Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.25 for openSUSE:Factory checked in at 2026-01-18 22:18:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.25 (Old) and /work/SRC/openSUSE:Factory/.go1.25.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.25" Sun Jan 18 22:18:28 2026 rev:13 rq:1327532 version:1.25.6 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.25/go1.25.changes 2025-12-03 14:13:49.037831859 +0100 +++ /work/SRC/openSUSE:Factory/.go1.25.new.1928/go1.25.changes 2026-01-18 22:18:56.623805050 +0100 @@ -1,0 +2,23 @@ +Thu Jan 15 18:28:34 UTC 2026 - Jeff Kowalczyk <[email protected]> + +- go1.25.6 (released 2026-01-15) includes security fixes to the go + command, and the archive/zip, crypto/tls, and net/url packages, + as well as bug fixes to the compiler, the runtime, and the + crypto/tls, errors, and os packages. + Refs boo#1244485 go1.25 release tracking + CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 + * go#76855 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level + * go#77104 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain + * go#77106 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution + * go#77108 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm + * go#77110 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives + * go#77115 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain + * go#76392 os: package initialization hangs is Stdin is blocked + * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled + * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes + * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 + * go#76776 runtime: race detector crash on ppc64le + * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range + * go#76973 errors: errors.Join behavior changed in 1.25 + +------------------------------------------------------------------- Old: ---- go1.25.5.src.tar.gz New: ---- go1.25.6.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.25.spec ++++++ --- /var/tmp/diff_new_pack.ytMLTX/_old 2026-01-18 22:18:57.851855509 +0100 +++ /var/tmp/diff_new_pack.ytMLTX/_new 2026-01-18 22:18:57.855855672 +0100 @@ -107,7 +107,7 @@ %endif Name: go1.25 -Version: 1.25.5 +Version: 1.25.6 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.25.5.src.tar.gz -> go1.25.6.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.25/go1.25.5.src.tar.gz /work/SRC/openSUSE:Factory/.go1.25.new.1928/go1.25.6.src.tar.gz differ: char 110, line 1
