Adding patchinfo patchinfo.20240912094229839720.269002615871826

2024-09-25 16:05:10 +02:00 · 2024-09-25 16:05:10 +02:00 · 5ea103b1b1
commit 5ea103b1b1
parent 658fd98e51
16 changed files with 135 additions and 15 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -783,7 +783,7 @@
 	url = ../../pool/gtk-doc
 [submodule "gtk2"]
 	path = gtk2
-	url = ../../pool/gtk2
+	url = ../../ALP-pool/gtk2
 [submodule "gtk3"]
 	path = gtk3
 	url = ../../pool/gtk3
@ -6321,7 +6321,7 @@
 	url = ../../pool/adaptec-firmware
 [submodule "flatpak"]
 	path = flatpak
-	url = ../../pool/flatpak
+	url = ../../ALP-pool/flatpak
 [submodule "bluez-firmware"]
 	path = bluez-firmware
 	url = ../../pool/bluez-firmware
@ -9119,3 +9119,6 @@
 [submodule "kernel-livepatch-tools"]
 	path = kernel-livepatch-tools
 	url = ../../ALP-pool/kernel-livepatch-tools
+[submodule "go1.23"]
+	path = go1.23
+	url = ../../ALP-pool/go1.23
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 87d859ef4c3b586e435d854d6c9cd3ef09af4ffc
+Subproject commit ee304f45a49f14d41faf2c82c9e6fc16b576695a
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 635bcfac5231aed90879ba6bf5b82412b67529bd
+Subproject commit 8a1177106c1581ae1ac4b04d7fecef3f7e79b889
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 7b1f93023bd603bf66d6be2e1ab83459d3d01501
+Subproject commit 9f1d21cf64ed1910b0672977a0e785e41701092a
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 2abb2cb5ffd9c3e6fd2f40f8d5b32115a59c03df
+Subproject commit 4fa033fb415a712d249f02e9f7e29ddf2bffc7d6
--- a/go1.19
+++ b/go1.19
@ -1 +1 @@
-Subproject commit a81c77139d773fc8c027c3bb5e1aa365ecec0fb6
+Subproject commit 7ed942d0caa3c9581d2072d5530b0074af4a70ca
--- a/go1.20
+++ b/go1.20
@ -1 +1 @@
-Subproject commit f454e8a8dd43f1f9f96d77df7fba33e7d92984ae
+Subproject commit 2fd8db30964eb9a9783707278600818046cf9282
--- a/go1.21
+++ b/go1.21
@ -1 +1 @@
-Subproject commit 07277555212fd1bf579c180d83baa79d9c08b997
+Subproject commit 3d98719880e1675778ab96275500ed429bba0866
--- a/go1.22
+++ b/go1.22
@ -1 +1 @@
-Subproject commit 27386d75d6d7179201d4f76c3d247191685e60f5
+Subproject commit 6f29796dd92c3a9d6019589f9f7b1439f2513d54
--- a/go1.23
+++ b/go1.23
@ -0,0 +1 @@
+Subproject commit 13fdb0b1fe3012a4edcdd30b0d2930e4fcc7d26e
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 730ed50afa356400f686b8073f0fbfe729e5f9a2
+Subproject commit af0d6667c5ea95240b6c89b093be6785299a41ce
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit f45dd474cf01d02fab4e884c345b446b89008fc9
+Subproject commit 77ad7d52b4d177545f1a4941e1f48d3d40c36718
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit cfb1500bcc54c9746cd20c9b5c32a43b97f17ff8
+Subproject commit ca53b7cd09800d127e75318ff30c8dab2f0961a3
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit b947d6baae824c8b289d6e2a65216571266911fb
+Subproject commit e4741e8e57e73213a1628bada93eabede628164d
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit affdda85259df59ff4375a6971a68c104f8509bd
+Subproject commit 89a36539802195a0ab44bab4bc26535cf43a6480
--- a/patchinfo.20240912094229839720.269002615871826/_patchinfo
+++ b/patchinfo.20240912094229839720.269002615871826/_patchinfo
@ -0,0 +1,116 @@
+<patchinfo>
+  <!-- generated from request(s) 344504, 344209, 344210, 344211, 344217, 344239, 339640, 339518, 345836 -->
+  <issue tracker="bnc" id="1212475">go1.21 release tracking</issue>
+  <issue tracker="bnc" id="1218424">go1.22 release tracking</issue>
+  <issue tracker="bnc" id="1219724">VUL-0: CVE-2024-24806: libuv: libuv: Improper Domain Lookup that potentially leads to SSRF attacks</issue>
+  <issue tracker="bnc" id="1219988">go1.20,go1.21,go1.22: ensure VERSION file is present in go1.x toolchain GOROOT</issue>
+  <issue tracker="bnc" id="1219992">VUL-0: CVE-2024-21892: nodejs18,nodejs20,nodejs21: Code injection and privilege escalation through Linux capabilities</issue>
+  <issue tracker="bnc" id="1219993">VUL-0: CVE-2024-22019: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks</issue>
+  <issue tracker="bnc" id="1219994">VUL-0: CVE-2024-21896: nodejs20: Path traversal by monkey-patching Buffer internals</issue>
+  <issue tracker="bnc" id="1219995">VUL-0: CVE-2024-22017: nodejs20: setuid() does not drop all privileges due to io_uring</issue>
+  <issue tracker="bnc" id="1219997">VUL-0: CVE-2023-46809: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)</issue>
+  <issue tracker="bnc" id="1219998">VUL-0: CVE-2024-21891: nodejs20: Multiple permission model bypasses due to improper path traversal sequence sanitization</issue>
+  <issue tracker="bnc" id="1219999">VUL-0: CVE-2024-21890: nodejs20: Improper handling of wildcards in --allow-fs-read and --allow-fs-write</issue>
+  <issue tracker="bnc" id="1220014">VUL-0: CVE-2024-22025: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Denial of Service by resource exhaustion in fetch() brotli decoding</issue>
+  <issue tracker="bnc" id="1220017">VUL-0: CVE-2024-24758: nodejs16,nodejs18,nodejs20: ignore proxy-authorization header</issue>
+  <issue tracker="bnc" id="1220053">VUL-0: CVE-2024-24806: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs8: libuv: improper domain lookup that potentially leads to SSRF attacks</issue>
+  <issue tracker="bnc" id="1222244">VUL-0: nodejs20,nodejs18: VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks</issue>
+  <issue tracker="bnc" id="1222384">VUL-0: CVE-2024-27982: nodejs18,nodejs20: HTTP Request Smuggling via Content Length Obfuscation</issue>
+  <issue tracker="bnc" id="1222530">VUL-0: CVE-2024-30260: nodejs, nodejs-electron: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline</issue>
+  <issue tracker="bnc" id="1222603">VUL-0: CVE-2024-30261: nodejs: fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect</issue>
+  <issue tracker="bnc" id="1224017">VUL-0: CVE-2024-24787: go1.21,go1.22: cmd/go: arbitrary code execution during build on darwin</issue>
+  <issue tracker="bnc" id="1224018">VUL-0: CVE-2024-24788: go1.22: net: malformed DNS message can cause infinite loop</issue>
+  <issue tracker="bnc" id="1225973">VUL-0: CVE-2024-24789: go1.21,go1.22: archive/zip: mishandling of corrupt central directory record</issue>
+  <issue tracker="bnc" id="1225974">VUL-0: CVE-2024-24790: go1.21,go1.22: net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses</issue>
+  <issue tracker="bnc" id="1227314">VUL-0: CVE-2024-24791 go1.21,go1.22: net/http: denial of service due to improper 100-continue handling</issue>
+  <issue tracker="bnc" id="1227554">VUL-0: CVE-2024-22020: nodejs: bypass network import restriction via data URL</issue>
+  <issue tracker="bnc" id="1227560">VUL-0: CVE-2024-36138: nodejs: bypass incomplete fix of CVE-2024-27980</issue>
+  <issue tracker="bnc" id="1227561">VUL-0: CVE-2024-36137: nodejs: fs.fchown/fchmod bypasses permission model</issue>
+  <issue tracker="bnc" id="1227562">VUL-0: CVE-2024-22018: nodejs: fs.lstat bypasses permission model</issue>
+  <issue tracker="bnc" id="1227563">VUL-0: CVE-2024-37372: nodejs: permission model improperly processes UNC paths</issue>
+  <issue tracker="bnc" id="1228120">VUL-0: CVE-2024-6655: gtk2,gtk3,gtk4: library injection from current working directory</issue>
+  <issue tracker="bnc" id="1229122">go1.23 release tracking</issue>
+  <issue tracker="bnc" id="1230252">VUL-0: CVE-2024-34155: go1.22,go1.23: go/parser: stack exhaustion in all Parse* functions</issue>
+  <issue tracker="bnc" id="1230253">VUL-0: CVE-2024-34156: go1.22,go1.23: encoding/gob: stack exhaustion in Decoder.Decode</issue>
+  <issue tracker="bnc" id="1230254">VUL-0: CVE-2024-34158: go1.22,go1.23: go/build/constraint: stack exhaustion in Parse</issue>
+  <issue tracker="bnc" id="1230623">golang-github-prometheus-promu: build failure for s390x when moving to go1.23</issue>
+  <issue tracker="cve" id="2023-46809"/>
+  <issue tracker="cve" id="2024-6655"/>
+  <issue tracker="cve" id="2024-21890"/>
+  <issue tracker="cve" id="2024-21891"/>
+  <issue tracker="cve" id="2024-21892"/>
+  <issue tracker="cve" id="2024-21896"/>
+  <issue tracker="cve" id="2024-22017"/>
+  <issue tracker="cve" id="2024-22018"/>
+  <issue tracker="cve" id="2024-22019"/>
+  <issue tracker="cve" id="2024-22020"/>
+  <issue tracker="cve" id="2024-22025"/>
+  <issue tracker="cve" id="2024-24758"/>
+  <issue tracker="cve" id="2024-24787"/>
+  <issue tracker="cve" id="2024-24788"/>
+  <issue tracker="cve" id="2024-24789"/>
+  <issue tracker="cve" id="2024-24790"/>
+  <issue tracker="cve" id="2024-24791"/>
+  <issue tracker="cve" id="2024-24806"/>
+  <issue tracker="cve" id="2024-27980"/>
+  <issue tracker="cve" id="2024-27982"/>
+  <issue tracker="cve" id="2024-27983"/>
+  <issue tracker="cve" id="2024-30260"/>
+  <issue tracker="cve" id="2024-30261"/>
+  <issue tracker="cve" id="2024-34155"/>
+  <issue tracker="cve" id="2024-34156"/>
+  <issue tracker="cve" id="2024-34158"/>
+  <issue tracker="cve" id="2024-36137"/>
+  <issue tracker="cve" id="2024-36138"/>
+  <issue tracker="cve" id="2024-37372"/>
+  <issue tracker="jsc" id="PED-3576"/>
+  <packager>jfkw</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for go1.20, go1.21, go1.23, golang-github-prometheus-promu, go1.19, go1.22, gtk2, go, nodejs20</summary>
+  <description>This update for go1.20, go1.21, go1.23, golang-github-prometheus-promu, go1.19, go1.22, gtk2, go, nodejs20 fixes the following issues:
+
+go:
+  - Update to current stable go1.23
+
+go1.19:
+  - Use %patch -P N instead of deprecated %patchN.
+
+go1.20:
+  - Packaging improvements:
+    * Use %patch -P N instead of deprecated %patchN
+
+  - Packaging improvements:
+    * bsc#1219988 ensure VERSION file is present in GOROOT
+      as required by go tool dist and go tool distpack
+
+go1.21:
+  - go1.21.13 (released 2024-08-06) 
+
+go1.22:
+  - go1.22.7 (released 2024-09-05)
+
+go1.23:
+  - go1.23.1 (released 2024-09-05) 
+  
+gtk2:
+  - CVE-2024-6655 Stop looking for modules in cwd (bsc#1228120).
+
+nodejs20:
+  - Update to 20.15.1
+
+golang-github-prometheus-promu:
+  - Require Go 1.21 for building
+  - Update to version 0.16.0
+</description>
+  <package>go</package>
+  <package>go1.19</package>
+  <package>go1.20</package>
+  <package>go1.21</package>
+  <package>go1.22</package>
+  <package>go1.23</package>
+  <package>golang-github-prometheus-promu</package>
+  <package>gtk2</package>
+  <package>nodejs20</package>
+  <seperate_build_arch/>
+</patchinfo>
				`@ -0,0 +1 @@`
				`Subproject commit 13fdb0b1fe3012a4edcdd30b0d2930e4fcc7d26e`