forked from pool/go1.20
Accepting request 1091158 from home:jfkw:branches:devel:languages:go
- go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and runtime packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rsa, net, and os packages. Refs boo#1206346 go1.20 release tracking CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto * go#59975 cmd/compile: multiple memories live at block start * go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies * go#60217 os: Read of a device driver fails only with Go 1.20 * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate OBS-URL: https://build.opensuse.org/request/show/1091158 OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.20?expand=0&rev=21
This commit is contained in:
parent
35b7955422
commit
a22b4baf17
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9f34ace128764b7a3a4b238b805856cc1b2184304df9e5690825b0710f4202d6
|
||||
size 26185429
|
3
go1.20.5.src.tar.gz
Normal file
3
go1.20.5.src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9a15c133ba2cfafe79652f4815b62e7cfc267f68df1b9454c6ab2a3ca8b96a88
|
||||
size 26192951
|
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.20.5 (released 2023-06-06) includes four security fixes to
|
||||
the cmd/go and runtime packages, as well as bug fixes to the
|
||||
compiler, the go command, the runtime, and the crypto/rsa, net,
|
||||
and os packages.
|
||||
Refs boo#1206346 go1.20 release tracking
|
||||
CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
|
||||
* go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection
|
||||
* go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries
|
||||
* go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS
|
||||
* go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS
|
||||
* go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto
|
||||
* go#59975 cmd/compile: multiple memories live at block start
|
||||
* go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies
|
||||
* go#60217 os: Read of a device driver fails only with Go 1.20
|
||||
* go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
|
@ -126,7 +126,7 @@
|
||||
%endif
|
||||
|
||||
Name: go1.20
|
||||
Version: 1.20.4
|
||||
Version: 1.20.5
|
||||
Release: 0
|
||||
Summary: A compiled, garbage-collected, concurrent programming language
|
||||
License: BSD-3-Clause
|
||||
|
Loading…
Reference in New Issue
Block a user