|
|
|
|
Changelog for go1.15-1.15.15-4.6.x86_64.rpm :
* Mon Apr 15 2024 Bernhard Wiedemann - Add reproducible.patch to avoid build-time race (boo#1102408) * Tue Feb 27 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN. * Thu Aug 05 2021 Jeff Kowalczyk - go1.15.15 (released 2021-08-05) includes a security fix to the net/http/httputil package, as well as bug fixes to the compiler, the runtime, the go command, and the net/http package. CVE-2021-36221 Refs boo#1175132 go1.15 release tracking * boo#1189162 go#46866 CVE-2021-36221 * go#47473 net/http: panic due to racy read of persistConn after handler panic * go#47347 cmd/go: \"go list -f \'{{.Stale}}\'\" stack overflow with cyclic imports * go#47014 cmd/go: go mod vendor: open C:\\Users\\LICENSE: Access is denied. * go#46927 cmd/compile: register conflict between external linker and duffzero on arm64 * go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 * Thu Aug 05 2021 Jeff Kowalczyk - Drop patch to fix crashes on PowerPC with kernel >= 5.13, fixed in next upstream release: * drop fix-crash-on-ppc64le.patch * Sun Jul 25 2021 Hillwood Yang - Fix go#46803 boo#1188906, add fix-crash-on-ppc64le.patch * Mon Jul 12 2021 Jeff Kowalczyk - go1.15.14 (released 2021-07-12) includes a security fix to the crypto/tls package, as well as bug fixes to the linker, and the net package. CVE-2021-34558 Refs boo#1175132 go1.15 release tracking * boo#1188229 go#47143 CVE-2021-34558 * go#47144 security: fix CVE-2021-34558 * go#47012 net: LookupMX behaviour broken * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46684 x/build/cmd/release: linux-armv6l release tests aren\'t passing * go#46656 runtime: deeply nested struct initialized with non-zero values * Thu Jun 10 2021 Jeff Kowalczyk - Fix extraneous trailing percent character %endif% in spec file. * Thu Jun 03 2021 Jeff Kowalczyk - go1.15.13 (released 2021-06-03) includes security fixes to the archive/zip, math/big, net, and net/http/httputil packages, as well as bug fixes to the linker, the go command, and the math/big and net/http packages. CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 Refs boo#1175132 go1.15 release tracking * boo#1187443 go#46241 CVE-2021-33195 * go#46356 net: Lookup functions may return invalid host names * go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve * boo#1186622 go#46242 CVE-2021-33196 * go#46396 archive/zip: malformed archive may cause panic or memory exhaustion * boo#1187444 go#46313 CVE-2021-33197 * go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty * boo#1187445 go#45910 CVE-2021-33198 * go#46305 math/big: ( *Rat).SetString with \"1.770p02041010010011001001\" crashes with \"makeslice: len out of range\" * go#46143 cmd/go: error out of \'go mod tidy\' if the go.mod file specifies a newer-than-supported Go version * go#46127 cmd/link: internal error when externally linking very large binaries * go#46002 cmd/link: SIGSEGV running \'openshift-install version\' for release-4.8 using external linking on PPC64LE * go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128 * Fri May 07 2021 Jeff Kowalczyk - go1.15.12 (released 2021-05-06) includes a security fix to the net/http package, as well as bug fixes to the runtime and the time package. CVE-2021-31525 Refs boo#1175132 go1.15 release tracking * boo#1185790 CVE-2021-31525 * go#45711 net/http: ReadRequest can stack overflow * go#45731 time, runtime: scheduled timer may never fire if GOMAXPROCS is reduced * go#45481 runtime: \"invalid pc-encoded table\" throw caused by bad cgo traceback (expandFinalInlineFrames) * go#45384 time: Europe/Dublin timezone handling broken with embedded timezone database * Fri Apr 02 2021 Jeff Kowalczyk - go1.15.11 (released 2021-04-01) includes fixes to cgo, the compiler, linker, runtime, the go command, and the database/sql and net/http packages. Refs boo#1175132 go1.15 release tracking * go#45302 runtime: \"invalid pc-encoded table\" throw caused by bad cgo traceback * go#45239 all: run.{bash,bat,rc} sets GOPATH inconsistently * go#45187 Strange behaviour with loops * go#45076 net/http: transport caches permanently broken persistent connections if write error happens during h2 handshake * go#44872 cmd/go: \'go get\' does not add missing hash to go.sum when ziphash file missing from cache * go#44748 cmd/link: fail to build when using time/tzdata on ARM * go#43592 cmd/link: \"x86_64-w64-mingw32/bin/ld.exe: Error: export ordinal too large\" after upgrading to Go 1.15 * go#43591 cmd/link: -buildmode=c-shared exports many functions, not just //export functions * go#42884 database/sql: deadlock on transaction stmt context cancel * Fri Mar 12 2021 Jeff Kowalczyk - go1.15.10 (released 2021-03-11) includes fixes to the compiler, the go command, and the net/http, os, syscall, and time packages. Refs boo#1175132 go1.15 release tracking * go#44792 cmd/go: mod tidy should ignore missing standard library packages * go#44658 runtime: marked free object in span * go#44617 time: LoadLocationFromTZData with slim tzdata uses incorrect zone * go#44592 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus * go#44294 net/http: ServeContent()/ServeFile() doesn\'t return expected response when WriteTimeout happens * go#44273 os: copy_file_range system call fails on some file systems * go#42935 net/http: Transport race condition by Content-Length == 0 response * go#42930 cmd/compile: miscompilation of some arithmetic and conditionals on arm * Wed Mar 10 2021 Jeff Kowalczyk - go1.15.9 (released 2021-03-10) includes security fixes to the encoding/xml package. CVE-2021-27918 Refs boo#1175132 go1.15 release tracking * boo#1183333 CVE-2021-27918 * go#44914 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader` * Fri Feb 05 2021 Jeff Kowalczyk - go1.15.8 (released 2021-02-04) includes fixes to the compiler, linker, runtime, the go command, and the net/http package. Refs boo#1175132 go1.15 release tracking * go#43861 cmd/go: TestScript/get_update_unknown_protocol test fails * go#43860 cmd/go: handle space in path to C compiler * go#43833 runtime: SIGSEGV in runtime.deltimer on linux-mips-rtrk during ReadMemStats * go#43797 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged * go#43793 internal/execabs: disable tests on js-wasm * go#43575 cmd/compile: 32-bit random data corruption * go#43406 x/mobile/cmd/gomobile: gomobile build on simple program returns \"ld: error: duplicate symbol: x_cgo_inittls\" * go#43214 cmd/link: panic: runtime error: slice bounds out of range [::1751306] with length 1048576 * go#42539 net/http: race in http2Transport * go#42384 cmd/link: PE linker segfaults in addpersrc when cross-compiling * Tue Jan 19 2021 Jeff Kowalczyk - go1.15.7 (released 2021-01-19) includes security fixes to the go command and crypto/elliptic package. CVE-2021-3114 CVE-2021-3115 Refs boo#1175132 go1.15 release tracking * boo#1181145 CVE-2021-3114 * go#43788 crypto/elliptic: incorrect operations on the P-224 curve * boo#1181146 CVE-2021-3115 * go#43785 cmd/go: packages using cgo can cause arbitrary code execution on Windows
|
|
|