Sync from SUSE:ALP:Source:Standard:1.0 go1.18-openssl revision 7180eba8e4043a58324d5c6f50150a19
This commit is contained in:
commit
a2cbd465e1
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
120
README.SUSE
Normal file
120
README.SUSE
Normal file
@ -0,0 +1,120 @@
|
||||
Updated: 05.05.2012
|
||||
Authors: Graham Anderson, <graham@andtech.eu>
|
||||
|
||||
|
||||
PROJECT DETAILS
|
||||
---------------
|
||||
|
||||
OBS: https://build.opensuse.org/project/show?project=devel:languages:go
|
||||
|
||||
Maintainers: Sascha Peilicke (saschpe),
|
||||
Graham Anderson (andtecheu)
|
||||
|
||||
Wiki: http://en.opensuse.org/Go
|
||||
http://en.opensuse.org/openSUSE:Packaging_Go
|
||||
|
||||
|
||||
GENERAL NOTES
|
||||
-------------
|
||||
|
||||
Go toolchain environmental variables are configured via go.sh, which is
|
||||
installed to /etc/profile.d/go.sh
|
||||
|
||||
Packaging guidelines and an RPM spec file recipe for packaging third party Go
|
||||
libraries can be found on the openSUSE wiki:
|
||||
|
||||
http://en.opensuse.org/openSUSE:Packaging_Go
|
||||
|
||||
The openSUSE go package uses the standard Go distribution toolchain, with a
|
||||
a small patchset to modify a few of the toolchain commands to suit our
|
||||
environment and packaging needs.
|
||||
|
||||
This means that many of the standard go toolchain commands are not inside a
|
||||
users PATH, but rather are invoked and used via the "go" command. Should you
|
||||
wish to script or manually use the commands, the install location on a 64 bit
|
||||
system is /usr/lib64/go/pkg/tool/linux_amd64
|
||||
|
||||
The "go" tool, the "godoc" document server are inside a users PATH.
|
||||
|
||||
We currently don't support the gccgo implementation, this is not for
|
||||
any other reason than contributer and maintainer time constraints.
|
||||
|
||||
|
||||
GO DOCUMENTATION
|
||||
----------------
|
||||
|
||||
As of yet, there are no man pages for the standard Go distribution toolchain,
|
||||
please see the documentation provided by the "godoc" command. Man pages are
|
||||
slated to be included in the release in future.
|
||||
|
||||
One of the diffs from the maintained patchset adds the distro specific doc and
|
||||
source file locations of the *-doc RPM packages to the virtual filesystem of
|
||||
the "godoc" documentation server. That is to say, as long as packages follow
|
||||
the Go packaging guidelines, API and other documentation should always be
|
||||
available via the godoc server if the packages "doc" RPM is installed.
|
||||
|
||||
|
||||
PACKAGE INSTALL LOCATIONS
|
||||
-------------------------
|
||||
|
||||
Go standard library packages are installed to a location in $GOROOT, which is
|
||||
defined as /usr/lib64/go on 64bit systems.
|
||||
|
||||
Third party package binaries are installed to the default system wide
|
||||
$GOPATH entry. On 64bit systems the location /usr/lib64/go/contrib is used.
|
||||
This is specified in the macros.go RPM macro definition file that is part of
|
||||
the main Go package and is used for packaging most third party Go libraries.
|
||||
|
||||
The reasons binary packages are installed to a GOPATH entry instead of GOROOT
|
||||
are mainly to do with how the Go toolchain prioritises and behaves with
|
||||
packages installed to the same location as the Go std library.
|
||||
|
||||
By installing third party packages to a system-wide GOPATH entry location,
|
||||
we can ensure that no packages clobber the standard library namespace or file
|
||||
tree. Additionally we can support binary only packages, which as of Go 1.1
|
||||
will only be supported outside of the $GOROOT.
|
||||
|
||||
There are additional benefits to this location; such as allowing users and
|
||||
developers to prioritise linking from their own user defined GOPATH, which
|
||||
defaults to $HOME/go configured via /etc/profile.d/go.sh config. This has
|
||||
particular benefit for development workflows.
|
||||
|
||||
For Go 1.1 and beyond, building and linking with binary only pacakges will
|
||||
only be supported with the following caveat. Package source code must not
|
||||
exist in the same GOPATH segment as the binary package .a archive file.
|
||||
|
||||
If both the binary archive (.a) and the package source are installed to the
|
||||
same GOPATH segment, then the "go build" or "go install" command will
|
||||
prioritise building the software using package sources before using package
|
||||
binary archives. A side effect of this is that is actually possible to have
|
||||
source code only third party packages.
|
||||
|
||||
To summarise the priority of binary package linking and building:
|
||||
|
||||
1. Any source files or binary packages in $GOROOT are considered first. Any
|
||||
binary packages in $GOROOT that are considered "stale" by the build tools
|
||||
are ignored in favour of the package source.
|
||||
|
||||
2. $GOPATH is considered next for import statements. GOPATH is a colon
|
||||
delimited list of paths. GOPATH segments are examined by the build tools
|
||||
in a FIFO manner, left to right.
|
||||
|
||||
Both a system wide and a user GOPATH segment are configured by default,
|
||||
the user GOPATH segment takes priority over the system segment to allow
|
||||
flexibility for development workflows.
|
||||
|
||||
The default user GOPATH is:
|
||||
|
||||
GOPATH=$HOME/go:$GOROOT/contrib
|
||||
|
||||
The default root user GOPATH is:
|
||||
|
||||
GOPATH=$GOROOT/contrib
|
||||
|
||||
3. For Go < 1.1, If both the source and binary archive is available for a
|
||||
package import in the same GOPATH segment, the binary archive will take
|
||||
precedence and will be linked during compilation.
|
||||
|
||||
For Go >= 1.1 If the package source is avaiable in the GOPATH segment, it
|
||||
will always be used in preference to the binary
|
||||
|
7
_constraints
Normal file
7
_constraints
Normal file
@ -0,0 +1,7 @@
|
||||
<constraints>
|
||||
<hardware>
|
||||
<disk>
|
||||
<size unit="G">5</size>
|
||||
</disk>
|
||||
</hardware>
|
||||
</constraints>
|
18
_service
Normal file
18
_service
Normal file
@ -0,0 +1,18 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/golang-fips/go.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="revision">go1.18.10-1-openssl-fips</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
<param name="versionrewrite-pattern">go([0-9\.]+)-([0-9])-openssl-fips</param>
|
||||
<param name="versionrewrite-replacement">\1.\2</param>
|
||||
</service>
|
||||
<service name="set_version" mode="disabled">
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="file">go*.tar</param>
|
||||
<param name="compression">gz</param>
|
||||
</service>
|
||||
</services>
|
4
_servicedata
Normal file
4
_servicedata
Normal file
@ -0,0 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/golang-fips/go.git</param>
|
||||
<param name="changesrevision">7311cdf4f66997a4903d88fccab241b9b1306678</param></service></servicedata>
|
2392
bsc1208491-41724.patch
Normal file
2392
bsc1208491-41724.patch
Normal file
File diff suppressed because it is too large
Load Diff
641
bsc1208491-41725.patch
Normal file
641
bsc1208491-41725.patch
Normal file
@ -0,0 +1,641 @@
|
||||
From 5c55ac9bf1e5f779220294c843526536605f42ab Mon Sep 17 00:00:00 2001
|
||||
From: Damien Neil <dneil@google.com>
|
||||
Date: Wed, 25 Jan 2023 09:27:01 -0800
|
||||
Subject: [PATCH] [release-branch.go1.19] mime/multipart: limit memory/inode
|
||||
consumption of ReadForm
|
||||
|
||||
Reader.ReadForm is documented as storing "up to maxMemory bytes + 10MB"
|
||||
in memory. Parsed forms can consume substantially more memory than
|
||||
this limit, since ReadForm does not account for map entry overhead
|
||||
and MIME headers.
|
||||
|
||||
In addition, while the amount of disk memory consumed by ReadForm can
|
||||
be constrained by limiting the size of the parsed input, ReadForm will
|
||||
create one temporary file per form part stored on disk, potentially
|
||||
consuming a large number of inodes.
|
||||
|
||||
Update ReadForm's memory accounting to include part names,
|
||||
MIME headers, and map entry overhead.
|
||||
|
||||
Update ReadForm to store all on-disk file parts in a single
|
||||
temporary file.
|
||||
|
||||
Files returned by FileHeader.Open are documented as having a concrete
|
||||
type of *os.File when a file is stored on disk. The change to use a
|
||||
single temporary file for all parts means that this is no longer the
|
||||
case when a form contains more than a single file part stored on disk.
|
||||
|
||||
The previous behavior of storing each file part in a separate disk
|
||||
file may be reenabled with GODEBUG=multipartfiles=distinct.
|
||||
|
||||
Update Reader.NextPart and Reader.NextRawPart to set a 10MiB cap
|
||||
on the size of MIME headers.
|
||||
|
||||
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
|
||||
|
||||
Updates #58006
|
||||
Fixes #58362
|
||||
Fixes CVE-2022-41725
|
||||
|
||||
Change-Id: Ibd780a6c4c83ac8bcfd3cbe344f042e9940f2eab
|
||||
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1714276
|
||||
Reviewed-by: Julie Qiu <julieqiu@google.com>
|
||||
TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com>
|
||||
Reviewed-by: Roland Shoemaker <bracewell@google.com>
|
||||
Run-TryBot: Damien Neil <dneil@google.com>
|
||||
(cherry picked from commit ed4664330edcd91b24914c9371c377c132dbce8c)
|
||||
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728949
|
||||
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
|
||||
Run-TryBot: Roland Shoemaker <bracewell@google.com>
|
||||
Reviewed-by: Damien Neil <dneil@google.com>
|
||||
Reviewed-on: https://go-review.googlesource.com/c/go/+/468116
|
||||
TryBot-Result: Gopher Robot <gobot@golang.org>
|
||||
Reviewed-by: Than McIntosh <thanm@google.com>
|
||||
Run-TryBot: Michael Pratt <mpratt@google.com>
|
||||
Auto-Submit: Michael Pratt <mpratt@google.com>
|
||||
---
|
||||
src/mime/multipart/formdata.go | 132 ++++++++++++++++++++-----
|
||||
src/mime/multipart/formdata_test.go | 140 ++++++++++++++++++++++++++-
|
||||
src/mime/multipart/multipart.go | 25 +++--
|
||||
src/mime/multipart/readmimeheader.go | 14 +++
|
||||
src/net/http/request_test.go | 2 +-
|
||||
src/net/textproto/reader.go | 20 +++-
|
||||
6 files changed, 295 insertions(+), 38 deletions(-)
|
||||
create mode 100644 src/mime/multipart/readmimeheader.go
|
||||
|
||||
Index: go/src/mime/multipart/formdata.go
|
||||
===================================================================
|
||||
--- go.orig/src/mime/multipart/formdata.go
|
||||
+++ go/src/mime/multipart/formdata.go
|
||||
@@ -7,6 +7,7 @@ package multipart
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
+ "internal/godebug"
|
||||
"io"
|
||||
"math"
|
||||
"net/textproto"
|
||||
@@ -33,23 +34,58 @@ func (r *Reader) ReadForm(maxMemory int6
|
||||
|
||||
func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) {
|
||||
form := &Form{make(map[string][]string), make(map[string][]*FileHeader)}
|
||||
+ var (
|
||||
+ file *os.File
|
||||
+ fileOff int64
|
||||
+ )
|
||||
+ numDiskFiles := 0
|
||||
+ multipartFiles := godebug.Get("multipartfiles")
|
||||
+ combineFiles := multipartFiles != "distinct"
|
||||
defer func() {
|
||||
+ if file != nil {
|
||||
+ if cerr := file.Close(); err == nil {
|
||||
+ err = cerr
|
||||
+ }
|
||||
+ }
|
||||
+ if combineFiles && numDiskFiles > 1 {
|
||||
+ for _, fhs := range form.File {
|
||||
+ for _, fh := range fhs {
|
||||
+ fh.tmpshared = true
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
if err != nil {
|
||||
form.RemoveAll()
|
||||
+ if file != nil {
|
||||
+ os.Remove(file.Name())
|
||||
+ }
|
||||
}
|
||||
}()
|
||||
|
||||
- // Reserve an additional 10 MB for non-file parts.
|
||||
- maxValueBytes := maxMemory + int64(10<<20)
|
||||
- if maxValueBytes <= 0 {
|
||||
+ // maxFileMemoryBytes is the maximum bytes of file data we will store in memory.
|
||||
+ // Data past this limit is written to disk.
|
||||
+ // This limit strictly applies to content, not metadata (filenames, MIME headers, etc.),
|
||||
+ // since metadata is always stored in memory, not disk.
|
||||
+ //
|
||||
+ // maxMemoryBytes is the maximum bytes we will store in memory, including file content,
|
||||
+ // non-file part values, metdata, and map entry overhead.
|
||||
+ //
|
||||
+ // We reserve an additional 10 MB in maxMemoryBytes for non-file data.
|
||||
+ //
|
||||
+ // The relationship between these parameters, as well as the overly-large and
|
||||
+ // unconfigurable 10 MB added on to maxMemory, is unfortunate but difficult to change
|
||||
+ // within the constraints of the API as documented.
|
||||
+ maxFileMemoryBytes := maxMemory
|
||||
+ maxMemoryBytes := maxMemory + int64(10<<20)
|
||||
+ if maxMemoryBytes <= 0 {
|
||||
if maxMemory < 0 {
|
||||
- maxValueBytes = 0
|
||||
+ maxMemoryBytes = 0
|
||||
} else {
|
||||
- maxValueBytes = math.MaxInt64
|
||||
+ maxMemoryBytes = math.MaxInt64
|
||||
}
|
||||
}
|
||||
for {
|
||||
- p, err := r.NextPart()
|
||||
+ p, err := r.nextPart(false, maxMemoryBytes)
|
||||
if err == io.EOF {
|
||||
break
|
||||
}
|
||||
@@ -63,16 +99,27 @@ func (r *Reader) readForm(maxMemory int6
|
||||
}
|
||||
filename := p.FileName()
|
||||
|
||||
+ // Multiple values for the same key (one map entry, longer slice) are cheaper
|
||||
+ // than the same number of values for different keys (many map entries), but
|
||||
+ // using a consistent per-value cost for overhead is simpler.
|
||||
+ maxMemoryBytes -= int64(len(name))
|
||||
+ maxMemoryBytes -= 100 // map overhead
|
||||
+ if maxMemoryBytes < 0 {
|
||||
+ // We can't actually take this path, since nextPart would already have
|
||||
+ // rejected the MIME headers for being too large. Check anyway.
|
||||
+ return nil, ErrMessageTooLarge
|
||||
+ }
|
||||
+
|
||||
var b bytes.Buffer
|
||||
|
||||
if filename == "" {
|
||||
// value, store as string in memory
|
||||
- n, err := io.CopyN(&b, p, maxValueBytes+1)
|
||||
+ n, err := io.CopyN(&b, p, maxMemoryBytes+1)
|
||||
if err != nil && err != io.EOF {
|
||||
return nil, err
|
||||
}
|
||||
- maxValueBytes -= n
|
||||
- if maxValueBytes < 0 {
|
||||
+ maxMemoryBytes -= n
|
||||
+ if maxMemoryBytes < 0 {
|
||||
return nil, ErrMessageTooLarge
|
||||
}
|
||||
form.Value[name] = append(form.Value[name], b.String())
|
||||
@@ -80,35 +127,45 @@ func (r *Reader) readForm(maxMemory int6
|
||||
}
|
||||
|
||||
// file, store in memory or on disk
|
||||
+ maxMemoryBytes -= mimeHeaderSize(p.Header)
|
||||
+ if maxMemoryBytes < 0 {
|
||||
+ return nil, ErrMessageTooLarge
|
||||
+ }
|
||||
fh := &FileHeader{
|
||||
Filename: filename,
|
||||
Header: p.Header,
|
||||
}
|
||||
- n, err := io.CopyN(&b, p, maxMemory+1)
|
||||
+ n, err := io.CopyN(&b, p, maxFileMemoryBytes+1)
|
||||
if err != nil && err != io.EOF {
|
||||
return nil, err
|
||||
}
|
||||
- if n > maxMemory {
|
||||
- // too big, write to disk and flush buffer
|
||||
- file, err := os.CreateTemp("", "multipart-")
|
||||
- if err != nil {
|
||||
- return nil, err
|
||||
+ if n > maxFileMemoryBytes {
|
||||
+ if file == nil {
|
||||
+ file, err = os.CreateTemp(r.tempDir, "multipart-")
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
}
|
||||
+ numDiskFiles++
|
||||
size, err := io.Copy(file, io.MultiReader(&b, p))
|
||||
- if cerr := file.Close(); err == nil {
|
||||
- err = cerr
|
||||
- }
|
||||
if err != nil {
|
||||
- os.Remove(file.Name())
|
||||
return nil, err
|
||||
}
|
||||
fh.tmpfile = file.Name()
|
||||
fh.Size = size
|
||||
+ fh.tmpoff = fileOff
|
||||
+ fileOff += size
|
||||
+ if !combineFiles {
|
||||
+ if err := file.Close(); err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+ file = nil
|
||||
+ }
|
||||
} else {
|
||||
fh.content = b.Bytes()
|
||||
fh.Size = int64(len(fh.content))
|
||||
- maxMemory -= n
|
||||
- maxValueBytes -= n
|
||||
+ maxFileMemoryBytes -= n
|
||||
+ maxMemoryBytes -= n
|
||||
}
|
||||
form.File[name] = append(form.File[name], fh)
|
||||
}
|
||||
@@ -116,6 +173,17 @@ func (r *Reader) readForm(maxMemory int6
|
||||
return form, nil
|
||||
}
|
||||
|
||||
+func mimeHeaderSize(h textproto.MIMEHeader) (size int64) {
|
||||
+ for k, vs := range h {
|
||||
+ size += int64(len(k))
|
||||
+ size += 100 // map entry overhead
|
||||
+ for _, v := range vs {
|
||||
+ size += int64(len(v))
|
||||
+ }
|
||||
+ }
|
||||
+ return size
|
||||
+}
|
||||
+
|
||||
// Form is a parsed multipart form.
|
||||
// Its File parts are stored either in memory or on disk,
|
||||
// and are accessible via the *FileHeader's Open method.
|
||||
@@ -133,7 +201,7 @@ func (f *Form) RemoveAll() error {
|
||||
for _, fh := range fhs {
|
||||
if fh.tmpfile != "" {
|
||||
e := os.Remove(fh.tmpfile)
|
||||
- if e != nil && err == nil {
|
||||
+ if e != nil && !errors.Is(e, os.ErrNotExist) && err == nil {
|
||||
err = e
|
||||
}
|
||||
}
|
||||
@@ -148,15 +216,25 @@ type FileHeader struct {
|
||||
Header textproto.MIMEHeader
|
||||
Size int64
|
||||
|
||||
- content []byte
|
||||
- tmpfile string
|
||||
+ content []byte
|
||||
+ tmpfile string
|
||||
+ tmpoff int64
|
||||
+ tmpshared bool
|
||||
}
|
||||
|
||||
// Open opens and returns the FileHeader's associated File.
|
||||
func (fh *FileHeader) Open() (File, error) {
|
||||
if b := fh.content; b != nil {
|
||||
r := io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b)))
|
||||
- return sectionReadCloser{r}, nil
|
||||
+ return sectionReadCloser{r, nil}, nil
|
||||
+ }
|
||||
+ if fh.tmpshared {
|
||||
+ f, err := os.Open(fh.tmpfile)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+ r := io.NewSectionReader(f, fh.tmpoff, fh.Size)
|
||||
+ return sectionReadCloser{r, f}, nil
|
||||
}
|
||||
return os.Open(fh.tmpfile)
|
||||
}
|
||||
@@ -175,8 +253,12 @@ type File interface {
|
||||
|
||||
type sectionReadCloser struct {
|
||||
*io.SectionReader
|
||||
+ io.Closer
|
||||
}
|
||||
|
||||
func (rc sectionReadCloser) Close() error {
|
||||
+ if rc.Closer != nil {
|
||||
+ return rc.Closer.Close()
|
||||
+ }
|
||||
return nil
|
||||
}
|
||||
Index: go/src/mime/multipart/formdata_test.go
|
||||
===================================================================
|
||||
--- go.orig/src/mime/multipart/formdata_test.go
|
||||
+++ go/src/mime/multipart/formdata_test.go
|
||||
@@ -6,8 +6,10 @@ package multipart
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
+ "fmt"
|
||||
"io"
|
||||
"math"
|
||||
+ "net/textproto"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -208,8 +210,8 @@ Content-Disposition: form-data; name="la
|
||||
maxMemory int64
|
||||
err error
|
||||
}{
|
||||
- {"smaller", 50, nil},
|
||||
- {"exact-fit", 25, nil},
|
||||
+ {"smaller", 50 + int64(len("largetext")) + 100, nil},
|
||||
+ {"exact-fit", 25 + int64(len("largetext")) + 100, nil},
|
||||
{"too-large", 0, ErrMessageTooLarge},
|
||||
}
|
||||
for _, tc := range testCases {
|
||||
@@ -224,7 +226,7 @@ Content-Disposition: form-data; name="la
|
||||
defer f.RemoveAll()
|
||||
}
|
||||
if tc.err != err {
|
||||
- t.Fatalf("ReadForm error - got: %v; expected: %v", tc.err, err)
|
||||
+ t.Fatalf("ReadForm error - got: %v; expected: %v", err, tc.err)
|
||||
}
|
||||
if err == nil {
|
||||
if g := f.Value["largetext"][0]; g != largeTextValue {
|
||||
@@ -234,3 +236,135 @@ Content-Disposition: form-data; name="la
|
||||
})
|
||||
}
|
||||
}
|
||||
+
|
||||
+// TestReadForm_MetadataTooLarge verifies that we account for the size of field names,
|
||||
+// MIME headers, and map entry overhead while limiting the memory consumption of parsed forms.
|
||||
+func TestReadForm_MetadataTooLarge(t *testing.T) {
|
||||
+ for _, test := range []struct {
|
||||
+ name string
|
||||
+ f func(*Writer)
|
||||
+ }{{
|
||||
+ name: "large name",
|
||||
+ f: func(fw *Writer) {
|
||||
+ name := strings.Repeat("a", 10<<20)
|
||||
+ w, _ := fw.CreateFormField(name)
|
||||
+ w.Write([]byte("value"))
|
||||
+ },
|
||||
+ }, {
|
||||
+ name: "large MIME header",
|
||||
+ f: func(fw *Writer) {
|
||||
+ h := make(textproto.MIMEHeader)
|
||||
+ h.Set("Content-Disposition", `form-data; name="a"`)
|
||||
+ h.Set("X-Foo", strings.Repeat("a", 10<<20))
|
||||
+ w, _ := fw.CreatePart(h)
|
||||
+ w.Write([]byte("value"))
|
||||
+ },
|
||||
+ }, {
|
||||
+ name: "many parts",
|
||||
+ f: func(fw *Writer) {
|
||||
+ for i := 0; i < 110000; i++ {
|
||||
+ w, _ := fw.CreateFormField("f")
|
||||
+ w.Write([]byte("v"))
|
||||
+ }
|
||||
+ },
|
||||
+ }} {
|
||||
+ t.Run(test.name, func(t *testing.T) {
|
||||
+ var buf bytes.Buffer
|
||||
+ fw := NewWriter(&buf)
|
||||
+ test.f(fw)
|
||||
+ if err := fw.Close(); err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ fr := NewReader(&buf, fw.Boundary())
|
||||
+ _, err := fr.ReadForm(0)
|
||||
+ if err != ErrMessageTooLarge {
|
||||
+ t.Errorf("fr.ReadForm() = %v, want ErrMessageTooLarge", err)
|
||||
+ }
|
||||
+ })
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+// TestReadForm_ManyFiles_Combined tests that a multipart form containing many files only
|
||||
+// results in a single on-disk file.
|
||||
+func TestReadForm_ManyFiles_Combined(t *testing.T) {
|
||||
+ const distinct = false
|
||||
+ testReadFormManyFiles(t, distinct)
|
||||
+}
|
||||
+
|
||||
+// TestReadForm_ManyFiles_Distinct tests that setting GODEBUG=multipartfiles=distinct
|
||||
+// results in every file in a multipart form being placed in a distinct on-disk file.
|
||||
+func TestReadForm_ManyFiles_Distinct(t *testing.T) {
|
||||
+ t.Setenv("GODEBUG", "multipartfiles=distinct")
|
||||
+ const distinct = true
|
||||
+ testReadFormManyFiles(t, distinct)
|
||||
+}
|
||||
+
|
||||
+func testReadFormManyFiles(t *testing.T, distinct bool) {
|
||||
+ var buf bytes.Buffer
|
||||
+ fw := NewWriter(&buf)
|
||||
+ const numFiles = 10
|
||||
+ for i := 0; i < numFiles; i++ {
|
||||
+ name := fmt.Sprint(i)
|
||||
+ w, err := fw.CreateFormFile(name, name)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ w.Write([]byte(name))
|
||||
+ }
|
||||
+ if err := fw.Close(); err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ fr := NewReader(&buf, fw.Boundary())
|
||||
+ fr.tempDir = t.TempDir()
|
||||
+ form, err := fr.ReadForm(0)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ for i := 0; i < numFiles; i++ {
|
||||
+ name := fmt.Sprint(i)
|
||||
+ if got := len(form.File[name]); got != 1 {
|
||||
+ t.Fatalf("form.File[%q] has %v entries, want 1", name, got)
|
||||
+ }
|
||||
+ fh := form.File[name][0]
|
||||
+ file, err := fh.Open()
|
||||
+ if err != nil {
|
||||
+ t.Fatalf("form.File[%q].Open() = %v", name, err)
|
||||
+ }
|
||||
+ if distinct {
|
||||
+ if _, ok := file.(*os.File); !ok {
|
||||
+ t.Fatalf("form.File[%q].Open: %T, want *os.File", name, file)
|
||||
+ }
|
||||
+ }
|
||||
+ got, err := io.ReadAll(file)
|
||||
+ file.Close()
|
||||
+ if string(got) != name || err != nil {
|
||||
+ t.Fatalf("read form.File[%q]: %q, %v; want %q, nil", name, string(got), err, name)
|
||||
+ }
|
||||
+ }
|
||||
+ dir, err := os.Open(fr.tempDir)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ defer dir.Close()
|
||||
+ names, err := dir.Readdirnames(0)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ wantNames := 1
|
||||
+ if distinct {
|
||||
+ wantNames = numFiles
|
||||
+ }
|
||||
+ if len(names) != wantNames {
|
||||
+ t.Fatalf("temp dir contains %v files; want 1", len(names))
|
||||
+ }
|
||||
+ if err := form.RemoveAll(); err != nil {
|
||||
+ t.Fatalf("form.RemoveAll() = %v", err)
|
||||
+ }
|
||||
+ names, err = dir.Readdirnames(0)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ if len(names) != 0 {
|
||||
+ t.Fatalf("temp dir contains %v files; want 0", len(names))
|
||||
+ }
|
||||
+}
|
||||
Index: go/src/mime/multipart/multipart.go
|
||||
===================================================================
|
||||
--- go.orig/src/mime/multipart/multipart.go
|
||||
+++ go/src/mime/multipart/multipart.go
|
||||
@@ -128,12 +128,12 @@ func (r *stickyErrorReader) Read(p []byt
|
||||
return n, r.err
|
||||
}
|
||||
|
||||
-func newPart(mr *Reader, rawPart bool) (*Part, error) {
|
||||
+func newPart(mr *Reader, rawPart bool, maxMIMEHeaderSize int64) (*Part, error) {
|
||||
bp := &Part{
|
||||
Header: make(map[string][]string),
|
||||
mr: mr,
|
||||
}
|
||||
- if err := bp.populateHeaders(); err != nil {
|
||||
+ if err := bp.populateHeaders(maxMIMEHeaderSize); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bp.r = partReader{bp}
|
||||
@@ -149,11 +149,15 @@ func newPart(mr *Reader, rawPart bool) (
|
||||
return bp, nil
|
||||
}
|
||||
|
||||
-func (bp *Part) populateHeaders() error {
|
||||
- r := textproto.NewReader(bp.mr.bufReader)
|
||||
- header, err := r.ReadMIMEHeader()
|
||||
+func (p *Part) populateHeaders(maxMIMEHeaderSize int64) error {
|
||||
+ r := textproto.NewReader(p.mr.bufReader)
|
||||
+ header, err := readMIMEHeader(r, maxMIMEHeaderSize)
|
||||
if err == nil {
|
||||
- bp.Header = header
|
||||
+ p.Header = header
|
||||
+ }
|
||||
+ // TODO: Add a distinguishable error to net/textproto.
|
||||
+ if err != nil && err.Error() == "message too large" {
|
||||
+ err = ErrMessageTooLarge
|
||||
}
|
||||
return err
|
||||
}
|
||||
@@ -294,6 +298,7 @@ func (p *Part) Close() error {
|
||||
// isn't supported.
|
||||
type Reader struct {
|
||||
bufReader *bufio.Reader
|
||||
+ tempDir string // used in tests
|
||||
|
||||
currentPart *Part
|
||||
partsRead int
|
||||
@@ -304,6 +309,10 @@ type Reader struct {
|
||||
dashBoundary []byte // "--boundary"
|
||||
}
|
||||
|
||||
+// maxMIMEHeaderSize is the maximum size of a MIME header we will parse,
|
||||
+// including header keys, values, and map overhead.
|
||||
+const maxMIMEHeaderSize = 10 << 20
|
||||
+
|
||||
// NextPart returns the next part in the multipart or an error.
|
||||
// When there are no more parts, the error io.EOF is returned.
|
||||
//
|
||||
@@ -311,7 +320,7 @@ type Reader struct {
|
||||
// has a value of "quoted-printable", that header is instead
|
||||
// hidden and the body is transparently decoded during Read calls.
|
||||
func (r *Reader) NextPart() (*Part, error) {
|
||||
- return r.nextPart(false)
|
||||
+ return r.nextPart(false, maxMIMEHeaderSize)
|
||||
}
|
||||
|
||||
// NextRawPart returns the next part in the multipart or an error.
|
||||
@@ -320,10 +329,10 @@ func (r *Reader) NextPart() (*Part, erro
|
||||
// Unlike NextPart, it does not have special handling for
|
||||
// "Content-Transfer-Encoding: quoted-printable".
|
||||
func (r *Reader) NextRawPart() (*Part, error) {
|
||||
- return r.nextPart(true)
|
||||
+ return r.nextPart(true, maxMIMEHeaderSize)
|
||||
}
|
||||
|
||||
-func (r *Reader) nextPart(rawPart bool) (*Part, error) {
|
||||
+func (r *Reader) nextPart(rawPart bool, maxMIMEHeaderSize int64) (*Part, error) {
|
||||
if r.currentPart != nil {
|
||||
r.currentPart.Close()
|
||||
}
|
||||
@@ -348,7 +357,7 @@ func (r *Reader) nextPart(rawPart bool)
|
||||
|
||||
if r.isBoundaryDelimiterLine(line) {
|
||||
r.partsRead++
|
||||
- bp, err := newPart(r, rawPart)
|
||||
+ bp, err := newPart(r, rawPart, maxMIMEHeaderSize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
Index: go/src/mime/multipart/readmimeheader.go
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ go/src/mime/multipart/readmimeheader.go
|
||||
@@ -0,0 +1,14 @@
|
||||
+// Copyright 2023 The Go Authors. All rights reserved.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+package multipart
|
||||
+
|
||||
+import (
|
||||
+ "net/textproto"
|
||||
+ _ "unsafe" // for go:linkname
|
||||
+)
|
||||
+
|
||||
+// readMIMEHeader is defined in package net/textproto.
|
||||
+//
|
||||
+//go:linkname readMIMEHeader net/textproto.readMIMEHeader
|
||||
+func readMIMEHeader(r *textproto.Reader, lim int64) (textproto.MIMEHeader, error)
|
||||
Index: go/src/net/http/request_test.go
|
||||
===================================================================
|
||||
--- go.orig/src/net/http/request_test.go
|
||||
+++ go/src/net/http/request_test.go
|
||||
@@ -1116,7 +1116,7 @@ func testMissingFile(t *testing.T, req *
|
||||
t.Errorf("FormFile file = %v, want nil", f)
|
||||
}
|
||||
if fh != nil {
|
||||
- t.Errorf("FormFile file header = %q, want nil", fh)
|
||||
+ t.Errorf("FormFile file header = %v, want nil", fh)
|
||||
}
|
||||
if err != ErrMissingFile {
|
||||
t.Errorf("FormFile err = %q, want ErrMissingFile", err)
|
||||
Index: go/src/net/textproto/reader.go
|
||||
===================================================================
|
||||
--- go.orig/src/net/textproto/reader.go
|
||||
+++ go/src/net/textproto/reader.go
|
||||
@@ -7,8 +7,10 @@ package textproto
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
+ "errors"
|
||||
"fmt"
|
||||
"io"
|
||||
+ "math"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
@@ -483,6 +485,12 @@ var colon = []byte(":")
|
||||
// }
|
||||
//
|
||||
func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) {
|
||||
+ return readMIMEHeader(r, math.MaxInt64)
|
||||
+}
|
||||
+
|
||||
+// readMIMEHeader is a version of ReadMIMEHeader which takes a limit on the header size.
|
||||
+// It is called by the mime/multipart package.
|
||||
+func readMIMEHeader(r *Reader, lim int64) (MIMEHeader, error) {
|
||||
// Avoid lots of small slice allocations later by allocating one
|
||||
// large one ahead of time which we'll cut up into smaller
|
||||
// slices. If this isn't big enough later, we allocate small ones.
|
||||
@@ -524,9 +532,19 @@ func (r *Reader) ReadMIMEHeader() (MIMEH
|
||||
}
|
||||
|
||||
// Skip initial spaces in value.
|
||||
- value := strings.TrimLeft(string(v), " \t")
|
||||
+ value := string(bytes.TrimLeft(v, " \t"))
|
||||
|
||||
vv := m[key]
|
||||
+ if vv == nil {
|
||||
+ lim -= int64(len(key))
|
||||
+ lim -= 100 // map entry overhead
|
||||
+ }
|
||||
+ lim -= int64(len(value))
|
||||
+ if lim < 0 {
|
||||
+ // TODO: This should be a distinguishable error (ErrMessageTooLarge)
|
||||
+ // to allow mime/multipart to detect it.
|
||||
+ return m, errors.New("message too large")
|
||||
+ }
|
||||
if vv == nil && len(strs) > 0 {
|
||||
// More than likely this will be a single-element key.
|
||||
// Most headers aren't multi-valued.
|
165
bsc1208491.patch
Normal file
165
bsc1208491.patch
Normal file
@ -0,0 +1,165 @@
|
||||
From 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 Mon Sep 17 00:00:00 2001
|
||||
From: Roland Shoemaker <bracewell@google.com>
|
||||
Date: Mon, 6 Feb 2023 10:03:44 -0800
|
||||
Subject: [PATCH] [release-branch.go1.19] net/http: update bundled
|
||||
golang.org/x/net/http2
|
||||
|
||||
Disable cmd/internal/moddeps test, since this update includes PRIVATE
|
||||
track fixes.
|
||||
|
||||
Fixes CVE-2022-41723
|
||||
Fixes #58355
|
||||
Updates #57855
|
||||
|
||||
Change-Id: Ie870562a6f6e44e4e8f57db6a0dde1a41a2b090c
|
||||
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1728939
|
||||
Reviewed-by: Damien Neil <dneil@google.com>
|
||||
Reviewed-by: Julie Qiu <julieqiu@google.com>
|
||||
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
|
||||
Run-TryBot: Roland Shoemaker <bracewell@google.com>
|
||||
Reviewed-on: https://go-review.googlesource.com/c/go/+/468118
|
||||
TryBot-Result: Gopher Robot <gobot@golang.org>
|
||||
Run-TryBot: Michael Pratt <mpratt@google.com>
|
||||
Auto-Submit: Michael Pratt <mpratt@google.com>
|
||||
Reviewed-by: Than McIntosh <thanm@google.com>
|
||||
---
|
||||
src/cmd/internal/moddeps/moddeps_test.go | 2 +-
|
||||
.../golang.org/x/net/http2/hpack/hpack.go | 79 ++++++++++++-------
|
||||
2 files changed, 50 insertions(+), 31 deletions(-)
|
||||
|
||||
Index: go/src/cmd/internal/moddeps/moddeps_test.go
|
||||
===================================================================
|
||||
--- go.orig/src/cmd/internal/moddeps/moddeps_test.go
|
||||
+++ go/src/cmd/internal/moddeps/moddeps_test.go
|
||||
@@ -34,7 +34,7 @@ import (
|
||||
// See issues 36852, 41409, and 43687.
|
||||
// (Also see golang.org/issue/27348.)
|
||||
func TestAllDependencies(t *testing.T) {
|
||||
- t.Skip("TODO(#57008): 1.18.9 contains unreleased changes from vendored modules")
|
||||
+ t.Skip("TODO(#58355): 1.18.9 contains unreleased changes from vendored modules")
|
||||
|
||||
goBin := testenv.GoToolPath(t)
|
||||
|
||||
Index: go/src/vendor/golang.org/x/net/http2/hpack/hpack.go
|
||||
===================================================================
|
||||
--- go.orig/src/vendor/golang.org/x/net/http2/hpack/hpack.go
|
||||
+++ go/src/vendor/golang.org/x/net/http2/hpack/hpack.go
|
||||
@@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n ui
|
||||
|
||||
var hf HeaderField
|
||||
wantStr := d.emitEnabled || it.indexed()
|
||||
+ var undecodedName undecodedString
|
||||
if nameIdx > 0 {
|
||||
ihf, ok := d.at(nameIdx)
|
||||
if !ok {
|
||||
@@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n ui
|
||||
}
|
||||
hf.Name = ihf.Name
|
||||
} else {
|
||||
- hf.Name, buf, err = d.readString(buf, wantStr)
|
||||
+ undecodedName, buf, err = d.readString(buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
- hf.Value, buf, err = d.readString(buf, wantStr)
|
||||
+ undecodedValue, buf, err := d.readString(buf)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
+ if wantStr {
|
||||
+ if nameIdx <= 0 {
|
||||
+ hf.Name, err = d.decodeString(undecodedName)
|
||||
+ if err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ }
|
||||
+ hf.Value, err = d.decodeString(undecodedValue)
|
||||
+ if err != nil {
|
||||
+ return err
|
||||
+ }
|
||||
+ }
|
||||
d.buf = buf
|
||||
if it.indexed() {
|
||||
d.dynTab.add(hf)
|
||||
@@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uin
|
||||
return 0, origP, errNeedMore
|
||||
}
|
||||
|
||||
-// readString decodes an hpack string from p.
|
||||
+// readString reads an hpack string from p.
|
||||
//
|
||||
-// wantStr is whether s will be used. If false, decompression and
|
||||
-// []byte->string garbage are skipped if s will be ignored
|
||||
-// anyway. This does mean that huffman decoding errors for non-indexed
|
||||
-// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server
|
||||
-// is returning an error anyway, and because they're not indexed, the error
|
||||
-// won't affect the decoding state.
|
||||
-func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) {
|
||||
+// It returns a reference to the encoded string data to permit deferring decode costs
|
||||
+// until after the caller verifies all data is present.
|
||||
+func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) {
|
||||
if len(p) == 0 {
|
||||
- return "", p, errNeedMore
|
||||
+ return u, p, errNeedMore
|
||||
}
|
||||
isHuff := p[0]&128 != 0
|
||||
strLen, p, err := readVarInt(7, p)
|
||||
if err != nil {
|
||||
- return "", p, err
|
||||
+ return u, p, err
|
||||
}
|
||||
if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) {
|
||||
- return "", nil, ErrStringLength
|
||||
+ // Returning an error here means Huffman decoding errors
|
||||
+ // for non-indexed strings past the maximum string length
|
||||
+ // are ignored, but the server is returning an error anyway
|
||||
+ // and because the string is not indexed the error will not
|
||||
+ // affect the decoding state.
|
||||
+ return u, nil, ErrStringLength
|
||||
}
|
||||
if uint64(len(p)) < strLen {
|
||||
- return "", p, errNeedMore
|
||||
- }
|
||||
- if !isHuff {
|
||||
- if wantStr {
|
||||
- s = string(p[:strLen])
|
||||
- }
|
||||
- return s, p[strLen:], nil
|
||||
+ return u, p, errNeedMore
|
||||
}
|
||||
+ u.isHuff = isHuff
|
||||
+ u.b = p[:strLen]
|
||||
+ return u, p[strLen:], nil
|
||||
+}
|
||||
|
||||
- if wantStr {
|
||||
- buf := bufPool.Get().(*bytes.Buffer)
|
||||
- buf.Reset() // don't trust others
|
||||
- defer bufPool.Put(buf)
|
||||
- if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil {
|
||||
- buf.Reset()
|
||||
- return "", nil, err
|
||||
- }
|
||||
+type undecodedString struct {
|
||||
+ isHuff bool
|
||||
+ b []byte
|
||||
+}
|
||||
+
|
||||
+func (d *Decoder) decodeString(u undecodedString) (string, error) {
|
||||
+ if !u.isHuff {
|
||||
+ return string(u.b), nil
|
||||
+ }
|
||||
+ buf := bufPool.Get().(*bytes.Buffer)
|
||||
+ buf.Reset() // don't trust others
|
||||
+ var s string
|
||||
+ err := huffmanDecode(buf, d.maxStrLen, u.b)
|
||||
+ if err == nil {
|
||||
s = buf.String()
|
||||
- buf.Reset() // be nice to GC
|
||||
}
|
||||
- return s, p[strLen:], nil
|
||||
+ buf.Reset() // be nice to GC
|
||||
+ bufPool.Put(buf)
|
||||
+ return s, err
|
||||
}
|
33
dont-force-gold-on-arm64.patch
Normal file
33
dont-force-gold-on-arm64.patch
Normal file
@ -0,0 +1,33 @@
|
||||
--- go/src/cmd/link/internal/ld/lib.go
|
||||
+++ go/src/cmd/link/internal/ld/lib.go
|
||||
@@ -1391,30 +1391,6 @@
|
||||
// Use lld to avoid errors from default linker (issue #38838)
|
||||
altLinker = "lld"
|
||||
}
|
||||
-
|
||||
- if ctxt.Arch.InFamily(sys.ARM, sys.ARM64) && buildcfg.GOOS == "linux" {
|
||||
- // On ARM, the GNU linker will generate COPY relocations
|
||||
- // even with -znocopyreloc set.
|
||||
- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962
|
||||
- //
|
||||
- // On ARM64, the GNU linker will fail instead of
|
||||
- // generating COPY relocations.
|
||||
- //
|
||||
- // In both cases, switch to gold.
|
||||
- altLinker = "gold"
|
||||
-
|
||||
- // If gold is not installed, gcc will silently switch
|
||||
- // back to ld.bfd. So we parse the version information
|
||||
- // and provide a useful error if gold is missing.
|
||||
- name, args := flagExtld[0], flagExtld[1:]
|
||||
- args = append(args, "-fuse-ld=gold", "-Wl,--version")
|
||||
- cmd := exec.Command(name, args...)
|
||||
- if out, err := cmd.CombinedOutput(); err == nil {
|
||||
- if !bytes.Contains(out, []byte("GNU gold")) {
|
||||
- log.Fatalf("ARM external linker must be gold (issue #15696), but is not: %s", out)
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
}
|
||||
if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" {
|
||||
// Switch to ld.bfd on freebsd/arm64.
|
77
gcc-go.patch
Normal file
77
gcc-go.patch
Normal file
@ -0,0 +1,77 @@
|
||||
Index: go/src/cmd/dist/buildtool.go
|
||||
===================================================================
|
||||
--- go.orig/src/cmd/dist/buildtool.go
|
||||
+++ go/src/cmd/dist/buildtool.go
|
||||
@@ -205,7 +205,7 @@ func bootstrapBuildTools() {
|
||||
// only applies to the final cmd/go binary, but that's OK: if this is Go 1.10
|
||||
// or later we don't need to disable inlining to work around bugs in the Go 1.4 compiler.
|
||||
cmd := []string{
|
||||
- pathf("%s/bin/go", goroot_bootstrap),
|
||||
+ pathf("%s/bin/go-$gcc_go_version", goroot_bootstrap),
|
||||
"install",
|
||||
"-gcflags=-l",
|
||||
"-tags=math_big_pure_go compiler_bootstrap",
|
||||
Index: go/src/make.bash
|
||||
===================================================================
|
||||
--- go.orig/src/make.bash
|
||||
+++ go/src/make.bash
|
||||
@@ -60,7 +60,7 @@
|
||||
# time goes when these scripts run.
|
||||
#
|
||||
# GOROOT_BOOTSTRAP: A working Go tree >= Go 1.4 for bootstrap.
|
||||
-# If $GOROOT_BOOTSTRAP/bin/go is missing, $(go env GOROOT) is
|
||||
+# If $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version is missing, $(go env GOROOT) is
|
||||
# tried for all "go" in $PATH. $HOME/go1.4 by default.
|
||||
|
||||
set -e
|
||||
@@ -176,8 +176,8 @@
|
||||
fi
|
||||
fi
|
||||
done; unset IFS
|
||||
-if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then
|
||||
- echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2
|
||||
+if [ ! -x "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" ]; then
|
||||
+ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version." >&2
|
||||
echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
|
||||
exit 1
|
||||
fi
|
||||
@@ -195,7 +195,7 @@
|
||||
exit 1
|
||||
fi
|
||||
rm -f cmd/dist/dist
|
||||
-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
|
||||
+GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" build -o cmd/dist/dist ./cmd/dist
|
||||
|
||||
# -e doesn't propagate out of eval, so check success by hand.
|
||||
eval $(./cmd/dist/dist env -p || echo FAIL=true)
|
||||
Index: go/src/make.rc
|
||||
===================================================================
|
||||
--- go.orig/src/make.rc
|
||||
+++ go/src/make.rc
|
||||
@@ -60,7 +60,7 @@ if(! ~ $#GOROOT_BOOTSTRAP 1){
|
||||
GOROOT_BOOTSTRAP = $home/$d
|
||||
}
|
||||
for(p in $path){
|
||||
- if(! test -x $GOROOT_BOOTSTRAP/bin/go){
|
||||
+ if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){
|
||||
if(go_exe = `{path=$p whatis go}){
|
||||
goroot = `{GOROOT='' $go_exe env GOROOT}
|
||||
if(! ~ $goroot $GOROOT){
|
||||
@@ -73,7 +73,7 @@ for(p in $path){
|
||||
}
|
||||
}
|
||||
}
|
||||
-if(! test -x $GOROOT_BOOTSTRAP/bin/go){
|
||||
+if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){
|
||||
echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2]
|
||||
echo 'Set $GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4.' >[1=2]
|
||||
exit bootstrap
|
||||
@@ -87,7 +87,7 @@ if(~ $GOROOT_BOOTSTRAP $GOROOT){
|
||||
echo 'Building Go cmd/dist using '^$GOROOT_BOOTSTRAP
|
||||
if(~ $#vflag 1)
|
||||
echo cmd/dist
|
||||
-GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GO111MODULE=off $GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist
|
||||
+GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GO111MODULE=off $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version build -o cmd/dist/dist ./cmd/dist
|
||||
|
||||
eval `{./cmd/dist/dist env -9}
|
||||
if(~ $#vflag 1)
|
9
go-rpmlintrc
Normal file
9
go-rpmlintrc
Normal file
@ -0,0 +1,9 @@
|
||||
addFilter("binaryinfo-readelf-failed") # go binaries are suposedly ELF-compliant
|
||||
addFilter("statically-linked-binary") # go doesn't yet support dynamic linking
|
||||
|
||||
# .syso files are special. Note that while they are architecture-dependent,
|
||||
# they are named to avoid conflicts (and we make sure of that in the RPM
|
||||
# through go_arch).
|
||||
addFilter("unstripped-binary-or-object.*\.syso$")
|
||||
addFilter("arch-dependent-file-in-usr-share.*\.syso$")
|
||||
addFilter("W: position-independent-executable-suggested")
|
1
go.gdbinit
Normal file
1
go.gdbinit
Normal file
@ -0,0 +1 @@
|
||||
add-auto-load-safe-path /usr/lib/go/$go_label/src/runtime/runtime-gdb.py
|
774
go1.18-openssl.changes
Normal file
774
go1.18-openssl.changes
Normal file
@ -0,0 +1,774 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 14 23:41:22 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Build subpackage go1.x-libstd compiled shared object libstd.so
|
||||
only on Tumbleweed at this time.
|
||||
Refs jsc#PED-1962
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 14 23:20:06 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Add subpackage go1.x-libstd for compiled shared object libstd.so.
|
||||
Refs jsc#PED-1962
|
||||
* Main go1.x package included libstd.so in previous versions
|
||||
* Split libstd.so into subpackage that can be installed standalone
|
||||
* Continues the slimming down of main go1.x package by 40 Mb
|
||||
* Experimental and not recommended for general use, Go currently has no ABI
|
||||
* Upstream Go has not committed to support buildmode=shared long-term
|
||||
* Do not use in packaging, build static single binaries (the default)
|
||||
* Upstream Go go1.x binary releases do not include libstd.so
|
||||
* go1.x Suggests go1.x-libstd so not installed by default Recommends
|
||||
* go1.x-libstd does not Require: go1.x so can install standalone
|
||||
* Provides go-libstd unversioned package name
|
||||
* Fix build step -buildmode=shared std to omit -linkshared
|
||||
- Packaging improvements:
|
||||
* go1.x Suggests go1.x-doc so not installed by default Recommends
|
||||
* Use Group: Development/Languages/Go instead of Other
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 14 23:06:51 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Improvements to go1.x packaging spec:
|
||||
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
|
||||
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
|
||||
using go1.x package (%bcond_without gccgo). This is no longer
|
||||
needed on current SLE-12:Update and removing will consolidate
|
||||
the build configurations used.
|
||||
* Change source URLs to go.dev as per Go upstream
|
||||
* On x86_64 export GOAMD64=v1 as per the current baseline.
|
||||
At this time forgo GOAMD64=v3 option for x86_64_v3 support.
|
||||
* On x86_64 %define go_amd64=v1 as current instruction baseline
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 13 04:58:20 UTC 2023 - Martin Liška <mliska@suse.cz>
|
||||
|
||||
- Use gcc13 compiler for Tumbleweed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 1 17:04:37 UTC 2023 - Jaroslav Jindrak <jjindrak@suse.com>
|
||||
|
||||
- Fix for SG#65262, bsc#1208491:
|
||||
* go#57855 boo#1208270 security: fix CVE-2022-41723 bsc1208491.patch
|
||||
* go#58001 boo#1208271 security: fix CVE-2022-41724 bsc1208491-41724.patch
|
||||
* go#58006 boo#1208272 security: fix CVE-2022-41725 bsc1208491-41725.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 19 16:28:40 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.10.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.10-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.10 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 10 22:13:49 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.10 (released 2023-01-10) includes fixes to cgo, the
|
||||
compiler, the linker, and the crypto/x509, net/http, and syscall
|
||||
packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
* go#57705 misc/cgo: backport needed for dlltool fix
|
||||
* go#57426 crypto/x509: Verify on macOS does not return typed errors
|
||||
* go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument.
|
||||
* go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
|
||||
* go#57213 os: TestLstat failure on Linux Aarch64
|
||||
* go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
|
||||
* go#57057 cmd/go: remove test dependency on gopkg.in service
|
||||
* go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
|
||||
* go#57044 cgo: malformed DWARF TagVariable entry
|
||||
* go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
|
||||
* go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
|
||||
* go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
|
||||
* go#56323 net/http: bad handling of HEAD requests with a body
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 8 23:31:00 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.9.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.9-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.9 into dev.boringcrypto.go1.18
|
||||
* [dev.boringcrypto.go1.18] crypto/tls: allow BoringCrypto to use 4096-bit keys
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.9 (released 2022-12-06) includes security fixes to the
|
||||
net/http and os packages, as well as bug fixes to cgo, the
|
||||
compiler, the runtime, and the crypto/x509 and os/exec packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-41717 CVE-2022-41720
|
||||
* go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
|
||||
* go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
|
||||
* go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
|
||||
* go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
|
||||
* go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
|
||||
* go#56635 runtime: traceback stuck in runtime.systemstack
|
||||
* go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
|
||||
* go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
|
||||
* go#56437 crypto/x509: respect GODEBUG changes during program lifetime
|
||||
* go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
|
||||
* go#56359 cmd/compile: panic: offset too large
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 4 17:37:18 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.8.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.8-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.8 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.8 (released 2022-11-01) includes security fixes to the
|
||||
os/exec and syscall packages, as well as bug fixes to the
|
||||
runtime.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-41716
|
||||
* go#56327 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables
|
||||
* go#56308 runtime: "runtime·lock: lock count" fatal error when cgo is enabled
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 31 20:32:46 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.7.2 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.7-2-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.7 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 4 18:21:57 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.7 (released 2022-10-04) includes security fixes to the
|
||||
archive/tar, net/http/httputil, and regexp packages, as well as
|
||||
bug fixes to the compiler, the linker, and the go/types package.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-41715 CVE-2022-2879 CVE-2022-2880
|
||||
* go#55950 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
|
||||
* go#55925 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers
|
||||
* go#55842 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters
|
||||
* go#55151 fatal error: bulkBarrierPreWrite: unaligned arguments
|
||||
* go#55148 go/types: no way to construct the signature of append(s, "string"...) via the API
|
||||
* go#55113 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation
|
||||
* go#54918 cmd/compile: Value live at entry
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 28 01:38:34 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.6.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.6-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.6 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 28 01:35:18 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.6 (released 2022-09-06) includes security fixes to the
|
||||
net/http package, as well as bug fixes to the compiler, the go
|
||||
command, the pprof command, the runtime, and the crypto/tls,
|
||||
encoding/xml, and net packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-27664
|
||||
* go#53977 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY
|
||||
* go#54733 cmd/go: git fetch errors dropped when producing pseudo-versions for commits
|
||||
* go#54725 cmd/compile: compile failed with "Value live at entry"
|
||||
* go#54674 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert
|
||||
* go#54664 runtime: segfault running ppc64/linux binaries with kernel 5.18
|
||||
* go#54659 cmd/go: go test -race does not set implicit race build tag
|
||||
* go#54642 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension
|
||||
* go#54636 cmd/go: data race in TestScript
|
||||
* go#54603 cmd/compile: miscompilation of partially-overlapping array assignments
|
||||
* go#54502 cmd/link: Trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64
|
||||
* go#54464 cmd/pprof: graphviz node names are funny with generics
|
||||
* go#54128 encoding/xml: crash on android/arm64 due to https://go.dev/cl/417062
|
||||
* go#54074 net: WriteMsgUDPAddrPort should accept IPv4 destination addresses on IPv6 UDP sockets
|
||||
* go#54056 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT
|
||||
* go#53397 go/reflect: Incorrect behavior on arm64 when using MakeFunc / Call
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 28 01:01:19 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.5.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.5-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.5 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 22 20:44:19 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Define go_bootstrap_version go1.16 without suse_version checks
|
||||
- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 19 15:47:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- Bootstrap using go1.16 on SLE-15 and newer. go1.16 is
|
||||
bootstrapped using gcc-go 11 or 12. This allows dropping older
|
||||
versions of Go from Factory.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 1 15:40:03 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.5 (released 2022-08-01) includes security fixes to the
|
||||
encoding/gob and math/big packages, as well as bug fixes to the
|
||||
compiler, the go command, the runtime, and the testing package.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-32189
|
||||
* boo#1202035 CVE-2022-32189 go#53871
|
||||
* go#54095 math/big: index out of range in Float.GobDecode
|
||||
* go#53883 cmd/compile: interface conversion with generics reports "types from different scopes"
|
||||
* go#53875 cmd/go: livelock when computing module graph in a workspace with GOPROXY=off
|
||||
* go#53852 cmd/compile: internal compiler error: assertion failed
|
||||
* go#53847 runtime: modified timer results in extreme cpu load
|
||||
* go#53119 cmd/go: Build information embedded by Go 1.18 impairs build reproducibility with cgo flags
|
||||
* go#53112 runtime: gentraceback() dead loop on arm64 casued the process hang
|
||||
* go#52986 testing: TempDir RemoveAll cleanup failures with "The process cannot access the file because it is being used by another process."
|
||||
* go#52961 cmd/compile: miscompilation in pointer operations
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 20 18:43:55 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.4.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.4-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.4 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 12 20:28:01 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.4 (released 2022-07-12) includes security fixes to the
|
||||
compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
|
||||
net/http, and path/filepath packages, as well as bug fixes to the
|
||||
compiler, the go command, the linker, the runtime, and the
|
||||
runtime/metrics package.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962
|
||||
* boo#1201434 CVE-2022-1705 go#53188
|
||||
* go#53433 net/http: improper sanitization of Transfer-Encoding header
|
||||
* boo#1201436 CVE-2022-32148 go#53423
|
||||
* go#53621 net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
|
||||
* boo#1201437 CVE-2022-30631 go#53168
|
||||
* go#53718 compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
|
||||
* boo#1201440 CVE-2022-30633 go#53611
|
||||
* go#53716 encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
|
||||
* boo#1201443 CVE-2022-28131 go#53614
|
||||
* go#53712 encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
|
||||
* boo#1201444 CVE-2022-30635 go#53615
|
||||
* go#53710 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
|
||||
* boo#1201445 CVE-2022-30632 go#53416
|
||||
* go#53714 path/filepath: stack exhaustion in Glob (CVE-2022-30632)
|
||||
* boo#1201447 CVE-2022-30630 go#53415
|
||||
* go#53720 io/fs: stack exhaustion in Glob (CVE-2022-30630)
|
||||
* boo#1201448 CVE-2022-1962 go#53616
|
||||
* go#53708 go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
|
||||
* go#53723 cmd/compile: ambiguous selector with generic interface & embedded types
|
||||
* go#53618 cmd/compile: condition in for loop body is incorrectly optimised away
|
||||
* go#53613 syscall: NewCallback triggers data race on Windows when used from different goroutine
|
||||
* go#53590 runtime/metrics: data race detected in Read
|
||||
* go#53588 cmd/go: "v1.x.y is not a tag" when .gitconfig sets log.decorate to full
|
||||
* go#53587 cmd/compile: miscompilation of value switch involving generic interface types
|
||||
* go#53471 cmd/compile: internal compiler error: width not calculated: int128
|
||||
* go#53357 cmd/compile: type assertion on generic type fails incorrectly
|
||||
* go#53159 cmd/compile: unsafe.Offsetof returns incorrect value in embedded struct with type parameters
|
||||
* go#53107 cmd/link: unexpected trampoline error on ppc64le musl with -buildmode=pie
|
||||
* go#52689 runtime: total allocation stats are managed in a uintptr which can quickly wrap around on 32-bit architectures
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 12 17:51:26 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.3 (released 2022-06-01) includes security fixes to the
|
||||
crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
|
||||
well as bug fixes to the compiler, and the crypto/tls and
|
||||
text/template/parse packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
|
||||
* boo#1200134 go#52561 CVE-2022-30634
|
||||
* go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
|
||||
* boo#1200135 go#52814 CVE-2022-30629
|
||||
* go#52833 crypto/tls: randomly generate ticket_age_add
|
||||
* boo#1200136 go#52574 CVE-2022-30580
|
||||
* go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
|
||||
* boo#1200137 go#52476 CVE-2022-29804
|
||||
* go#52479 path/filepath: Clean(.\c:) returns c: on Windows
|
||||
* go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2
|
||||
* go#52242 cmd/compile: compiler crash on valid code
|
||||
* go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated"
|
||||
* go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
|
||||
* go#52878 text/template: break/continue require no whitespace around them
|
||||
* go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
|
||||
* go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 6 13:45:11 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.2.2 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.2-2-openssl-fips.
|
||||
* Update VERSION file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 13 13:33:37 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.2.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.2-1-openssl-fips.
|
||||
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
|
||||
* Merge go1.18.2 into dev.boringcrypto.go1.18
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 10 22:25:54 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.2 (released 2022-05-10) includes security fixes to the
|
||||
syscall package, as well as bug fixes to the compiler, runtime,
|
||||
the go command, and the crypto/x509, go/types, net/http/httptest,
|
||||
reflect, and sync/atomic packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-29526
|
||||
* boo#1199413 go#52313 CVE-2022-29526
|
||||
* go#52440 syscall: Faccessat checks wrong group
|
||||
* go#51738 runtime: wrong type assertion result when using generic types
|
||||
* go#51798 cmd/go: add (and default to) -buildvcs=auto
|
||||
* go#51859 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
|
||||
* go#51897 net/http/httptest: race in Close
|
||||
* go#52028 go/types: documentation on instance de-duplication is unclear about guarantees
|
||||
* go#52149 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
|
||||
* go#52244 go/types, types2: go generic assert compile escape
|
||||
* go#52305 runtime: doAllThreadsSyscall has an unaligned atomic load on 32-bit architectures
|
||||
* go#52366 cmd/compile/internal/ssa: occurred the wrong rewrite cycle detection
|
||||
* go#52375 runtime: executable compiled under Go 1.17.7 will occasionally wedge
|
||||
* go#52386 reflect: can set map elem with string key of a different string type
|
||||
* go#52441 cmd/compile: incorrect handling of iota in 1.18
|
||||
* go#52468 cmd/go: go run -mod=mod [files...] does not update go.mod and go.sum
|
||||
* go#52558 cmd/compile: cannot convert v (variable of type *Bar[T]) to type *Foo[T]
|
||||
* go#52606 cmd/compile: internal compiler error: weird package in name: .dict0 => .dict0 from "", not "test/p"
|
||||
* go#52615 sync/atomic: compare and swap of inconsistently typed values with uninitialized Value
|
||||
* go#52691 cmd/compile: generic function appears to use incorrect type descriptor
|
||||
* go#52699 runtime: support debugCall on arm64
|
||||
* go#52706 net: TestDialCancel is not compatible with new macOS ARM64 builders
|
||||
* go#52804 go/types: NewMethodSet doesn't terminate for recursively embedded generics
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 2 08:43:22 UTC 2022 - Martin Liška <mliska@suse.cz>
|
||||
|
||||
- Remove remaining use of gold linker when bootstrapping with
|
||||
gccgo. The binutils-gold package will be removed in the future.
|
||||
* History: go1.8.3 2017-06-18 added conditional if gccgo defined
|
||||
BuildRequires: binutils-gold for arches other than s390x
|
||||
* No information available why binutils-gold was used initially
|
||||
* Unrelated to upstream recent hardcoded gold dependency for ARM
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 28 22:27:43 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Update to version 1.18.1.1 cut from the go1.18-openssl-fips
|
||||
branch at the revision tagged go1.18.1-1-openssl-fips.
|
||||
* crypto/boring: correctly disable/re-enable fips tls in test
|
||||
* crypto/boring: Disable TestDisableSHA1ForCertOnly
|
||||
* crypto/boring: Remove restriction on build architecture
|
||||
* Fix use-after-free bug in VerifyECDSA
|
||||
* Add support for OpenSSL 3.0
|
||||
* Free blank allocations and avoid zero-sized allocs
|
||||
* crypto/boring: Fix LDFLAGS
|
||||
* crypto/boring: Fix usage of boring.Enabled after rebase
|
||||
* crypto/boring: Fix tests and rsa error message
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 12 17:42:46 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18.1 (released 2022-04-12) includes security fixes to the
|
||||
crypto/elliptic, crypto/x509, and encoding/pem packages, as well
|
||||
as bug fixes to the compiler, linker, runtime, the go command,
|
||||
vet, and the bytes, crypto/x509, and go/types packages.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
CVE-2022-24675 CVE-2022-28327 CVE-2022-27536
|
||||
* boo#1198423 go#51853 CVE-2022-24675
|
||||
* go#52037 encoding/pem: stack overflow
|
||||
boo#1198424 go#52075 CVE-2022-28327
|
||||
* go#52077 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
|
||||
* boo#1198427 go#51759 CVE-2022-27536
|
||||
* go#51763 crypto/x509: Certificate.Verify crash on macOS with Go 1.18
|
||||
* go#52140 cmd/go: go work use -r panics when given a directory that does not exist
|
||||
* go#52119 go/types, cmd/compile: type set overlapping implementation for interface types might be not correct
|
||||
* go#52032 go/types: spurious diagnostics for untyped shift operands with GoVersion < go1.13
|
||||
* go#52007 go/types, types2: scope is unset on receivers of instantiated methods
|
||||
* go#51874 cmd/go: Segfault on ppc64le during Go 1.18 build on Alpine Linux
|
||||
* go#51855 cmd/compile: internal compiler error: panic: runtime error: index out of range [0] with length 0
|
||||
* go#51852 crypto/x509: reject SHA-1 signatures in Verify
|
||||
* go#51847 cmd/compile: cannot import "package" (type parameter bound more than once)
|
||||
* go#51846 cmd/compile: internal compiler error: walkExpr: switch 1 unknown op RECOVER
|
||||
* go#51796 bytes: Trim returns empty slice instead of nil in 1.18
|
||||
* go#51767 cmd/go: "go test" seems to now require git due to -buildvcs
|
||||
* go#51764 cmd/go: go work use panics when given a file
|
||||
* go#51741 cmd/cgo: pointer to incomplete C type is mangled when passed through interface type and generic type assert
|
||||
* go#51737 plugin: tls handshake panic: unreachable method called. linker bug?
|
||||
* go#51727 cmd/vet, go/types: go vet crash when using self-recursive anonymous types in constraints
|
||||
* go#51697 runtime: some tests fails on Windows with CGO_ENABLED=0
|
||||
* go#51669 cmd/compile: irgen uses wrong dict param to generate code for getting dict type
|
||||
* go#51665 go/types, types2: gopls crash in recordTypeAndValue
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 11 19:37:11 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Initial package go1.18-openssl version 1.18.0.1 cut from the
|
||||
go1.18-openssl-fips branch at the revision tagged
|
||||
go1.18.0-1-openssl-fips.
|
||||
Refs jsc#SLE-18320
|
||||
* Contains a fork of the Go toolchain dev.boringcrypto branch and
|
||||
necessary modifications from the golang-fips/go GitHub project
|
||||
for the Go crypto library to use an external cryptographic
|
||||
library in a FIPS compliant way.
|
||||
* Modifies the crypto/* packages to use OpenSSL for cryptographic
|
||||
operations.
|
||||
* Uses dlopen() to call into OpenSSL.
|
||||
* FIPS mode (or boring mode as the package is named) is enabled
|
||||
either via an environment variable GOLANG_FIPS=1 or by virtue
|
||||
of the host being in FIPS mode.
|
||||
* When the operating system is operating in FIPS mode, Go
|
||||
applications which import crypto/tls/fipsonly limit operations
|
||||
to the FIPS ciphersuite.
|
||||
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
|
||||
corresponding to the golang-fips/go patchset tagged revision
|
||||
which can be updated independently of upstream Go maintenance
|
||||
releases.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 7 23:57:47 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Template gcc-go.patch to substitute gcc_go_version and eliminate
|
||||
multiple similar patches each with hardcoded gcc go binary name.
|
||||
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
|
||||
for current lack of gcc-go update-alternatives usage.
|
||||
* add gcc-go.patch
|
||||
* drop gcc6-go.patch
|
||||
* drop gcc7-go.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 7 17:51:56 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
|
||||
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
|
||||
go1.18 on SLE-12 aarch64 ppc64le or s390x.
|
||||
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
|
||||
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 19 21:05:53 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Add %define go_label as a configurable Go toolchain directory
|
||||
* go_label can be used to package multiple Go toolchains with
|
||||
the same go_api
|
||||
* go_label should be defined as go_api with an optional suffix
|
||||
e.g. %{go_api} or %{go_api}-foo
|
||||
* Default go_label = go_api makes no changes to package layout
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 15 17:42:07 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18 (released 2022-03-15) is a major release of Go.
|
||||
go1.18.x minor releases will be provided through February 2023.
|
||||
https://github.com/golang/go/wiki/Go-Release-Cycle
|
||||
Go 1.18 is a significant release, including changes to the
|
||||
language, implementation of the toolchain, runtime, and
|
||||
libraries. Go 1.18 arrives seven months after Go 1.17. As always,
|
||||
the release maintains the Go 1 promise of compatibility. We
|
||||
expect almost all Go programs to continue to compile and run as
|
||||
before.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
* See release notes https://golang.org/doc/go1.18. Excerpts
|
||||
relevant to OBS environment and for SUSE/openSUSE follow:
|
||||
* Go 1.18 includes an implementation of generic features as
|
||||
described by the Type Parameters Proposal. This includes major
|
||||
but fully backward-compatible changes to the language.
|
||||
* The Go 1.18 compiler now correctly reports declared but not
|
||||
used errors for variables that are set inside a function
|
||||
literal but are never used. Before Go 1.18, the compiler did
|
||||
not report an error in such cases. This fixes long-outstanding
|
||||
compiler issue go#8560.
|
||||
* The Go 1.18 compiler now reports an overflow when passing a
|
||||
rune constant expression such as '1' << 32 as an argument to
|
||||
the predeclared functions print and println, consistent with
|
||||
the behavior of user-defined functions. Before Go 1.18, the
|
||||
compiler did not report an error in such cases but silently
|
||||
accepted such constant arguments if they fit into an
|
||||
int64. Since go vet always pointed out this error, the number
|
||||
of affected programs is likely very small.
|
||||
* AMD64: Go 1.18 introduces the new GOAMD64 environment variable,
|
||||
which selects at compile time a minimum target version of the
|
||||
AMD64 architecture. Allowed values are v1, v2, v3, or v4. Each
|
||||
higher level requires, and takes advantage of, additional
|
||||
processor features. A detailed description can be found
|
||||
here. The GOAMD64 environment variable defaults to v1.
|
||||
* RISC-V: The 64-bit RISC-V architecture on Linux (the
|
||||
linux/riscv64 port) now supports the c-archive and c-shared
|
||||
build modes.
|
||||
* Linux: Go 1.18 requires Linux kernel version 2.6.32 or later.
|
||||
* Fuzzing: Go 1.18 includes an implementation of fuzzing as
|
||||
described by the fuzzing proposal. See the fuzzing landing page
|
||||
to get started. Please be aware that fuzzing can consume a lot
|
||||
of memory and may impact your machine’s performance while it
|
||||
runs.
|
||||
* go get: go get no longer builds or installs packages in
|
||||
module-aware mode. go get is now dedicated to adjusting
|
||||
dependencies in go.mod. Effectively, the -d flag is always
|
||||
enabled. To install the latest version of an executable outside
|
||||
the context of the current module, use go install
|
||||
example.com/cmd@latest. Any version query may be used instead
|
||||
of latest. This form of go install was added in Go 1.16, so
|
||||
projects supporting older versions may need to provide install
|
||||
instructions for both go install and go get. go get now reports
|
||||
an error when used outside a module, since there is no go.mod
|
||||
file to update. In GOPATH mode (with GO111MODULE=off), go get
|
||||
still builds and installs packages, as before.
|
||||
* Automatic go.mod and go.sum updates: The go mod graph, go mod
|
||||
vendor, go mod verify, and go mod why subcommands no longer
|
||||
automatically update the go.mod and go.sum files. (Those files
|
||||
can be updated explicitly using go get, go mod tidy, or go mod
|
||||
download.)
|
||||
* go version: The go command now embeds version control
|
||||
information in binaries. It includes the currently checked-out
|
||||
revision, commit time, and a flag indicating whether edited or
|
||||
untracked files are present. Version control information is
|
||||
embedded if the go command is invoked in a directory within a
|
||||
Git, Mercurial, Fossil, or Bazaar repository, and the main
|
||||
package and its containing main module are in the same
|
||||
repository. This information may be omitted using the flag
|
||||
-buildvcs=false. Additionally, the go command embeds
|
||||
information about the build, including build and tool tags (set
|
||||
with -tags), compiler, assembler, and linker flags (like
|
||||
-gcflags), whether cgo was enabled, and if it was, the values
|
||||
of the cgo environment variables (like CGO_CFLAGS). Both VCS
|
||||
and build information may be read together with module
|
||||
information using go version -m file or
|
||||
runtime/debug.ReadBuildInfo (for the currently running binary)
|
||||
or the new debug/buildinfo package. The underlying data format
|
||||
of the embedded build information can change with new go
|
||||
releases, so an older version of go may not handle the build
|
||||
information produced with a newer version of go. To read the
|
||||
version information from a binary built with go 1.18, use the
|
||||
go version command and the debug/buildinfo package from go
|
||||
1.18+.
|
||||
* go mod download: If the main module's go.mod file specifies go
|
||||
1.17 or higher, go mod download without arguments now downloads
|
||||
source code for only the modules explicitly required in the
|
||||
main module's go.mod file. (In a go 1.17 or higher module, that
|
||||
set already includes all dependencies needed to build the
|
||||
packages and tests in the main module.) To also download source
|
||||
code for transitive dependencies, use go mod download all.
|
||||
* go mod vendor: The go mod vendor subcommand now supports a -o
|
||||
flag to set the output directory. (Other go commands still read
|
||||
from the vendor directory at the module root when loading
|
||||
packages with -mod=vendor, so the main use for this flag is for
|
||||
third-party tools that need to collect package source code.)
|
||||
* go mod tidy: The go mod tidy command now retains additional
|
||||
checksums in the go.sum file for modules whose source code is
|
||||
needed to verify that each imported package is provided by only
|
||||
one module in the build list. Because this condition is rare
|
||||
and failure to apply it results in a build error, this change
|
||||
is not conditioned on the go version in the main module's
|
||||
go.mod file.
|
||||
* go work: The go command now supports a "Workspace" mode. If a
|
||||
go.work file is found in the working directory or a parent
|
||||
directory, or one is specified using the GOWORK environment
|
||||
variable, it will put the go command into workspace mode. In
|
||||
workspace mode, the go.work file will be used to determine the
|
||||
set of main modules used as the roots for module resolution,
|
||||
instead of using the normally-found go.mod file to specify the
|
||||
single main module. For more information see the go work
|
||||
documentation.
|
||||
* go build -asan: The go build command and related commands now
|
||||
support an -asan flag that enables interoperation with C (or
|
||||
C++) code compiled with the address sanitizer (C compiler
|
||||
option -fsanitize=address).
|
||||
* //go:build lines: Go 1.17 introduced //go:build lines as a more
|
||||
readable way to write build constraints, instead of // +build
|
||||
lines. As of Go 1.17, gofmt adds //go:build lines to match
|
||||
existing +build lines and keeps them in sync, while go vet
|
||||
diagnoses when they are out of sync. Since the release of Go
|
||||
1.18 marks the end of support for Go 1.16, all supported
|
||||
versions of Go now understand //go:build lines. In Go 1.18, go
|
||||
fix now removes the now-obsolete // +build lines in modules
|
||||
declaring go 1.17 or later in their go.mod files. For more
|
||||
information, see https://go.dev/design/draft-gobuild.
|
||||
* go vet: The vet tool is updated to support generic code. In
|
||||
most cases, it reports an error in generic code whenever it
|
||||
would report an error in the equivalent non-generic code after
|
||||
substituting for type parameters with a type from their type
|
||||
set.
|
||||
* go vet: The cmd/vet checkers copylock, printf, sortslice,
|
||||
testinggoroutine, and tests have all had moderate precision
|
||||
improvements to handle additional code patterns. This may lead
|
||||
to newly reported errors in existing packages.
|
||||
* Runtime: The garbage collector now includes non-heap sources of
|
||||
garbage collector work (e.g., stack scanning) when determining
|
||||
how frequently to run. As a result, garbage collector overhead
|
||||
is more predictable when these sources are significant. For
|
||||
most applications these changes will be negligible; however,
|
||||
some Go applications may now use less memory and spend more
|
||||
time on garbage collection, or vice versa, than before. The
|
||||
intended workaround is to tweak GOGC where necessary. The
|
||||
runtime now returns memory to the operating system more
|
||||
efficiently and has been tuned to work more aggressively as a
|
||||
result.
|
||||
* Compiler: Go 1.17 implemented a new way of passing function
|
||||
arguments and results using registers instead of the stack on
|
||||
64-bit x86 architecture on selected operating systems. Go 1.18
|
||||
expands the supported platforms to include 64-bit ARM
|
||||
(GOARCH=arm64), big- and little-endian 64-bit PowerPC
|
||||
(GOARCH=ppc64, ppc64le), as well as 64-bit x86 architecture
|
||||
(GOARCH=amd64) on all operating systems. On 64-bit ARM and
|
||||
64-bit PowerPC systems, benchmarking shows typical performance
|
||||
improvements of 10% or more. As mentioned in the Go 1.17
|
||||
release notes, this change does not affect the functionality of
|
||||
any safe Go code and is designed to have no impact on most
|
||||
assembly code. See the Go 1.17 release notes for more details.
|
||||
* Compiler: The compiler now can inline functions that contain
|
||||
range loops or labeled for loops.
|
||||
* Compiler: The new -asan compiler option supports the new go
|
||||
command -asan option.
|
||||
* Compiler: Because the compiler's type checker was replaced in
|
||||
its entirety to support generics, some error messages now may
|
||||
use different wording than before. In some cases, pre-Go 1.18
|
||||
error messages provided more detail or were phrased in a more
|
||||
helpful way. We intend to address these cases in Go
|
||||
1.19. Because of changes in the compiler related to supporting
|
||||
generics, the Go 1.18 compile speed can be roughly 15% slower
|
||||
than the Go 1.17 compile speed. The execution time of the
|
||||
compiled code is not affected. We intend to improve the speed
|
||||
of the compiler in Go 1.19.
|
||||
* Linker: The linker emits far fewer relocations. As a result,
|
||||
most codebases will link faster, require less memory to link,
|
||||
and generate smaller binaries. Tools that process Go binaries
|
||||
should use Go 1.18's debug/gosym package to transparently
|
||||
handle both old and new binaries.
|
||||
* Linker: The new -asan linker option supports the new go command
|
||||
-asan option.
|
||||
* Bootstrap: When building a Go release from source and
|
||||
GOROOT_BOOTSTRAP is not set, previous versions of Go looked for
|
||||
a Go 1.4 or later bootstrap toolchain in the directory
|
||||
$HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go now
|
||||
looks first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling
|
||||
back to $HOME/go1.4. We intend for Go 1.19 to require Go 1.17
|
||||
or later for bootstrap, and this change should make the
|
||||
transition smoother. For more details, see go#44505.
|
||||
* The new debug/buildinfo package provides access to module
|
||||
versions, version control information, and build flags embedded
|
||||
in executable files built by the go command. The same
|
||||
information is also available via runtime/debug.ReadBuildInfo
|
||||
for the currently running binary and via go version -m on the
|
||||
command line.
|
||||
* The new net/netip package defines a new IP address type,
|
||||
Addr. Compared to the existing net.IP type, the netip.Addr type
|
||||
takes less memory, is immutable, and is comparable so it
|
||||
supports == and can be used as a map key.
|
||||
* TLS 1.0 and 1.1 disabled by default client-side: If
|
||||
Config.MinVersion is not set, it now defaults to TLS 1.2 for
|
||||
client connections. Any safely up-to-date server is expected to
|
||||
support TLS 1.2, and browsers have required it since 2020. TLS
|
||||
1.0 and 1.1 are still supported by setting Config.MinVersion to
|
||||
VersionTLS10. The server-side default is unchanged at TLS
|
||||
1.0. The default can be temporarily reverted to TLS 1.0 by
|
||||
setting the GODEBUG=tls10default=1 environment variable. This
|
||||
option will be removed in Go 1.19.
|
||||
* Rejecting SHA-1 certificates: crypto/x509 will now reject
|
||||
certificates signed with the SHA-1 hash function. This doesn't
|
||||
apply to self-signed root certificates. Practical attacks
|
||||
against SHA-1 have been demonstrated since 2017 and publicly
|
||||
trusted Certificate Authorities have not issued SHA-1
|
||||
certificates since 2015. This can be temporarily reverted by
|
||||
setting the GODEBUG=x509sha1=1 environment variable. This
|
||||
option will be removed in Go 1.19.
|
||||
* crypto/elliptic The P224, P384, and P521 curve implementations
|
||||
are now all backed by code generated by the addchain and
|
||||
fiat-crypto projects, the latter of which is based on a
|
||||
formally-verified model of the arithmetic operations. They now
|
||||
use safer complete formulas and internal APIs. P-224 and P-384
|
||||
are now approximately four times faster. All specific curve
|
||||
implementations are now constant-time. Operating on invalid
|
||||
curve points (those for which the IsOnCurve method returns
|
||||
false, and which are never returned by Unmarshal or a Curve
|
||||
method operating on a valid point) has always been undefined
|
||||
behavior, can lead to key recovery attacks, and is now
|
||||
unsupported by the new backend. If an invalid point is supplied
|
||||
to a P224, P384, or P521 method, that method will now return a
|
||||
random point. The behavior might change to an explicit panic in
|
||||
a future release.
|
||||
* crypto/tls: The new Conn.NetConn method allows access to the
|
||||
underlying net.Conn.
|
||||
* crypto/x509: Certificate.Verify now uses platform APIs to
|
||||
verify certificate validity on macOS and iOS when it is called
|
||||
with a nil VerifyOpts.Roots or when using the root pool
|
||||
returned from SystemCertPool. SystemCertPool is now available
|
||||
on Windows.
|
||||
* crypto/x509: CertPool.Subjects is deprecated. On Windows,
|
||||
macOS, and iOS the CertPool returned by SystemCertPool will
|
||||
return a pool which does not include system roots in the slice
|
||||
returned by Subjects, as a static list can't appropriately
|
||||
represent the platform policies and might not be available at
|
||||
all from the platform APIs.
|
||||
* crypto/x509: Support for signing certificates using signature
|
||||
algorithms that depend on the MD5 and SHA-1 hashes (MD5WithRSA,
|
||||
SHA1WithRSA, and ECDSAWithSHA1) may be removed in Go 1.19.
|
||||
* net/http: When looking up a domain name containing non-ASCII
|
||||
characters, the Unicode-to-ASCII conversion is now done in
|
||||
accordance with Nontransitional Processing as defined in the
|
||||
Unicode IDNA Compatibility Processing standard (UTS #46). The
|
||||
interpretation of four distinct runes are changed: ß, ς,
|
||||
zero-width joiner U+200D, and zero-width non-joiner
|
||||
U+200C. Nontransitional Processing is consistent with most
|
||||
applications and web browsers.
|
||||
* os/user: User.GroupIds now uses a Go native implementation when
|
||||
cgo is not available.
|
||||
* runtime/debug: The BuildInfo struct has two new fields,
|
||||
containing additional information about how the binary was
|
||||
built: GoVersion holds the version of Go used to build the
|
||||
binary. Settings is a slice of BuildSettings structs holding
|
||||
key/value pairs describing the build.
|
||||
* runtime/pprof: The CPU profiler now uses per-thread timers on
|
||||
Linux. This increases the maximum CPU usage that a profile can
|
||||
observe, and reduces some forms of bias.
|
||||
* syscall: The new function SyscallN has been introduced for
|
||||
Windows, allowing for calls with arbitrary number of arguments.
|
||||
As a result, Syscall, Syscall6, Syscall9, Syscall12, Syscall15,
|
||||
and Syscall18 are deprecated in favor of SyscallN.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 9 17:03:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- add dont-force-gold-on-arm64.patch (bsc#1183043)
|
||||
- drop binutils-gold dependency
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 18 02:10:17 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- Add .bin assembler pattern table file and test data to packaging.
|
||||
* Error manifests building some Go applications as:
|
||||
src/crypto/elliptic/p256_asm.go:24:12:
|
||||
pattern p256_asm_table.bin: no matching files found
|
||||
* A Quick Guide to Go's Assembler https://go.dev/doc/asm
|
||||
* New assembler pattern file added to packaging with mode 644:
|
||||
src/crypto/elliptic/p256_asm_table.bin
|
||||
* Existing test data files added to packaging with mode 644:
|
||||
src/compress/bzip2/testdata/pass-random2.bin
|
||||
src/compress/bzip2/testdata/pass-random1.bin
|
||||
src/debug/dwarf/testdata/line-gcc-win.bin
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 17 07:38:54 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18rc1 (released 2022-02-16) is a release candidate version of
|
||||
go1.18 cut from the master branch at the revision tagged
|
||||
go1.18rc1.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 31 19:25:36 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18beta2 (released 2022-01-31) is a beta version of go1.18 cut
|
||||
from the master branch at the revision tagged go1.18beta2.
|
||||
Refs boo#1193742 go1.18 release tracking
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 14 20:06:19 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
||||
|
||||
- go1.18beta1 (released 2021-12-14) is a beta version of go1.18 cut
|
||||
from the master branch at the revision tagged go1.18beta1.
|
||||
Refs boo#1193742 go1.18 release tracking
|
479
go1.18-openssl.spec
Normal file
479
go1.18-openssl.spec
Normal file
@ -0,0 +1,479 @@
|
||||
#
|
||||
# spec file for package go1.18-openssl
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
# nodebuginfo
|
||||
|
||||
|
||||
# strip will cause Go's .a archives to become invalid because strip appears to
|
||||
# reassemble the archive incorrectly. This is a known issue upstream
|
||||
# (https://github.com/golang/go/issues/17890), but we have to deal with it in
|
||||
# the meantime.
|
||||
%undefine _build_create_debug
|
||||
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true
|
||||
|
||||
# Specify Go toolchain version used to bootstrap this package's Go toolchain
|
||||
# go_bootstrap_version bootstrap go toolchain with specific existing go1.x package
|
||||
# gcc_go_version bootstrap go toolchain with specific version of gcc-go
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
# Usually ahead of bootstrap version specified by upstream Go
|
||||
# Use Tumbleweed default gccgo and N-1 go1.x for testing
|
||||
%define gcc_go_version 13
|
||||
%define go_bootstrap_version go1.17
|
||||
%else
|
||||
# Use gccgo and go1.x specified by upstream Go
|
||||
%define gcc_go_version 11
|
||||
%define go_bootstrap_version go1.17
|
||||
%endif
|
||||
|
||||
# Bootstrap go toolchain using existing go package go_bootstrap_version
|
||||
# To bootstrap using gccgo use '--with gccgo'
|
||||
%bcond_with gccgo
|
||||
|
||||
# gccgo on ppc64le with default PIE enabled fails with:
|
||||
# error while loading shared libraries:
|
||||
# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
|
||||
# track https://github.com/golang/go/issues/28531
|
||||
# linuxppc-dev discussion:
|
||||
# "PIE binaries are no longer mapped below 4 GiB on ppc64le"
|
||||
# https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html
|
||||
%ifarch ppc64le
|
||||
#!BuildIgnore: gcc-PIE
|
||||
%endif
|
||||
|
||||
# Build go-race only on platforms where C++14 is supported (SLE-15)
|
||||
%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000
|
||||
%define tsan_arch x86_64 aarch64
|
||||
%else
|
||||
# Cannot use {nil} here (ifarch doesn't like it) so just make up a fake
|
||||
# architecture that no build will ever match.
|
||||
%define tsan_arch openSUSE_FAKE_ARCH
|
||||
%endif
|
||||
|
||||
# Go has precompiled versions of LLVM's compiler-rt inside their source code.
|
||||
# We cannot ship pre-compiled binaries so we have to recompile said source,
|
||||
# however they vendor specific commits from upstream. This value comes from
|
||||
# src/runtime/race/README (and we verify that it matches in check).
|
||||
#
|
||||
# In order to update the TSAN version, modify _service. See boo#1052528 for
|
||||
# more details.
|
||||
%define tsan_commit 89f7ccea6f6488c443655880229c54db1f180153
|
||||
|
||||
# go_api is the major version of Go.
|
||||
# Used by go1.x packages and go metapackage for:
|
||||
# RPM Provides: golang(API), RPM Requires: and rpm_vercmp
|
||||
# as well as derived variables such as go_label.
|
||||
%define go_api 1.18
|
||||
|
||||
# go_label is the configurable Go toolchain directory name.
|
||||
# Used for packaging multiple Go toolchains with the same go_api.
|
||||
# go_label should be defined as go_api with optional suffix, e.g.
|
||||
# go_api or go_api-foo
|
||||
%define go_label %{go_api}-openssl
|
||||
|
||||
# shared library support
|
||||
%if "%{rpm_vercmp %{go_api} 1.5}" > "0"
|
||||
%if %{with gccgo}
|
||||
%define with_shared 1
|
||||
%else
|
||||
%ifarch %ix86 %arm x86_64 aarch64
|
||||
%define with_shared 1
|
||||
%else
|
||||
%define with_shared 0
|
||||
%endif
|
||||
%endif
|
||||
%else
|
||||
%define with_shared 0
|
||||
%endif
|
||||
%ifarch ppc64
|
||||
%define with_shared 0
|
||||
%endif
|
||||
# setup go_arch (BSD-like scheme)
|
||||
%ifarch %ix86
|
||||
%define go_arch 386
|
||||
%endif
|
||||
%ifarch x86_64
|
||||
%define go_arch amd64
|
||||
# set GOAMD64 consistently
|
||||
%define go_amd64 v1
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
%define go_arch arm64
|
||||
%endif
|
||||
%ifarch %arm
|
||||
%define go_arch arm
|
||||
%endif
|
||||
%ifarch ppc64
|
||||
%define go_arch ppc64
|
||||
%endif
|
||||
%ifarch ppc64le
|
||||
%define go_arch ppc64le
|
||||
%endif
|
||||
%ifarch s390x
|
||||
%define go_arch s390x
|
||||
%endif
|
||||
%ifarch riscv64
|
||||
%define go_arch riscv64
|
||||
%endif
|
||||
|
||||
Name: go1.18-openssl
|
||||
Version: 1.18.10.1
|
||||
Release: 0
|
||||
Summary: A compiled, garbage-collected, concurrent programming language
|
||||
License: BSD-3-Clause
|
||||
Group: Development/Languages/Go
|
||||
URL: https://go.dev/
|
||||
Source: go%{version}-openssl.src.tar.gz
|
||||
Source1: go-rpmlintrc
|
||||
Source4: README.SUSE
|
||||
Source6: go.gdbinit
|
||||
# We have to compile TSAN ourselves. boo#1052528
|
||||
# Preferred form when all arches share llvm race version
|
||||
# Source100: llvm-%{tsan_commit}.tar.xz
|
||||
Source100: llvm-%{tsan_commit}.tar.xz
|
||||
# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115
|
||||
Patch7: dont-force-gold-on-arm64.patch
|
||||
# PATCH-FIX-UPSTREAM marguerite@opensuse.org - find /usr/bin/go-8 when bootstrapping with gcc8-go
|
||||
Patch8: gcc-go.patch
|
||||
Patch9: bsc1208491.patch
|
||||
Patch10: bsc1208491-41724.patch
|
||||
Patch11: bsc1208491-41725.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
# boostrap
|
||||
%if %{with gccgo}
|
||||
BuildRequires: gcc%{gcc_go_version}-go
|
||||
%else
|
||||
# no gcc-go
|
||||
BuildRequires: %{go_bootstrap_version}
|
||||
%endif
|
||||
BuildRequires: fdupes
|
||||
Suggests: %{name}-doc = %{version}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
Suggests: %{name}-libstd = %{version}
|
||||
%endif
|
||||
%ifarch %{tsan_arch}
|
||||
# Needed to compile compiler-rt/TSAN.
|
||||
BuildRequires: gcc-c++
|
||||
%endif
|
||||
#BNC#818502 debug edit tool of rpm fails on i586 builds
|
||||
BuildRequires: rpm >= 4.11.1
|
||||
Requires(post): update-alternatives
|
||||
Requires(postun):update-alternatives
|
||||
Requires: gcc
|
||||
BuildRequires: libopenssl-devel
|
||||
Requires: libopenssl-devel
|
||||
Provides: go = %{version}
|
||||
Provides: go-devel = go%{version}
|
||||
Provides: go-devel-static = go%{version}
|
||||
Provides: golang(API) = %{go_api}
|
||||
Obsoletes: go-devel < go%{version}
|
||||
# go-vim/emacs were separate projects starting from 1.4
|
||||
Obsoletes: go-emacs <= 1.3.3
|
||||
Obsoletes: go-vim <= 1.3.3
|
||||
ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64
|
||||
|
||||
%description
|
||||
Go is an expressive, concurrent, garbage collected systems programming language
|
||||
that is type safe and memory safe. It has pointers but no pointer arithmetic.
|
||||
Go has fast builds, clean syntax, garbage collection, methods for any type, and
|
||||
run-time reflection. It feels like a dynamic language but has the speed and
|
||||
safety of a static language.
|
||||
|
||||
%package doc
|
||||
Summary: Go documentation
|
||||
Group: Documentation/Other
|
||||
Provides: go-doc = %{version}
|
||||
|
||||
%description doc
|
||||
Go examples and documentation.
|
||||
|
||||
%ifarch %{tsan_arch}
|
||||
# boo#1052528
|
||||
%package race
|
||||
Summary: Go runtime race detector
|
||||
Group: Development/Languages/Go
|
||||
URL: https://compiler-rt.llvm.org/
|
||||
Requires: %{name} = %{version}
|
||||
Supplements: %{name} = %{version}
|
||||
ExclusiveArch: %{tsan_arch}
|
||||
|
||||
%description race
|
||||
Go runtime race detector libraries. Install this package if you wish to use the
|
||||
-race option, in order to detect race conditions present in your Go programs.
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
%package libstd
|
||||
Summary: Go compiled shared library libstd.so
|
||||
Group: Development/Languages/Go
|
||||
Provides: go-libstd = %{version}
|
||||
|
||||
%description libstd
|
||||
Go standard library compiled to a dynamically loadable shared object libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%ifarch %{tsan_arch}
|
||||
# compiler-rt (from LLVM)
|
||||
%setup -q -T -b 100 -n llvm-%{tsan_commit}
|
||||
%endif
|
||||
|
||||
# go
|
||||
%setup -q -n go
|
||||
# Write go version into VERSION file in go source top level directory.
|
||||
# Needed for go build scripts to operate without assuming .git/ present.
|
||||
echo -n "go%{version}" > %{_builddir}/go/VERSION
|
||||
%patch7 -p1
|
||||
%if %{with gccgo}
|
||||
# Currently gcc-go does not manage an update-alternatives entry and will
|
||||
# never be symlinked as "go", even if gcc-go is the only installed go toolchain.
|
||||
# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8
|
||||
# Substitute defined gcc_go_version into gcc-go.patch
|
||||
sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch
|
||||
%patch8 -p1
|
||||
%endif
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
cp %{SOURCE4} .
|
||||
|
||||
%build
|
||||
# Remove the pre-included .sysos, to avoid shipping things we didn't compile
|
||||
# (which is against the openSUSE guidelines for packaging).
|
||||
# FIPS: retain boringcrypto .syso for now, not in use case for FIPS mode
|
||||
# go/src/crypto/internal/boring/nboringcrypto/goboringcrypto_linux_amd64.syso
|
||||
find . -type f -name '*.syso' ! -name '*boring*.syso' -print -delete
|
||||
# TODO: Rebuild using
|
||||
# BuildRequire: boringssl-devel
|
||||
# GO_LDFLAGS pkg-config(libboringssl1) (spelling TBD)
|
||||
# boringssl packages are currently present in Factory, not in SLE
|
||||
|
||||
# First, compile LLVM's TSAN, and replace the built-in with it. We can only do
|
||||
# this for amd64.
|
||||
%ifarch %{tsan_arch}
|
||||
TSAN_DIR="../llvm-%{tsan_commit}/compiler-rt/lib/tsan/go"
|
||||
pushd "$TSAN_DIR"
|
||||
./buildgo.sh
|
||||
popd
|
||||
cp -v "$TSAN_DIR/race_linux_%{go_arch}.syso" src/runtime/race/
|
||||
%endif
|
||||
|
||||
# Now, compile Go.
|
||||
%if %{with gccgo}
|
||||
export GOROOT_BOOTSTRAP=%{_prefix}
|
||||
%else
|
||||
export GOROOT_BOOTSTRAP=%{_libdir}/%{go_bootstrap_version}
|
||||
%endif
|
||||
# Ensure ARM arch is set properly - boo#1169832
|
||||
%ifarch armv6l armv6hl
|
||||
export GOARCH=arm
|
||||
export GOARM=6
|
||||
%endif
|
||||
%ifarch armv7l armv7hl
|
||||
export GOARCH=arm
|
||||
export GOARM=7
|
||||
%endif
|
||||
%ifarch x86_64 %{?x86_64}
|
||||
# use the baseline defined above. Other option is GOAMD64=v3 for x86_64_v3 support
|
||||
export GOAMD64=%go_amd64
|
||||
%endif
|
||||
export GOROOT="`pwd`"
|
||||
export GOROOT_FINAL=%{_libdir}/go/%{go_label}
|
||||
export GOBIN="$GOROOT/bin"
|
||||
mkdir -p "$GOBIN"
|
||||
cd src
|
||||
HOST_EXTRA_CFLAGS="%{optflags} -Wno-error" ./make.bash -v
|
||||
|
||||
cd ../
|
||||
%ifarch %{tsan_arch}
|
||||
# Install TSAN-friendly version of the std libraries.
|
||||
bin/go install -race std
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
# Compile Go standard library as a dynamically loaded shared object libstd.so
|
||||
# for inclusion in a subpackage which can be installed standalone.
|
||||
# Upstream Go binary releases do not ship a compiled libstd.so.
|
||||
# Standard practice is to build Go binaries as a single executable.
|
||||
# Upstream Go discussed removing this feature, opted to fix current support:
|
||||
# Relevant upstream comments on: https://github.com/golang/go/issues/47788
|
||||
#
|
||||
# -buildmode=shared
|
||||
# Combine all the listed non-main packages into a single shared
|
||||
# library that will be used when building with the -linkshared
|
||||
# option. Packages named main are ignored.
|
||||
#
|
||||
# -linkshared
|
||||
# build code that will be linked against shared libraries previously
|
||||
# created with -buildmode=shared.
|
||||
bin/go install -buildmode=shared std
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%check
|
||||
%ifarch %{tsan_arch}
|
||||
# Make sure that we have the right TSAN checked out.
|
||||
grep "^race_linux_%{go_arch}.syso built with LLVM %{tsan_commit}" src/runtime/race/README
|
||||
%endif
|
||||
|
||||
%install
|
||||
export GOROOT="%{buildroot}%{_libdir}/go/%{go_label}"
|
||||
|
||||
# locations for third party libraries, see README-openSUSE for info about locations.
|
||||
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib
|
||||
install -d $GOROOT/contrib/pkg/linux_%{go_arch}
|
||||
ln -s %{_libdir}/go/%{go_label}/contrib/pkg/ %{buildroot}%{_datadir}/go/%{go_label}/contrib/pkg
|
||||
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/cmd
|
||||
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/src
|
||||
ln -s %{_datadir}/go/%{go_label}/contrib/src/ %{buildroot}%{_libdir}/go/%{go_label}/contrib/src
|
||||
install -Dm644 README.SUSE $GOROOT/contrib/
|
||||
ln -s %{_libdir}/go/%{go_label}/contrib/README.SUSE %{buildroot}%{_datadir}/go/%{go_label}/contrib/README.SUSE
|
||||
|
||||
# source files for go install, godoc, etc
|
||||
install -d %{buildroot}%{_datadir}/go/%{go_label}
|
||||
for ext in *.{go,c,h,s,S,py,syso,bin}; do
|
||||
find src -name ${ext} -exec install -Dm644 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
|
||||
done
|
||||
# executable bash scripts called by go tool, etc
|
||||
find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
|
||||
|
||||
mkdir -p $GOROOT/src
|
||||
for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do
|
||||
ln -s /usr/share/go/%{go_label}/src/$i $GOROOT/src/$i
|
||||
done
|
||||
# add lib files that are needed (such as the timezone database).
|
||||
install -d $GOROOT/lib
|
||||
find lib -type f -exec install -D -m644 {} $GOROOT/{} \;
|
||||
|
||||
# copy document templates, packages, obj libs and command utilities
|
||||
mkdir -p $GOROOT/bin
|
||||
# remove bootstrap
|
||||
rm -rf pkg/bootstrap
|
||||
mv pkg $GOROOT
|
||||
mv bin/* $GOROOT/bin
|
||||
mkdir -p $GOROOT/misc/trace
|
||||
mv misc/trace/* $GOROOT/misc/trace
|
||||
# add wasm (Web Assembly) boo#1139210
|
||||
mkdir -p $GOROOT/misc/wasm
|
||||
mv misc/wasm/* $GOROOT/misc/wasm
|
||||
rm -f %{buildroot}%{_bindir}/{hgpatch,quietgcc}
|
||||
|
||||
# gdbinit
|
||||
install -Dm644 %{SOURCE6} $GOROOT/bin/gdbinit.d/go.gdb
|
||||
%if "%{_lib}" == "lib64"
|
||||
sed -i "s/lib/lib64/" $GOROOT/bin/gdbinit.d/go.gdb
|
||||
sed -i "s/\$go_label/%{go_label}/" $GOROOT/bin/gdbinit.d/go.gdb
|
||||
%endif
|
||||
|
||||
# update-alternatives
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
||||
mkdir -p %{buildroot}%{_bindir}
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d
|
||||
touch %{buildroot}%{_sysconfdir}/alternatives/{go,gofmt,go.gdb}
|
||||
ln -sf %{_sysconfdir}/alternatives/go %{buildroot}%{_bindir}/go
|
||||
ln -sf %{_sysconfdir}/alternatives/gofmt %{buildroot}%{_bindir}/gofmt
|
||||
ln -sf %{_sysconfdir}/alternatives/go.gdb %{buildroot}%{_sysconfdir}/gdbinit.d/go.gdb
|
||||
|
||||
# documentation and examples
|
||||
# fix documetation permissions (rpmlint warning)
|
||||
find doc/ misc/ -type f -exec chmod 0644 '{}' +
|
||||
# remove unwanted arch-dependant binaries (rpmlint warning)
|
||||
rm -rf misc/cgo/test/{_*,*.o,*.out,*.6,*.8}
|
||||
# prepare go-doc
|
||||
mkdir -p %{buildroot}%{_docdir}/go/%{go_label}
|
||||
cp -r AUTHORS CONTRIBUTORS CONTRIBUTING.md LICENSE PATENTS README.md README.boringcrypto.md README.SUSE %{buildroot}%{_docdir}/go/%{go_label}
|
||||
cp -r doc/* %{buildroot}%{_docdir}/go/%{go_label}
|
||||
|
||||
%fdupes -s %{buildroot}%{_prefix}
|
||||
|
||||
%post
|
||||
|
||||
update-alternatives \
|
||||
--install %{_bindir}/go go %{_libdir}/go/%{go_label}/bin/go $((20+$(echo %{go_label} | cut -d. -f2))) \
|
||||
--slave %{_bindir}/gofmt gofmt %{_libdir}/go/%{go_label}/bin/gofmt \
|
||||
--slave %{_sysconfdir}/gdbinit.d/go.gdb go.gdb %{_libdir}/go/%{go_label}/bin/gdbinit.d/go.gdb
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ] ; then
|
||||
update-alternatives --remove go %{_libdir}/go/%{go_label}/bin/go
|
||||
fi
|
||||
|
||||
%files
|
||||
%{_bindir}/go
|
||||
%{_bindir}/gofmt
|
||||
%dir %{_libdir}/go
|
||||
%{_libdir}/go/%{go_label}
|
||||
%dir %{_datadir}/go
|
||||
%{_datadir}/go/%{go_label}
|
||||
%dir %{_sysconfdir}/gdbinit.d/
|
||||
%config %{_sysconfdir}/gdbinit.d/go.gdb
|
||||
%ghost %{_sysconfdir}/alternatives/go
|
||||
%ghost %{_sysconfdir}/alternatives/gofmt
|
||||
%ghost %{_sysconfdir}/alternatives/go.gdb
|
||||
%dir %{_docdir}/go
|
||||
%dir %{_docdir}/go/%{go_label}
|
||||
%doc %{_docdir}/go/%{go_label}/AUTHORS
|
||||
%doc %{_docdir}/go/%{go_label}/CONTRIBUTORS
|
||||
%doc %{_docdir}/go/%{go_label}/CONTRIBUTING.md
|
||||
%doc %{_docdir}/go/%{go_label}/PATENTS
|
||||
%doc %{_docdir}/go/%{go_label}/README.md
|
||||
%doc %{_docdir}/go/%{go_label}/README.boringcrypto.md
|
||||
%doc %{_docdir}/go/%{go_label}/README.SUSE
|
||||
%if 0%{?suse_version} < 1500
|
||||
%doc %{_docdir}/go/%{go_label}/LICENSE
|
||||
%else
|
||||
%license %{_docdir}/go/%{go_label}/LICENSE
|
||||
%endif
|
||||
|
||||
# We don't include TSAN in the main Go package.
|
||||
%ifarch %{tsan_arch}
|
||||
%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
|
||||
%endif
|
||||
|
||||
# We don't include libstd.so in the main Go package.
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so
|
||||
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%files doc
|
||||
%doc %{_docdir}/go/%{go_label}/*.html
|
||||
|
||||
%ifarch %{tsan_arch}
|
||||
%files race
|
||||
%{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
|
||||
%endif
|
||||
|
||||
%if %{with_shared}
|
||||
%if 0%{?suse_version} > 1500
|
||||
# openSUSE Tumbleweed
|
||||
%files libstd
|
||||
%{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%changelog
|
BIN
go1.18.10.1-openssl.src.tar.gz
(Stored with Git LFS)
Normal file
BIN
go1.18.10.1-openssl.src.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
llvm-89f7ccea6f6488c443655880229c54db1f180153.tar.xz
(Stored with Git LFS)
Normal file
BIN
llvm-89f7ccea6f6488c443655880229c54db1f180153.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user