Revisions of go1.20
Ana Guerrero (anag+factory)
accepted
request 1152004
from
Jeff Kowalczyk (jfkw)
(revision 18)
- Packaging improvements: * Use %patch -P N instead of deprecated %patchN (forwarded request 1151996 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1147335
from
Jeff Kowalczyk (jfkw)
(revision 17)
- Packaging improvements: * boo#1219988 ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (forwarded request 1147331 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1144759
from
Jeff Kowalczyk (jfkw)
(revision 16)
- go1.20.14 (released 2024-02-06) includes fixes to the crypto/x509 package. Refs boo#1206346 go1.20 release tracking * go#64760 staticlockranking builders failing on release branches on LUCI * go#65322 crypto: rollback BoringCrypto fips-20220613 update * go#65379 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder (forwarded request 1144758 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1137840
from
Jeff Kowalczyk (jfkw)
(revision 15)
- go1.20.13 (released 2024-01-09) includes fixes to the runtime and the crypto/tls package. Refs boo#1206346 go1.20 release tracking * go#63910 x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * go#64409 runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * go#64718 crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 (forwarded request 1137839 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1131274
from
Jeff Kowalczyk (jfkw)
(revision 14)
- go1.20.12 (released 2023-12-05) includes security fixes to the go command, and the net/http and path/filepath packages, as well as bug fixes to the compiler and the go command. Refs boo#1206346 go1.20 release tracking CVE-2023-45285 CVE-2023-45284 CVE-2023-39326 * go#63972 go#63845 boo#1217834 security: fix CVE-2023-45285 cmd/go: git VCS qualifier in module path uses git:// scheme * go#64040 go#63713 boo#1216943 security: fix CVE-2023-45284 path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 * go#64434 go#64433 boo#1217833 security: fix CVE-2023-39326 net/http: limit chunked data overhead * go#63983 cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents * go#63988 cmd/go: TestScript/mod_get_direct fails with "Filename too long" on Windows (forwarded request 1131272 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1124118
from
Jeff Kowalczyk (jfkw)
(revision 13)
- go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. Refs boo#1206346 go1.20 release tracking CVE-2023-45283 CVE-2023-45284 * go#63714 go#63713 boo#1216943 boo#1216944 security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths * go#63316 cmd/link: split text sections for arm 32-bit * go#63740 net/http: http2 page fails on firefox/safari if pushing resources (forwarded request 1124116 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1116742
from
Jeff Kowalczyk (jfkw)
(revision 12)
- go1.20.10 (released 2023-10-10) includes a security fix to the net/http package. Refs boo#1206346 go1.20 release tracking CVE-2023-39325 CVE-2023-44487 * go#63426 go#63417 boo#1216109 security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (forwarded request 1116740 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1115933
from
Jeff Kowalczyk (jfkw)
(revision 11)
- go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go package, as well as bug fixes to the go command and the linker. Refs boo#1206346 go1.20 release tracking CVE-2023-39323 * go#63213 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build * go#62597 cmd/link: issues with Apple's new linker in Xcode 15 beta (forwarded request 1115931 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1109621
from
Jeff Kowalczyk (jfkw)
(revision 10)
- go1.20.8 (released 2023-09-06) includes two security fixes to the html/template package, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/tls, go/types, net/http, and path/filepath packages. Refs boo#1206346 go1.20 release tracking CVE-2023-39318 CVE-2023-39319 * go#62395 go#62196 boo#1215084 security: fix CVE-2023-39318 html/template: improper handling of HTML-like comments within script contexts * go#62397 go#62197 boo#1215085 security: fix CVE-2023-39319 html/template: improper handling of special tags within script contexts * go#61198 cmd/go: extended forwards compatibility for Go * go#61744 go/types: interface.Complete panics for interfaces with duplicate methods * go#61826 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address * go#61867 path/filepath: Clean on some invalid Windows paths can lose .. components * go#61873 cmd/go: using a module path without dot fails to build after toolchain selection * go#61966 crypto/tls: add GODEBUG to control max RSA key size * go#62018 runtime: execution halts with goroutines stuck in runtime.gopark (protocol error E08 during memory read for packet) * go#62056 cmd/compile: internal compiler error: 'F': func F, startMem[b1] has different values * go#62070 cmd/api: make non-importable - Add missing directory pprof html asset directory to package. Refs boo#1215090 * src/cmd/vendor/github.com/google/pprof/internal/driver/html/ dir containing html assets is present in upstream Go distribution but missing from SUSE go1.x packages * Go programs importing runtime/pprof may fail with error: /usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go pattern html: no matching files found * Reformat adjacent commment in spec file (forwarded request 1109618 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1101873
from
Jeff Kowalczyk (jfkw)
(revision 9)
- go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. Refs boo#1206346 go1.20 release tracking CVE-2023-29409 * go#61580 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits * go#61320 cmd/compile: ppc64le: sign extension issue in go 1.21rc2 * go#61449 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64 * go#61471 cmd/compile: failed to make Go on riscv64 CPU with numa (forwarded request 1101871 from jfkw)
Ana Guerrero (anag+factory)
accepted
request 1098261
from
Jeff Kowalczyk (jfkw)
(revision 8)
- go1.20.6 (released 2023-07-11) includes a security fix to the net/http package, as well as bug fixes to the compiler, cgo, the cover tool, the go command, the runtime, and the crypto/ecdsa, go/build, go/printer, net/mail, and text/template packages. Refs boo#1206346 go1.20 release tracking. CVE-2023-29406 * go#61076 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header * go#60352 cmd/go: go mod tidy introduces ambiguous imports in pruned modules * go#60535 runtime: TLS slot index over 64 and crash * go#60675 cmd/compile: internal compiler error: out of range for go.shape.int64 * go#60698 cmd/go: go list fails with submodules which have test-only dependencies * go#60744 crypto/ecdsa: P521 ecdsa.Verify panics with malformed message * go#60754 cmd/go: panic: LoadImport called with empty package path when listing GOROOT/test/*.go * go#60760 runtime: checkdead fires due to suspected race in the Go runtime when GOMAXPROCS=1 on AWS * go#60802 text/template: key/value assignment is reversed within range loop * go#60845 runtime: SIGSEGV in race + coverage mode * go#60849 cmd/go: go test deadlocked without enforcing timeouts when killed with ^C * go#60874 net/mail: mail.ReadMessage in 1.20 cannot parse mbox headers * go#60875 net/mail: characters allowed in RFC 5322 are invalid while parsing email header * go#60927 x/tools/go/analysis/unitchecker: TestVetStdlib failures * go#60947 crypto/x509: TestSystemVerify/EKULeafValid fails on LUCI * go#60949 runtime: goroutines that stop after calling runtime.RaceDisable break race detector * go#61055 runtime: TestWindowsStackMemory flakes on windows-386-2016
Dominique Leuenberger (dimstar_suse)
accepted
request 1091160
from
Jeff Kowalczyk (jfkw)
(revision 7)
- go1.20.5 (released 2023-06-06) includes four security fixes to the cmd/go and runtime packages, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/rsa, net, and os packages. Refs boo#1206346 go1.20 release tracking CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto * go#59975 cmd/compile: multiple memories live at block start * go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies * go#60217 os: Read of a device driver fails only with Go 1.20 * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate (forwarded request 1091158 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1084135
from
Jeff Kowalczyk (jfkw)
(revision 6)
- go1.20.4 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle, crypto/tls, net/http, and syscall packages. Refs boo#1206346 go1.20 release tracking CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 - Packaging revert go1.x Suggests go1.x-race boo#1210963 * Upstream go binary distributions do include race detector .syso * Default Recommends for subpackages is best suited in this case - Revise changelog formatting of recent CVEs for readability (forwarded request 1084133 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1083592
from
Jeff Kowalczyk (jfkw)
(revision 5)
- Packaging improvements: * Re-enable binary stripping and debuginfo boo#1210938 * go1.x Suggests go1.x-race do not install by default boo#1210963 * Use Group: Development/Languages/Go instead of Other (forwarded request 1083590 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1077385
from
Jeff Kowalczyk (jfkw)
(revision 4)
- go1.20.3 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. Refs boo#1206346 go1.20 release tracking CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537) * go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538) * go#58920 x/text: building as a plugin failure on darwin/arm64 * go#58938 cmd/go: timeout on darwin-amd64-race builder * go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64 * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones * go#59220 runtime: crash on linux-ppc64le * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument - Build subpackage go1.20-libstd compiled shared object libstd.so only on Tumbleweed at this time. Refs jsc#PED-1962 (forwarded request 1077383 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1071065
from
Dirk Mueller (dirkmueller)
(revision 3)
Dominique Leuenberger (dimstar_suse)
accepted
request 1070083
from
Jeff Kowalczyk (jfkw)
(revision 2)
- go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. Refs boo#1206346 go1.20 release tracking CVE-2023-24532 * go#58720 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results * go#58427 cmd/covdata: short read on string table when merging coverage counters * go#58442 runtime: some linkname signatures do not match * go#58444 cmd/compile: inline static init cause compile time error * go#58467 cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry * go#58498 crypto/ecdh: ECDH method doesn't check curve * go#58503 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58505 crypto/internal/bigmod: flag amd64 assembly as noescape * go#58531 runtime: endless traceback when panic in generics funtion * go#58536 runtime: long latency of sweep assists * go#58624 syscall.Faccessat and os.LookPath regression in Go 1.20 * go#58627 os: cmd/go gets error "copy_file_range: function not implemented" * go#58717 net: TestTCPSelfConnect failures due to unexpected connections * go#58774 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58776 cmd/compile: ICE on method value involving imported anonymous interface * go#58793 crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey * go#58811 crypto/x509: TestSystemVerify consistently failing (forwarded request 1070081 from jfkw)
Dominique Leuenberger (dimstar_suse)
accepted
request 1066348
from
Jeff Kowalczyk (jfkw)
(revision 1)
New package go1.20 version 1.20.1 containing security fixes.
Displaying all 18 revisions