Description of the patch:
This update for go1.26 fixes the following issues
Update to go1.26.4 (bsc#1255111):
- CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450).
- CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader (bsc#1267442).
- CVE-2026-42507: net/textproto: arbitrary input are included in errors without any escaping (bsc#1267444).
Changes:
- go#79230 go#79217 boo#1267442 security: fix CVE-2026-42504 mime: quadratic complexity in WordDecoder.DecodeHeader
- go#79426 go#79346 boo#1267444 security: fix CVE-2026-42507 net/textproto: arbitrary input are included in errors
without any escaping
- go#79701 go#79694 boo#1267450 security: fix CVE-2026-27145 crypto/x509: split candidate hostname only once
- go#79191 cmd/compile: Bug in rewrite rules for AMD64 causes SHL instruction overflow and miscompilation
- go#79226 crypto/internal/fips140/drbg: backport CL 774221 to Go 1.26
- go#79349 cmd/fix: x/tools/go/analysis/passes/modernize: slicescontains hoists needle expression, changing side
effect count
- go#79686 runtime/race: change in 93a4f03 leads to a failed build on Amazon Linux 2 and arm64