652 lines
38 KiB
Plaintext
652 lines
38 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Sep 6 15:08:50 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.13 (released 2023-09-06) includes fixes to the go command,
|
|
and the crypto/tls and net/http packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
* go#61197 cmd/go: extended forwards compatibility for Go
|
|
* go#61825 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address
|
|
* go#61968 crypto/tls: add GODEBUG to control max RSA key size
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 5 19:12:05 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Add missing directory pprof html asset directory to package.
|
|
Refs boo#1215090
|
|
* src/cmd/vendor/github.com/google/pprof/internal/driver/html/
|
|
dir containing html assets is present in upstream Go
|
|
distribution but missing from SUSE go1.x packages
|
|
* Go programs importing runtime/pprof may fail with error:
|
|
/usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
|
|
pattern html: no matching files found
|
|
* Reformat adjacent commment in spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 1 20:35:02 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.12 (released 2023-08-01) includes a security fix to the
|
|
crypto/tls package, as well as bug fixes to the assembler and the
|
|
compiler.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-29409
|
|
* go#61579 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits
|
|
* go#61319 cmd/compile: ppc64le: sign extension issue in go 1.21rc2
|
|
* go#61448 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64
|
|
* go#61470 cmd/compile: failed to make Go on riscv64 CPU with numa
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 11 17:50:52 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.11 (released 2023-07-11) includes a security fix to the
|
|
net/http package, as well as bug fixes to cgo, the cover tool,
|
|
the go command, the runtime, and the go/printer package.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-29406
|
|
* go#61075 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header
|
|
* go#60351 cmd/go: go mod tidy introduces ambiguous imports in pruned modules
|
|
* go#60637 cmd/pprof: skip TestDisasm flaky failures on linux/arm64
|
|
* go#60697 cmd/go: go list fails with submodules which have test-only dependencies
|
|
* go#60710 cmd/go: go list -export -e outputs errors to stderr and has non-zero exit code
|
|
* go#60844 runtime: SIGSEGV in race + coverage mode
|
|
* go#60948 runtime: goroutines that stop after calling runtime.RaceDisable break race detector
|
|
* go#61054 runtime: TestWindowsStackMemory flakes on windows-386-2016
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.10 (released 2023-06-06) includes four security fixes to
|
|
the cmd/go and runtime packages, as well as bug fixes to the
|
|
compiler, the go command, and the runtime.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
|
|
* go#60515 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection
|
|
* go#60517 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries
|
|
* go#60511 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS
|
|
* go#60513 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS
|
|
* go#59974 cmd/compile: multiple memories live at block start
|
|
* go#60000 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies
|
|
* go#60457 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 3 23:07:16 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Revert re-enable binary stripping and debuginfo boo#1210938.
|
|
go1.19 and earlier store pre-compiled packages in $GOROOT/pkg as
|
|
Go .a files which are not ar archives. These .a are incorrectly
|
|
passed to strip by brp-15-strip-debug. strip incorrectly modifies
|
|
Go .a files rendering them invalid. Some Go applications fail to
|
|
build with "reference to nonexistent package" errors.
|
|
Refs boo#1210938 boo#1211073
|
|
* go1.19 and earlier store pre-compiled packages for the standard
|
|
library as .a files under pkg/GOARCH[_{dynlink,race}].
|
|
* Go emitted .a files are a Go specific format, not ar archives.
|
|
* go1.10+ stores recently built packages in build cache GOCACHE.
|
|
These are separate from the installed packages in $GOROOT/pkg.
|
|
* Go build cache objects use a different file format than Go .a.
|
|
* go1.20+ switches to the GOCACHE for both recently built
|
|
packages and the installed packages in $GOROOT/pkg.
|
|
* Current versions of readelf detect Go .a files correctly, e.g.:
|
|
readelf -d /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a
|
|
File: /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a(__.PKGDEF )
|
|
readelf: Error: This is a GO binary file - try using 'go tool objdump' or 'go tool nm'
|
|
* binutils strip as of 2.40 detects Go .a files correctly, but
|
|
incorrectly modifies the .a files altering path resulting in
|
|
"reference to nonexistent package" errors.
|
|
* brp_check_suse/brp-15-strip-debug passes files to strip based
|
|
primarily on the file extension including .a.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.9 (released 2023-05-02) includes three security fixes to
|
|
the html/template package, as well as bug fixes to the compiler,
|
|
the runtime, and the crypto/tls and syscall packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-29400 CVE-2023-24540 CVE-2023-24539
|
|
* go#59811 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template: improper sanitization of CSS values
|
|
* go#59813 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template: improper handling of JavaScript whitespace
|
|
* go#59815 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template: improper handling of empty HTML attributes
|
|
* go#59063 runtime: automatically bump RLIMIT_NOFILE on Unix
|
|
* go#59158 cmd/compile: inlining function that references function literals generates bad code
|
|
* go#59373 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write
|
|
* go#59539 crypto/tls: TLSv1.3 connection fails with invalid PSK binder
|
|
* go#59579 cmd/compile: incorrect inline function variable
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Packaging revert go1.x Suggests go1.x-race boo#1210963
|
|
* Upstream go binary distributions do include race detector .syso
|
|
* Default Recommends for subpackages is best suited in this case
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 28 23:47:22 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Packaging improvements:
|
|
* Re-enable binary stripping and debuginfo boo#1210938
|
|
* go1.x Suggests go1.x-race do not install by default boo#1210963
|
|
* Use Group: Development/Languages/Go instead of Other
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 14 23:41:22 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Build subpackage go1.1x-libstd compiled shared object libstd.so
|
|
only on Tumbleweed at this time.
|
|
Refs jsc#PED-1962
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 14 23:20:06 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Add subpackage go1.x-libstd for compiled shared object libstd.so.
|
|
Refs jsc#PED-1962
|
|
* Main go1.x package included libstd.so in previous versions
|
|
* Split libstd.so into subpackage that can be installed standalone
|
|
* Continues the slimming down of main go1.x package by 40 Mb
|
|
* Experimental and not recommended for general use, Go currently has no ABI
|
|
* Upstream Go has not committed to support buildmode=shared long-term
|
|
* Do not use in packaging, build static single binaries (the default)
|
|
* Upstream Go go1.x binary releases do not include libstd.so
|
|
* go1.x Suggests go1.x-libstd so not installed by default Recommends
|
|
* go1.x-libstd does not Require: go1.x so can install standalone
|
|
* Provides go-libstd unversioned package name
|
|
* Fix build step -buildmode=shared std to omit -linkshared
|
|
- Packaging improvements:
|
|
* go1.x Suggests go1.x-doc so not installed by default Recommends
|
|
* Use Group: Development/Languages/Go instead of Other
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 14 23:06:51 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Improvements to go1.x packaging spec:
|
|
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
|
|
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
|
|
using go1.x package (%bcond_without gccgo). This is no longer
|
|
needed on current SLE-12:Update and removing will consolidate
|
|
the build configurations used.
|
|
* Change source URLs to go.dev as per Go upstream
|
|
* On x86_64 export GOAMD64=v1 as per the current baseline.
|
|
At this time forgo GOAMD64=v3 option for x86_64_v3 support.
|
|
* On x86_64 %define go_amd64=v1 as current instruction baseline
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 13 04:58:20 UTC 2023 - Martin Liška <mliska@suse.cz>
|
|
|
|
- Use gcc13 compiler for Tumbleweed.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.8 (released 2023-04-04) includes security fixes to the
|
|
go/parser, html/template, mime/multipart, net/http, and
|
|
net/textproto packages, as well as bug fixes to the linker, the
|
|
runtime, and the time package.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538
|
|
* go#59267 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http, net/textproto: denial of service from excessive memory allocation
|
|
* go#59269 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
|
|
* go#59273 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser: infinite loop in parsing
|
|
* go#59271 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template: backticks not treated as string delimiters
|
|
* go#58937 cmd/go: timeout on darwin-amd64-race builder
|
|
* go#58939 runtime/pprof: TestLabelSystemstack due to sample with no location
|
|
* go#58941 internal/testpty: fails on some Linux machines due to incorrect error handling
|
|
* go#59050 cmd/link: linker fails on linux/amd64 when gcc's lto options are used
|
|
* go#59058 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation
|
|
* go#59074 time: time zone lookup using extend string makes wrong start time for non-DST zones
|
|
* go#59219 runtime: crash on linux-ppc64le
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 7 18:03:10 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.7 (released 2023-03-07) includes a security fix to the
|
|
crypto/elliptic package, as well as bug fixes to the linker, the
|
|
runtime, and the crypto/x509 and syscall packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2023-24532
|
|
* go#58719 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results
|
|
* go#58441 runtime: some linkname signatures do not match
|
|
* go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy'
|
|
* go#58535 runtime: long latency of sweep assists
|
|
* go#58716 net: TestTCPSelfConnect failures due to unexpected connections
|
|
* go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows
|
|
* go#58810 crypto/x509: TestSystemVerify consistently failing
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 14 18:28:32 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.6 (released 2023-02-14) includes security fixes to the
|
|
crypto/tls, mime/multipart, net/http, and path/filepath packages,
|
|
as well as bug fixes to the go command, the linker, the runtime,
|
|
and the crypto/x509, net/http, and time packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725
|
|
* go#57275 boo#1208269 security: fix CVE-2022-41722
|
|
* go#58355 boo#1208270 security: fix CVE-2022-41723
|
|
* go#58358 boo#1208271 security: fix CVE-2022-41724
|
|
* go#58362 boo#1208272 security: fix CVE-2022-41725
|
|
* go#56154 net/http: bad handling of HEAD requests with a body
|
|
* go#57635 crypto/x509: TestBoringAllowCert failures
|
|
* go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396
|
|
* go#58118 time: update zoneinfo_abbrs on Windows
|
|
* go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections
|
|
* go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 10 22:13:49 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.5 (released 2023-01-10) includes fixes to the compiler,
|
|
the linker, and the crypto/x509, net/http, sync/atomic, and
|
|
syscall packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
* go#57706 Misc/cgo: backport needed for dlltool fix
|
|
* go#57556 crypto/x509: re-allow duplicate attributes in CSRs
|
|
* go#57444 cmd/link: need to handle new-style LoongArch relocs
|
|
* go#57427 crypto/x509: Verify on macOS does not return typed errors
|
|
* go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument.
|
|
* go#57339 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
|
|
* go#57214 os: TestLstat failure on Linux Aarch64
|
|
* go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
|
|
* go#57124 sync/atomic: allow linked lists of atomic.Pointer
|
|
* go#57100 cmd/compile: non-retpoline-compatible errors
|
|
* go#57058 cmd/go: remove test dependency on gopkg.in service
|
|
* go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
|
|
* go#56983 runtime: failure in TestRaiseException on windows-amd64-2012
|
|
* go#56834 cmd/link/internal/ppc64: too-far trampoline is reused
|
|
* go#56770 cmd/compile: walkConvInterface produces broken IR
|
|
* go#56744 cmd/compile: internal compiler error: missing typecheck
|
|
* go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
|
|
* go#56154 net/http: bad handling of HEAD requests with a body
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.4 (released 2022-12-06) includes security fixes to the
|
|
net/http and os packages, as well as bug fixes to the compiler,
|
|
the runtime, and the crypto/x509, os/exec, and sync/atomic
|
|
packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2022-41717 CVE-2022-41720
|
|
* go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
|
|
* go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
|
|
* go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate
|
|
* go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
|
|
* go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072
|
|
* go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions.
|
|
* go#56636 runtime: traceback stuck in runtime.systemstack
|
|
* go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
|
|
* go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
|
|
* go#56438 crypto/x509: respect GODEBUG changes during program lifetime
|
|
* go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
|
|
* go#56360 cmd/compile: panic: offset too large
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.3 (released 2022-11-01) includes security fixes to the
|
|
os/exec and syscall packages, as well as bug fixes to the
|
|
compiler and the runtime.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2022-41716
|
|
* go#56328 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables
|
|
* go#56309 runtime: "runtime·lock: lock count" fatal error when cgo is enabled
|
|
* go#56168 cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch
|
|
* go#56106 internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 4 18:21:57 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.2 (released 2022-10-04) includes security fixes to the
|
|
archive/tar, net/http/httputil, and regexp packages, as well as
|
|
bug fixes to the compiler, the linker, the runtime, and the
|
|
go/types package.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2022-41715 CVE-2022-2879 CVE-2022-2880
|
|
* go#55951 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
|
|
* go#55926 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers
|
|
* go#55843 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters
|
|
* go#55270 cmd/compile: internal compiler error: method Len on *uint8 not found
|
|
* go#55152 cmd/compile: typebits.Set: invalid initial alignment: type Peer has alignment 8, but offset is 4
|
|
* go#55149 go/types: no way to construct the signature of append(s, "string"...) via the API
|
|
* go#55124 fatal error: bulkBarrierPreWrite: unaligned arguments (go 1.19.1, looks like regression)
|
|
* go#55114 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation
|
|
* go#54917 cmd/compile: Value live at entry
|
|
* go#54764 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel (regression in 1.19 when building for i686)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 6 19:24:28 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19.1 (released 2022-09-06) includes security fixes to the
|
|
net/http and net/url packages, as well as bug fixes to the
|
|
compiler, the go command, the pprof command, the linker, the
|
|
runtime, and the crypto/tls and crypto/x509 packages.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
CVE-2022-27664 CVE-2022-32190
|
|
* go#54376 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY
|
|
* go#54635 bsc#1203186 CVE-2022-32190 net/url: JoinPath doesn't strip relative path components in all circumstances
|
|
* go#54736 cmd/go: cannot find package when importing dependencies with the unix build constraint
|
|
* go#54734 cmd/go: git fetch errors dropped when producing pseudo-versions for commits
|
|
* go#54726 cmd/compile: compile failed with "Value live at entry"
|
|
* go#54697 cmd/compile: ICE at composite literal assignment with alignment > PtrSize
|
|
* go#54675 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert
|
|
* go#54665 runtime: segfault running ppc64/linux binaries with kernel 5.18
|
|
* go#54660 cmd/go: go test -race does not set implicit race build tag
|
|
* go#54643 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension
|
|
* go#54637 cmd/go: data race in TestScript
|
|
* go#54633 cmd/go/internal/modfetch/codehost: racing writes to Origin fields
|
|
* go#54629 cmd/compile: miscompilation of partially-overlapping array assignments
|
|
* go#54420 cmd/pprof: graphviz node names are funny with generics
|
|
* go#54406 cmd/link: trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64
|
|
* go#54309 cmd/compile: internal compiler error: panic: runtime error: invalid memory address or nil pointer dereference
|
|
* go#54295 crypto/x509: panics on invalid curve instead of returning error
|
|
* go#54243 cmd/compile: internal compiler error when compiling code with unbound method of generic type
|
|
* go#54239 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT
|
|
* go#54235 cmd/compile: internal compiler error of atomic type and offsetof
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 22 20:44:19 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Define go_bootstrap_version go1.16 without suse_version checks
|
|
- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere
|
|
- Add _constraints for worker disk space 5G needed by SLE-15 x86_64
|
|
- SLE-12 s390x use bcond_without gccgo to bootstrap using gcc11go
|
|
* Workaround for SLE-12 s390x build error while writing linker data:
|
|
bad carrier sym for symbol crypto/internal/nistec.p256OrdMul.args_stackmap
|
|
created by cmd/link/internal/ld.writeBlocks
|
|
/usr/lib64/go/1.19/src/cmd/link/internal/ld/data.go:958
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 17:53:40 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
|
|
|
- Bootstrap using go1.16 on SLE-15 and newer. go1.16 is
|
|
bootstrapped using gcc-go 11 or 12. This allows dropping older
|
|
versions of Go from Factory.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 9 05:56:23 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Rebase gcc-go.patch onto upstream changes in go/src/make.bash and
|
|
go/src/make.rc. Used for SLE-12 go bootstrap builds with gcc8.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 17:19:11 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19 (released 2022-08-02) is a major release of Go.
|
|
go1.19.x minor releases will be provided through August 2023.
|
|
https://github.com/golang/go/wiki/Go-Release-Cycle
|
|
go1.19 arrives five months after go1.18. Most of its changes are
|
|
in the implementation of the toolchain, runtime, and libraries.
|
|
As always, the release maintains the Go 1 promise of
|
|
compatibility. We expect almost all Go programs to continue to
|
|
compile and run as before.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
* See release notes https://golang.org/doc/go1.19. Excerpts
|
|
relevant to OBS environment and for SUSE/openSUSE follow:
|
|
* There is only one small change to the language, a very small
|
|
correction to the scope of type parameters in method
|
|
declarations. Existing programs are unaffected.
|
|
* The Go memory model has been revised to align Go with the
|
|
memory model used by C, C++, Java, JavaScript, Rust, and
|
|
Swift. Go only provides sequentially consistent atomics, not
|
|
any of the more relaxed forms found in other languages. Along
|
|
with the memory model update, Go 1.19 introduces new types in
|
|
the sync/atomic package that make it easier to use atomic
|
|
values, such as atomic.Int64 and atomic.Pointer[T].
|
|
* go1.19 adds support for the Loongson 64-bit architecture
|
|
LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI
|
|
implemented is LP64D. Minimum kernel version supported is 5.19.
|
|
* The riscv64 port now supports passing function arguments and
|
|
result using registers. Benchmarking shows typical performance
|
|
improvements of 10% or more on riscv64.
|
|
* Go 1.19 adds support for links, lists, and clearer headings in
|
|
doc comments. As part of this change, gofmt now reformats doc
|
|
comments to make their rendered meaning clearer. See "Go Doc
|
|
Comments" for syntax details and descriptions of common
|
|
mistakes now highlighted by gofmt. As another part of this
|
|
change, the new package go/doc/comment provides parsing and
|
|
reformatting of doc comments as well as support for rendering
|
|
them to HTML, Markdown, and text.
|
|
* The new build constraint "unix" is now recognized in //go:build
|
|
lines. The constraint is satisfied if the target operating
|
|
system, also known as GOOS, is a Unix or Unix-like system. For
|
|
the 1.19 release it is satisfied if GOOS is one of aix,
|
|
android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux,
|
|
netbsd, openbsd, or solaris. In future releases the unix
|
|
constraint may match additional newly supported operating
|
|
systems.
|
|
* The -trimpath flag, if set, is now included in the build
|
|
settings stamped into Go binaries by go build, and can be
|
|
examined using go version -m or debug.ReadBuildInfo.
|
|
* go generate now sets the GOROOT environment variable explicitly
|
|
in the generator's environment, so that generators can locate
|
|
the correct GOROOT even if built with -trimpath.
|
|
* go test and go generate now place GOROOT/bin at the beginning
|
|
of the PATH used for the subprocess, so tests and generators
|
|
that execute the go command will resolve it to same GOROOT.
|
|
* go env now quotes entries that contain spaces in the
|
|
CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS,
|
|
CGO_LDFLAGS, and GOGCCFLAGS variables it reports.
|
|
* go list -json now accepts a comma-separated list of JSON fields
|
|
to populate. If a list is specified, the JSON output will
|
|
include only those fields, and go list may avoid work to
|
|
compute fields that are not included. In some cases, this may
|
|
suppress errors that would otherwise be reported.
|
|
* The go command now caches information necessary to load some
|
|
modules, which should result in a speed-up of some go list
|
|
invocations.
|
|
* The vet checker "errorsas" now reports when errors.As is called
|
|
with a second argument of type *error, a common mistake.
|
|
* The runtime now includes support for a soft memory limit. This
|
|
memory limit includes the Go heap and all other memory managed
|
|
by the runtime, and excludes external memory sources such as
|
|
mappings of the binary itself, memory managed in other
|
|
languages, and memory held by the operating system on behalf of
|
|
the Go program. This limit may be managed via
|
|
runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT
|
|
environment variable. The limit works in conjunction with
|
|
runtime/debug.SetGCPercent / GOGC, and will be respected even
|
|
if GOGC=off, allowing Go programs to always make maximal use of
|
|
their memory limit, improving resource efficiency in some
|
|
cases.
|
|
* In order to limit the effects of GC thrashing when the
|
|
program's live heap size approaches the soft memory limit, the
|
|
Go runtime also attempts to limit total GC CPU utilization to
|
|
50%, excluding idle time, choosing to use more memory over
|
|
preventing application progress. In practice, we expect this
|
|
limit to only play a role in exceptional cases, and the new
|
|
runtime metric /gc/limiter/last-enabled:gc-cycle reports when
|
|
this last occurred.
|
|
* The runtime now schedules many fewer GC worker goroutines on
|
|
idle operating system threads when the application is idle
|
|
enough to force a periodic GC cycle.
|
|
* The runtime will now allocate initial goroutine stacks based on
|
|
the historic average stack usage of goroutines. This avoids
|
|
some of the early stack growth and copying needed in the
|
|
average case in exchange for at most 2x wasted space on
|
|
below-average goroutines.
|
|
* On Unix operating systems, Go programs that import package os
|
|
now automatically increase the open file limit (RLIMIT_NOFILE)
|
|
to the maximum allowed value; that is, they change the soft
|
|
limit to match the hard limit. This corrects artificially low
|
|
limits set on some systems for compatibility with very old C
|
|
programs using the select system call. Go programs are not
|
|
helped by that limit, and instead even simple programs like
|
|
gofmt often ran out of file descriptors on such systems when
|
|
processing many files in parallel. One impact of this change is
|
|
that Go programs that in turn execute very old C programs in
|
|
child processes may run those programs with too high a
|
|
limit. This can be corrected by setting the hard limit before
|
|
invoking the Go program.
|
|
* Unrecoverable fatal errors (such as concurrent map writes, or
|
|
unlock of unlocked mutexes) now print a simpler traceback
|
|
excluding runtime metadata (equivalent to a fatal panic) unless
|
|
GOTRACEBACK=system or crash. Runtime-internal fatal error
|
|
tracebacks always include full metadata regardless of the value
|
|
of GOTRACEBACK
|
|
* Support for debugger-injected function calls has been added on
|
|
ARM64, enabling users to call functions from their binary in an
|
|
interactive debugging session when using a debugger that is
|
|
updated to make use of this functionality.
|
|
* The address sanitizer support added in Go 1.18 now handles
|
|
function arguments and global variables more precisely.
|
|
* The compiler now uses a jump table to implement large integer
|
|
and string switch statements. Performance improvements for the
|
|
switch statement vary but can be on the order of 20%
|
|
faster. (GOARCH=amd64 and GOARCH=arm64 only)
|
|
* The Go compiler now requires the -p=importpath flag to build a
|
|
linkable object file. This is already supplied by the go
|
|
command and by Bazel. Any other build systems that invoke the
|
|
Go compiler directly will need to make sure they pass this flag
|
|
as well.
|
|
* The Go compiler no longer accepts the -importmap flag. Build
|
|
systems that invoke the Go compiler directly must use the
|
|
-importcfg flag instead.
|
|
* Like the compiler, the assembler now requires the -p=importpath
|
|
flag to build a linkable object file. This is already supplied
|
|
by the go command. Any other build systems that invoke the Go
|
|
assembler directly will need to make sure they pass this flag
|
|
as well.
|
|
* Command and LookPath no longer allow results from a PATH search
|
|
to be found relative to the current directory. This removes a
|
|
common source of security problems but may also break existing
|
|
programs that depend on using, say, exec.Command("prog") to run
|
|
a binary named prog (or, on Windows, prog.exe) in the current
|
|
directory. See the os/exec package documentation for
|
|
information about how best to update such programs.
|
|
* On Windows, Command and LookPath now respect the
|
|
NoDefaultCurrentDirectoryInExePath environment variable, making
|
|
it possible to disable the default implicit search of “.” in
|
|
PATH lookups on Windows systems.
|
|
* crypto/elliptic: Operating on invalid curve points (those for
|
|
which the IsOnCurve method returns false, and which are never
|
|
returned by Unmarshal or by a Curve method operating on a valid
|
|
point) has always been undefined behavior and can lead to key
|
|
recovery attacks. If an invalid point is supplied to Marshal,
|
|
MarshalCompressed, Add, Double, or ScalarMult, they will now
|
|
panic. ScalarBaseMult operations on the P224, P384, and P521
|
|
curves are now up to three times faster, leading to similar
|
|
speedups in some ECDSA operations. The generic (not platform
|
|
optimized) P256 implementation was replaced with one derived
|
|
from a formally verified model; this might lead to significant
|
|
slowdowns on 32-bit platforms.
|
|
* crypto/rand: Read no longer buffers random data obtained from
|
|
the operating system between calls. Applications that perform
|
|
many small reads at high frequency might choose to wrap Reader
|
|
in a bufio.Reader for performance reasons, taking care to use
|
|
io.ReadFull to ensure no partial reads occur. The Prime
|
|
implementation was changed to use only rejection sampling,
|
|
which removes a bias when generating small primes in
|
|
non-cryptographic contexts, removes one possible minor timing
|
|
leak, and better aligns the behavior with BoringSSL, all while
|
|
simplifying the implementation. The change does produce
|
|
different outputs for a given random source stream compared to
|
|
the previous implementation, which can break tests written
|
|
expecting specific results from specific deterministic random
|
|
sources. To help prevent such problems in the future, the
|
|
implementation is now intentionally non-deterministic with
|
|
respect to the input stream.
|
|
* crypto/tls: The GODEBUG option tls10default=1 has been
|
|
removed. It is still possible to enable TLS 1.0 client-side by
|
|
setting Config.MinVersion. The TLS server and client now reject
|
|
duplicate extensions in TLS handshakes, as required by RFC
|
|
5246, Section 7.4.1.4 and RFC 8446, Section 4.2.
|
|
* crypto/x509: CreateCertificate no longer supports creating
|
|
certificates with SignatureAlgorithm set to
|
|
MD5WithRSA. CreateCertificate no longer accepts negative serial
|
|
numbers. CreateCertificate will not emit an empty SEQUENCE
|
|
anymore when the produced certificate has no
|
|
extensions. ParseCertificate and ParseCertificateRequest now
|
|
reject certificates and CSRs which contain duplicate
|
|
extensions. The new CertPool.Clone and CertPool.Equal methods
|
|
allow cloning a CertPool and checking the equivalence of two
|
|
CertPools respectively. The new function ParseRevocationList
|
|
provides a faster, safer to use CRL parser which returns a
|
|
RevocationList. Parsing a CRL also populates the new
|
|
RevocationList fields RawIssuer, Signature, AuthorityKeyId, and
|
|
Extensions, which are ignored by CreateRevocationList. The new
|
|
method RevocationList.CheckSignatureFrom checks that the
|
|
signature on a CRL is a valid signature from a Certificate. The
|
|
ParseCRL and ParseDERCRL functions are now deprecated in favor
|
|
of ParseRevocationList. The Certificate.CheckCRLSignature
|
|
method is deprecated in favor of
|
|
RevocationList.CheckSignatureFrom. The path builder of
|
|
Certificate.Verify was overhauled and should now produce better
|
|
chains and/or be more efficient in complicated scenarios. Name
|
|
constraints are now also enforced on non-leaf certificates.
|
|
* crypto/x509/pkix: The types CertificateList and
|
|
TBSCertificateList have been deprecated. The new crypto/x509
|
|
CRL functionality should be used instead.
|
|
* debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support
|
|
the loong64 port.
|
|
* debug/pe: The new File.COFFSymbolReadSectionDefAux method,
|
|
which returns a COFFSymbolAuxFormat5, provides access to COMDAT
|
|
information in PE file sections. These are supported by new
|
|
IMAGE_COMDAT_* and IMAGE_SCN_* constants.
|
|
* runtime: The GOROOT function now returns the empty string
|
|
(instead of "go") when the binary was built with the -trimpath
|
|
flag set and the GOROOT variable is not set in the process
|
|
environment.
|
|
* runtime/metrics: The new /sched/gomaxprocs:threads metric
|
|
reports the current runtime.GOMAXPROCS value. The new
|
|
/cgo/go-to-c-calls:calls metric reports the total number of
|
|
calls made from Go to C. This metric is identical to the
|
|
runtime.NumCgoCall function. The new
|
|
/gc/limiter/last-enabled:gc-cycle metric reports the last GC
|
|
cycle when the GC CPU limiter was enabled. See the runtime
|
|
notes for details about the GC CPU limiter.
|
|
* runtime/pprof: Stop-the-world pause times have been
|
|
significantly reduced when collecting goroutine profiles,
|
|
reducing the overall latency impact to the application. MaxRSS
|
|
is now reported in heap profiles for all Unix operating systems
|
|
(it was previously only reported for GOOS=android, darwin, ios,
|
|
and linux).
|
|
* runtime/race: The race detector has been upgraded to use thread
|
|
sanitizer version v3 on all supported platforms except
|
|
windows/amd64 and openbsd/amd64, which remain on v2. Compared
|
|
to v2, it is now typically 1.5x to 2x faster, uses half as much
|
|
memory, and it supports an unlimited number of goroutines. On
|
|
Linux, the race detector now requires at least glibc version
|
|
2.17 and GNU binutils 2.26. The race detector is now supported
|
|
on GOARCH=s390x. Race detector support for openbsd/amd64 has
|
|
been removed from thread sanitizer upstream, so it is unlikely
|
|
to ever be updated from v2.
|
|
* runtime/trace: When tracing and the CPU profiler are enabled
|
|
simultaneously, the execution trace includes CPU profile
|
|
samples as instantaneous events.
|
|
* syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6,
|
|
RawSyscall, and RawSyscall6 now always return 0 for return
|
|
value r2 instead of an undefined value. On AIX and Solaris,
|
|
Getrusage is now defined.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 12 23:39:16 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19rc2 (released 2022-07-12) is a release candidate version of
|
|
go1.19 cut from the master branch at the revision tagged
|
|
go1.19rc2.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 6 21:40:49 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19rc1 (released 2022-07-06) is a release candidate version of
|
|
go1.19 cut from the master branch at the revision tagged
|
|
go1.19rc1.
|
|
Refs boo#1200441 go1.19 release tracking
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 14 20:00:43 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- Trace viewer html and javascript files moved from misc/trace in
|
|
previous versions to src/cmd/trace/static in go1.19.
|
|
* Added files with mode 0644:
|
|
/usr/share/go/1.19/src/cmd/trace/static
|
|
/usr/share/go/1.19/src/cmd/trace/static/README.md
|
|
/usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html
|
|
/usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 10 20:39:05 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>
|
|
|
|
- go1.19beta1 (released 2022-06-10) is a beta version of go1.19 cut
|
|
from the master branch at the revision tagged go1.19beta1.
|
|
Refs boo#1200441 go1.19 release tracking
|