commit go1.21 for openSUSE:Factory

Source-Sync Thu, 07 Mar 2024 10:55:43 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package go1.21 for openSUSE:Factory checked 
in at 2024-03-07 18:27:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/go1.21 (Old)
 and      /work/SRC/openSUSE:Factory/.go1.21.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "go1.21"

Thu Mar  7 18:27:27 2024 rev:14 rq:1155402 version:1.21.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/go1.21/go1.21.changes    2024-02-28 
19:45:01.841259997 +0100
+++ /work/SRC/openSUSE:Factory/.go1.21.new.1770/go1.21.changes  2024-03-07 
18:27:33.624904689 +0100
@@ -1,0 +2,21 @@
+Tue Mar  5 17:38:51 UTC 2024 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- go1.21.8 (released 2024-03-05) includes security fixes to the
+  crypto/x509, html/template, net/http, net/http/cookiejar, and
+  net/mail packages, as well as bug fixes to the go command and the
+  runtime.
+  Refs boo#1212475 go1.21 release tracking
+  CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
+  * go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, 
net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on 
HTTP redirect
+  * go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: 
memory exhaustion in Request.ParseMultipartForm
+  * go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: 
Verify panics on certificates with an unknown public key algorithm
+  * go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: 
comments in display names are incorrectly handled
+  * go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: 
errors returned from MarshalJSON methods may break template escaping
+  * go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt 
builders
+  * go#65475 internal/testenv: support LUCI mobile builders in testenv tests
+  * go#65478 runtime: don't let the tests leave core files behind
+  * go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders 
failing
+  * go#65851 cmd/go: "missing ziphash" error with go.work
+  * go#65882 internal/poll: invalid uintptr conversion in call to 
windows.SetFileInformationByHandle
+
+-------------------------------------------------------------------

Old:
----
  go1.21.7.src.tar.gz

New:
----
  go1.21.8.src.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ go1.21.spec ++++++
--- /var/tmp/diff_new_pack.aqJgfK/_old  2024-03-07 18:27:34.412933769 +0100
+++ /var/tmp/diff_new_pack.aqJgfK/_new  2024-03-07 18:27:34.412933769 +0100
@@ -126,7 +126,7 @@
 %endif
 
 Name:           go1.21
-Version:        1.21.7
+Version:        1.21.8
 Release:        0
 Summary:        A compiled, garbage-collected, concurrent programming language
 License:        BSD-3-Clause

++++++ go1.21.7.src.tar.gz -> go1.21.8.src.tar.gz ++++++
/work/SRC/openSUSE:Factory/go1.21/go1.21.7.src.tar.gz 
/work/SRC/openSUSE:Factory/.go1.21.new.1770/go1.21.8.src.tar.gz differ: char 
13, line 1

commit go1.21 for openSUSE:Factory

Reply via email to