From 8753288be80fa8c7abd09fc3fedcc55d4b3c56e1 Mon Sep 17 00:00:00 2001 From: "amit.GitGud" Date: Thu, 4 Jun 2026 12:39:01 -0400 Subject: [PATCH 1/4] Removed the final bootstrap04 from the golang spec.. --- SPECS/golang/golang-1.23.spec | 8 +++++++- SPECS/golang/golang-1.24.spec | 8 +++++++- SPECS/golang/golang-1.25.spec | 8 +++++++- SPECS/golang/golang.spec | 8 +++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/SPECS/golang/golang-1.23.spec b/SPECS/golang/golang-1.23.spec index cc48eed4a70..4c0ceb54888 100644 --- a/SPECS/golang/golang-1.23.spec +++ b/SPECS/golang/golang-1.23.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.23.12 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -99,6 +99,9 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + %install mkdir -p %{buildroot}%{_bindir} @@ -154,6 +157,9 @@ fi %{_bindir}/* %changelog +* Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.23.12-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Wed Aug 06 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.23.12-1 - Bump version to 1.23.12-1 diff --git a/SPECS/golang/golang-1.24.spec b/SPECS/golang/golang-1.24.spec index 88eb74c7430..f7ab960da94 100644 --- a/SPECS/golang/golang-1.24.spec +++ b/SPECS/golang/golang-1.24.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.24.13 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,9 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + %install mkdir -p %{buildroot}%{_bindir} @@ -160,6 +163,9 @@ fi %{_bindir}/* %changelog +* Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.24.13-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Thu Feb 05 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.24.13-1 - Bump version to 1.24.13-1 diff --git a/SPECS/golang/golang-1.25.spec b/SPECS/golang/golang-1.25.spec index b05ec641991..18c43d34982 100644 --- a/SPECS/golang/golang-1.25.spec +++ b/SPECS/golang/golang-1.25.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.25.10 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,9 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + %install mkdir -p %{buildroot}%{_bindir} @@ -160,6 +163,9 @@ fi %{_bindir}/* %changelog +* Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.25.10-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Fri May 08 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.25.10-1 - Bump version to 1.25.10-1 diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 19160073479..f17d7f64412 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -15,7 +15,7 @@ Summary: Go Name: golang Version: 1.26.3 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-3-Clause Vendor: Microsoft Corporation Distribution: Azure Linux @@ -111,6 +111,9 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) +# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +rm -rf %{_libdir}/golang + %install mkdir -p %{buildroot}%{_bindir} @@ -166,6 +169,9 @@ fi %{_bindir}/* %changelog +* Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.3-2 +- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. + * Fri May 08 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.26.3-1 - Bump version to 1.26.3-1 From 62d77ac6cd17e2e39ab94917126a64724c4e25aa Mon Sep 17 00:00:00 2001 From: "amit.GitGud" Date: Thu, 4 Jun 2026 12:53:23 -0400 Subject: [PATCH 2/4] Fix comment formatting in golang.spec --- SPECS/golang/golang.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 6a6e7d363dc..5b03590d8d6 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -111,7 +111,7 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) -# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +# Nuke the final bootstrapper. Note: It is not used in any step under install, post, postrun rm -rf %{_libdir}/golang %install From 8ff57bf065d0b89c98520a75e674671dfaa87617 Mon Sep 17 00:00:00 2001 From: "amit.GitGud" Date: Fri, 5 Jun 2026 09:39:22 -0400 Subject: [PATCH 3/4] Update SPECS/golang/golang-1.23.spec Co-authored-by: Muhammad Falak R Wani --- SPECS/golang/golang-1.23.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/golang/golang-1.23.spec b/SPECS/golang/golang-1.23.spec index 4c0ceb54888..5b56c1a5b73 100644 --- a/SPECS/golang/golang-1.23.spec +++ b/SPECS/golang/golang-1.23.spec @@ -99,7 +99,7 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) -# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +# Nuke the final bootstrapper. Note: It is not used in any step under install, post, postrun rm -rf %{_libdir}/golang %install From f2ea6f5aee6fe2398e7e982e038441a4d7d33699 Mon Sep 17 00:00:00 2001 From: "amit.GitGud" Date: Fri, 5 Jun 2026 09:44:23 -0400 Subject: [PATCH 4/4] Addressing the comment to not explicitly name bootstrap04 for future proofing --- SPECS/golang/golang-1.23.spec | 2 +- SPECS/golang/golang-1.24.spec | 4 ++-- SPECS/golang/golang-1.25.spec | 4 ++-- SPECS/golang/golang.spec | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/SPECS/golang/golang-1.23.spec b/SPECS/golang/golang-1.23.spec index 5b56c1a5b73..074937f164f 100644 --- a/SPECS/golang/golang-1.23.spec +++ b/SPECS/golang/golang-1.23.spec @@ -158,7 +158,7 @@ fi %changelog * Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.23.12-2 -- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. +- Remove the remaining final bootstrap component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. * Wed Aug 06 2025 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.23.12-1 - Bump version to 1.23.12-1 diff --git a/SPECS/golang/golang-1.24.spec b/SPECS/golang/golang-1.24.spec index f7ab960da94..6aa9f3cb9b5 100644 --- a/SPECS/golang/golang-1.24.spec +++ b/SPECS/golang/golang-1.24.spec @@ -105,7 +105,7 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) -# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +# Nuke the final bootstrapper. Note: It is not used in any step under install, post, postrun rm -rf %{_libdir}/golang %install @@ -164,7 +164,7 @@ fi %changelog * Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.24.13-2 -- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. +- Remove the remaining final bootstrap component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. * Thu Feb 05 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.24.13-1 - Bump version to 1.24.13-1 diff --git a/SPECS/golang/golang-1.25.spec b/SPECS/golang/golang-1.25.spec index e0a1ef51576..e536df5ea5b 100644 --- a/SPECS/golang/golang-1.25.spec +++ b/SPECS/golang/golang-1.25.spec @@ -105,7 +105,7 @@ rm -f %{gopath}/src/runtime/*.c ./make.bash --no-clean ) -# Nuke the final bootstrapper 04. Note: It is not used in any step under install, post, postrun +# Nuke the final bootstrapper. Note: It is not used in any step under install, post, postrun rm -rf %{_libdir}/golang %install @@ -164,7 +164,7 @@ fi %changelog * Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.25.11-2 -- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. +- Remove the remaining final bootstrap component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. * Wed Jun 03 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.25.11-1 - Bump version to 1.25.11-1 diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec index 5b03590d8d6..63bf4349f13 100644 --- a/SPECS/golang/golang.spec +++ b/SPECS/golang/golang.spec @@ -170,7 +170,7 @@ fi %changelog * Thu June 04 2026 Amit Upadhyay amitupadhyay@microsoft.com - 1.26.4-2 -- Remove the remaining bootstrap04 component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. +- Remove the remaining final bootstrap component to reduce attack surface; the residual bootstrap artifact has had prior vulnerability exposure, so removing it is a security improvement. * Wed Jun 03 2026 bot-for-go[bot] <199222863+bot-for-go[bot]@users.noreply.github.com> - 1.26.4-1 - Bump version to 1.26.4-1