SLFO/patchinfo.20250124122947727631.269002615871826/_patchinfo

<patchinfo incident="8">
  <!-- generated from request(s) 355550 -->
  <issue tracker="bnc" id="1229122">go1.23 release tracking</issue>
  <issue tracker="bnc" id="1230252">VUL-0: CVE-2024-34155: go1.22,go1.23: go/parser: stack exhaustion in all Parse* functions</issue>
  <issue tracker="bnc" id="1230253">VUL-0: CVE-2024-34156: go1.22,go1.23: encoding/gob: stack exhaustion in Decoder.Decode</issue>
  <issue tracker="bnc" id="1230254">VUL-0: CVE-2024-34158: go1.22,go1.23: go/build/constraint: stack exhaustion in Parse</issue>
  <issue tracker="bnc" id="1233306">golang-oldstable version error when building helm</issue>
  <issue tracker="cve" id="2024-34155"/>
  <issue tracker="cve" id="2024-34156"/>
  <issue tracker="cve" id="2024-34158"/>
  <issue tracker="jsc" id="SLE-18320"/>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.23-openssl</summary>
  <description>This update for go1.23-openssl fixes the following issues:

- Write three digit version to file VERSION which sets go env
  GOVERSION. Fixes bsc#1233306.
  * Go toolchain file VERSION sets the immutable value for
    go env GOVERSION
  * go1.x-openssl toolchains have used a bespoke fourth digit to
    represent the upstream patch set release number,
    e.g. go1.22.9-1-openssl-fips. This digit has not been needed.
  * Some Go applications including helm break when this fourth
    digit is present in VERSION, with error:
    go.mod requires go &gt;= 1.22.0 (running go 1.22; GOTOOLCHAIN=local)
  * Keep the fourth digit in the packaging for now, it will be
    dropped in the next toolchain version update.

- Enable loongarch64 builds

- Update to version 1.23.2.2 cut from the go1.23-fips-release
  branch at the revision tagged go1.23.2-2-openssl-fips.
  Refs jsc#SLE-18320
  * Update to Go 1.23.2 (#239)

- go1.23.2 (released 2024-10-01)
</description>
  <package>go1.23-openssl</package>
  <seperate_build_arch/>
</patchinfo>