Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.21 for openSUSE:Factory checked in at 2024-03-07 18:27:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.21 (Old) and /work/SRC/openSUSE:Factory/.go1.21.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.21" Thu Mar 7 18:27:27 2024 rev:14 rq:1155402 version:1.21.8 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.21/go1.21.changes 2024-02-28 19:45:01.841259997 +0100 +++ /work/SRC/openSUSE:Factory/.go1.21.new.1770/go1.21.changes 2024-03-07 18:27:33.624904689 +0100 @@ -1,0 +2,21 @@ +Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.21.8 (released 2024-03-05) includes security fixes to the + crypto/x509, html/template, net/http, net/http/cookiejar, and + net/mail packages, as well as bug fixes to the go command and the + runtime. + Refs boo#1212475 go1.21 release tracking + CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 + * go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + * go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm + * go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm + * go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled + * go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping + * go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders + * go#65475 internal/testenv: support LUCI mobile builders in testenv tests + * go#65478 runtime: don't let the tests leave core files behind + * go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing + * go#65851 cmd/go: "missing ziphash" error with go.work + * go#65882 internal/poll: invalid uintptr conversion in call to windows.SetFileInformationByHandle + +------------------------------------------------------------------- Old: ---- go1.21.7.src.tar.gz New: ---- go1.21.8.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.21.spec ++++++ --- /var/tmp/diff_new_pack.aqJgfK/_old 2024-03-07 18:27:34.412933769 +0100 +++ /var/tmp/diff_new_pack.aqJgfK/_new 2024-03-07 18:27:34.412933769 +0100 @@ -126,7 +126,7 @@ %endif Name: go1.21 -Version: 1.21.7 +Version: 1.21.8 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.21.7.src.tar.gz -> go1.21.8.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.21/go1.21.7.src.tar.gz /work/SRC/openSUSE:Factory/.go1.21.new.1770/go1.21.8.src.tar.gz differ: char 13, line 1