commit go1.20 for openSUSE:Factory

Source-Sync Thu, 08 Jun 2023 12:41:57 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package go1.20 for openSUSE:Factory checked 
in at 2023-06-08 21:41:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
 and      /work/SRC/openSUSE:Factory/.go1.20.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "go1.20"

Thu Jun  8 21:41:41 2023 rev:7 rq:1091160 version:1.20.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes    2023-05-04 
17:09:28.199976936 +0200
+++ /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.changes 2023-06-08 
21:41:43.493694998 +0200
@@ -1,0 +2,19 @@
+Tue Jun  6 19:13:57 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- go1.20.5 (released 2023-06-06) includes four security fixes to
+  the cmd/go and runtime packages, as well as bug fixes to the
+  compiler, the go command, the runtime, and the crypto/rsa, net,
+  and os packages.
+  Refs boo#1206346 go1.20 release tracking
+  CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
+  * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo 
code injection
+  * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: 
unexpected behavior of setuid/setgid binaries
+  * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: 
improper sanitization of LDFLAGS
+  * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: 
improper sanitization of LDFLAGS
+  * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto
+  * go#59975 cmd/compile: multiple memories live at block start
+  * go#60001 cmd/go: missing checksums for dependencies of go get arguments 
and tests of external dependencies
+  * go#60217 os: Read of a device driver fails only with Go 1.20
+  * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go 
generate
+
+-------------------------------------------------------------------

Old:
----
  go1.20.4.src.tar.gz

New:
----
  go1.20.5.src.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ go1.20.spec ++++++
--- /var/tmp/diff_new_pack.RZbjIj/_old  2023-06-08 21:41:44.265699548 +0200
+++ /var/tmp/diff_new_pack.RZbjIj/_new  2023-06-08 21:41:44.269699571 +0200
@@ -126,7 +126,7 @@
 %endif
 
 Name:           go1.20
-Version:        1.20.4
+Version:        1.20.5
 Release:        0
 Summary:        A compiled, garbage-collected, concurrent programming language
 License:        BSD-3-Clause

++++++ go1.20.4.src.tar.gz -> go1.20.5.src.tar.gz ++++++
/work/SRC/openSUSE:Factory/go1.20/go1.20.4.src.tar.gz 
/work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.5.src.tar.gz differ: char 
12, line 1

commit go1.20 for openSUSE:Factory

Reply via email to