Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.16 for openSUSE:Factory checked in at 2021-06-21 20:34:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.16 (Old) and /work/SRC/openSUSE:Factory/.go1.16.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.16" Mon Jun 21 20:34:46 2021 rev:6 rq:900522 version:1.16.5 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.16/go1.16.changes 2021-05-10 15:34:09.322798930 +0200 +++ /work/SRC/openSUSE:Factory/.go1.16.new.2625/go1.16.changes 2021-06-21 20:34:48.970571488 +0200 @@ -1,0 +2,24 @@ +Thu Jun 3 22:46:45 UTC 2021 - Jeff Kowalczyk <[email protected]> + +- go1.16.5 (released 2021-06-03) includes security fixes to the + archive/zip, math/big, net, and net/http/httputil packages, as + well as bug fixes to the linker, the go command, and the net/http + package. + CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 + Refs boo#1182345 go1.16 release tracking + * boo#1187443 go#46241 CVE-2021-33195 + * go#46357 net: Lookup functions may return invalid host names + * go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve + * boo#1186622 go#46242 CVE-2021-33196 + * go#46397 archive/zip: malformed archive may cause panic or memory exhaustion + * boo#1187444 go#46313 CVE-2021-33197 + * go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty + * boo#1187445 go#45910 CVE-2021-33198 + * go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" + * go#46214 cmd/go: make go mod download with no arguments leave go.sum alone + * go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version + * go#46128 cmd/link: internal error when externally linking very large binaries + * go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE + * go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le + +------------------------------------------------------------------- Old: ---- go1.16.4.src.tar.gz New: ---- go1.16.5.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.16.spec ++++++ --- /var/tmp/diff_new_pack.Lcn7RA/_old 2021-06-21 20:34:49.514572002 +0200 +++ /var/tmp/diff_new_pack.Lcn7RA/_new 2021-06-21 20:34:49.518572006 +0200 @@ -135,7 +135,7 @@ %endif Name: go1.16 -Version: 1.16.4 +Version: 1.16.5 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.16.4.src.tar.gz -> go1.16.5.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.16/go1.16.4.src.tar.gz /work/SRC/openSUSE:Factory/.go1.16.new.2625/go1.16.5.src.tar.gz differ: char 143, line 1
