Request 1091160: Submit go1.20 - openSUSE Build Service

Overview

Request 1091160 accepted

- go1.20.5 (released 2023-06-06) includes four security fixes to
the cmd/go and runtime packages, as well as bug fixes to the
compiler, the go command, the runtime, and the crypto/rsa, net,
and os packages.
Refs boo#1206346 go1.20 release tracking
CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
* go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection
* go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries
* go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS
* go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS
* go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto
* go#59975 cmd/compile: multiple memories live at block start
* go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies
* go#60217 os: Read of a device driver fails only with Go 1.20
* go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate (forwarded request 1091158 from jfkw)

Created by jfkw about 1 year ago
In state accepted

Submit go1.20

Comments for request 1091160 0

Login required, please login in order to comment

Request History

jfkw created request about 1 year ago

- go1.20.5 (released 2023-06-06) includes four security fixes to
the cmd/go and runtime packages, as well as bug fixes to the
compiler, the go command, the runtime, and the crypto/rsa, net,
and os packages.
Refs boo#1206346 go1.20 release tracking
CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
* go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection
* go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries
* go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS
* go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS
* go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto
* go#59975 cmd/compile: multiple memories live at block start
* go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies
* go#60217 os: Read of a device driver fails only with Go 1.20
* go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate (forwarded request 1091158 from jfkw)

factory-auto added opensuse-review-team as a reviewer about 1 year ago

Please review sources

factory-auto accepted review about 1 year ago

Check script succeeded

licensedigger accepted review about 1 year ago

ok

darix accepted review about 1 year ago

Accepted review for by_group opensuse-review-team request 1091160 from user factory-auto

dimstar_suse set openSUSE:Factory:Staging:F as a staging project about 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:F"

dimstar_suse accepted review about 1 year ago

Picked "openSUSE:Factory:Staging:F"

dimstar_suse accepted review about 1 year ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse approved review about 1 year ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse accepted request about 1 year ago

Staging Project openSUSE:Factory:Staging:F got accepted.

openSUSE Build Service is sponsored by