Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-05-04 17:09:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.20"
Thu May 4 17:09:22 2023 rev:6 rq:1084135 version:1.20.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes 2023-04-29
17:28:32.306642120 +0200
+++ /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.changes 2023-05-04
17:09:28.199976936 +0200
@@ -1,0 +2,30 @@
+Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- go1.20.4 (released 2023-05-02) includes three security fixes to
+ the html/template package, as well as bug fixes to the compiler,
+ the runtime, and the crypto/subtle, crypto/tls, net/http, and
+ syscall packages.
+ Refs boo#1206346 go1.20 release tracking
+ CVE-2023-29400 CVE-2023-24540 CVE-2023-24539
+ * go#59812 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template:
improper sanitization of CSS values
+ * go#59814 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template:
improper handling of JavaScript whitespace
+ * go#59816 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template:
improper handling of empty HTML attributes
+ * go#59064 runtime: automatically bump RLIMIT_NOFILE on Unix
+ * go#59336 crypto/subtle: xor fails when run with race+purego
+ * go#59374 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write
+ * go#59450 cmd/compile: internal compiler error: cannot call
SetType(go.shape.int) on v (type int)
+ * go#59468 cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex
+ * go#59469 net/http: FileServer no longer serves content for POST
+ * go#59540 crypto/tls: TLSv1.3 connection fails with invalid PSK binder
+ * go#59580 cmd/compile: incorrect inline function variable
+ * go#59585 cmd/compile: Unified IR exports table is binary unstable in
presence of generics
+ * go#59637 go/internal/gcimporter: lookupGorootExport should use the go
command from build.Default.GOROOT
+
+-------------------------------------------------------------------
+Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- Packaging revert go1.x Suggests go1.x-race boo#1210963
+ * Upstream go binary distributions do include race detector .syso
+ * Default Recommends for subpackages is best suited in this case
+
+-------------------------------------------------------------------
@@ -18,4 +48,4 @@
- * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of
service from excessive memory allocation â(CVE-2023-24534)
- * go#59270 go#59153 boo#1210128 security: net/http, net/textproto,
mime/multipart: denial of service from excessive resource consumption
(CVE-2023-24536)
- * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in
parsing (CVE-2023-24537)
- * go#59272 go#59234 boo#1210130 security: html/template: backticks not
treated as string delimiters (CVE-2023-24538)
+ * go#59268 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http,
net/textproto: denial of service from excessive memory allocation
+ * go#59270 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http,
net/textproto, mime/multipart: denial of service from excessive resource
consumption
+ * go#59274 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser:
infinite loop in parsing
+ * go#59272 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template:
backticks not treated as string delimiters
Old:
----
go1.20.3.src.tar.gz
New:
----
go1.20.4.src.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ go1.20.spec ++++++
--- /var/tmp/diff_new_pack.vmxqZ1/_old 2023-05-04 17:09:29.219982908 +0200
+++ /var/tmp/diff_new_pack.vmxqZ1/_new 2023-05-04 17:09:29.223982931 +0200
@@ -126,7 +126,7 @@
%endif
Name: go1.20
-Version: 1.20.3
+Version: 1.20.4
Release: 0
Summary: A compiled, garbage-collected, concurrent programming language
License: BSD-3-Clause
@@ -155,7 +155,6 @@
%endif
BuildRequires: fdupes
Suggests: %{name}-doc = %{version}
-Suggests: %{name}-race = %{version}
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
Suggests: %{name}-libstd = %{version}
++++++ go1.20.3.src.tar.gz -> go1.20.4.src.tar.gz ++++++
/work/SRC/openSUSE:Factory/go1.20/go1.20.3.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.4.src.tar.gz differ: char
121, line 1
