Rebuild git-lfs with new Golang. The only change is a
release bump from 11 to 12 to trigger a rebuild against
the updated Golang toolchain.
Dependency: golang
Resolves: RHEL-187191
This commit was created by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir
Add a minimal targeted patch (Patch3) to fix CVE-2026-39821 in the
vendored golang.org/x/net IDNA package. The patch adds an all-ASCII
rejection check in the process() method so that xn-- labels that
decode to pure ASCII are properly rejected with an A3 error. This
addresses a specification bug in UTS 46 (corrected in revision 33).
The upstream unicode16 version guard was intentionally removed since
RHEL 8 ships Go 1.21 with Unicode 15.0.0, ensuring the fix is
always active.
CVE: CVE-2026-39821
Upstream patches:
- 8c4c965e02.patch
Resolves: RHEL-183731
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir
Rebuild git-lfs against updated Golang to pick up
the latest fixes and improvements from the Go toolchain.
Dependency: golang
Resolves: RHEL-167541, RHEL-167379, RHEL-166518
This commit was created by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir