From b2dabea2b781e56661e720a799d2ae4a1a2b57b0797fcede3c0f9984bd3af715 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 27 Jan 2025 10:52:44 +0100 Subject: [PATCH] Adding patchinfo patchinfo.20250124123017338994.269002615871826 --- .../_patchinfo | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 patchinfo.20250124123017338994.269002615871826/_patchinfo diff --git a/patchinfo.20250124123017338994.269002615871826/_patchinfo b/patchinfo.20250124123017338994.269002615871826/_patchinfo new file mode 100644 index 0000000..f1dd039 --- /dev/null +++ b/patchinfo.20250124123017338994.269002615871826/_patchinfo @@ -0,0 +1,89 @@ + + + go1.23 release tracking + VUL-0: CVE-2024-45341: go1.22,go1.23: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints + VUL-0: CVE-2024-45336: go1.22,go1.23: net/http: sensitive headers incorrectly sent after cross-domain redirect + + + jfkw + moderate + security + Security update for go1.23 + This update for go1.23 fixes the following issues: + +- go1.23.5 (released 2025-01-16) includes security fixes to the + crypto/x509 and net/http packages, as well as bug fixes to the + compiler, the runtime, and the net package. + Refs bsc#1229122 go1.23 release tracking + CVE-2024-45341 CVE-2024-45336 + * go#71208 go#71156 bsc#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints + * go#71211 go#70530 bsc#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect + * go#69988 runtime: severe performance drop for cgo calls in go1.22.5 + * go#70517 cmd/compile/internal/importer: flip enable alias to true + * go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input + * go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures + * go#71147 internal/trace: TestTraceCPUProfile/Stress failures + +- Enable loongarch64 builds + +- go1.23.4 (released 2024-12-03) includes fixes to the compiler, + the runtime, the trace command, and the syscall package. + Refs bsc#1229122 go1.23 release tracking + * go#70644 crypto/rsa: new key generation prohibitively slow under race detector + * go#70645 proposal: go/types: add Scope.Node convenience getter + * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) + * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures + * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures + * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures + * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 + * go#70654 cmd/go: Incorrect output from go list + * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks + * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes + * go#70658 x/net/http2: stuck extended CONNECT requests + * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-mips + * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x + * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header + * go#70665 x/tools/gopls: refactor.extract.variable fails at package level + * go#70666 x/tools/gopls: panic in GetIfaceStubInfo + * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates + * go#70668 proposal: x/mobile: better support for unrecovered panics + * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo + * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary + * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate + * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 + * go#70677 all: remote file server I/O flakiness with "Bad fid" errors on plan9 + * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed + * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link + +- go1.23.3 (released 2024-11-06) includes fixes to the linker, the + runtime, and the net/http, os, and syscall packages. + Refs bsc#1229122 go1.23 release tracking + * go#69258 runtime: corrupted GoroutineProfile stack traces + * go#69259 runtime: multi-arch build via qemu fails to exec go binary + * go#69640 os: os.checkPidfd() crashes with SIGSYS + * go#69746 runtime: TestGdbAutotmpTypes failures + * go#69848 cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit + * go#69865 runtime: MutexProfile missing root frames in go1.23 + * go#69882 time,runtime: too many concurrent timer firings for short time.Ticker + * go#69978 time,runtime: too many concurrent timer firings for short, fast-resetting time.Timer + * go#69992 cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15 + * go#70001 net/http/pprof: coroutines + pprof makes the program panic + * go#70020 net/http: short writes with FileServer on macos + +- go1.23.2 (released 2024-10-01) includes fixes to the compiler, + cgo, the runtime, and the maps, os, os/exec, time, and unique + packages. + Refs bsc#1229122 go1.23 release tracking + * go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess + * go#69156 maps: segmentation violation in maps.Clone + * go#69219 cmd/cgo: alignment issue with int128 inside of a struct + * go#69240 unique: fatal error: found pointer to free object + * go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel + * go#69383 unique: large string still referenced, after interning only a small substring + * go#69402 os/exec: resource leak on exec failure + * go#69511 cmd/compile: mysterious crashes and non-determinism with range over func + + + go1.23 + +