You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa golang

Sigurnosni nedostatak programskog paketa golang

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-11971
2014-10-03 02:56:51
——————————————————————————–

Name : golang
Product : Fedora 19
Version : 1.3.3
Release : 1.fc19
URL : http://golang.org/
Summary : The Go Programming Language
Description :
The Go Programming Language.

——————————————————————————–
Update Information:

update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
more work to get cgo.a timestamps to line up, due to build-env
——————————————————————————–
ChangeLog:

* Wed Oct 1 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.3.3-1
– update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.3.2-1
– update to go1.3.2 (bz1147324)
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-22
– more work to get cgo.a timestamps to line up, due to build-env
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-21
– touch cgo.a regardless
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-20
– rpm dependency ordering for %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-19
– finally check for a Stale cgo in a %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-18
– explicitly list all the files and directories for the packages trees
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-17
– explicitly list all the files and directories of the src tree, to preserve timestamps
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-16
– touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-15
– make golang-src ‘noarch’ again, since that was not a fix, and takes up more space
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-14
– update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-13
– update timestamps of source during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-12
– set another version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-11
– set a version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-10
– make the source subpackage arch’ed, instead of noarch
* Tue Jul 15 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-9
– fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-8
– `go install std` requires gcc, to build cgo. bz1105901, bz1101508
* Wed May 21 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-7
– bz1099206 ghost files are not what is needed
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-6
– bz1099206 more fixing. The packages %post need golang-bin present first
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-5
– bz1099206 more fixing. Let go fix its own timestamps and freshness
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-4
– fix the existence and alternatives of `go` and `gofmt`
* Mon May 19 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-3
– bz1099206 fix timestamp issue caused by koji builders
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-2
– more arch file shuffling
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-1
– update to go1.2.2
* Thu May 8 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-8
– RHEL6 rpm macros can’t %exlude missing files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-7
– missed two arch-dependent src files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-6
– put generated arch-dependent src in their respective RPMs
* Fri Apr 11 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-5
– skip test that is causing a SIGABRT on fc21 bz1086900
* Thu Apr 10 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-4
– fixing file and directory ownership bz1010713
* Wed Apr 9 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-3
– including more to macros (%go_arches)
– set a standard goroot as /usr/lib/golang, regardless of arch
– include sub-packages for compiler toolchains, for all golang supported architectures
* Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
– provide a system rpm macros. Starting with /usr/share/gocode
* Tue Mar 4 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
– Update to latest upstream
* Thu Feb 20 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-7
– Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent
versions of glibc and aren’t needed
* Wed Feb 19 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-6
– pull in upstream archive/tar implementation that supports xattr for
docker 0.8.1
* Tue Feb 18 2014 Vincent Batts <vbatts@redhat.com> 1.2-5
– provide ‘go’, so users can yum install ‘go’
* Fri Jan 24 2014 Vincent Batts <vbatts@redhat.com> 1.2-4
– skip a flaky test that is sporadically failing on the build server
* Thu Jan 16 2014 Vincent Batts <vbatts@redhat.com> 1.2-3
– remove golang-godoc dependency. cyclic dependency on compiling godoc
* Wed Dec 18 2013 Vincent Batts <vbatts@redhat.com> – 1.2-2
– removing P224 ECC curve
* Mon Dec 2 2013 Vincent Batts <vbatts@fedoraproject.org> – 1.2-1
– Update to upstream 1.2 release
– remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-8
– fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-7
– patch tests for testing on rawhide
– let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-6
– don’t symlink /usr/bin out to ../lib…, move the file
– seperate out godoc, to accomodate the go.tools godoc
* Fri Sep 20 2013 Adam Miller <maxamillion@fedoraproject.org> – 1.1.2-5
– Pull upstream patches for BZ#1010271
– Add glibc requirement that got dropped because of meta dep fix
* Fri Aug 30 2013 Adam Miller <maxamillion@fedoraproject.org> – 1.1.2-4
– fix the libc meta dependency (thanks to vbatts [at] redhat.com for the fix)
* Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> – 1.1.2-3
– Revert incorrect merged changelog
* Tue Aug 27 2013 Adam Miller <maxamillion@fedoraproject.org> – 1.1.2-2
– Update spec to fix changelog entries from bad merge
* Tue Aug 20 2013 Adam Miller <maxamillion@fedoraproject.org> – 1.1.2-1
– Update to latest upstream
* Wed Jul 10 2013 Adam Goode <adam@spicenitz.org> – 1.1.1-5
– Blacklist testdata files from prelink
– Again try to fix #973842
* Fri Jul 5 2013 Adam Goode <adam@spicenitz.org> – 1.1.1-4
– Move src to libdir for now (#973842) (upstream issue https://code.google.com/p/go/issues/detail?id=5830)
– Eliminate noarch data package to work around RPM bug (#975909)
– Try to add runtime-gdb.py to the gdb safe-path (#981356)
* Wed Jun 19 2013 Adam Goode <adam@spicenitz.org> – 1.1.1-3
– Use lua for pretrans (http://fedoraproject.org/wiki/Packaging:Guidelines#The_.25pretrans_scriptlet)
* Mon Jun 17 2013 Adam Goode <adam@spicenitz.org> – 1.1.1-2
– Hopefully really fix #973842
– Fix update from pre-1.1.1 (#974840)
* Thu Jun 13 2013 Adam Goode <adam@spicenitz.org> – 1.1.1-1
– Update to 1.1.1
– Fix basically useless package (#973842)
* Sat May 25 2013 Dan Horák <dan[at]danny.cz> – 1.1-3
– set ExclusiveArch
——————————————————————————–
References:

[ 1 ] Bug #1147324 – CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update golang’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-12077
2014-10-03 03:04:55
——————————————————————————–

Name : golang
Product : Fedora 20
Version : 1.3.3
Release : 1.fc20
URL : http://golang.org/
Summary : The Go Programming Language
Description :
The Go Programming Language.

——————————————————————————–
Update Information:

update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
——————————————————————————–
ChangeLog:

* Wed Oct 1 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.3.3-1
– update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.3.2-1
– update to go1.3.2 (bz1147324)
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-22
– more work to get cgo.a timestamps to line up, due to build-env
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-21
– touch cgo.a regardless
* Wed Aug 13 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-20
– rpm dependency ordering for %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-19
– finally check for a Stale cgo in a %post
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-18
– explicitly list all the files and directories for the packages trees
* Tue Aug 12 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-17
– explicitly list all the files and directories of the src tree, to preserve timestamps
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-16
– touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-15
– make golang-src ‘noarch’ again, since that was not a fix, and takes up more space
* Mon Aug 11 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-14
– update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-13
– update timestamps of source during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-12
– set another version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-11
– set a version constraint on xemacs due to bz1127518
* Wed Aug 6 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-10
– make the source subpackage arch’ed, instead of noarch
* Tue Jul 15 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-9
– fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <vbatts@fedoraproject.org> – 1.2.2-8
– `go install std` requires gcc, to build cgo. bz1105901, bz1101508
* Wed May 21 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-7
– bz1099206 ghost files are not what is needed
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-6
– bz1099206 more fixing. The packages %post need golang-bin present first
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-5
– bz1099206 more fixing. Let go fix its own timestamps and freshness
* Tue May 20 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-4
– fix the existence and alternatives of `go` and `gofmt`
* Mon May 19 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-3
– bz1099206 fix timestamp issue caused by koji builders
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-2
– more arch file shuffling
* Fri May 9 2014 Vincent Batts <vbatts@redhat.com> 1.2.2-1
– update to go1.2.2
* Thu May 8 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-8
– RHEL6 rpm macros can’t %exlude missing files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-7
– missed two arch-dependent src files
* Wed May 7 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-6
– put generated arch-dependent src in their respective RPMs
* Fri Apr 11 2014 Vincent Batts <vbatts@redhat.com> 1.2.1-5
– skip test that is causing a SIGABRT on fc21 bz1086900
* Thu Apr 10 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-4
– fixing file and directory ownership bz1010713
* Wed Apr 9 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-3
– including more to macros (%go_arches)
– set a standard goroot as /usr/lib/golang, regardless of arch
– include sub-packages for compiler toolchains, for all golang supported architectures
* Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
– provide a system rpm macros. Starting with /usr/share/gocode
* Tue Mar 4 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
– Update to latest upstream
* Thu Feb 20 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-7
– Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent
versions of glibc and aren’t needed
* Wed Feb 19 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2-6
– pull in upstream archive/tar implementation that supports xattr for
docker 0.8.1
* Tue Feb 18 2014 Vincent Batts <vbatts@redhat.com> 1.2-5
– provide ‘go’, so users can yum install ‘go’
* Fri Jan 24 2014 Vincent Batts <vbatts@redhat.com> 1.2-4
– skip a flaky test that is sporadically failing on the build server
* Thu Jan 16 2014 Vincent Batts <vbatts@redhat.com> 1.2-3
– remove golang-godoc dependency. cyclic dependency on compiling godoc
* Wed Dec 18 2013 Vincent Batts <vbatts@redhat.com> – 1.2-2
– removing P224 ECC curve
* Mon Dec 2 2013 Vincent Batts <vbatts@fedoraproject.org> – 1.2-1
– Update to upstream 1.2 release
– remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-8
– fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-7
– patch tests for testing on rawhide
– let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts@redhat.com> – 1.1.2-6
– don’t symlink /usr/bin out to ../lib…, move the file
– seperate out godoc, to accomodate the go.tools godoc
——————————————————————————–
References:

[ 1 ] Bug #1147324 – CVE-2014-7189 golang: TLS client authentication issue fixed in version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update golang’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarko Stanec
Cert idNCERT-REF-2014-10-0007-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa mantis

Otkriven je sigurnosni nedostatak u programskom paketu mantis za operacijski sustav Fedora. Ako mantis koristi LDAP autentikaciju potencijalni napadači mogu...

Close