Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-04-05 21:27:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.20" Wed Apr 5 21:27:24 2023 rev:4 rq:1077385 version:1.20.3 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes 2023-03-13 12:41:25.595895113 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.19717/go1.20.changes 2023-04-05 21:35:18.510449784 +0200 @@ -1,0 +2,31 @@ +Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.20.3 (released 2023-04-04) includes security fixes to the + go/parser, html/template, mime/multipart, net/http, and + net/textproto packages, as well as bug fixes to the compiler, the + linker, the runtime, and the time package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 + * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation â(CVE-2023-24534) + * go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) + * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537) + * go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538) + * go#58920 x/text: building as a plugin failure on darwin/arm64 + * go#58938 cmd/go: timeout on darwin-amd64-race builder + * go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling + * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64 + * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used + * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation + * go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones + * go#59220 runtime: crash on linux-ppc64le + * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode + * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument + +------------------------------------------------------------------- +Tue Apr 4 16:59:57 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com> + +- Build subpackage go1.20-libstd compiled shared object libstd.so + only on Tumbleweed at this time. + Refs jsc#PED-1962 + +------------------------------------------------------------------- Old: ---- go1.20.2.src.tar.gz New: ---- go1.20.3.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.20.spec ++++++ --- /var/tmp/diff_new_pack.yOHiNf/_old 2023-04-05 21:35:19.326454441 +0200 +++ /var/tmp/diff_new_pack.yOHiNf/_new 2023-04-05 21:35:19.330454464 +0200 @@ -134,7 +134,7 @@ %endif Name: go1.20 -Version: 1.20.2 +Version: 1.20.3 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause @@ -163,7 +163,10 @@ %endif BuildRequires: fdupes Suggests: %{name}-doc = %{version} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed Suggests: %{name}-libstd = %{version} +%endif %ifarch %{tsan_arch} # Needed to compile compiler-rt/TSAN. BuildRequires: gcc-c++ @@ -214,6 +217,8 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed %package libstd Summary: Go compiled shared library libstd.so Group: Development/Languages/Go @@ -222,6 +227,7 @@ %description libstd Go standard library compiled to a dynamically loadable shared object libstd.so %endif +%endif %prep %ifarch %{tsan_arch} @@ -295,6 +301,8 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed # Compile Go standard library as a dynamically loaded shared object libstd.so # for inclusion in a subpackage which can be installed standalone. # Upstream Go binary releases do not ship a compiled libstd.so. @@ -312,6 +320,7 @@ # created with -buildmode=shared. bin/go install -buildmode=shared std %endif +%endif %check %ifarch %{tsan_arch} @@ -452,9 +461,12 @@ # We don't include libstd.so in the main Go package. %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed # ./go/1.20/pkg/linux_amd64_dynlink/libstd.so %exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so %endif +%endif %files doc %doc %{_docdir}/go/%{go_label}/*.html @@ -465,8 +477,11 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed %files libstd %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so %endif +%endif %changelog ++++++ go1.20.2.src.tar.gz -> go1.20.3.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.20/go1.20.2.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.19717/go1.20.3.src.tar.gz differ: char 121, line 1