<revisionlist>
<revision rev="1" vrev="1">
<srcmd5>f7bac58ac37aab23969bab5b786ff589</srcmd5>
<version>1.17.1</version>
<time>1632173592</time>
<user>dimstar_suse</user>
<comment>New package go1.17 version go1.17.1.</comment>
<requestid>920225</requestid>
</revision>
<revision rev="2" vrev="1">
<srcmd5>203cffa4ce24e47deb9ba075a8c830dc</srcmd5>
<version>1.17.2</version>
<time>1633963720</time>
<user>dimstar_suse</user>
<comment>- go1.17.2 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
compiler, the runtime, the go command, and to the time and
text/template packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48800 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48561 cmd/compile: unsafe.Add bug when adding uint8 value to a pointer
* go#48444 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#48177 time: output does not respect comma as millisecond separator
* go#47859 time: timer reset sometimes ignored, causing delayed ticks
* go#47756 cmd/go: mod tidy -go=1.17 should move indirect dependencies to the second require part (forwarded request 924124 from jfkw)</comment>
<requestid>924126</requestid>
</revision>
<revision rev="3" vrev="1">
<srcmd5>b994b05e17c760c64b8111eb9d0fb0ec</srcmd5>
<version>1.17.3</version>
<time>1636218909</time>
<user>dimstar_suse</user>
<comment>- go1.17.3 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the go command, the misc/wasm
directory, and to the net/http and syscall packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48992 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48252 archive/zip: Reader.Open panics on empty string
* go#49199 cmd/go: go list all breaks in //go:build-only repos
* go#49154 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49086 cmd/link: -buildmode=pie -linkshared panic at runtime
* go#49077 x/net/http2: backport critical fixes
* go#49010 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48823 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48650 x/net/http2: pool deadlock
* go#48479 cmd/compile: 64 bits shifts on arm get wrong results
* go#48475 cmd/compile: incorrect arm/arm64 simplification rules
* go#48075 syscall: SysProcAttr{ NoInheritHandles: true } broken in 1.17 on Windows (forwarded request 929548 from jfkw)</comment>
<requestid>929550</requestid>
</revision>
<revision rev="4" vrev="1">
<srcmd5>28d2d496d3ffd5c547c19c2b81d93387</srcmd5>
<version>1.17.4</version>
<time>1638831546</time>
<user>dimstar_suse</user>
<comment>- go1.17.4 (released 2021-12-02) includes fixes to the compiler,
linker, runtime, and the go/types, net/http, and time packages.
Refs boo#1190649 go1.17 release tracking
* go#49911 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49909 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49905 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49868 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49729 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49662 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49624 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49568 net/http: server responds with Transfer-Encoding: identity
* go#49561 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49559 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49511 cmd/compile: init info of OAS node in a select case is being dropped
* go#49479 runtime: "morestack on g0" in x/perf/storage/app on windows/arm64
* go#49407 time: ParseInLocation error
* go#49392 cmd/compile: internal compiler error: Expand calls interface data problem
* go#49369 runtime: time goes backwards on windows-arm64 (frequent TestGcLastTime failures)
* go#49129 cmd/compile: internal compiler error: can't find source for b12->b4: v31 = MOVBload <bool> v14 v1 : DX
* go#48825 go/types, types2: stack overflow in hasVarSize for invalid type (forwarded request 935320 from jfkw)</comment>
<requestid>935322</requestid>
</revision>
<revision rev="5" vrev="1">
<srcmd5>249782657523205d6fc4799475690adb</srcmd5>
<version>1.17.5</version>
<time>1639340827</time>
<user>dimstar_suse</user>
<comment>- go1.17.5 (released 2021-12-09) includes security fixes to the
syscall and net/http packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-44716 CVE-2021-44717
* boo#1193598 go#50057 CVE-2021-44717
* go#50067 syscall: don’t close fd 0 on ForkExec error
* boo#1193597 go#50058 CVE-2021-44716
* go#50065 net/http: limit growth of header canonicalization cache (forwarded request 938745 from jfkw)</comment>
<requestid>938755</requestid>
</revision>
<revision rev="6" vrev="1">
<srcmd5>de3949eaf1f2584513c348bbbc325572</srcmd5>
<version>1.17.6</version>
<time>1641680587</time>
<user>dimstar_suse</user>
<comment>- go1.17.6 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the crypto/x509, net/http, and reflect
packages.
Refs boo#1190649 go1.17 release tracking
* go#50165 crypto/x509: error parsing large ASN.1 identifiers
* go#50073 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49961 reflect: segmentation violation while using html/template
* go#49921 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#49413 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48116 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 (forwarded request 944560 from jfkw)</comment>
<requestid>944562</requestid>
</revision>
<revision rev="7" vrev="1">
<srcmd5>e696433d57eec50fe3abd32e88163965</srcmd5>
<version>1.17.7</version>
<time>1644778237</time>
<user>dimstar_suse</user>
<comment>- go1.17.7 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, and net/http/httptest packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50687 cmd/go: do not treat branches with semantic-version names as releases
* go#50942 cmd/asm: "compile: loop" compiler bug?
* go#50867 cmd/compile: incorrect use of CMN on arm64
* go#50812 cmd/go: remove bitbucket VCS probing
* go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50297 cmd/link: does not set section type of .init_array correctly
* go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package (forwarded request 953823 from jfkw)</comment>
<requestid>953825</requestid>
</revision>
</revisionlist>