Overview

Request 1155403 accepted

- go1.22.1 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and
net/mail packages, as well as bug fixes to the compiler, the go
command, the runtime, the trace command, and the go/types and
net/http packages.
Refs boo#1218424 go1.22 release tracking
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
* go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
* go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
* go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
* go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
* go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
* go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
* go#65474 internal/testenv: support LUCI mobile builders in testenv tests
* go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
* go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
* go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
* go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
* go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
* go#65728 go/types: nil pointer dereference in Alias.Underlying()
* go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
* go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
* go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
* go#65852 cmd/go: "missing ziphash" error with go.work
* go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms (forwarded request 1155401 from jfkw)

Loading...
Request History
Jeff Kowalczyk's avatar

jfkw created request

- go1.22.1 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and
net/mail packages, as well as bug fixes to the compiler, the go
command, the runtime, the trace command, and the go/types and
net/http packages.
Refs boo#1218424 go1.22 release tracking
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
* go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
* go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
* go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
* go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
* go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
* go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
* go#65474 internal/testenv: support LUCI mobile builders in testenv tests
* go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
* go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
* go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
* go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
* go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
* go#65728 go/types: nil pointer dereference in Alias.Underlying()
* go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
* go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
* go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
* go#65852 cmd/go: "missing ziphash" error with go.work
* go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms (forwarded request 1155401 from jfkw)


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review

ok


Staging Bot's avatar

staging-bot added openSUSE:Factory:Staging:adi:23 as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:23"


Staging Bot's avatar

staging-bot accepted review

Picked "openSUSE:Factory:Staging:adi:23"


Dominique Leuenberger's avatar

dimstar accepted review


Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.


Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.


Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:adi:23 got accepted.

openSUSE Build Service is sponsored by