SLFO-pool/go1.16
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0a25503966
go1.16/go1.16.changes

562 lines
31 KiB
Plaintext
Raw Normal View History

Sync from SUSE:SLFO:Main go1.16 revision df2d3c44ca9c68579cabda6113ad4dd4
2024-05-03 13:05:18 +02:00
-------------------------------------------------------------------
Thu Apr 13 04:58:20 UTC 2023 - Martin Liška <mliska@suse.cz>
- Use gcc13 compiler for Tumbleweed.
-------------------------------------------------------------------
Tue Aug 23 19:49:42 UTC 2022 - Andreas Schwab <schwab@suse.de>
- Don't build with shared on riscv64 for < go1.18
-------------------------------------------------------------------
Thu Aug 11 18:23:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
- switch to gcc-go, bootstrap via gcc-go 11/12 which
should be available on leap, sle and factory
- add gcc-go.patch to bootstrap with gcc-go any version
- drop gcc6-go.patch, gcc7-go.patch: superseded by gcc-go.patch
-------------------------------------------------------------------
Fri Mar 11 23:37:41 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Add %define go_label as a configurable Go toolchain directory
* go_label can be used to package multiple Go toolchains with
the same go_api
* go_label should be defined as go_api with an optional suffix
e.g. %{go_api} or %{go_api}-foo
* Default go_label = go_api makes no changes to package layout
-------------------------------------------------------------------
Wed Mar 9 17:03:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency
-------------------------------------------------------------------
Thu Mar 3 21:51:40 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.15 (released 2022-03-03) includes a security fix to the
regexp/syntax package, as well as bug fixes to the compiler,
runtime, the go command, and to the net package
Refs boo#1182345 go1.16 release tracking
CVE-2022-24921
* boo#1196732 go#51112 CVE-2022-24921
* go#51117 regexp: stack overflow (process exit) handling deeply nested regexp
* go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
* go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
* go#51161 net: use EDNS to increase DNS packet size [freeze exception]
* go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
-------------------------------------------------------------------
Fri Feb 18 02:10:17 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Add missing .bin binary test data to packaging.
* Existing test data files added to packaging with mode 644:
src/compress/bzip2/testdata/pass-random2.bin
src/compress/bzip2/testdata/pass-random1.bin
src/debug/dwarf/testdata/line-gcc-win.bin
-------------------------------------------------------------------
Thu Feb 10 23:46:55 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.14 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, net/http/httptest, and testing
packages.
Refs boo#1182345 go1.16 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50686 cmd/go: do not treat branches with semantic-version names as releases
* go#50866 cmd/compile: incorrect use of CMN on arm64
* go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
* go#50811 cmd/go: remove bitbucket VCS probing
* go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50645 testing: surprising interaction of subtests with TempDir
* go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package
-------------------------------------------------------------------
Thu Jan 6 20:38:08 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.13 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the net/http package.
Refs boo#1182345 go1.16 release tracking
* go#50449 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#50296 cmd/link: does not set section type of .init_array correctly
* go#50194 runtime/race: building for iOS, but linking in object file built for macOS
* go#50072 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49923 cmd/link: support more load commands on Mach-O
* go#49412 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48115 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14
-------------------------------------------------------------------
Thu Dec 9 17:31:00 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.12 (released 2021-12-09) includes security fixes to the
syscall and net/http packages.
Refs boo#1182345 go1.16 release tracking
CVE-2021-44716 CVE-2021-44717
* boo#1193598 go#50057 CVE-2021-44717
* go#50066 syscall: dont close fd 0 on ForkExec error
* boo#1193597 go#50058 CVE-2021-44716
* go#50064 net/http: limit growth of header canonicalization cache
-------------------------------------------------------------------
Fri Dec 3 02:15:02 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.11 (released 2021-12-02) includes fixes to the compiler,
runtime, and the net/http, net/http/httptest, and time packages.
Refs boo#1182345 go1.16 release tracking
* go#49910 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49908 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49904 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49867 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49851 net/http/httptest: Close does not wait for the underlying Server's ConnState callbacks to complete
* go#49728 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49661 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49623 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49567 net/http: server responds with Transfer-Encoding: identity
* go#49560 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49558 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49406 time: ParseInLocation error
* go#49391 cmd/compile: internal compiler error: Expand calls interface data problem
-------------------------------------------------------------------
Thu Nov 4 21:23:39 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.10 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the misc/wasm directory, and to the
net/http package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48991 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48251 archive/zip: Reader.Open panics on empty string
* go#49153 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49076 x/net/http2: backport critical fixes
* go#49009 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48822 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48649 x/net/http2: pool deadlock
* go#48478 cmd/compile: 64 bits shifts on arm get wrong results
* go#48474 cmd/compile: incorrect arm/arm64 simplification rules
-------------------------------------------------------------------
Fri Oct 8 00:41:43 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.9 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
runtime and to the text/template package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48799 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48443 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#47858 time: timer reset sometimes ignored, causing delayed ticks
-------------------------------------------------------------------
Fri Sep 10 02:44:03 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.8 (released 2021-09-09) includes a security fix to the
archive/zip package, as well as bug fixes to the archive/zip,
go/internal/gccgoimporter, html/template, net/http, and
runtime/pprof packages.
Refs boo#1182345 go1.16 release tracking
CVE-2021-39293
* boo#1190589 go#47801 CVE-2021-39293
* go#47985 archive/zip: overflow in preallocation check can cause OOM panic
* go#47691 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
* go#47675 runtime/pprof: apparent deadlock in TestGoroutineSwitch on linux-armv6l
* go#47610 go/internal/gccgoimporter: TestInstallationImporter broken with tip gccgo
* go#47535 net/http: TestCancelRequestWhenSharingConnection can cause port exhaustion
* go#47042 html/template: data race with concurrent ExecuteTemplate calls
-------------------------------------------------------------------
Thu Aug 12 20:48:30 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Add bash scripts used by go tool commands to provide a more
complete cross-compiling go toolchain install.
* Fixes "go tool dist list" error "all.bash does not exist"
* Added to packaging:
/usr/lib64/go/1.16/lib/time/update.bash (already packaged)
/usr/lib64/go/1.16/src/all.bash
/usr/lib64/go/1.16/src/bootstrap.bash
/usr/lib64/go/1.16/src/buildall.bash
/usr/lib64/go/1.16/src/clean.bash
/usr/lib64/go/1.16/src/cmp.bash
/usr/lib64/go/1.16/src/make.bash
/usr/lib64/go/1.16/src/race.bash
/usr/lib64/go/1.16/src/run.bash
/usr/share/go/1.16/src/all.bash
/usr/share/go/1.16/src/bootstrap.bash
/usr/share/go/1.16/src/buildall.bash
/usr/share/go/1.16/src/clean.bash
/usr/share/go/1.16/src/cmd/compile/internal/ssa/gen/cover.bash
/usr/share/go/1.16/src/cmd/vendor/golang.org/x/sys/windows/mkerrors.bash
/usr/share/go/1.16/src/cmd/vendor/golang.org/x/sys/windows/mkknownfolderids.bash
/usr/share/go/1.16/src/cmp.bash
/usr/share/go/1.16/src/internal/trace/mkcanned.bash
/usr/share/go/1.16/src/make.bash
/usr/share/go/1.16/src/race.bash
/usr/share/go/1.16/src/run.bash
-------------------------------------------------------------------
Thu Aug 5 21:03:30 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.7 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler,
the linker, the runtime, the go command, and the net/http
package.
CVE-2021-36221
Refs boo#1182345 go1.16 release tracking
* boo#1189162 go#46866 CVE-2021-36221
* go#47474 net/http: panic due to racy read of persistConn after handler panic
* go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
* go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
* go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
* go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
* go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
* go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
* go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package
-------------------------------------------------------------------
Thu Aug 5 20:51:24 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Drop patch to fix crashes on PowerPC with kernel >= 5.13, fixed
in next upstream release:
* drop fix-ppc64-crashes.patch
-------------------------------------------------------------------
Mon Jul 19 12:40:37 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Add patch to fix crashes on PowerPC with kernel >= 5.13:
* fix-ppc64-crashes.patch
-------------------------------------------------------------------
Mon Jul 12 23:51:55 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.6 (released 2021-07-12) includes a security fix to the
crypto/tls package, as well as bug fixes to the compiler, and the
net and net/http packages.
CVE-2021-34558
Refs boo#1182345 go1.16 release tracking
* boo#1188229 go#47143 CVE-2021-34558
* go#47145 security: fix CVE-2021-34558
* go#46999 net: LookupMX behaviour broken
* go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46657 runtime: deeply nested struct initialized with non-zero values
* go#44984 net/http: server not setting Content-Length in certain cases
-------------------------------------------------------------------
Thu Jun 10 17:31:11 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Fix extraneous trailing percent character %endif% in spec file.
-------------------------------------------------------------------
Thu Jun 3 22:46:45 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.5 (released 2021-06-03) includes security fixes to the
archive/zip, math/big, net, and net/http/httputil packages, as
well as bug fixes to the linker, the go command, and the net/http
package.
CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
Refs boo#1182345 go1.16 release tracking
* boo#1187443 go#46241 CVE-2021-33195
* go#46357 net: Lookup functions may return invalid host names
* go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
* boo#1186622 go#46242 CVE-2021-33196
* go#46397 archive/zip: malformed archive may cause panic or memory exhaustion
* boo#1187444 go#46313 CVE-2021-33197
* go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
* boo#1187445 go#45910 CVE-2021-33198
* go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
* go#46214 cmd/go: make go mod download with no arguments leave go.sum alone
* go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
* go#46128 cmd/link: internal error when externally linking very large binaries
* go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
* go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le
-------------------------------------------------------------------
Fri May 7 16:28:32 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.4 (released 2021-05-06) includes a security fix to the
net/http package, as well as bug fixes to the runtime, the
compiler, and the archive/zip, time, and syscall packages.
CVE-2021-31525
Refs boo#1182345 go1.16 release tracking
* boo#1185790 CVE-2021-31525
* go#45712 net/http: ReadRequest can stack overflow
* go#45636 cmd/compile: internal compiler error: Invalid PPC64 rotate mask
* go#45482 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
* go#45385 time: Europe/Dublin timezone handling broken with embedded timezone database
* go#45347 archive/zip: duplicate entries in FS interface
* go#45307 os/signal: timeout in TestAllThreadsSyscallSignals
-------------------------------------------------------------------
Fri Apr 2 12:26:15 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.3 (released 2021-04-01) includes fixes to the compiler,
linker, runtime, the go command, and the testing and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#45303 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
* go#45253 cmd/compile: fix long RMW bit operations on AMD64
* go#45240 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45192 Strange behaviour with loops
* go#45030 cmd/link: go 1.16 plugin does not initialize global variables correctly when not used directly
* go#44888 testing: Helper line number has changed in 1.16
* go#44885 cmd/go: import paths ending with '+' are rejected (affects executable like g++ or clang++)
* go#44869 time, runtime: zero duration timer takes 2 minutes to fire
* go#44860 cmd/go: documentation at golang.org for cmd/go has confusing formatting
* go#44812 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
* go#44640 cmd/link: fail to build when using time/tzdata on ARM
-------------------------------------------------------------------
Fri Mar 12 01:27:53 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.2 (released 2021-03-11) includes fixes to cgo, the
compiler, linker, the go command, and the syscall and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#44793 cmd/go: mod tidy should ignore missing standard library packages
* go#44746 cmd/go: improve error message when outside a module from "working directory is not part of a module"
* go#44676 cmd/go: warning message when getting a retracted module version is missing a trailing newline
* go#44659 runtime: marked free object in span
* go#44647 cmd/go: "malformed import path" in Go 1.16 for packages with path elements containing a leading dot
* go#44638 cmd/link: runtime crash, unexpected fault address 0xffffffffffffffff, h2_bundle.go, when using plugin
* go#44618 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44593 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44498 cmd/go: 'go mod edit -exclude' erroneously rejects '+incompatible' versions
* go#44496 cmd/go: malformed module path with retract v2+
* go#44464 cmd/compile: ICE on deferred call to syscall.LazyDLL.Call
* go#44462 x/tools/go/analysis, syscall: ptrace redeclared in this block
* go#44433 cmd/compile: Compiler regression in Go 1.16 - internal compiler error: child dcl collision on symbol
* go#44402 doc: Broken image in readme
* go#44358 cmd/compile: internal compiler error: Value live at entry. It shouldn't be.
* go#44346 runtime/cgo: cannot build with -Wsign-compare
-------------------------------------------------------------------
Wed Mar 10 17:33:27 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.1 (released 2021-03-10) includes security fixes to the
archive/zip and encoding/xml packages.
CVE-2021-27918 CVE-2021-27919
Refs boo#1182345 go1.16 release tracking
* boo#1183333 CVE-2021-27918
* go#44915 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`
* boo#1183334 CVE-2021-27919
* go#44917 archive/zip: can panic when calling Reader.Open
-------------------------------------------------------------------
Thu Feb 18 23:21:47 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- gcc6-go.patch fix typo go-7 to go-6 for bootstrap on SLE-12 gcc6
-------------------------------------------------------------------
Tue Feb 16 22:42:14 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16 (released 2021-02-16) Go 1.16 is a major release of Go.
go1.16.x minor releases will be provided through February 2022.
https://github.com/golang/go/wiki/Go-Release-Cycle
Most changes are in the implementation of the toolchain, runtime,
and libraries. As always, the release maintains the Go 1 promise
of compatibility. We expect almost all Go programs to continue to
compile and run as before.
Refs boo#1182345 go1.16 release tracking
* See release notes https://golang.org/doc/go1.16. Excerpts
relevant to OBS environment and for SUSE/openSUSE follow:
* Module-aware mode is enabled by default, regardless of whether
a go.mod file is present in the current working directory or a
parent directory. More precisely, the GO111MODULE environment
variable now defaults to on. To switch to the previous
behavior, set GO111MODULE to auto.
* Build commands like go build and go test no longer modify
go.mod and go.sum by default. Instead, they report an error if
a module requirement or checksum needs to be added or updated
(as if the -mod=readonly flag were used). Module requirements
and sums may be adjusted with go mod tidy or go get.
* go install now accepts arguments with version suffixes (for
example, go install example.com/cmd@v1.0.0). This causes go
install to build and install packages in module-aware mode,
ignoring the go.mod file in the current directory or any parent
directory, if there is one. This is useful for installing
executables without affecting the dependencies of the main
module.
* go install, with or without a version suffix (as described
above), is now the recommended way to build and install
packages in module mode. go get should be used with the -d flag
to adjust the current module's dependencies without building
packages, and use of go get to build and install packages is
deprecated. In a future release, the -d flag will always be
enabled.
* retract directives may now be used in a go.mod file to indicate
that certain published versions of the module should not be
used by other modules. A module author may retract a version
after a severe problem is discovered or if the version was
published unintentionally.
* The go mod vendor and go mod tidy subcommands now accept the -e
flag, which instructs them to proceed despite errors in
resolving missing packages.
* The go command now ignores requirements on module versions
excluded by exclude directives in the main module. Previously,
the go command used the next version higher than an excluded
version, but that version could change over time, resulting in
non-reproducible builds.
* In module mode, the go command now disallows import paths that
include non-ASCII characters or path elements with a leading
dot character (.). Module paths with these characters were
already disallowed (see Module paths and versions), so this
change affects only paths within module subdirectories.
* The go command now supports including static files and file
trees as part of the final executable, using the new //go:embed
directive. See the documentation for the new embed package for
details.
* When using go test, a test that calls os.Exit(0) during
execution of a test function will now be considered to
fail. This will help catch cases in which a test calls code
that calls os.Exit(0) and thereby stops running all future
tests. If a TestMain function calls os.Exit(0) that is still
considered to be a passing test.
* go test reports an error when the -c or -i flags are used
together with unknown flags. Normally, unknown flags are passed
to tests, but when -c or -i are used, tests are not run.
* The go get -insecure flag is deprecated and will be removed in
a future version. This flag permits fetching from repositories
and resolving custom domains using insecure schemes such as
HTTP, and also bypasses module sum validation using the
checksum database. To permit the use of insecure schemes, use
the GOINSECURE environment variable instead. To bypass module
sum validation, use GOPRIVATE or GONOSUMDB. See go help
environment for details.
* go get example.com/mod@patch now requires that some version of
example.com/mod already be required by the main
module. (However, go get -u=patch continues to patch even
newly-added dependencies.)
* GOVCS is a new environment variable that limits which version
control tools the go command may use to download source
code. This mitigates security issues with tools that are
typically used in trusted, authenticated environments. By
default, git and hg may be used to download code from any
repository. svn, bzr, and fossil may only be used to download
code from repositories with module paths or package paths
matching patterns in the GOPRIVATE environment variable. See go
help vcs for details.
* When the main module's go.mod file declares go 1.16 or higher,
the all package pattern now matches only those packages that
are transitively imported by a package or test found in the
main module. (Packages imported by tests of packages imported
by the main module are no longer included.) This is the same
set of packages retained by go mod vendor since Go 1.11.
* When the -toolexec build flag is specified to use a program
when invoking toolchain programs like compile or asm, the
environment variable TOOLEXEC_IMPORTPATH is now set to the
import path of the package being built.
* The -i flag accepted by go build, go install, and go test is
now deprecated. The -i flag instructs the go command to install
packages imported by packages named on the command line. Since
the build cache was introduced in Go 1.10, the -i flag no
longer has a significant effect on build times, and it causes
errors when the install directory is not writable.
* When the -export flag is specified, the BuildID field is now
set to the build ID of the compiled package. This is equivalent
to running go tool buildid on go list -exported -f {{.Export}},
but without the extra step.
* The -overlay flag specifies a JSON configuration file
containing a set of file path replacements. The -overlay flag
may be used with all build commands and go mod subcommands. It
is primarily intended to be used by editor tooling such as
gopls to understand the effects of unsaved changes to source
files. The config file maps actual file paths to replacement
file paths and the go command and its builds will run as if the
actual file paths exist with the contents given by the
replacement file paths, or don't exist if the replacement file
paths are empty.
* The cgo tool will no longer try to translate C struct bitfields
into Go struct fields, even if their size can be represented in
Go. The order in which C bitfields appear in memory is
implementation dependent, so in some cases the cgo tool
produced results that were silently incorrect.
* The linux/riscv64 port now supports cgo and -buildmode=pie.
This release also includes performance optimizations and code
generation improvements for RISC-V.
* The new runtime/metrics package introduces a stable interface
for reading implementation-defined metrics from the Go
runtime. It supersedes existing functions like
runtime.ReadMemStats and debug.GCStats and is significantly
more general and efficient. See the package documentation for
more details.
* Setting the GODEBUG environment variable to inittrace=1 now
causes the runtime to emit a single line to standard error for
each package init, summarizing its execution time and memory
allocation. This trace can be used to find bottlenecks or
regressions in Go startup performance. The GODEBUG
documentation describes the format.
* On Linux, the runtime now defaults to releasing memory to the
operating system promptly (using MADV_DONTNEED), rather than
lazily when the operating system is under memory pressure
(using MADV_FREE). This means process-level memory statistics
like RSS will more accurately reflect the amount of physical
memory being used by Go processes. Systems that are currently
using GODEBUG=madvdontneed=1 to improve memory monitoring
behavior no longer need to set this environment variable.
* Go 1.16 fixes a discrepancy between the race detector and the
Go memory model. The race detector now more precisely follows
the channel synchronization rules of the memory model. As a
result, the detector may now report races it previously missed.
* linker: This release includes additional improvements to the Go
linker, reducing linker resource usage (both time and memory)
and improving code robustness/maintainability. These changes
form the second half of a two-release project to modernize the
Go linker.
* The linker changes in 1.16 extend the 1.15 improvements to all
supported architecture/OS combinations (the 1.15 performance
improvements were primarily focused on ELF-based OSes and amd64
architectures). For a representative set of large Go programs,
linking is 20-25% faster than 1.15 and requires 5-15% less
memory on average for linux/amd64, with larger improvements for
other architectures and OSes. Most binaries are also smaller as
a result of more aggressive symbol pruning.
* The new embed package provides access to files embedded in the
program during compilation using the new //go:embed directive.
* The new io/fs package defines the fs.FS interface, an
abstraction for read-only trees of files. The standard library
packages have been adapted to make use of the interface as
appropriate.
* For testing code that implements fs.FS, the new testing/fstest
package provides a TestFS function that checks for and reports
common mistakes. It also provides a simple in-memory file
system implementation, MapFS, which can be useful for testing
code that accepts fs.FS implementations.
* syscall: On Linux, Setgid, Setuid, and related calls are now
implemented. Previously, they returned an syscall.EOPNOTSUPP
error. On Linux, the new functions AllThreadsSyscall and
AllThreadsSyscall6 may be used to make a system call on all Go
threads in the process. These functions may only be used by
programs that do not use cgo; if a program uses cgo, they will
always return syscall.ENOTSUP.
* time/tzdata: The slim timezone data format is now used for the
timezone database in $GOROOT/lib/time/zoneinfo.zip and the
embedded copy in this package. This reduces the size of the
timezone database by about 350 KB.
-------------------------------------------------------------------
Thu Jan 28 17:20:09 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16rc1 (released 2021-01-28) is a release candidate of go1.16
cut from the master branch at the revision tagged go1.16rc1.
-------------------------------------------------------------------
Thu Dec 17 23:00:42 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16beta1 (released 2020-12-08) is a beta version of go1.16 cut
from the master branch at the revision tagged go1.16beta1.
Reference in New Issue Copy Permalink