SUSE has issued advisories on December 9: https://lists.suse.com/pipermail/sle-security-updates/2022-December/013213.html https://lists.suse.com/pipermail/sle-security-updates/2022-December/013214.html The issues are fixed upstream in 1.18.9 and 1.19.4: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.18.9 and 1.19.4
Equivalent openSUSE advisories: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GU4OZE2JVJHLAD3KAK44I2GU4E42YE4C/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GCK42IDQ5BR6MZE67LFX4VFQCTNNEKDJ/
Status: NEW => ASSIGNED
1.19.4 pushed to cauldron
1.18.9 pushed to mga8 updates_testing
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 1.18.9 and 1.19.4 => (none)Assignee: bruno => qa-bugs
golang-tests-1.18.9-1.mga8 golang-1.18.9-1.mga8 golang-misc-1.18.9-1.mga8 golang-docs-1.18.9-1.mga8 golang-src-1.18.9-1.mga8 golang-shared-1.18.9-1.mga8 golang-bin-1.18.9-1.mga8 from golang-1.18.9-1.mga8.src.rpm
Source RPM: golang-1.19.3-1.mga9.src.rpm, golang-1.18.8-1.mga8.src.rpm => golang-1.18.8-1.mga8.src.rpm
Mageia8, x86_64 Updated the seven packages: qarepo, drakrpm-update. Ran the docker build test. $ mgarepo co docker $ cd docker $ bm -s creating package list processing package %{origname}-%{moby_version}-%mkrel 1 building source package succeeded! $ sudo urpmi --buildrequires SPECS/docker.spec $ bm creating package list processing package %{origname}-%{moby_version}-%mkrel 1 building source and binary packages error: failed! Restarted from scratch in order to pinpoint the error: error: Bad exit status from /home/lcl/docker/BUILDROOT/rpm-tmp.4vNuzQ (%build) RPM build errors: Macro expanded in comment on line 43: %{shortcommit_moby} line 120: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-swarm line 122: It's not recommended to have unversioned Obsoletes: Obsoletes: docker-vim Bad exit status from /home/lcl/docker/BUILDROOT/rpm-tmp.4vNuzQ (%build) error: failed! Possibly the same point at which the previous golang candidate failed. Falling back to Herman's last test. Copied the contents of /usr/lib/golang/src/time/tzdata to a local directory and modified ownership and executable properties of the three files. $ /usr/lib/golang/lib/time/update.bash This generated a lot of data but finished with: open zipdata.go: permission denied exit status 1 Changed the permissions on zipdata.go and ran the command under sudo. $ sudo chmod 1755 zipdata.go $ ll zipdata.go --rwxr-xr-t 1 lcl lcl 1412372 Dec 13 11:10 zipdata.go* $ sudo /usr/lib/golang/lib/time/update.bash [...] adding: Zulu (stored 0%) New time zone files in zoneinfo.zip. $ ll zoneinfo.zip -rw-r--r-- 1 root root 425837 Dec 13 11:20 zoneinfo.zip Messy, but it worked. Passing this.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0473.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED