Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.24 for openSUSE:Factory checked in at 2026-01-18 22:18:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.24 (Old) and /work/SRC/openSUSE:Factory/.go1.24.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.24" Sun Jan 18 22:18:26 2026 rev:19 rq:1327528 version:1.24.12 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.24/go1.24.changes 2025-12-04 11:26:51.206449795 +0100 +++ /work/SRC/openSUSE:Factory/.go1.24.new.1928/go1.24.changes 2026-01-18 22:18:54.535719254 +0100 @@ -1,0 +2,21 @@ +Thu Jan 15 18:28:38 UTC 2026 - Jeff Kowalczyk <[email protected]> + +- go1.24.12 (released 2026-01-15) includes security fixes to the go + command, and the archive/zip, crypto/tls, and net/url packages, + as well as bug fixes to the compiler, the runtime, and the + crypto/tls and os packages. + Refs boo#1236217 go1.24 release tracking + CVE-2025-61726 CVE-2025-61728 CVE-2025-61730 CVE-2025-61731 CVE-2025-68119 CVE-2025-68121 + * go#76854 go#76443 boo#1256821 security: fix CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level + * go#77103 go#77099 boo#1256820 security: fix CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain + * go#77105 go#77100 boo#1256819 security: fix CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution + * go#77107 go#77101 boo#1256817 security: fix CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm + * go#77109 go#77102 boo#1256816 security: fix CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives + * go#77114 go#77113 boo#1256818 security: fix CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain + * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled + * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes + * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 + * go#76796 runtime: race detector crash on ppc64le + * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range + +------------------------------------------------------------------- Old: ---- go1.24.11.src.tar.gz New: ---- go1.24.12.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.24.spec ++++++ --- /var/tmp/diff_new_pack.WQsi87/_old 2026-01-18 22:18:55.487758372 +0100 +++ /var/tmp/diff_new_pack.WQsi87/_new 2026-01-18 22:18:55.499758865 +0100 @@ -1,7 +1,7 @@ # # spec file for package go1.24 # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -107,7 +107,7 @@ %endif Name: go1.24 -Version: 1.24.11 +Version: 1.24.12 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.24.11.src.tar.gz -> go1.24.12.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.24/go1.24.11.src.tar.gz /work/SRC/openSUSE:Factory/.go1.24.new.1928/go1.24.12.src.tar.gz differ: char 110, line 1
