Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-06-08 21:41:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.20" Thu Jun 8 21:41:41 2023 rev:7 rq:1091160 version:1.20.5 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes 2023-05-04 17:09:28.199976936 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.changes 2023-06-08 21:41:43.493694998 +0200 @@ -1,0 +2,19 @@ +Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.20.5 (released 2023-06-06) includes four security fixes to + the cmd/go and runtime packages, as well as bug fixes to the + compiler, the go command, the runtime, and the crypto/rsa, net, + and os packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 + * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection + * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries + * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS + * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS + * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto + * go#59975 cmd/compile: multiple memories live at block start + * go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies + * go#60217 os: Read of a device driver fails only with Go 1.20 + * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate + +------------------------------------------------------------------- Old: ---- go1.20.4.src.tar.gz New: ---- go1.20.5.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.20.spec ++++++ --- /var/tmp/diff_new_pack.RZbjIj/_old 2023-06-08 21:41:44.265699548 +0200 +++ /var/tmp/diff_new_pack.RZbjIj/_new 2023-06-08 21:41:44.269699571 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version: 1.20.4 +Version: 1.20.5 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.20.4.src.tar.gz -> go1.20.5.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.20/go1.20.4.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.5.src.tar.gz differ: char 12, line 1