https://bugzilla.redhat.com/show_bug.cgi?id=1430567
Bug ID: 1430567
Summary: golang-github-opencontainers-specs-v1.0.0-rc5 is
available
Product: Fedora
Version: rawhide
Component: golang-github-opencontainers-specs
Keywords: FutureFeature, Triaged
Assignee: fpokorny(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: fpokorny(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, TicoTimo(a)gmail.com
Latest upstream release: v1.0.0-rc5
Current version/release in rawhide: 0.4.0-0.3.git3ce138b.fc26
URL: https://github.com/opencontainers/specs
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7499/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1445946
Bug ID: 1445946
Summary: OpenShift Origin 1.5.0 build on armv7hl produces a
runtime error with illegal instruction in resulting
binary
Product: Fedora
Version: rawhide
Component: golang
Assignee: vbatts(a)redhat.com
Reporter: admiller(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jcajka(a)redhat.com, lemenkov(a)gmail.com,
renich(a)woralelandia.com, s(a)shk.io,
ttomecek(a)redhat.com, vbatts(a)redhat.com
Description of problem:
Unable to build OpenShift Origin 1.5.0 on armv7hl, there's an utility component
called 'genman' which attempts to run during the build process but fails with a
runtime error (output below).
Version-Release number of selected component (if applicable):
golang-1.8.1-2.fc27.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Download https://maxamillion.fedorapeople.org/origin-1.5.0-1.fc25.src.rpm
2. koji build --scratch rawhide ./origin-1.5.0-1.fc25.src.rpm
3.
Actual results:
SIGILL: illegal instruction
PC=0x4f960 m=0 sigcode=1
goroutine 1 [running, locked to thread]:
runtime.semrelease(0x1d1730e0)
/usr/lib/golang/src/runtime/sema.go:164 +0x290 fp=0x1d111ac8
sp=0x1d111aa8
goroutine 17 [syscall, locked to thread]:
runtime.goexit()
/usr/lib/golang/src/runtime/asm_arm.s:1017 +0x4
goroutine 5 [chan receive]:
github.com/openshift/origin/vendor/github.com/golang/glog.(*loggingT).flush…
/builddir/build/BUILD/origin-031cbe45b7da52e19f0c0fae235776b38024517f/_output/local/go/src/github.com/openshift/origin/vendor/github.com/golang/glog/glog.go:879
+0x64
created by github.com/openshift/origin/vendor/github.com/golang/glog.init.1
/builddir/build/BUILD/origin-031cbe45b7da52e19f0c0fae235776b38024517f/_output/local/go/src/github.com/openshift/origin/vendor/github.com/golang/glog/glog.go:410
+0x1a0
goroutine 11 [syscall]:
os/signal.signal_recv(0x1cb93000)
/usr/lib/golang/src/runtime/sigqueue.go:116 +0x154
os/signal.loop()
/usr/lib/golang/src/os/signal/signal_unix.go:22 +0x14
created by os/signal.init.1
/usr/lib/golang/src/os/signal/signal_unix.go:28 +0x30
trap 0x6
error 0x0
oldmask 0x0
r0 0x90000000
r1 0x30000000
r2 0x9d07c172
r3 0x19040407
r4 0xffffffff
r5 0x9d07c172
r6 0x10c
r7 0x19040407
r8 0x9cedf00
r9 0x44
r10 0x1cb000f0
fp 0x10c
ip 0xffffffff
sp 0x1d111aa8
lr 0xb6e6196e
pc 0x4f960
cpsr 0xa0070030
fault 0x108
Expected results:
It would successfully build like all other architectures.
I have a koji scratch build here:
https://koji.fedoraproject.org/koji/taskinfo?taskID=19218028
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1465171
Bug ID: 1465171
Summary: atomicapp requires docker but docker is not available
on ppc64
Product: Fedora
Version: rawhide
Component: atomicapp
Assignee: vpavlin(a)redhat.com
Reporter: opensource(a)till.name
QA Contact: extras-qa(a)fedoraproject.org
CC: golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lmohanty(a)redhat.com,
vpavlin(a)redhat.com
Blocks: 1071880 (PPCTracker)
Tracking bug as required per
https://fedoraproject.org/wiki/Packaging:Guidelines#Architecture_Build_Fail…
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1071880
[Bug 1071880] (PPCTracker) Fedora for PowerPC architectures
(ppc64,ppc64le): Bug Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1460254
Bug ID: 1460254
Summary: golang 1.8.1 fails to build oci-register-machine
Product: Fedora
Version: rawhide
Component: golang
Assignee: vbatts(a)redhat.com
Reporter: dan(a)danny.cz
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jcajka(a)redhat.com, lemenkov(a)gmail.com,
renich(a)woralelandia.com, s(a)shk.io,
ttomecek(a)redhat.com, vbatts(a)redhat.com
Blocks: 467765 (ZedoraTracker)
golang 1.8.1 fails to rebuild the oci-register-machine package due
...
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.u0ec4f
+ umask 022
+ cd /builddir/build/BUILD
+ cd oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1
+ mkdir -p src/github.com/projectatomic
+ ln -s ../../../ src/github.com/projectatomic/oci-register-machine
++ pwd
+ export
GOPATH=/builddir/build/BUILD/oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1:/usr/share/gocode
+
GOPATH=/builddir/build/BUILD/oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1:/usr/share/gocode
+ make -j2
GOPATH=$GOPATH:/usr/share/gocode go build -a -ldflags " -B
0x77a6d4ab6a395ddbb703bbeb833479ff025e62b2" -o oci-register-machine
go-md2man -in "oci-register-machine.1.md" -out "oci-register-machine.1"
sed -i 's|$HOOKSDIR|/usr/libexec/oci/hooks.d|' oci-register-machine.1
#
_/builddir/build/BUILD/oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1
L0: $WORK/runtime/cgo.a(_all.o): sym#625: ignoring symbol in section 17 (type
0)
L0: $WORK/runtime/cgo.a(_all.o): sym#626: ignoring symbol in section 17 (type
0)
L0: $WORK/runtime/cgo.a(_all.o): sym#627: ignoring symbol in section 17 (type
0)
RPM build errors:
make: *** [Makefile:25: oci-register-machine] Error 2
for full logs see https://koji.fedoraproject.org/koji/taskinfo?taskID=19927556
can be reproduced locally (after "fedpkg prep") with
[sharkcz@devel3 oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1]$
export
GOPATH=/home/sharkcz/oci-register-machine/oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1:/usr/share/gocode
[sharkcz@devel3 oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1]$
make build
GOPATH=$GOPATH:/usr/share/gocode go build -a -ldflags " -B
0xfa783c231ce95bd7ebbc24bade68c14aeaf7f94e" -o oci-register-machine
#
_/home/sharkcz/oci-register-machine/oci-register-machine-bb20b00165c008f473ee09163cdb7db66faa00b1
L0: $WORK/runtime/cgo.a(_all.o): sym#624: ignoring symbol in section 17 (type
0)
L0: $WORK/runtime/cgo.a(_all.o): sym#625: ignoring symbol in section 17 (type
0)
L0: $WORK/runtime/cgo.a(_all.o): sym#626: ignoring symbol in section 17 (type
0)
make: *** [Makefile:25: oci-register-machine] Error 2
Version-Release number of selected component (if applicable):
golang-1.8.1-2.fc26.s390x
golang-1.8.1-2.fc27.s390x
Additional information:
Seems the previous build in s390 koji using golang-1.8-0.rc3.2.fc26 .s390x was
successful.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=467765
[Bug 467765] Fedora for System z (s390): Bug Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1472610
Bug ID: 1472610
Summary: gofed-debuginfo-1.0.0-0.10.rc1 is missing sources
Product: Fedora
Version: rawhide
Component: gofed
Keywords: Regression
Assignee: jchaloup(a)redhat.com
Reporter: ville.skytta(a)iki.fi
QA Contact: extras-qa(a)fedoraproject.org
CC: fale(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com
Blocks: 496968 (DebugInfo)
gofed-debuginfo-1.0.0-0.10.rc1 is missing sources. 1.0.0-0.9.rc1 did not have
this problem.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=496968
[Bug 496968] Tracking bug for packages with debuginfo problems
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1439751
Bug ID: 1439751
Summary: CVE-2017-3204 golang: Go SSH library does not verify
host keys by default [fedora-all]
Product: Fedora
Version: 25
Component: golang
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: vbatts(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jcajka(a)redhat.com, lemenkov(a)gmail.com,
renich(a)woralelandia.com, s(a)shk.io, vbatts(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1474893
Bug ID: 1474893
Summary: CVE-2017-11468 docker-distribution: Does not properly
restrict the amount of content accepted from a user
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: admiller(a)redhat.com, fkluknav(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
marianne(a)tuxette.fr
Docker Registry in Docker Distribution does not properly restrict the amount of
content accepted from a user, which allows remote attackers to cause a denial
of service (memory consumption) via the manifest endpoint.
Upstream patch:
https://github.com/docker/distribution/commit/29fa466debaabb64f8559116bbffd…
References:
https://github.com/docker/distribution/releases/tag/v2.6.2
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1474894
Bug ID: 1474894
Summary: CVE-2017-11468 docker-distribution: Does not properly
restrict the amount of content accepted from a user
[fedora-all]
Product: Fedora
Version: 26
Component: docker-distribution
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lsm5(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, fkluknav(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com, lsm5(a)redhat.com,
marianne(a)tuxette.fr
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1466542
Bug ID: 1466542
Summary: golang-github-coreos-go-iptables-v0.2.0 is available
Product: Fedora
Version: rawhide
Component: golang-github-coreos-go-iptables
Keywords: FutureFeature, Triaged
Assignee: fpokorny(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: fpokorny(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jchaloup(a)redhat.com
Latest upstream release: v0.2.0
Current version/release in rawhide: 0-0.7.gitfbb7337.fc26
URL: https://github.com/coreos/go-iptables
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7384/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1401985
Bug ID: 1401985
Summary: golang: net/http: multipart ReadForm close file after
copy
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
aortega(a)redhat.com, apevec(a)redhat.com,
ayoung(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, chrisw(a)redhat.com,
cvsbot-xmlrpc(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
golang-updates(a)lists.fedoraproject.org,
jcajka(a)redhat.com, jgoulding(a)redhat.com,
jialiu(a)redhat.com, jkeck(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jschluet(a)redhat.com, kbasil(a)redhat.com,
kseifried(a)redhat.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, lmeyer(a)redhat.com, lpeer(a)redhat.com,
markmc(a)redhat.com, mmccomas(a)redhat.com,
rbryant(a)redhat.com, renich(a)woralelandia.com,
rhs-bugs(a)redhat.com, sclewis(a)redhat.com,
sgirijan(a)redhat.com, sisharma(a)redhat.com,
smohan(a)redhat.com, srevivo(a)redhat.com,
ssaha(a)redhat.com, s(a)shk.io,
storage-qa-internal(a)redhat.com, tdawson(a)redhat.com,
tdecacqu(a)redhat.com, vbatts(a)redhat.com,
vbellur(a)redhat.com
The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit. It was possible for an attacker to generate a multipart request crafted
such that the server ran out of file descriptors.
Upstream bug:
https://github.com/golang/go/issues/17965
Upstream patch:
https://go-review.googlesource.com/#/c/30410/
External Reference:
https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
--
You are receiving this mail because:
You are on the CC list for the bug.