Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.25 for openSUSE:Factory checked in at 2026-04-09 16:09:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.25 (Old) and /work/SRC/openSUSE:Factory/.go1.25.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.25" Thu Apr 9 16:09:24 2026 rev:16 rq:1345281 version:1.25.9 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.25/go1.25.changes 2026-03-08 17:26:26.529715072 +0100 +++ /work/SRC/openSUSE:Factory/.go1.25.new.21863/go1.25.changes 2026-04-09 16:22:16.684427364 +0200 @@ -1,0 +2,29 @@ +Tue Apr 7 19:41:12 UTC 2026 - Jeff Kowalczyk <[email protected]> + +- go1.25.9 (released 2026-04-07) includes security fixes to the go + command, the compiler, and the archive/tar, crypto/tls, + crypto/x509, html/template, and os packages, as well as bug fixes + to the go command, the compiler, and the runtime. + Refs boo#1244485 go1.25 release tracking + CVE-2026-27140 CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289 + * go#78421 go#78335 boo#1261653 security: fix CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG + * go#78419 go#78333 boo#1261654 security: fix CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination + * go#78423 go#78371 boo#1261655 security: fix CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking + * go#78361 go#78282 boo#1261656 security: fix CVE-2026-32280: crypto/x509: unexpected work during chain building + * go#78359 go#78281 boo#1261657 security: fix CVE-2026-32281: crypto/x509: inefficient policy validation + * go#78425 go#78293 boo#1261658 security: fix CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux + * go#78427 go#78334 boo#1261659 security: fix CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock + * go#78414 go#78301 boo#1261660 security: fix CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map + * go#78416 go#78331 boo#1261661 security: fix CVE-2026-32289: html/template: JS template literal context incorrectly tracked + * go#77921 cmd/compile: internal compiler error len larger than cap for OSLICEHEADER + * go#77968 crypto/x509: overly broad excluded constraints + * go#77999 cmd/cgo/internal/test: build error on macOS 26 in Go 1.25 + * go#78056 cmd/internal/testdir: Test/fixedbugs/{issue42032,issue51733,issue40954}.go fail with "missing LC_UUID load command" on macOS 26 in Go 1.25 + * go#78057 cmd/go: DiskCache.Trim on macOS often blocks go command for >20 minutes + * go#78086 runtime: go runtime.GC() can cause segfault with -race builds + * go#78154 testing: within a B.Loop loop, assigning function result to _ allows body to be optimized away (1.26 regression) + * go#78252 doc, x/website: go.dev/doc/godebug page contains "{{raw" due to misconfigured template use + * go#78318 test: issue46234.go failures with "command exceeded time limit" + * go#78384 cmd/go/internal/vcweb/vcstest: TestScripts/git/gitrepo-sha256.txt failures [consistent failure] + +------------------------------------------------------------------- Old: ---- go1.25.8.src.tar.gz New: ---- go1.25.9.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.25.spec ++++++ --- /var/tmp/diff_new_pack.qCAb40/_old 2026-04-09 16:22:17.468459535 +0200 +++ /var/tmp/diff_new_pack.qCAb40/_new 2026-04-09 16:22:17.468459535 +0200 @@ -107,7 +107,7 @@ %endif Name: go1.25 -Version: 1.25.8 +Version: 1.25.9 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.25.8.src.tar.gz -> go1.25.9.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.25/go1.25.8.src.tar.gz /work/SRC/openSUSE:Factory/.go1.25.new.21863/go1.25.9.src.tar.gz differ: char 17, line 1
