Hello community, here is the log from the commit of package go1.12 for openSUSE:Factory checked in at 2019-08-23 11:04:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.12 (Old) and /work/SRC/openSUSE:Factory/.go1.12.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.12" Fri Aug 23 11:04:00 2019 rev:11 rq:724681 version:1.12.9 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.12/go1.12.changes 2019-08-15 12:27:56.338568194 +0200 +++ /work/SRC/openSUSE:Factory/.go1.12.new.7948/go1.12.changes 2019-08-23 11:04:11.282507661 +0200 @@ -1,0 +2,12 @@ +Thu Aug 15 23:44:35 UTC 2019 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.12.9 (released 2019/08/15) includes fixes to the linker and + the os and math/big packages. + Refs boo#1141689. + * go#33557 cmd/link: stack depth check too shallow + * go#33424 os.RemoveAll: openFdAt function without O_CLOEXEC and cause fd escape to child process + * go#33040 cmd/link: missing section for relocation target + * go#32940 math/big: arm64 assembly code for shlVU is incorrect + * go#30401 doc: syscall: document Setrlimit behavior change on Go 1.12 on macOS + +------------------------------------------------------------------- @@ -5 +17 @@ - net/http and net/url packages addressing: + net/http and net/url packages addressing CVEs: @@ -7,0 +20,3 @@ + * bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth + * bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service + * bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass Old: ---- go1.12.8.src.tar.gz New: ---- go1.12.9.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.12.spec ++++++ --- /var/tmp/diff_new_pack.zMsgrr/_old 2019-08-23 11:04:13.014507379 +0200 +++ /var/tmp/diff_new_pack.zMsgrr/_new 2019-08-23 11:04:13.018507379 +0200 @@ -119,7 +119,7 @@ %endif Name: go1.12 -Version: 1.12.8 +Version: 1.12.9 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.12.8.src.tar.gz -> go1.12.9.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.12/go1.12.8.src.tar.gz /work/SRC/openSUSE:Factory/.go1.12.new.7948/go1.12.9.src.tar.gz differ: char 15, line 1