diff --git a/SPECS/golang/golang-1.23.spec b/SPECS/golang/golang-1.23.spec index cc48eed4a70..de0dda4d1e9 100644 --- a/SPECS/golang/golang-1.23.spec +++ b/SPECS/golang/golang-1.23.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.23.12 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -99,6 +99,10 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + + %install mkdir -p %{buildroot}%{_bindir} @@ -154,6 +158,9 @@ fi %{_bindir}/* %changelog +* Fri May 29 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.2-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Wed Aug 06 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.23.12-1 - Bump version to 1.23.12-1 diff --git a/SPECS/golang/golang-1.24.spec b/SPECS/golang/golang-1.24.spec index 88eb74c7430..217ba959f3a 100644 --- a/SPECS/golang/golang-1.24.spec +++ b/SPECS/golang/golang-1.24.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.24.13 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,10 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + + %install mkdir -p %{buildroot}%{_bindir} @@ -160,6 +164,9 @@ fi %{_bindir}/* %changelog +* Fri May 29 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.2-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Thu Feb 05 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.24.13-1 - Bump version to 1.24.13-1 diff --git a/SPECS/golang/golang-1.25.spec b/SPECS/golang/golang-1.25.spec index 84265e79f9e..80f2e59d1a2 100644 --- a/SPECS/golang/golang-1.25.spec +++ b/SPECS/golang/golang-1.25.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.25.9 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,10 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + + %install mkdir -p %{buildroot}%{_bindir} @@ -160,6 +164,9 @@ fi %{_bindir}/* %changelog +* Fri May 29 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.2-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Wed Apr 08 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.25.9-1 - Bump version to 1.25.9-1 diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 233da5024dd..5ba0491dc68 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.26.2 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -111,6 +111,9 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + %install mkdir -p %{buildroot}%{_bindir} @@ -166,6 +169,10 @@ fi %{_bindir}/* %changelog + +* Fri May 29 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.2-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Wed Apr 08 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.26.2-1 - Bump version to 1.26.2-1