commit 49cc6013c2d31d23381852bd746c8d21887baa6954e02fce13c6f251cdc702d8 Author: Adrian Schröter Date: Fri May 3 13:06:52 2024 +0200 Sync from SUSE:SLFO:Main go1.19-openssl revision cece5bfc3203de2b87f0184d3af72eb5 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..88a197a --- /dev/null +++ b/README.SUSE @@ -0,0 +1,8 @@ +# Go Programming Language + +OBS: https://build.opensuse.org/project/show/devel:languages:go + +Maintainer: Jeff Kowalczyk + +Wiki: http://en.opensuse.org/Go + http://en.opensuse.org/openSUSE:Packaging_Go diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..4496146 --- /dev/null +++ b/_constraints @@ -0,0 +1,7 @@ + + + + 5 + + + diff --git a/_service b/_service new file mode 100644 index 0000000..01289e3 --- /dev/null +++ b/_service @@ -0,0 +1,15 @@ + + + https://github.com/llvm/llvm-project.git + git + compiler-rt + + 127e59048cd3d8dbb80c14b3036918c114089529 + %H + llvm + + + llvm-*.tar + xz + + diff --git a/dont-force-gold-on-arm64.patch b/dont-force-gold-on-arm64.patch new file mode 100644 index 0000000..0b370e7 --- /dev/null +++ b/dont-force-gold-on-arm64.patch @@ -0,0 +1,33 @@ +--- go/src/cmd/link/internal/ld/lib.go ++++ go/src/cmd/link/internal/ld/lib.go +@@ -1391,30 +1391,6 @@ + // Use lld to avoid errors from default linker (issue #38838) + altLinker = "lld" + } +- +- if ctxt.Arch.InFamily(sys.ARM, sys.ARM64) && buildcfg.GOOS == "linux" { +- // On ARM, the GNU linker will generate COPY relocations +- // even with -znocopyreloc set. +- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962 +- // +- // On ARM64, the GNU linker will fail instead of +- // generating COPY relocations. +- // +- // In both cases, switch to gold. +- altLinker = "gold" +- +- // If gold is not installed, gcc will silently switch +- // back to ld.bfd. So we parse the version information +- // and provide a useful error if gold is missing. +- name, args := flagExtld[0], flagExtld[1:] +- args = append(args, "-fuse-ld=gold", "-Wl,--version") +- cmd := exec.Command(name, args...) +- if out, err := cmd.CombinedOutput(); err == nil { +- if !bytes.Contains(out, []byte("GNU gold")) { +- log.Fatalf("ARM external linker must be gold (issue #15696), but is not: %s", out) +- } +- } +- } + } + if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" { + // Switch to ld.bfd on freebsd/arm64. diff --git a/gcc-go.patch b/gcc-go.patch new file mode 100644 index 0000000..3998422 --- /dev/null +++ b/gcc-go.patch @@ -0,0 +1,79 @@ +Index: go/src/cmd/dist/buildtool.go +=================================================================== +--- go.orig/src/cmd/dist/buildtool.go ++++ go/src/cmd/dist/buildtool.go +@@ -210,7 +210,7 @@ + // only applies to the final cmd/go binary, but that's OK: if this is Go 1.10 + // or later we don't need to disable inlining to work around bugs in the Go 1.4 compiler. + cmd := []string{ +- pathf("%s/bin/go", goroot_bootstrap), ++ pathf("%s/bin/go-$gcc_go_version", goroot_bootstrap), + "install", + "-gcflags=-l", + "-tags=math_big_pure_go compiler_bootstrap purego", +Index: go/src/make.bash +=================================================================== +--- go.orig/src/make.bash ++++ go/src/make.bash +@@ -68,7 +68,7 @@ + # time goes when these scripts run. + # + # GOROOT_BOOTSTRAP: A working Go tree >= Go 1.4 for bootstrap. +-# If $GOROOT_BOOTSTRAP/bin/go is missing, $(go env GOROOT) is ++# If $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version is missing, $(go env GOROOT) is + # tried for all "go" in $PATH. $HOME/go1.4 by default. + + set -e +@@ -179,8 +179,8 @@ + fi + fi + done; unset IFS +-if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then +- echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2 ++if [ ! -x "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" ]; then ++ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version." >&2 + echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2 + exit 1 + fi +@@ -198,7 +198,7 @@ + exit 1 + fi + rm -f cmd/dist/dist +-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist ++GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" build -o cmd/dist/dist ./cmd/dist + + # -e doesn't propagate out of eval, so check success by hand. + eval $(./cmd/dist/dist env -p || echo FAIL=true) +Index: go/src/make.rc +=================================================================== +--- go.orig/src/make.rc ++++ go/src/make.rc +@@ -57,7 +57,7 @@ + GOROOT_BOOTSTRAP = $home/$d + } + for(p in $path){ +- if(! test -x $GOROOT_BOOTSTRAP/bin/go){ ++ if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){ + if(go_exe = `{path=$p whatis go}){ + goroot = `{GOROOT='' $go_exe env GOROOT} + if(! ~ $goroot $GOROOT){ +@@ -70,8 +70,8 @@ + } + } + } +-if(! test -x $GOROOT_BOOTSTRAP/bin/go){ +- echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2] ++if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){ ++ echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go-$gcc_go_version.' >[1=2] + echo 'Set $GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4.' >[1=2] + exit bootstrap + } +@@ -84,7 +84,7 @@ + echo 'Building Go cmd/dist using '^$GOROOT_BOOTSTRAP + if(~ $#vflag 1) + echo cmd/dist +-GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111MODULE=off GOENV=off GOFLAGS='' $GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist ++GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111MODULE=off GOENV=off GOFLAGS='' $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version build -o cmd/dist/dist ./cmd/dist + + eval `{./cmd/dist/dist env -9} + if(~ $#vflag 1) diff --git a/go-rpmlintrc b/go-rpmlintrc new file mode 100644 index 0000000..aeffb39 --- /dev/null +++ b/go-rpmlintrc @@ -0,0 +1,9 @@ +addFilter("binaryinfo-readelf-failed") # go binaries are suposedly ELF-compliant +addFilter("statically-linked-binary") # go doesn't yet support dynamic linking + +# .syso files are special. Note that while they are architecture-dependent, +# they are named to avoid conflicts (and we make sure of that in the RPM +# through go_arch). +addFilter("unstripped-binary-or-object.*\.syso$") +addFilter("arch-dependent-file-in-usr-share.*\.syso$") +addFilter("W: position-independent-executable-suggested") diff --git a/go.gdbinit b/go.gdbinit new file mode 100644 index 0000000..589a923 --- /dev/null +++ b/go.gdbinit @@ -0,0 +1 @@ +add-auto-load-safe-path /usr/lib/go/$go_label/src/runtime/runtime-gdb.py diff --git a/go1.19-openssl.changes b/go1.19-openssl.changes new file mode 100644 index 0000000..455d233 --- /dev/null +++ b/go1.19-openssl.changes @@ -0,0 +1,735 @@ +------------------------------------------------------------------- +Tue Feb 27 11:32:47 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Thu Sep 21 21:25:57 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.13.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.13-1-openssl-fips. + * Update to Go 1.19.13 + * run go mod tidy with local Go toolchain + +------------------------------------------------------------------- +Wed Sep 6 15:08:50 UTC 2023 - Jeff Kowalczyk + +- go1.19.13 (released 2023-09-06) includes fixes to the go command, + and the crypto/tls and net/http packages. + Refs boo#1200441 go1.19 release tracking + * go#61197 cmd/go: extended forwards compatibility for Go + * go#61825 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address + * go#61968 crypto/tls: add GODEBUG to control max RSA key size + +------------------------------------------------------------------- +Tue Sep 5 19:12:05 UTC 2023 - Jeff Kowalczyk + +- Add missing directory pprof html asset directory to package. + Refs boo#1215090 + * src/cmd/vendor/github.com/google/pprof/internal/driver/html/ + dir containing html assets is present in upstream Go + distribution but missing from SUSE go1.x packages + * Go programs importing runtime/pprof may fail with error: + /usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go + pattern html: no matching files found + * Reformat adjacent commment in spec file + +------------------------------------------------------------------- +Fri Aug 11 18:49:02 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.12.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.12-1-openssl-fips. + * Update to Go 1.19.12 and fix memory leak + +------------------------------------------------------------------- +Tue Aug 1 20:35:02 UTC 2023 - Jeff Kowalczyk + +- go1.19.12 (released 2023-08-01) includes a security fix to the + crypto/tls package, as well as bug fixes to the assembler and the + compiler. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29409 + * go#61579 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits + * go#61319 cmd/compile: ppc64le: sign extension issue in go 1.21rc2 + * go#61448 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64 + * go#61470 cmd/compile: failed to make Go on riscv64 CPU with numa + +------------------------------------------------------------------- +Tue Jul 11 17:50:52 UTC 2023 - Jeff Kowalczyk + +- go1.19.11 (released 2023-07-11) includes a security fix to the + net/http package, as well as bug fixes to cgo, the cover tool, + the go command, the runtime, and the go/printer package. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29406 + * go#61075 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header + * go#60351 cmd/go: go mod tidy introduces ambiguous imports in pruned modules + * go#60637 cmd/pprof: skip TestDisasm flaky failures on linux/arm64 + * go#60697 cmd/go: go list fails with submodules which have test-only dependencies + * go#60710 cmd/go: go list -export -e outputs errors to stderr and has non-zero exit code + * go#60844 runtime: SIGSEGV in race + coverage mode + * go#60948 runtime: goroutines that stop after calling runtime.RaceDisable break race detector + * go#61054 runtime: TestWindowsStackMemory flakes on windows-386-2016 + +------------------------------------------------------------------- +Wed Jun 7 00:00:52 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.10.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.10-1-openssl-fips. + * Update to Go 1.19.10 + +------------------------------------------------------------------- +Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk + +- go1.19.10 (released 2023-06-06) includes four security fixes to + the cmd/go and runtime packages, as well as bug fixes to the + compiler, the go command, and the runtime. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 + * go#60515 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection + * go#60517 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries + * go#60511 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS + * go#60513 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS + * go#59974 cmd/compile: multiple memories live at block start + * go#60000 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies + * go#60457 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate + +------------------------------------------------------------------- +Tue May 23 13:28:24 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.9.2 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.9-2-openssl-fips. + * Fix TestEncryptOAEP and TLS failures in FIPS mode + +------------------------------------------------------------------- +Tue May 16 17:20:44 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.9.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.9-1-openssl-fips. + * Update to Go 1.19.9 + +------------------------------------------------------------------- +Wed May 3 23:07:16 UTC 2023 - Jeff Kowalczyk + +- Revert re-enable binary stripping and debuginfo boo#1210938. + go1.19 and earlier store pre-compiled packages in $GOROOT/pkg as + Go .a files which are not ar archives. These .a are incorrectly + passed to strip by brp-15-strip-debug. strip incorrectly modifies + Go .a files rendering them invalid. Some Go applications fail to + build with "reference to nonexistent package" errors. + Refs boo#1210938 boo#1211073 + * go1.19 and earlier store pre-compiled packages for the standard + library as .a files under pkg/GOARCH[_{dynlink,race}]. + * Go emitted .a files are a Go specific format, not ar archives. + * go1.10+ stores recently built packages in build cache GOCACHE. + These are separate from the installed packages in $GOROOT/pkg. + * Go build cache objects use a different file format than Go .a. + * go1.20+ switches to the GOCACHE for both recently built + packages and the installed packages in $GOROOT/pkg. + * Current versions of readelf detect Go .a files correctly, e.g.: + readelf -d /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a + File: /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a(__.PKGDEF ) + readelf: Error: This is a GO binary file - try using 'go tool objdump' or 'go tool nm' + * binutils strip as of 2.40 detects Go .a files correctly, but + incorrectly modifies the .a files altering path resulting in + "reference to nonexistent package" errors. + * brp_check_suse/brp-15-strip-debug passes files to strip based + primarily on the file extension including .a. + +------------------------------------------------------------------- +Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk + +- go1.19.9 (released 2023-05-02) includes three security fixes to + the html/template package, as well as bug fixes to the compiler, + the runtime, and the crypto/tls and syscall packages. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 + * go#59811 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template: improper sanitization of CSS values + * go#59813 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template: improper handling of JavaScript whitespace + * go#59815 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template: improper handling of empty HTML attributes + * go#59063 runtime: automatically bump RLIMIT_NOFILE on Unix + * go#59158 cmd/compile: inlining function that references function literals generates bad code + * go#59373 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write + * go#59539 crypto/tls: TLSv1.3 connection fails with invalid PSK binder + * go#59579 cmd/compile: incorrect inline function variable + +------------------------------------------------------------------- +Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk + +- Packaging revert go1.x Suggests go1.x-race boo#1210963 + * Upstream go binary distributions do include race detector .syso + * Default Recommends for subpackages is best suited in this case + +------------------------------------------------------------------- +Fri Apr 28 23:47:22 UTC 2023 - Jeff Kowalczyk + +- Packaging improvements: + * Re-enable binary stripping and debuginfo boo#1210938 + * go1.x Suggests go1.x-race do not install by default boo#1210963 + * Use Group: Development/Languages/Go instead of Other + +------------------------------------------------------------------- +Fri Apr 14 23:41:22 UTC 2023 - Jeff Kowalczyk + +- Build subpackage go1.1x-libstd compiled shared object libstd.so + only on Tumbleweed at this time. + Refs jsc#PED-1962 + +------------------------------------------------------------------- +Fri Apr 14 23:20:06 UTC 2023 - Jeff Kowalczyk + +- Add subpackage go1.x-libstd for compiled shared object libstd.so. + Refs jsc#PED-1962 + * Main go1.x package included libstd.so in previous versions + * Split libstd.so into subpackage that can be installed standalone + * Continues the slimming down of main go1.x package by 40 Mb + * Experimental and not recommended for general use, Go currently has no ABI + * Upstream Go has not committed to support buildmode=shared long-term + * Do not use in packaging, build static single binaries (the default) + * Upstream Go go1.x binary releases do not include libstd.so + * go1.x Suggests go1.x-libstd so not installed by default Recommends + * go1.x-libstd does not Require: go1.x so can install standalone + * Provides go-libstd unversioned package name + * Fix build step -buildmode=shared std to omit -linkshared +- Packaging improvements: + * go1.x Suggests go1.x-doc so not installed by default Recommends + * Use Group: Development/Languages/Go instead of Other + +------------------------------------------------------------------- +Fri Apr 14 23:06:51 UTC 2023 - Jeff Kowalczyk + +- Improvements to go1.x packaging spec: + * On Tumbleweed bootstrap with current default gcc13 and gccgo118 + * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap + using go1.x package (%bcond_without gccgo). This is no longer + needed on current SLE-12:Update and removing will consolidate + the build configurations used. + * Change source URLs to go.dev as per Go upstream + * On x86_64 export GOAMD64=v1 as per the current baseline. + At this time forgo GOAMD64=v3 option for x86_64_v3 support. + * On x86_64 %define go_amd64=v1 as current instruction baseline + +------------------------------------------------------------------- +Thu Apr 13 04:58:20 UTC 2023 - Martin Liška + +- Use gcc13 compiler for Tumbleweed. + +------------------------------------------------------------------- +Wed Apr 5 18:44:00 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.8.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.8-1-openssl-fips. + * Update to Go 1.19.8 + +------------------------------------------------------------------- +Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk + +- go1.19.8 (released 2023-04-04) includes security fixes to the + go/parser, html/template, mime/multipart, net/http, and + net/textproto packages, as well as bug fixes to the linker, the + runtime, and the time package. + Refs boo#1200441 go1.19 release tracking + CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 + * go#59267 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http, net/textproto: denial of service from excessive memory allocation + * go#59269 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption + * go#59273 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser: infinite loop in parsing + * go#59271 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template: backticks not treated as string delimiters + * go#58937 cmd/go: timeout on darwin-amd64-race builder + * go#58939 runtime/pprof: TestLabelSystemstack due to sample with no location + * go#58941 internal/testpty: fails on some Linux machines due to incorrect error handling + * go#59050 cmd/link: linker fails on linux/amd64 when gcc's lto options are used + * go#59058 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation + * go#59074 time: time zone lookup using extend string makes wrong start time for non-DST zones + * go#59219 runtime: crash on linux-ppc64le + +------------------------------------------------------------------- +Tue Mar 7 18:03:10 UTC 2023 - Jeff Kowalczyk + +- go1.19.7 (released 2023-03-07) includes a security fix to the + crypto/elliptic package, as well as bug fixes to the linker, the + runtime, and the crypto/x509 and syscall packages. + Refs boo#1200441 go1.19 release tracking + CVE-2023-24532 + * go#58719 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results + * go#58441 runtime: some linkname signatures do not match + * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' + * go#58535 runtime: long latency of sweep assists + * go#58716 net: TestTCPSelfConnect failures due to unexpected connections + * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows + * go#58810 crypto/x509: TestSystemVerify consistently failing + +------------------------------------------------------------------- +Thu Feb 16 19:49:32 UTC 2023 - Jeff Kowalczyk + +- Update to version 1.19.6.1 cut from the go1.19-openssl-fips + branch at the revision tagged go1.19.6-1-openssl-fips. + * Update to Go 1.19.6 + * Add Crypto TestConfig and fix TLSv1.3 Crashesn + * Add gating.yml + +------------------------------------------------------------------- +Tue Feb 14 18:28:32 UTC 2023 - Jeff Kowalczyk + +- go1.19.6 (released 2023-02-14) includes security fixes to the + crypto/tls, mime/multipart, net/http, and path/filepath packages, + as well as bug fixes to the go command, the linker, the runtime, + and the crypto/x509, net/http, and time packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 + * go#57275 boo#1208269 security: fix CVE-2022-41722 + * go#58355 boo#1208270 security: fix CVE-2022-41723 + * go#58358 boo#1208271 security: fix CVE-2022-41724 + * go#58362 boo#1208272 security: fix CVE-2022-41725 + * go#56154 net/http: bad handling of HEAD requests with a body + * go#57635 crypto/x509: TestBoringAllowCert failures + * go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396 + * go#58118 time: update zoneinfo_abbrs on Windows + * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections + * go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing + +------------------------------------------------------------------- +Tue Jan 10 22:13:49 UTC 2023 - Jeff Kowalczyk + +- go1.19.5 (released 2023-01-10) includes fixes to the compiler, + the linker, and the crypto/x509, net/http, sync/atomic, and + syscall packages. + Refs boo#1200441 go1.19 release tracking + * go#57706 Misc/cgo: backport needed for dlltool fix + * go#57556 crypto/x509: re-allow duplicate attributes in CSRs + * go#57444 cmd/link: need to handle new-style LoongArch relocs + * go#57427 crypto/x509: Verify on macOS does not return typed errors + * go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. + * go#57339 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices + * go#57214 os: TestLstat failure on Linux Aarch64 + * go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length + * go#57124 sync/atomic: allow linked lists of atomic.Pointer + * go#57100 cmd/compile: non-retpoline-compatible errors + * go#57058 cmd/go: remove test dependency on gopkg.in service + * go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders + * go#56983 runtime: failure in TestRaiseException on windows-amd64-2012 + * go#56834 cmd/link/internal/ppc64: too-far trampoline is reused + * go#56770 cmd/compile: walkConvInterface produces broken IR + * go#56744 cmd/compile: internal compiler error: missing typecheck + * go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target + * go#56154 net/http: bad handling of HEAD requests with a body + +------------------------------------------------------------------- +Wed Dec 14 18:04:42 UTC 2022 - Jeff Kowalczyk + +- Initial package go1.19-openssl version 1.19.4.1 cut from the + go1.19-openssl-fips branch at the revision tagged + go1.19.4-1-openssl-fips. + Refs jsc#SLE-18320 + * Go upstream merged branch dev.boringcrypto in go1.19+. + * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. + * In go1.x-openssl enable FIPS mode (or boring mode as the + package is named) either via an environment variable + GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. + * When the operating system is operating in FIPS mode, Go + applications which import crypto/tls/fipsonly limit operations + to the FIPS ciphersuite. + * go1.x-openssl is delivered as two large patches to go1.x + applying necessary modifications from the golang-fips/go GitHub + project for the Go crypto library to use OpenSSL as the + external cryptographic library in a FIPS compliant way. + * go1.x-openssl modifies the crypto/* packages to use OpenSSL for + cryptographic operations. + * go1.x-openssl uses dlopen() to call into OpenSSL. + * SUSE RPM packaging introduces a fourth version digit go1.x.y.z + corresponding to the golang-fips/go patchset tagged revision. + * Patchset improvements can be updated independently of upstream + Go maintenance releases. + +------------------------------------------------------------------- +Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk + +- go1.19.4 (released 2022-12-06) includes security fixes to the + net/http and os packages, as well as bug fixes to the compiler, + the runtime, and the crypto/x509, os/exec, and sync/atomic + packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41717 CVE-2022-41720 + * go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries + * go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows + * go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate + * go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com + * go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072 + * go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions. + * go#56636 runtime: traceback stuck in runtime.systemstack + * go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable" + * go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8) + * go#56438 crypto/x509: respect GODEBUG changes during program lifetime + * go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter + * go#56360 cmd/compile: panic: offset too large + +------------------------------------------------------------------- +Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk + +- go1.19.3 (released 2022-11-01) includes security fixes to the + os/exec and syscall packages, as well as bug fixes to the + compiler and the runtime. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41716 + * go#56328 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables + * go#56309 runtime: "runtime·lock: lock count" fatal error when cgo is enabled + * go#56168 cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch + * go#56106 internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing + +------------------------------------------------------------------- +Tue Oct 4 18:21:57 UTC 2022 - Jeff Kowalczyk + +- go1.19.2 (released 2022-10-04) includes security fixes to the + archive/tar, net/http/httputil, and regexp packages, as well as + bug fixes to the compiler, the linker, the runtime, and the + go/types package. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41715 CVE-2022-2879 CVE-2022-2880 + * go#55951 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps + * go#55926 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers + * go#55843 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters + * go#55270 cmd/compile: internal compiler error: method Len on *uint8 not found + * go#55152 cmd/compile: typebits.Set: invalid initial alignment: type Peer has alignment 8, but offset is 4 + * go#55149 go/types: no way to construct the signature of append(s, "string"...) via the API + * go#55124 fatal error: bulkBarrierPreWrite: unaligned arguments (go 1.19.1, looks like regression) + * go#55114 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation + * go#54917 cmd/compile: Value live at entry + * go#54764 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel (regression in 1.19 when building for i686) + +------------------------------------------------------------------- +Tue Sep 6 19:24:28 UTC 2022 - Jeff Kowalczyk + +- go1.19.1 (released 2022-09-06) includes security fixes to the + net/http and net/url packages, as well as bug fixes to the + compiler, the go command, the pprof command, the linker, the + runtime, and the crypto/tls and crypto/x509 packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-27664 CVE-2022-32190 + * go#54376 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY + * go#54635 bsc#1203186 CVE-2022-32190 net/url: JoinPath doesn't strip relative path components in all circumstances + * go#54736 cmd/go: cannot find package when importing dependencies with the unix build constraint + * go#54734 cmd/go: git fetch errors dropped when producing pseudo-versions for commits + * go#54726 cmd/compile: compile failed with "Value live at entry" + * go#54697 cmd/compile: ICE at composite literal assignment with alignment > PtrSize + * go#54675 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert + * go#54665 runtime: segfault running ppc64/linux binaries with kernel 5.18 + * go#54660 cmd/go: go test -race does not set implicit race build tag + * go#54643 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension + * go#54637 cmd/go: data race in TestScript + * go#54633 cmd/go/internal/modfetch/codehost: racing writes to Origin fields + * go#54629 cmd/compile: miscompilation of partially-overlapping array assignments + * go#54420 cmd/pprof: graphviz node names are funny with generics + * go#54406 cmd/link: trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64 + * go#54309 cmd/compile: internal compiler error: panic: runtime error: invalid memory address or nil pointer dereference + * go#54295 crypto/x509: panics on invalid curve instead of returning error + * go#54243 cmd/compile: internal compiler error when compiling code with unbound method of generic type + * go#54239 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT + * go#54235 cmd/compile: internal compiler error of atomic type and offsetof + +------------------------------------------------------------------- +Mon Aug 22 20:44:19 UTC 2022 - Jeff Kowalczyk + +- Define go_bootstrap_version go1.16 without suse_version checks +- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere +- Add _constraints for worker disk space 5G needed by SLE-15 x86_64 +- SLE-12 s390x use bcond_without gccgo to bootstrap using gcc11go + * Workaround for SLE-12 s390x build error while writing linker data: + bad carrier sym for symbol crypto/internal/nistec.p256OrdMul.args_stackmap + created by cmd/link/internal/ld.writeBlocks + /usr/lib64/go/1.19/src/cmd/link/internal/ld/data.go:958 + +------------------------------------------------------------------- +Fri Aug 19 17:53:40 UTC 2022 - Dirk Müller + +- Bootstrap using go1.16 on SLE-15 and newer. go1.16 is + bootstrapped using gcc-go 11 or 12. This allows dropping older + versions of Go from Factory. + +------------------------------------------------------------------- +Tue Aug 9 05:56:23 UTC 2022 - Jeff Kowalczyk + +- Rebase gcc-go.patch onto upstream changes in go/src/make.bash and + go/src/make.rc. Used for SLE-12 go bootstrap builds with gcc8. + +------------------------------------------------------------------- +Tue Aug 2 17:19:11 UTC 2022 - Jeff Kowalczyk + +- go1.19 (released 2022-08-02) is a major release of Go. + go1.19.x minor releases will be provided through August 2023. + https://github.com/golang/go/wiki/Go-Release-Cycle + go1.19 arrives five months after go1.18. Most of its changes are + in the implementation of the toolchain, runtime, and libraries. + As always, the release maintains the Go 1 promise of + compatibility. We expect almost all Go programs to continue to + compile and run as before. + Refs boo#1200441 go1.19 release tracking + * See release notes https://golang.org/doc/go1.19. Excerpts + relevant to OBS environment and for SUSE/openSUSE follow: + * There is only one small change to the language, a very small + correction to the scope of type parameters in method + declarations. Existing programs are unaffected. + * The Go memory model has been revised to align Go with the + memory model used by C, C++, Java, JavaScript, Rust, and + Swift. Go only provides sequentially consistent atomics, not + any of the more relaxed forms found in other languages. Along + with the memory model update, Go 1.19 introduces new types in + the sync/atomic package that make it easier to use atomic + values, such as atomic.Int64 and atomic.Pointer[T]. + * go1.19 adds support for the Loongson 64-bit architecture + LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI + implemented is LP64D. Minimum kernel version supported is 5.19. + * The riscv64 port now supports passing function arguments and + result using registers. Benchmarking shows typical performance + improvements of 10% or more on riscv64. + * Go 1.19 adds support for links, lists, and clearer headings in + doc comments. As part of this change, gofmt now reformats doc + comments to make their rendered meaning clearer. See "Go Doc + Comments" for syntax details and descriptions of common + mistakes now highlighted by gofmt. As another part of this + change, the new package go/doc/comment provides parsing and + reformatting of doc comments as well as support for rendering + them to HTML, Markdown, and text. + * The new build constraint "unix" is now recognized in //go:build + lines. The constraint is satisfied if the target operating + system, also known as GOOS, is a Unix or Unix-like system. For + the 1.19 release it is satisfied if GOOS is one of aix, + android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, + netbsd, openbsd, or solaris. In future releases the unix + constraint may match additional newly supported operating + systems. + * The -trimpath flag, if set, is now included in the build + settings stamped into Go binaries by go build, and can be + examined using go version -m or debug.ReadBuildInfo. + * go generate now sets the GOROOT environment variable explicitly + in the generator's environment, so that generators can locate + the correct GOROOT even if built with -trimpath. + * go test and go generate now place GOROOT/bin at the beginning + of the PATH used for the subprocess, so tests and generators + that execute the go command will resolve it to same GOROOT. + * go env now quotes entries that contain spaces in the + CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, + CGO_LDFLAGS, and GOGCCFLAGS variables it reports. + * go list -json now accepts a comma-separated list of JSON fields + to populate. If a list is specified, the JSON output will + include only those fields, and go list may avoid work to + compute fields that are not included. In some cases, this may + suppress errors that would otherwise be reported. + * The go command now caches information necessary to load some + modules, which should result in a speed-up of some go list + invocations. + * The vet checker "errorsas" now reports when errors.As is called + with a second argument of type *error, a common mistake. + * The runtime now includes support for a soft memory limit. This + memory limit includes the Go heap and all other memory managed + by the runtime, and excludes external memory sources such as + mappings of the binary itself, memory managed in other + languages, and memory held by the operating system on behalf of + the Go program. This limit may be managed via + runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT + environment variable. The limit works in conjunction with + runtime/debug.SetGCPercent / GOGC, and will be respected even + if GOGC=off, allowing Go programs to always make maximal use of + their memory limit, improving resource efficiency in some + cases. + * In order to limit the effects of GC thrashing when the + program's live heap size approaches the soft memory limit, the + Go runtime also attempts to limit total GC CPU utilization to + 50%, excluding idle time, choosing to use more memory over + preventing application progress. In practice, we expect this + limit to only play a role in exceptional cases, and the new + runtime metric /gc/limiter/last-enabled:gc-cycle reports when + this last occurred. + * The runtime now schedules many fewer GC worker goroutines on + idle operating system threads when the application is idle + enough to force a periodic GC cycle. + * The runtime will now allocate initial goroutine stacks based on + the historic average stack usage of goroutines. This avoids + some of the early stack growth and copying needed in the + average case in exchange for at most 2x wasted space on + below-average goroutines. + * On Unix operating systems, Go programs that import package os + now automatically increase the open file limit (RLIMIT_NOFILE) + to the maximum allowed value; that is, they change the soft + limit to match the hard limit. This corrects artificially low + limits set on some systems for compatibility with very old C + programs using the select system call. Go programs are not + helped by that limit, and instead even simple programs like + gofmt often ran out of file descriptors on such systems when + processing many files in parallel. One impact of this change is + that Go programs that in turn execute very old C programs in + child processes may run those programs with too high a + limit. This can be corrected by setting the hard limit before + invoking the Go program. + * Unrecoverable fatal errors (such as concurrent map writes, or + unlock of unlocked mutexes) now print a simpler traceback + excluding runtime metadata (equivalent to a fatal panic) unless + GOTRACEBACK=system or crash. Runtime-internal fatal error + tracebacks always include full metadata regardless of the value + of GOTRACEBACK + * Support for debugger-injected function calls has been added on + ARM64, enabling users to call functions from their binary in an + interactive debugging session when using a debugger that is + updated to make use of this functionality. + * The address sanitizer support added in Go 1.18 now handles + function arguments and global variables more precisely. + * The compiler now uses a jump table to implement large integer + and string switch statements. Performance improvements for the + switch statement vary but can be on the order of 20% + faster. (GOARCH=amd64 and GOARCH=arm64 only) + * The Go compiler now requires the -p=importpath flag to build a + linkable object file. This is already supplied by the go + command and by Bazel. Any other build systems that invoke the + Go compiler directly will need to make sure they pass this flag + as well. + * The Go compiler no longer accepts the -importmap flag. Build + systems that invoke the Go compiler directly must use the + -importcfg flag instead. + * Like the compiler, the assembler now requires the -p=importpath + flag to build a linkable object file. This is already supplied + by the go command. Any other build systems that invoke the Go + assembler directly will need to make sure they pass this flag + as well. + * Command and LookPath no longer allow results from a PATH search + to be found relative to the current directory. This removes a + common source of security problems but may also break existing + programs that depend on using, say, exec.Command("prog") to run + a binary named prog (or, on Windows, prog.exe) in the current + directory. See the os/exec package documentation for + information about how best to update such programs. + * On Windows, Command and LookPath now respect the + NoDefaultCurrentDirectoryInExePath environment variable, making + it possible to disable the default implicit search of “.” in + PATH lookups on Windows systems. + * crypto/elliptic: Operating on invalid curve points (those for + which the IsOnCurve method returns false, and which are never + returned by Unmarshal or by a Curve method operating on a valid + point) has always been undefined behavior and can lead to key + recovery attacks. If an invalid point is supplied to Marshal, + MarshalCompressed, Add, Double, or ScalarMult, they will now + panic. ScalarBaseMult operations on the P224, P384, and P521 + curves are now up to three times faster, leading to similar + speedups in some ECDSA operations. The generic (not platform + optimized) P256 implementation was replaced with one derived + from a formally verified model; this might lead to significant + slowdowns on 32-bit platforms. + * crypto/rand: Read no longer buffers random data obtained from + the operating system between calls. Applications that perform + many small reads at high frequency might choose to wrap Reader + in a bufio.Reader for performance reasons, taking care to use + io.ReadFull to ensure no partial reads occur. The Prime + implementation was changed to use only rejection sampling, + which removes a bias when generating small primes in + non-cryptographic contexts, removes one possible minor timing + leak, and better aligns the behavior with BoringSSL, all while + simplifying the implementation. The change does produce + different outputs for a given random source stream compared to + the previous implementation, which can break tests written + expecting specific results from specific deterministic random + sources. To help prevent such problems in the future, the + implementation is now intentionally non-deterministic with + respect to the input stream. + * crypto/tls: The GODEBUG option tls10default=1 has been + removed. It is still possible to enable TLS 1.0 client-side by + setting Config.MinVersion. The TLS server and client now reject + duplicate extensions in TLS handshakes, as required by RFC + 5246, Section 7.4.1.4 and RFC 8446, Section 4.2. + * crypto/x509: CreateCertificate no longer supports creating + certificates with SignatureAlgorithm set to + MD5WithRSA. CreateCertificate no longer accepts negative serial + numbers. CreateCertificate will not emit an empty SEQUENCE + anymore when the produced certificate has no + extensions. ParseCertificate and ParseCertificateRequest now + reject certificates and CSRs which contain duplicate + extensions. The new CertPool.Clone and CertPool.Equal methods + allow cloning a CertPool and checking the equivalence of two + CertPools respectively. The new function ParseRevocationList + provides a faster, safer to use CRL parser which returns a + RevocationList. Parsing a CRL also populates the new + RevocationList fields RawIssuer, Signature, AuthorityKeyId, and + Extensions, which are ignored by CreateRevocationList. The new + method RevocationList.CheckSignatureFrom checks that the + signature on a CRL is a valid signature from a Certificate. The + ParseCRL and ParseDERCRL functions are now deprecated in favor + of ParseRevocationList. The Certificate.CheckCRLSignature + method is deprecated in favor of + RevocationList.CheckSignatureFrom. The path builder of + Certificate.Verify was overhauled and should now produce better + chains and/or be more efficient in complicated scenarios. Name + constraints are now also enforced on non-leaf certificates. + * crypto/x509/pkix: The types CertificateList and + TBSCertificateList have been deprecated. The new crypto/x509 + CRL functionality should be used instead. + * debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support + the loong64 port. + * debug/pe: The new File.COFFSymbolReadSectionDefAux method, + which returns a COFFSymbolAuxFormat5, provides access to COMDAT + information in PE file sections. These are supported by new + IMAGE_COMDAT_* and IMAGE_SCN_* constants. + * runtime: The GOROOT function now returns the empty string + (instead of "go") when the binary was built with the -trimpath + flag set and the GOROOT variable is not set in the process + environment. + * runtime/metrics: The new /sched/gomaxprocs:threads metric + reports the current runtime.GOMAXPROCS value. The new + /cgo/go-to-c-calls:calls metric reports the total number of + calls made from Go to C. This metric is identical to the + runtime.NumCgoCall function. The new + /gc/limiter/last-enabled:gc-cycle metric reports the last GC + cycle when the GC CPU limiter was enabled. See the runtime + notes for details about the GC CPU limiter. + * runtime/pprof: Stop-the-world pause times have been + significantly reduced when collecting goroutine profiles, + reducing the overall latency impact to the application. MaxRSS + is now reported in heap profiles for all Unix operating systems + (it was previously only reported for GOOS=android, darwin, ios, + and linux). + * runtime/race: The race detector has been upgraded to use thread + sanitizer version v3 on all supported platforms except + windows/amd64 and openbsd/amd64, which remain on v2. Compared + to v2, it is now typically 1.5x to 2x faster, uses half as much + memory, and it supports an unlimited number of goroutines. On + Linux, the race detector now requires at least glibc version + 2.17 and GNU binutils 2.26. The race detector is now supported + on GOARCH=s390x. Race detector support for openbsd/amd64 has + been removed from thread sanitizer upstream, so it is unlikely + to ever be updated from v2. + * runtime/trace: When tracing and the CPU profiler are enabled + simultaneously, the execution trace includes CPU profile + samples as instantaneous events. + * syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6, + RawSyscall, and RawSyscall6 now always return 0 for return + value r2 instead of an undefined value. On AIX and Solaris, + Getrusage is now defined. + +------------------------------------------------------------------- +Tue Jul 12 23:39:16 UTC 2022 - Jeff Kowalczyk + +- go1.19rc2 (released 2022-07-12) is a release candidate version of + go1.19 cut from the master branch at the revision tagged + go1.19rc2. + Refs boo#1200441 go1.19 release tracking + +------------------------------------------------------------------- +Wed Jul 6 21:40:49 UTC 2022 - Jeff Kowalczyk + +- go1.19rc1 (released 2022-07-06) is a release candidate version of + go1.19 cut from the master branch at the revision tagged + go1.19rc1. + Refs boo#1200441 go1.19 release tracking + +------------------------------------------------------------------- +Tue Jun 14 20:00:43 UTC 2022 - Jeff Kowalczyk + +- Trace viewer html and javascript files moved from misc/trace in + previous versions to src/cmd/trace/static in go1.19. + * Added files with mode 0644: + /usr/share/go/1.19/src/cmd/trace/static + /usr/share/go/1.19/src/cmd/trace/static/README.md + /usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html + /usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js + +------------------------------------------------------------------- +Fri Jun 10 20:39:05 UTC 2022 - Jeff Kowalczyk + +- go1.19beta1 (released 2022-06-10) is a beta version of go1.19 cut + from the master branch at the revision tagged go1.19beta1. + Refs boo#1200441 go1.19 release tracking diff --git a/go1.19-openssl.spec b/go1.19-openssl.spec new file mode 100644 index 0000000..053d1f3 --- /dev/null +++ b/go1.19-openssl.spec @@ -0,0 +1,494 @@ +# +# spec file for package go1.19-openssl +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# nodebuginfo + + +# strip will cause Go's .a archives to become invalid because strip appears to +# reassemble the archive incorrectly. This is a known issue upstream +# (https://github.com/golang/go/issues/17890), but we have to deal with it in +# the meantime. +%undefine _build_create_debug +%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true + +# Specify Go toolchain version used to bootstrap this package's Go toolchain +# go_bootstrap_version bootstrap go toolchain with specific existing go1.x package +# gcc_go_version bootstrap go toolchain with specific version of gcc-go +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +# Usually ahead of bootstrap version specified by upstream Go +# Use Tumbleweed default gccgo and N-1 go1.x for testing +%define gcc_go_version 13 +%define go_bootstrap_version go1.18 +%else +# Use gccgo and go1.x specified by upstream Go +%define gcc_go_version 11 +%define go_bootstrap_version go1.17 +%endif + +# Bootstrap go toolchain using existing go package go_bootstrap_version +# To bootstrap using gccgo use '--with gccgo' +%bcond_with gccgo + +# gccgo on ppc64le with default PIE enabled fails with: +# error while loading shared libraries: +# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range +# track https://github.com/golang/go/issues/28531 +# linuxppc-dev discussion: +# "PIE binaries are no longer mapped below 4 GiB on ppc64le" +# https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html +%ifarch ppc64le +#!BuildIgnore: gcc-PIE +%endif + +# Build go-race only on platforms where C++14 is supported (SLE-15) +%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000 +%define tsan_arch x86_64 aarch64 s390x ppc64le +%else +# Cannot use {nil} here (ifarch doesn't like it) so just make up a fake +# architecture that no build will ever match. +%define tsan_arch openSUSE_FAKE_ARCH +%endif + +# Go has precompiled versions of LLVM's compiler-rt inside their source code. +# We cannot ship pre-compiled binaries so we have to recompile said source, +# however they vendor specific commits from upstream. This value comes from +# src/runtime/race/README (and we verify that it matches in check). +# +# In order to update the TSAN version, modify _service. See boo#1052528 for +# more details. +%ifarch x86_64 %{?x86_64} +%define tsan_commit 127e59048cd3d8dbb80c14b3036918c114089529 +%else +%define tsan_commit 41cb504b7c4b18ac15830107431a0c1eec73a6b2 +%endif + +# go_api is the major version of Go. +# Used by go1.x packages and go metapackage for: +# RPM Provides: golang(API), RPM Requires: and rpm_vercmp +# as well as derived variables such as go_label. +%define go_api 1.19 + +# go_label is the configurable Go toolchain directory name. +# Used for packaging multiple Go toolchains with the same go_api. +# go_label should be defined as go_api with optional suffix, e.g. +# go_api or go_api-foo +%define go_label %{go_api}-openssl + +# shared library support +%if "%{rpm_vercmp %{go_api} 1.5}" > "0" +%if %{with gccgo} +%define with_shared 1 +%else +%ifarch %ix86 %arm x86_64 aarch64 +%define with_shared 1 +%else +%define with_shared 0 +%endif +%endif +%else +%define with_shared 0 +%endif +%ifarch ppc64 +%define with_shared 0 +%endif +# setup go_arch (BSD-like scheme) +%ifarch %ix86 +%define go_arch 386 +%endif +%ifarch x86_64 +%define go_arch amd64 +# set GOAMD64 consistently +%define go_amd64 v1 +%endif +%ifarch aarch64 +%define go_arch arm64 +%endif +%ifarch %arm +%define go_arch arm +%endif +%ifarch ppc64 +%define go_arch ppc64 +%endif +%ifarch ppc64le +%define go_arch ppc64le +%endif +%ifarch s390x +%define go_arch s390x +%endif +%ifarch riscv64 +%define go_arch riscv64 +%endif + +Name: go1.19-openssl +Version: 1.19.13.1 +# # Drop our added final dot and digit to define upstream version +%define shortversion 1.19.13 +Release: 0 +Summary: A compiled, garbage-collected, concurrent programming language +License: BSD-3-Clause +Group: Development/Languages/Go +URL: https://go.dev/ +Source: https://go.dev/dl/go%{shortversion}.src.tar.gz +Source1: go-rpmlintrc +Source4: README.SUSE +Source6: go.gdbinit +Source10: go%{version}-openssl.src.tar.gz +# We have to compile TSAN ourselves. boo#1052528 +# Preferred form when all arches share llvm race version +# Source100: llvm-%{tsan_commit}.tar.xz +Source100: llvm-127e59048cd3d8dbb80c14b3036918c114089529.tar.xz +Source101: llvm-41cb504b7c4b18ac15830107431a0c1eec73a6b2.tar.xz +# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115 +Patch7: dont-force-gold-on-arm64.patch +# PATCH-FIX-UPSTREAM marguerite@opensuse.org - find /usr/bin/go-8 when bootstrapping with gcc8-go +Patch8: gcc-go.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +# boostrap +%if %{with gccgo} +BuildRequires: gcc%{gcc_go_version}-go +%else +# no gcc-go +BuildRequires: %{go_bootstrap_version} +%endif +BuildRequires: fdupes +Suggests: %{name}-doc = %{version} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +Suggests: %{name}-libstd = %{version} +%endif +%ifarch %{tsan_arch} +# Needed to compile compiler-rt/TSAN. +BuildRequires: gcc-c++ +%endif +#BNC#818502 debug edit tool of rpm fails on i586 builds +BuildRequires: rpm >= 4.11.1 +Requires(post): update-alternatives +Requires(postun):update-alternatives +Requires: gcc +BuildRequires: libopenssl-devel +Requires: libopenssl-devel +Provides: go = %{version} +Provides: go-devel = go%{version} +Provides: go-devel-static = go%{version} +Provides: golang(API) = %{go_api} +Obsoletes: go-devel < go%{version} +# go-vim/emacs were separate projects starting from 1.4 +Obsoletes: go-emacs <= 1.3.3 +Obsoletes: go-vim <= 1.3.3 +ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64 + +%description +Go is an expressive, concurrent, garbage collected systems programming language +that is type safe and memory safe. It has pointers but no pointer arithmetic. +Go has fast builds, clean syntax, garbage collection, methods for any type, and +run-time reflection. It feels like a dynamic language but has the speed and +safety of a static language. + +%package doc +Summary: Go documentation +Group: Documentation/Other +Provides: go-doc = %{version} + +%description doc +Go examples and documentation. + +%ifarch %{tsan_arch} +# boo#1052528 +%package race +Summary: Go runtime race detector +Group: Development/Languages/Go +URL: https://compiler-rt.llvm.org/ +Requires: %{name} = %{version} +Supplements: %{name} = %{version} +ExclusiveArch: %{tsan_arch} + +%description race +Go runtime race detector libraries. Install this package if you wish to use the +-race option, in order to detect race conditions present in your Go programs. +%endif + +%if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +%package libstd +Summary: Go compiled shared library libstd.so +Group: Development/Languages/Go +Provides: go-libstd = %{version} + +%description libstd +Go standard library compiled to a dynamically loadable shared object libstd.so +%endif +%endif + +%prep +%ifarch %{tsan_arch} +# compiler-rt (from LLVM) +%ifarch x86_64 +%setup -q -T -b 100 -n llvm-%{tsan_commit} +%else +%setup -q -T -b 101 -n llvm-%{tsan_commit} +%endif +%endif + +# go +%setup -q -n go +# Write go version into VERSION file in go source top level directory. +# Needed for go build scripts to operate without assuming .git/ present. +echo -n "go%{version}" > %{_builddir}/go/VERSION +%patch -P 7 -p1 +%if %{with gccgo} +# Currently gcc-go does not manage an update-alternatives entry and will +# never be symlinked as "go", even if gcc-go is the only installed go toolchain. +# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8 +# Substitute defined gcc_go_version into gcc-go.patch +sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch +%patch -P 8 -p1 +%endif + +cp %{SOURCE4} . + +# Apply golang-fips OpenSSL patch set to upstream go1.x sources +%setup -q -D -T -b 10 -n go +patch -p1 1500 +# openSUSE Tumbleweed +# Compile Go standard library as a dynamically loaded shared object libstd.so +# for inclusion in a subpackage which can be installed standalone. +# Upstream Go binary releases do not ship a compiled libstd.so. +# Standard practice is to build Go binaries as a single executable. +# Upstream Go discussed removing this feature, opted to fix current support: +# Relevant upstream comments on: https://github.com/golang/go/issues/47788 +# +# -buildmode=shared +# Combine all the listed non-main packages into a single shared +# library that will be used when building with the -linkshared +# option. Packages named main are ignored. +# +# -linkshared +# build code that will be linked against shared libraries previously +# created with -buildmode=shared. +bin/go install -buildmode=shared std +%endif +%endif + +%check +%ifarch %{tsan_arch} +# Make sure that we have the right TSAN checked out. +grep "^race_linux_%{go_arch}.syso built with LLVM %{tsan_commit}" src/runtime/race/README +%endif + +%install +export GOROOT="%{buildroot}%{_libdir}/go/%{go_label}" + +# locations for third party libraries, see README-openSUSE for info about locations. +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib +install -d $GOROOT/contrib/pkg/linux_%{go_arch} +ln -s %{_libdir}/go/%{go_label}/contrib/pkg/ %{buildroot}%{_datadir}/go/%{go_label}/contrib/pkg +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/cmd +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/src +ln -s %{_datadir}/go/%{go_label}/contrib/src/ %{buildroot}%{_libdir}/go/%{go_label}/contrib/src +install -Dm644 README.SUSE $GOROOT/contrib/ +ln -s %{_libdir}/go/%{go_label}/contrib/README.SUSE %{buildroot}%{_datadir}/go/%{go_label}/contrib/README.SUSE + +# source files for go install, godoc, etc +install -d %{buildroot}%{_datadir}/go/%{go_label} +for ext in *.{go,c,h,s,S,py,syso,bin}; do + find src -name ${ext} -exec install -Dm644 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +done +# executable bash scripts called by go tool, etc +find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# Trace viewer html and javascript files moved from misc/trace in +# previous versions to src/cmd/trace/static in go1.19. +# static contains pprof trace viewer html javascript and markdown +install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static +install -Dm644 src/cmd/trace/static/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static +# pprof viewer html templates are needed for import runtime/pprof +install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html +install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html + +mkdir -p $GOROOT/src +for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do + ln -s /usr/share/go/%{go_label}/src/$i $GOROOT/src/$i +done +# add lib files that are needed (such as the timezone database). +install -d $GOROOT/lib +find lib -type f -exec install -D -m644 {} $GOROOT/{} \; + +# copy document templates, packages, obj libs and command utilities +mkdir -p $GOROOT/bin +# remove bootstrap +rm -rf pkg/bootstrap +mv pkg $GOROOT +mv bin/* $GOROOT/bin +# add wasm (Web Assembly) boo#1139210 +mkdir -p $GOROOT/misc/wasm +mv misc/wasm/* $GOROOT/misc/wasm +rm -f %{buildroot}%{_bindir}/{hgpatch,quietgcc} + +# gdbinit +install -Dm644 %{SOURCE6} $GOROOT/bin/gdbinit.d/go.gdb +%if "%{_lib}" == "lib64" +sed -i "s/lib/lib64/" $GOROOT/bin/gdbinit.d/go.gdb +sed -i "s/\$go_label/%{go_label}/" $GOROOT/bin/gdbinit.d/go.gdb +%endif + +# update-alternatives +mkdir -p %{buildroot}%{_sysconfdir}/alternatives +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sysconfdir}/profile.d +mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d +touch %{buildroot}%{_sysconfdir}/alternatives/{go,gofmt,go.gdb} +ln -sf %{_sysconfdir}/alternatives/go %{buildroot}%{_bindir}/go +ln -sf %{_sysconfdir}/alternatives/gofmt %{buildroot}%{_bindir}/gofmt +ln -sf %{_sysconfdir}/alternatives/go.gdb %{buildroot}%{_sysconfdir}/gdbinit.d/go.gdb + +# documentation and examples +# fix documetation permissions (rpmlint warning) +find doc/ misc/ -type f -exec chmod 0644 '{}' + +# remove unwanted arch-dependant binaries (rpmlint warning) +rm -rf misc/cgo/test/{_*,*.o,*.out,*.6,*.8} +# prepare go-doc +mkdir -p %{buildroot}%{_docdir}/go/%{go_label} +cp -r CONTRIBUTING.md LICENSE PATENTS README.md README.OpenSSL README.SUSE %{buildroot}%{_docdir}/go/%{go_label} +cp -r doc/* %{buildroot}%{_docdir}/go/%{go_label} + +%fdupes -s %{buildroot}%{_prefix} + +%post + +update-alternatives \ + --install %{_bindir}/go go %{_libdir}/go/%{go_label}/bin/go $((20+$(echo %{go_label} | cut -d. -f2))) \ + --slave %{_bindir}/gofmt gofmt %{_libdir}/go/%{go_label}/bin/gofmt \ + --slave %{_sysconfdir}/gdbinit.d/go.gdb go.gdb %{_libdir}/go/%{go_label}/bin/gdbinit.d/go.gdb + +%postun +if [ $1 -eq 0 ] ; then + update-alternatives --remove go %{_libdir}/go/%{go_label}/bin/go +fi + +%files +%{_bindir}/go +%{_bindir}/gofmt +%dir %{_libdir}/go +%{_libdir}/go/%{go_label} +%dir %{_datadir}/go +%{_datadir}/go/%{go_label} +%dir %{_sysconfdir}/gdbinit.d/ +%config %{_sysconfdir}/gdbinit.d/go.gdb +%ghost %{_sysconfdir}/alternatives/go +%ghost %{_sysconfdir}/alternatives/gofmt +%ghost %{_sysconfdir}/alternatives/go.gdb +%dir %{_docdir}/go +%dir %{_docdir}/go/%{go_label} +%doc %{_docdir}/go/%{go_label}/CONTRIBUTING.md +%doc %{_docdir}/go/%{go_label}/PATENTS +%doc %{_docdir}/go/%{go_label}/README.md +%doc %{_docdir}/go/%{go_label}/README.SUSE +%doc %{_docdir}/go/%{go_label}/README.OpenSSL +%if 0%{?suse_version} < 1500 +%doc %{_docdir}/go/%{go_label}/LICENSE +%else +%license %{_docdir}/go/%{go_label}/LICENSE +%endif + +# We don't include TSAN in the main Go package. +%ifarch %{tsan_arch} +%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso +%endif + +# We don't include libstd.so in the main Go package. +%if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +# ./go/1.19/pkg/linux_amd64_dynlink/libstd.so +%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so +%endif +%endif + +%files doc +%doc %{_docdir}/go/%{go_label}/*.html + +%ifarch %{tsan_arch} +%files race +%{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso +%endif + +%if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +%files libstd +%{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so +%endif +%endif + +%changelog diff --git a/go1.19.13.1-openssl.src.tar.gz b/go1.19.13.1-openssl.src.tar.gz new file mode 100644 index 0000000..0a4b5c1 --- /dev/null +++ b/go1.19.13.1-openssl.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07ba0fdf1a37c6e88ab0c198bf3e512d1b63ac66ead4c3cae85881167688a626 +size 70861 diff --git a/go1.19.13.src.tar.gz b/go1.19.13.src.tar.gz new file mode 100644 index 0000000..4a82b3d --- /dev/null +++ b/go1.19.13.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ccf36b53fb0024a017353c3ddb22c1f00bc7a8073c6aac79042da24ee34434d3 +size 26578128 diff --git a/llvm-127e59048cd3d8dbb80c14b3036918c114089529.tar.xz b/llvm-127e59048cd3d8dbb80c14b3036918c114089529.tar.xz new file mode 100644 index 0000000..27d586c --- /dev/null +++ b/llvm-127e59048cd3d8dbb80c14b3036918c114089529.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e0ba571f59de5ae92357c53b36930cc63beebd5be715a58813f7ba166787cc5 +size 2358388 diff --git a/llvm-41cb504b7c4b18ac15830107431a0c1eec73a6b2.tar.xz b/llvm-41cb504b7c4b18ac15830107431a0c1eec73a6b2.tar.xz new file mode 100644 index 0000000..83c59b9 --- /dev/null +++ b/llvm-41cb504b7c4b18ac15830107431a0c1eec73a6b2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1f93cadfbc8e86eccd5361d626d78a4c218fd458a24a430de5dea3f399f39254 +size 2343004