pool/go1.18
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1041234 from devel:languages:go

Browse Source 
- go1.18.9 (released 2022-12-06) includes security fixes to the
  net/http and os packages, as well as bug fixes to cgo, the
  compiler, the runtime, and the crypto/x509 and os/exec packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-41717 CVE-2022-41720
  * go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
  * go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
  * go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
  * go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
  * go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
  * go#56635 runtime: traceback stuck in runtime.systemstack
  * go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
  * go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
  * go#56437 crypto/x509: respect GODEBUG changes during program lifetime
  * go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
  * go#56359 cmd/compile: panic: offset too large (forwarded request 1041231 from jfkw)

OBS-URL: https://build.opensuse.org/request/show/1041234
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=18
This commit is contained in:
Dominique Leuenberger 2022-12-08 15:49:57 +00:00 committed by Git OBS Bridge
commit eee0e356b7
4 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
go1.18.8.src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1f79802305015479e77d8c641530bc54ec994657d5c5271e0172eb7118346a12
size 22873390

3
go1.18.9.src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fbe7f09b96aca3db6faeaf180da8bb632868ec049731e355ff61695197c0e3ea
size 22878625

20
go1.18.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.18.9 (released 2022-12-06) includes security fixes to the
net/http and os packages, as well as bug fixes to cgo, the
compiler, the runtime, and the crypto/x509 and os/exec packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41717 CVE-2022-41720
* go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
* go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
* go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
* go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
* go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
* go#56635 runtime: traceback stuck in runtime.systemstack
* go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
* go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
* go#56437 crypto/x509: respect GODEBUG changes during program lifetime
* go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
* go#56359 cmd/compile: panic: offset too large
-------------------------------------------------------------------
Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>

2
go1.18.spec
View File

@ -134,7 +134,7 @@
%endif
Name: go1.18
Version: 1.18.8
Version: 1.18.9
Release: 0
Summary: A compiled, garbage-collected, concurrent programming language
License: BSD-3-Clause