From 1d1738065a82413341e108065513039b122b73ef690850f0af25c7804b58c832 Mon Sep 17 00:00:00 2001
From: Jeff Kowalczyk <jkowalczyk@suse.com>
Date: Wed, 6 Mar 2024 03:59:15 +0000
Subject: [PATCH] Accepting request 1155401 from
 home:jfkw:branches:devel:languages:go

- go1.22.1 (released 2024-03-05) includes security fixes to the
  crypto/x509, html/template, net/http, net/http/cookiejar, and
  net/mail packages, as well as bug fixes to the compiler, the go
  command, the runtime, the trace command, and the go/types and
  net/http packages.
  Refs boo#1218424 go1.22 release tracking
  CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
  * go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
  * go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
  * go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
  * go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
  * go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
  * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
  * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
  * go#65474 internal/testenv: support LUCI mobile builders in testenv tests
  * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
  * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
  * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
  * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
  * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
  * go#65728 go/types: nil pointer dereference in Alias.Underlying()
  * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
  * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
  * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
  * go#65852 cmd/go: "missing ziphash" error with go.work
  * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms

OBS-URL: https://build.opensuse.org/request/show/1155401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.22?expand=0&rev=14
---
 go1.22.0.src.tar.gz |  3 ---
 go1.22.1.src.tar.gz |  3 +++
 go1.22.changes      | 30 ++++++++++++++++++++++++++++++
 go1.22.spec         |  2 +-
 4 files changed, 34 insertions(+), 4 deletions(-)
 delete mode 100644 go1.22.0.src.tar.gz
 create mode 100644 go1.22.1.src.tar.gz

diff --git a/go1.22.0.src.tar.gz b/go1.22.0.src.tar.gz
deleted file mode 100644
index 0e27ec9..0000000
--- a/go1.22.0.src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d196c3d41a0d6c1dfc64d04e3cc1f608b0c436bd87b7060ce3e23234e1f4d5c
-size 27544122
diff --git a/go1.22.1.src.tar.gz b/go1.22.1.src.tar.gz
new file mode 100644
index 0000000..5ff6c7c
--- /dev/null
+++ b/go1.22.1.src.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:79c9b91d7f109515a25fc3ecdaad125d67e6bdb54f6d4d98580f46799caea321
+size 27548577
diff --git a/go1.22.changes b/go1.22.changes
index 1737712..77ab226 100644
--- a/go1.22.changes
+++ b/go1.22.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Mar  5 17:38:51 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- go1.22.1 (released 2024-03-05) includes security fixes to the
+  crypto/x509, html/template, net/http, net/http/cookiejar, and
+  net/mail packages, as well as bug fixes to the compiler, the go
+  command, the runtime, the trace command, and the go/types and
+  net/http packages.
+  Refs boo#1218424 go1.22 release tracking
+  CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
+  * go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
+  * go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
+  * go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
+  * go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
+  * go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
+  * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
+  * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
+  * go#65474 internal/testenv: support LUCI mobile builders in testenv tests
+  * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
+  * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
+  * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
+  * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
+  * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
+  * go#65728 go/types: nil pointer dereference in Alias.Underlying()
+  * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
+  * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
+  * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
+  * go#65852 cmd/go: "missing ziphash" error with go.work
+  * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms
+
 -------------------------------------------------------------------
 Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
 
diff --git a/go1.22.spec b/go1.22.spec
index ccb16b7..251a7f0 100644
--- a/go1.22.spec
+++ b/go1.22.spec
@@ -122,7 +122,7 @@
 %endif
 
 Name:           go1.22
-Version:        1.22.0
+Version:        1.22.1
 Release:        0
 Summary:        A compiled, garbage-collected, concurrent programming language
 License:        BSD-3-Clause