz
+++ b/go1.18.2.src.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2c44d03ea2c34092137ab919ba602f2c261a038d08eb468528a3f3a28e5667e2
-size 22837686
--- a/go1.18.3.src.tar.gz
+++ b/go1.18.3.src.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0012386ddcbb5f3350e407c679923811dbd283fcdc421724931614a842ecbc2d
+size 22838104
--- a/go1.18.changes
+++ b/go1.18.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Wed Jun  1 17:51:26 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- go1.18.3 (released 2022-06-01) includes security fixes to the
+  crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
+  well as bug fixes to the compiler, and the crypto/tls and
+  text/template/parse packages.
+  Refs boo#1193742 go1.18 release tracking
+  CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
+  * boo#1200134 go#52561 CVE-2022-30634
+  * go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
+  * boo#1200135 go#52814 CVE-2022-30629
+  * go#52833 crypto/tls: randomly generate ticket_age_add
+  * boo#1200136 go#52574 CVE-2022-30580
+  * go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
+  * boo#1200137 go#52476 CVE-2022-29804
+  * go#52479 path/filepath: Clean(.\c:) returns c: on Windows
+  * go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2
+  * go#52242 cmd/compile: compiler crash on valid code
+  * go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated"
+  * go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
+  * go#52878 text/template: break/continue require no whitespace around them
+  * go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
+  * go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11
+
 -------------------------------------------------------------------
 Tue May 10 22:25:54 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>

--- a/go1.18.spec
+++ b/go1.18.spec
@ -145,7 +145,7 @@
 %endif

 Name:           go1.18
-Version:        1.18.2
+Version:        1.18.3
 Release:        0
 Summary:        A compiled, garbage-collected, concurrent programming language
 License:        BSD-3-Clause