Accepting request 1077383 from home:jfkw:branches:devel:languages:go
- go1.20.3 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. Refs boo#1206346 go1.20 release tracking CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537) * go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538) * go#58920 x/text: building as a plugin failure on darwin/arm64 * go#58938 cmd/go: timeout on darwin-amd64-race builder * go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64 * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones * go#59220 runtime: crash on linux-ppc64le * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument - Build subpackage go1.20-libstd compiled shared object libstd.so only on Tumbleweed at this time. Refs jsc#PED-1962 OBS-URL: https://build.opensuse.org/request/show/1077383 OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.20?expand=0&rev=14
This commit is contained in:
Jeff Kowalczyk
Git OBS Bridge
parent
40b2b19a90
commit
885cfc7d65
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4d0e2850d197b4ddad3bdb0196300179d095bb3aefd4dfbc3b36702c3728f8ab
|
||||
size 26178725
|
||||
3
go1.20.3.src.tar.gz
Normal file
3
go1.20.3.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e447b498cde50215c4f7619e5124b0fc4e25fb5d16ea47271c47f278e7aa763a
|
||||
size 26184364
|
||||
@ -1,3 +1,34 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.20.3 (released 2023-04-04) includes security fixes to the
|
||||
go/parser, html/template, mime/multipart, net/http, and
|
||||
net/textproto packages, as well as bug fixes to the compiler, the
|
||||
linker, the runtime, and the time package.
|
||||
Refs boo#1206346 go1.20 release tracking
|
||||
CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538
|
||||
* go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
|
||||
* go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
|
||||
* go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537)
|
||||
* go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538)
|
||||
* go#58920 x/text: building as a plugin failure on darwin/arm64
|
||||
* go#58938 cmd/go: timeout on darwin-amd64-race builder
|
||||
* go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling
|
||||
* go#58954 cmd/link: Incorrect symbol linked in darwin/arm64
|
||||
* go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used
|
||||
* go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation
|
||||
* go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones
|
||||
* go#59220 runtime: crash on linux-ppc64le
|
||||
* go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode
|
||||
* go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 4 16:59:57 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Build subpackage go1.20-libstd compiled shared object libstd.so
|
||||
only on Tumbleweed at this time.
|
||||
Refs jsc#PED-1962
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 9 20:39:23 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
|
||||
17
go1.20.spec
17
go1.20.spec
@ -134,7 +134,7 @@
|
||||
%endif
|
||||
|
||||
Name: go1.20
|
||||
Version: 1.20.2
|
||||
Version: 1.20.3
|
||||
Release: 0
|
||||
Summary: A compiled, garbage-collected, concurrent programming language
|
||||
License: BSD-3-Clause
|
||||
@ -163,7 +163,10 @@ BuildRequires: %{go_bootstrap_version}
|
||||
%endif
|
||||
BuildRequires: fdupes
|
||||
Suggests: %{name}-doc = %{version}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
Suggests: %{name}-libstd = %{version}
|
||||
%endif
|
||||
%ifarch %{tsan_arch}
|
||||
# Needed to compile compiler-rt/TSAN.
|
||||
BuildRequires: gcc-c++
|
||||
@ -214,6 +217,8 @@ Go runtime race detector libraries. Install this package if you wish to use the
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
%package libstd
|
||||
Summary: Go compiled shared library libstd.so
|
||||
Group: Development/Languages/Go
|
||||
@ -222,6 +227,7 @@ Provides: go-libstd = %{version}
|
||||
%description libstd
|
||||
Go standard library compiled to a dynamically loadable shared object libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%ifarch %{tsan_arch}
|
||||
@ -295,6 +301,8 @@ bin/go install -race std
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
# Compile Go standard library as a dynamically loaded shared object libstd.so
|
||||
# for inclusion in a subpackage which can be installed standalone.
|
||||
# Upstream Go binary releases do not ship a compiled libstd.so.
|
||||
@ -312,6 +320,7 @@ bin/go install -race std
|
||||
# created with -buildmode=shared.
|
||||
bin/go install -buildmode=shared std
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%check
|
||||
%ifarch %{tsan_arch}
|
||||
@ -452,9 +461,12 @@ fi
|
||||
|
||||
# We don't include libstd.so in the main Go package.
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so
|
||||
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%files doc
|
||||
%doc %{_docdir}/go/%{go_label}/*.html
|
||||
@ -465,8 +477,11 @@ fi
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
%files libstd
|
||||
%{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
|
||||
Loading…
Reference in New Issue
Block a user