Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.31406
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.31406
<patchinfo incident="31406"> <issue tracker="bnc" id="1212669">go1.21+ toolchains change default GOTOOLCHAIN=auto to local to prevent downloading upstream go1.x toolchain binaries</issue> <issue tracker="bnc" id="1216944">VUL-0: CVE-2023-45284: go1.20,go1.21: path/filepath: recognize device names with trailing spaces and superscripts</issue> <issue tracker="bnc" id="1215985">VUL-0: CVE-2023-39323: go1.20,go1.21: cmd/go: line directives allows arbitrary execution during build</issue> <issue tracker="bnc" id="1215086">VUL-0: CVE-2023-39320: go1.21: cmd/go: go.mod toolchain directive allows arbitrary execution</issue> <issue tracker="bnc" id="1215087">VUL-0: CVE-2023-39321: CVE-2023-39322: go1.21: crypto/tls: panic when processing post-handshake message on QUIC connections</issue> <issue tracker="bnc" id="1215090">go1.20,go1.21: Go toolchain packages missing src/cmd/vendor/github.com/google/pprof/internal/driver/html/</issue> <issue tracker="bnc" id="1212667">go1.21 packages are missing go.env file to set toolchain defaults</issue> <issue tracker="bnc" id="1215085">VUL-0: CVE-2023-39319: go1.20,go1.21: html/template: improper handling of special tags within script contexts</issue> <issue tracker="bnc" id="1216109">VUL-0: CVE-2023-39325: go1.20,go1.21: net/http: rapid stream resets can cause excessive work</issue> <issue tracker="bnc" id="1215084">VUL-0: CVE-2023-39318: go1.20,go1.21: html/template: improper handling of HTML-like comments within script contexts</issue> <issue tracker="bnc" id="1212475">go1.21 release tracking</issue> <issue tracker="bnc" id="1216943">VUL-0: CVE-2023-45283: go1.20,go1.21: path/filepath: recognize \??\ as a Root Local Device path prefix</issue> <issue tracker="cve" id="2023-39322"/> <issue tracker="cve" id="2023-39319"/> <issue tracker="cve" id="2023-39323"/> <issue tracker="cve" id="2023-45284"/> <issue tracker="cve" id="2023-39325"/> <issue tracker="cve" id="2023-39320"/> <issue tracker="cve" id="2023-39318"/> <issue tracker="cve" id="2023-39321"/> <issue tracker="cve" id="2023-44487"/> <issue tracker="cve" id="2023-45283"/> <issue tracker="jsc" id="SLE-18320"/> <packager>jfkw</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for go1.21-openssl</summary> <description>This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. * Update to go1.21.4 go1.21.4 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and runtime/cgo packages. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * spec: update unification rules * cmd/compile: internal compiler error: expected struct value to have type struct * cmd/link: split text sections for arm 32-bit * runtime: MADV_COLLAPSE causes production performance issues on Linux * go/types, x/tools/go/ssa: panic: type param without replacement encountered * cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64 * net/http: http2 page fails on firefox/safari if pushing resources Initial package go1.21-openssl version 1.21.3.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.3-1-openssl-fips. (jsc#SLE-18320) * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor