Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.24 for openSUSE:Factory checked
in at 2025-10-18 14:34:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/go1.24 (Old)
and /work/SRC/openSUSE:Factory/.go1.24.new.18484 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.24"
Sat Oct 18 14:34:57 2025 rev:16 rq:1311562 version:1.24.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/go1.24/go1.24.changes 2025-10-15
12:44:53.899687639 +0200
+++ /work/SRC/openSUSE:Factory/.go1.24.new.18484/go1.24.changes 2025-10-18
14:35:06.287616553 +0200
@@ -7,0 +8,3 @@
+- Packaging improvements:
+ * Add net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch
+ needed today and will be available in the next upstream release
New:
----
net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch
----------(New B)----------
New:- Packaging improvements:
* Add net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch
needed today and will be available in the next upstream release
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ go1.24.spec ++++++
--- /var/tmp/diff_new_pack.chWpNk/_old 2025-10-18 14:35:08.779720824 +0200
+++ /var/tmp/diff_new_pack.chWpNk/_new 2025-10-18 14:35:08.791721326 +0200
@@ -108,6 +108,7 @@
# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115
Patch7: dont-force-gold-on-arm64.patch
Patch9: go-fixseccomp.patch
+Patch10: net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# boostrap
BuildRequires: %{go_bootstrap_version}
@@ -197,6 +198,10 @@
%patch -P 9 -p1
%endif
+# net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch
+# needed today and will be available in the next upstream release
+%patch -P 10 -p1
+
cp %{SOURCE4} .
%build
++++++ net-url-allow-IP-literals-with-IPv4-mapped-IPv6-addresses.patch ++++++
>From e02a9d02d0181394e243cbc3b356e86896a78e2c Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <[email protected]>
Date: Wed, 08 Oct 2025 17:13:12 -0700
Subject: [PATCH] [release-branch.go1.24] net/url: allow IP-literals with
IPv4-mapped IPv6 addresses
The security fix we applied in CL709857 was overly broad. It applied
rules from RFC 2732, which disallowed IPv4-mapped IPv6 addresses, but
these were later allowed in RFC 3986, which is the canonical URI syntax
RFC.
Revert the portion of CL709857 which restricted IPv4-mapped addresses,
and update the related tests.
Updates #75815
Fixes #75831
Change-Id: I3192f2275ad5c386f5c15006a6716bdb5282919d
Reviewed-on: https://go-review.googlesource.com/c/go/+/710375
LUCI-TryBot-Result: Go LUCI
<[email protected]>
Reviewed-by: Ethan Lee <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>
(cherry picked from commit 9db7e30bb42eed9912f5e7e9e3959f3b38879d5b)
---
diff --git a/src/net/url/url.go b/src/net/url/url.go
index c686239..1d9c1cd 100644
--- a/src/net/url/url.go
+++ b/src/net/url/url.go
@@ -670,13 +670,13 @@
// Per RFC 3986, only a host identified by a valid
// IPv6 address can be enclosed by square brackets.
- // This excludes any IPv4 or IPv4-mapped addresses.
+ // This excludes any IPv4, but notably not IPv4-mapped
addresses.
addr, err := netip.ParseAddr(unescapedHostname)
if err != nil {
return "", fmt.Errorf("invalid host: %w", err)
}
- if addr.Is4() || addr.Is4In6() {
- return "", errors.New("invalid IPv6 host")
+ if addr.Is4() {
+ return "", errors.New("invalid IP-literal")
}
return "[" + unescapedHostname + "]" + unescapedColonPort, nil
} else if i := strings.LastIndex(host, ":"); i != -1 {
diff --git a/src/net/url/url_test.go b/src/net/url/url_test.go
index 3206558..6084fac 100644
--- a/src/net/url/url_test.go
+++ b/src/net/url/url_test.go
@@ -726,7 +726,7 @@
{"https://[2001:db8::1]/path";, true}, // compressed IPv6
address with path
{"https://[fe80::1%25eth0]/path?query=1";, true}, // link-local with
zone, path, and query
- {"https://[::ffff:192.0.2.1]";, false},
+ {"https://[::ffff:192.0.2.1]";, true},
{"https://[:1] ", false},
{"https://[1:2:3:4:5:6:7:8:9]";, false},
{"https://[1::1::1]";, false},
@@ -1672,16 +1672,17 @@
{"cache_object:foo/bar", true},
{"cache_object/:foo/bar", false},
- {"http://[192.168.0.1]/";, true}, // IPv4 in brackets
- {"http://[192.168.0.1]:8080/";, true}, // IPv4 in
brackets with port
- {"http://[::ffff:192.168.0.1]/";, true}, // IPv4-mapped
IPv6 in brackets
- {"http://[::ffff:192.168.0.1]:8080/";, true}, // IPv4-mapped
IPv6 in brackets with port
- {"http://[::ffff:c0a8:1]/";, true}, // IPv4-mapped
IPv6 in brackets (hex)
- {"http://[not-an-ip]/";, true}, // invalid IP
string in brackets
- {"http://[fe80::1%foo]/";, true}, // invalid zone
format in brackets
- {"http://[fe80::1";, true}, // missing closing
bracket
- {"http://fe80::1]/";, true}, // missing opening
bracket
- {"http://[test.com]/";, true}, // domain name in
brackets
+ {"http://[192.168.0.1]/";, true}, // IPv4 in
brackets
+ {"http://[192.168.0.1]:8080/";, true}, // IPv4 in
brackets with port
+ {"http://[::ffff:192.168.0.1]/";, false}, // IPv4-mapped
IPv6 in brackets
+ {"http://[::ffff:192.168.0.1000]/";, true}, // Out of range
IPv4-mapped IPv6 in brackets
+ {"http://[::ffff:192.168.0.1]:8080/";, false}, // IPv4-mapped
IPv6 in brackets with port
+ {"http://[::ffff:c0a8:1]/";, false}, // IPv4-mapped
IPv6 in brackets (hex)
+ {"http://[not-an-ip]/";, true}, // invalid IP
string in brackets
+ {"http://[fe80::1%foo]/";, true}, // invalid zone
format in brackets
+ {"http://[fe80::1";, true}, // missing
closing bracket
+ {"http://fe80::1]/";, true}, // missing
opening bracket
+ {"http://[test.com]/";, true}, // domain name in
brackets
}
for _, tt := range tests {
u, err := Parse(tt.in)
