SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for go1.15-1.15.15-4.6.x86_64.rpm :

* Mon Apr 15 2024 Bernhard Wiedemann - Add reproducible.patch to avoid build-time race (boo#1102408)
* Tue Feb 27 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Thu Aug 05 2021 Jeff Kowalczyk - go1.15.15 (released 2021-08-05) includes a security fix to the net/http/httputil package, as well as bug fixes to the compiler, the runtime, the go command, and the net/http package. CVE-2021-36221 Refs boo#1175132 go1.15 release tracking
* boo#1189162 go#46866 CVE-2021-36221
* go#47473 net/http: panic due to racy read of persistConn after handler panic
* go#47347 cmd/go: \"go list -f \'{{.Stale}}\'\" stack overflow with cyclic imports
* go#47014 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied.
* go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
* go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
* Thu Aug 05 2021 Jeff Kowalczyk - Drop patch to fix crashes on PowerPC with kernel >= 5.13, fixed in next upstream release:
* drop fix-crash-on-ppc64le.patch
* Sun Jul 25 2021 Hillwood Yang - Fix go#46803 boo#1188906, add fix-crash-on-ppc64le.patch
* Mon Jul 12 2021 Jeff Kowalczyk - go1.15.14 (released 2021-07-12) includes a security fix to the crypto/tls package, as well as bug fixes to the linker, and the net package. CVE-2021-34558 Refs boo#1175132 go1.15 release tracking
* boo#1188229 go#47143 CVE-2021-34558
* go#47144 security: fix CVE-2021-34558
* go#47012 net: LookupMX behaviour broken
* go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46684 x/build/cmd/release: linux-armv6l release tests aren\'t passing
* go#46656 runtime: deeply nested struct initialized with non-zero values
* Thu Jun 10 2021 Jeff Kowalczyk - Fix extraneous trailing percent character %endif% in spec file.
* Thu Jun 03 2021 Jeff Kowalczyk - go1.15.13 (released 2021-06-03) includes security fixes to the archive/zip, math/big, net, and net/http/httputil packages, as well as bug fixes to the linker, the go command, and the math/big and net/http packages. CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 Refs boo#1175132 go1.15 release tracking
* boo#1187443 go#46241 CVE-2021-33195
* go#46356 net: Lookup functions may return invalid host names
* go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
* boo#1186622 go#46242 CVE-2021-33196
* go#46396 archive/zip: malformed archive may cause panic or memory exhaustion
* boo#1187444 go#46313 CVE-2021-33197
* go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
* boo#1187445 go#45910 CVE-2021-33198
* go#46305 math/big: (
*Rat).SetString with \"1.770p02041010010011001001\" crashes with \"makeslice: len out of range\"
* go#46143 cmd/go: error out of \'go mod tidy\' if the go.mod file specifies a newer-than-supported Go version
* go#46127 cmd/link: internal error when externally linking very large binaries
* go#46002 cmd/link: SIGSEGV running \'openshift-install version\' for release-4.8 using external linking on PPC64LE
* go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128
* Fri May 07 2021 Jeff Kowalczyk - go1.15.12 (released 2021-05-06) includes a security fix to the net/http package, as well as bug fixes to the runtime and the time package. CVE-2021-31525 Refs boo#1175132 go1.15 release tracking
* boo#1185790 CVE-2021-31525
* go#45711 net/http: ReadRequest can stack overflow
* go#45731 time, runtime: scheduled timer may never fire if GOMAXPROCS is reduced
* go#45481 runtime: \"invalid pc-encoded table\" throw caused by bad cgo traceback (expandFinalInlineFrames)
* go#45384 time: Europe/Dublin timezone handling broken with embedded timezone database
* Fri Apr 02 2021 Jeff Kowalczyk - go1.15.11 (released 2021-04-01) includes fixes to cgo, the compiler, linker, runtime, the go command, and the database/sql and net/http packages. Refs boo#1175132 go1.15 release tracking
* go#45302 runtime: \"invalid pc-encoded table\" throw caused by bad cgo traceback
* go#45239 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45187 Strange behaviour with loops
* go#45076 net/http: transport caches permanently broken persistent connections if write error happens during h2 handshake
* go#44872 cmd/go: \'go get\' does not add missing hash to go.sum when ziphash file missing from cache
* go#44748 cmd/link: fail to build when using time/tzdata on ARM
* go#43592 cmd/link: \"x86_64-w64-mingw32/bin/ld.exe: Error: export ordinal too large\" after upgrading to Go 1.15
* go#43591 cmd/link: -buildmode=c-shared exports many functions, not just //export functions
* go#42884 database/sql: deadlock on transaction stmt context cancel
* Fri Mar 12 2021 Jeff Kowalczyk - go1.15.10 (released 2021-03-11) includes fixes to the compiler, the go command, and the net/http, os, syscall, and time packages. Refs boo#1175132 go1.15 release tracking
* go#44792 cmd/go: mod tidy should ignore missing standard library packages
* go#44658 runtime: marked free object in span
* go#44617 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44592 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44294 net/http: ServeContent()/ServeFile() doesn\'t return expected response when WriteTimeout happens
* go#44273 os: copy_file_range system call fails on some file systems
* go#42935 net/http: Transport race condition by Content-Length == 0 response
* go#42930 cmd/compile: miscompilation of some arithmetic and conditionals on arm
* Wed Mar 10 2021 Jeff Kowalczyk - go1.15.9 (released 2021-03-10) includes security fixes to the encoding/xml package. CVE-2021-27918 Refs boo#1175132 go1.15 release tracking
* boo#1183333 CVE-2021-27918
* go#44914 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`
* Fri Feb 05 2021 Jeff Kowalczyk - go1.15.8 (released 2021-02-04) includes fixes to the compiler, linker, runtime, the go command, and the net/http package. Refs boo#1175132 go1.15 release tracking
* go#43861 cmd/go: TestScript/get_update_unknown_protocol test fails
* go#43860 cmd/go: handle space in path to C compiler
* go#43833 runtime: SIGSEGV in runtime.deltimer on linux-mips-rtrk during ReadMemStats
* go#43797 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged
* go#43793 internal/execabs: disable tests on js-wasm
* go#43575 cmd/compile: 32-bit random data corruption
* go#43406 x/mobile/cmd/gomobile: gomobile build on simple program returns \"ld: error: duplicate symbol: x_cgo_inittls\"
* go#43214 cmd/link: panic: runtime error: slice bounds out of range [::1751306] with length 1048576
* go#42539 net/http: race in http2Transport
* go#42384 cmd/link: PE linker segfaults in addpersrc when cross-compiling
* Tue Jan 19 2021 Jeff Kowalczyk - go1.15.7 (released 2021-01-19) includes security fixes to the go command and crypto/elliptic package. CVE-2021-3114 CVE-2021-3115 Refs boo#1175132 go1.15 release tracking
* boo#1181145 CVE-2021-3114
* go#43788 crypto/elliptic: incorrect operations on the P-224 curve
* boo#1181146 CVE-2021-3115
* go#43785 cmd/go: packages using cgo can cause arbitrary code execution on Windows
 
ICM