Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-12-08 16:50:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.19" Thu Dec 8 16:50:01 2022 rev:8 rq:1041235 version:1.19.4 Changes: -------- --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes 2022-11-02 12:46:46.817458009 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.1835/go1.19.changes 2022-12-08 16:50:11.079175759 +0100 @@ -1,0 +2,22 @@ +Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk <jkowalc...@suse.com> + +- go1.19.4 (released 2022-12-06) includes security fixes to the + net/http and os packages, as well as bug fixes to the compiler, + the runtime, and the crypto/x509, os/exec, and sync/atomic + packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41717 CVE-2022-41720 + * go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries + * go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows + * go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate + * go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com + * go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072 + * go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions. + * go#56636 runtime: traceback stuck in runtime.systemstack + * go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable" + * go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8) + * go#56438 crypto/x509: respect GODEBUG changes during program lifetime + * go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter + * go#56360 cmd/compile: panic: offset too large + +------------------------------------------------------------------- Old: ---- go1.19.3.src.tar.gz New: ---- go1.19.4.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.19.spec ++++++ --- /var/tmp/diff_new_pack.j9G8IH/_old 2022-12-08 16:50:11.763179258 +0100 +++ /var/tmp/diff_new_pack.j9G8IH/_new 2022-12-08 16:50:11.767179279 +0100 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version: 1.19.3 +Version: 1.19.4 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause ++++++ go1.19.3.src.tar.gz -> go1.19.4.src.tar.gz ++++++ /work/SRC/openSUSE:Factory/go1.19/go1.19.3.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.1835/go1.19.4.src.tar.gz differ: char 19, line 1
