Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
patchinfo.16032
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.16032
<patchinfo incident="16032"> <issue tracker="cve" id="2020-16845"/> <issue tracker="cve" id="2020-14039"/> <issue tracker="cve" id="2020-15586"/> <issue tracker="bnc" id="1169832">armv6hl: Go applications fails with "Illegal instruction (core dumped)"</issue> <issue tracker="bnc" id="1174191">VUL-1: CVE-2020-14039: golang: X.509 verification ignores provided EKUs on Windows</issue> <issue tracker="bnc" id="1149259">go1.13 release tracking</issue> <issue tracker="bnc" id="1172868">golang doesn't honour /usr/etc/nsswitch.conf</issue> <issue tracker="bnc" id="1170826">Go packages miss binutils-gold dependency</issue> <issue tracker="bnc" id="1174153">VUL-0: CVE-2020-15586: golang: data race in certain net/http servers including ReverseProxy can lead to DoS</issue> <issue tracker="bnc" id="1174977">(CVE-2020-16845) VUL-0: CVE-2020-16845: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs</issue> <packager>jfkw</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for go1.13</summary> <description>This update for go1.13 fixes the following issues: - go1.13 was updated to version 1.13.5 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the database/sql, net/http, and reflect packages Refs bsc#1149259 go1.13 release tracking * go#39925 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39848 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39823 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39697 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39561 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it tries to use an older version of dlv which only supports linux/amd64 * go#39538 net: TestDialParallel is flaky on windows-amd64-longtest * go#39287 cmd/vet: update for new number formats - go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509 and net/http packages addressing the following CVE: CVE-2020-15586 CVE-2020-14039 Refs bsc#1174153 bsc#1174191 Refs bsc#1149259 go1.13 release tracking * bsc#1174153 CVE-2020-15586 * bsc#1174191 CVE-2020-14039 (Windows only) * go#40211 net/http: Expect 100-continue panics in httputil.ReverseProxy * go#40209 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows - Packaging improvements for update-alternatives priority, %license tag, and permissions in %files macro section. * update-alternatives increment priority on this and subsequent go1.x versions using priority = 20 + (minor version) i.e. go1.13 = 33, go1.14 = 34, etc. * Use %license tag for LICENSE keep %doc for suse_version < 1500 * Remove %defattr(-,root,root,-) in %files - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 * add go1.x-prefer-etc-hosts-over-dns.patch * Patch renamed and fields added per packaging guidelines on 2020-07-15 by Jeff Kowalczyk <jkowalczyk@suse.com> * Patch can likely be dropped for go1.16 in February 2021 - Ensure ARM arch is set properly - bsc#1169832 - Document (and clean up) LLVM snapshotting for go-race. - Update _service to no longer fetch Go from git. - go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the go/types and math/big packages. Refs bsc#1149259. * go#38932 runtime: preemption in startTemplateThread may cause infinite hang * go#36689 go/types, math/big: data race in go/types due to math/big.Rat accessors unsafe for concurrent use - go1.13.11 (released 2020/05/14) includes fixes to the compiler. Refs bsc#1149259. * go#38442 cmd/compile: unexpected nil dereference on s390x - Requires binutils-gold for %arm and aarch64 - bsc#1170826 - go1.13.10 (released 2020/04/08) includes fixes to the go command, the runtime, os/exec, and time packages. Refs bsc#1149259. * go#38236 time: NewTicker will not emit ticks at a frequency greater than 1/sec on qemu user mode ppc64le * go#38082 cmd/go/internal/test: data race in (*runCache).builderRunTest * go#37901 cmd/compile/internal/syntax: TestStdLib verbosely broken on Windows * go#37895 os: TestRemoveAllWithMoreErrorThanReqSize is failing on Plan 9 and Windows * go#37892 net/http: TestCancelRequestWithChannelBeforeDo_Cancel failure on Windows long test * go#37802 cmd/go: 'Access is denied' when renaming module cache directory * go#37483 runtime: "fatal error: unexpected signal" 0xC0000005 on Windows for a small program with a large allocation * go#37433 os/exec: environForSysProcAttr is never called as sysattr.Env is never nil * go#37230 PowerRegisterSuspendResumeNotification error on Azure App Services with go 1.13.7 - go1.13.9 (released 2020/03/19) includes fixes to the go command, tools, the runtime, the toolchain, and the crypto/cypher package. Refs bsc#1149259. * go#37826 internal/syscall/windows/registry: TestWalkFullRegistry failing on windows-amd64-longtest * go#37821 cmd/go: module's "go" version should be included in cache key * go#37417 crypto/cipher: NewGCMWithNonceSize allows zero-length nonce * go#37342 cmd/trace: requires HTML imports, which doesn't work on any major browser anymore * go#36846 cmd/link: system linker warnings on macOS 10.14 when using cgo - Packaging sync accumulated changes from go1.12 Refs bsc#1149259. - Use gcc9 by default by updating define gcc_go_version 9 (was 8) * drop unneeded patch gcc8-go.patch - Fix broken go_api evaluation (1.12 < 1.5, when evaluated as floats), let RPM evaluate the expression, drop no longer required bc. - Own the gdbinit.d directory, avoid the build dependency on gdb. - Add %ifarch %arm aarch64 BuildRequires: binutils-gold to fix /usr/lib64/go/{version}/pkg/tool/linux_arm64/link: running gcc failed: exit status 1 collect2: fatal error: cannot find 'ld'- </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor