From 6149e8a697e6b8dbceeb2573fd3989b78601e61893af93010d03ef13cb268517 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 30 Oct 2024 16:11:51 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main go1.22-openssl revision 9498be13489e99ba01d4d76faadc546a --- .gitattributes | 23 + README.SUSE | 8 + _constraints | 7 + _service | 16 + dont-force-gold-on-arm64.patch | 30 + gcc-go.patch | 64 ++ go-rpmlintrc | 9 + go.gdbinit | 1 + go1.22-openssl.changes | 807 ++++++++++++++++++ go1.22-openssl.spec | 467 ++++++++++ go1.22.7.1-openssl.src.tar.gz | 3 + go1.22.7.src.tar.gz | 3 + ...ff0e4b0757ff773da6882f4d538996c9b04.tar.xz | 3 + 13 files changed, 1441 insertions(+) create mode 100644 .gitattributes create mode 100644 README.SUSE create mode 100644 _constraints create mode 100644 _service create mode 100644 dont-force-gold-on-arm64.patch create mode 100644 gcc-go.patch create mode 100644 go-rpmlintrc create mode 100644 go.gdbinit create mode 100644 go1.22-openssl.changes create mode 100644 go1.22-openssl.spec create mode 100644 go1.22.7.1-openssl.src.tar.gz create mode 100644 go1.22.7.src.tar.gz create mode 100644 llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..88a197a --- /dev/null +++ b/README.SUSE @@ -0,0 +1,8 @@ +# Go Programming Language + +OBS: https://build.opensuse.org/project/show/devel:languages:go + +Maintainer: Jeff Kowalczyk + +Wiki: http://en.opensuse.org/Go + http://en.opensuse.org/openSUSE:Packaging_Go diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..4496146 --- /dev/null +++ b/_constraints @@ -0,0 +1,7 @@ + + + + 5 + + + diff --git a/_service b/_service new file mode 100644 index 0000000..8b32872 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + + https://github.com/llvm/llvm-project.git + git + compiler-rt + + 51bfeff0e4b0757ff773da6882f4d538996c9b04 + %H + llvm + + + llvm-*.tar + xz + + diff --git a/dont-force-gold-on-arm64.patch b/dont-force-gold-on-arm64.patch new file mode 100644 index 0000000..e5308bb --- /dev/null +++ b/dont-force-gold-on-arm64.patch @@ -0,0 +1,30 @@ +--- go/src/cmd/link/internal/ld/lib.go ++++ go/src/cmd/link/internal/ld/lib.go +@@ -1596,27 +1596,6 @@ + // Use lld to avoid errors from default linker (issue #38838) + altLinker = "lld" + } +- +- if ctxt.Arch.InFamily(sys.ARM64) && buildcfg.GOOS == "linux" { +- // On ARM64, the GNU linker will fail with +- // -znocopyreloc if it thinks a COPY relocation is +- // required. Switch to gold. +- // https://sourceware.org/bugzilla/show_bug.cgi?id=19962 +- // https://go.dev/issue/22040 +- altLinker = "gold" +- +- // If gold is not installed, gcc will silently switch +- // back to ld.bfd. So we parse the version information +- // and provide a useful error if gold is missing. +- name, args := flagExtld[0], flagExtld[1:] +- args = append(args, "-fuse-ld=gold", "-Wl,--version") +- cmd := exec.Command(name, args...) +- if out, err := cmd.CombinedOutput(); err == nil { +- if !bytes.Contains(out, []byte("GNU gold")) { +- log.Fatalf("ARM64 external linker must be gold (issue #15696, 22040), but is not: %s", out) +- } +- } +- } + } + if ctxt.Arch.Family == sys.ARM64 && buildcfg.GOOS == "freebsd" { + // Switch to ld.bfd on freebsd/arm64. diff --git a/gcc-go.patch b/gcc-go.patch new file mode 100644 index 0000000..ade991a --- /dev/null +++ b/gcc-go.patch @@ -0,0 +1,64 @@ +--- go.orig/src/cmd/dist/buildtool.go ++++ go/src/cmd/dist/buildtool.go +@@ -203,7 +203,7 @@ + // Use the purego build tag to disable other assembly code, + // such as in cmd/internal/notsha256. + cmd := []string{ +- pathf("%s/bin/go", goroot_bootstrap), ++ pathf("%s/bin/go-$gcc_go_version", goroot_bootstrap), + "install", + "-tags=math_big_pure_go compiler_bootstrap purego", + } +--- go.orig/src/make.bash ++++ go/src/make.bash +@@ -175,8 +175,8 @@ + fi + fi + done; unset IFS +-if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then +- echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2 ++if [ ! -x "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" ]; then ++ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version." >&2 + echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go $bootgo." >&2 + exit 1 + fi +@@ -194,7 +194,7 @@ + exit 1 + fi + rm -f cmd/dist/dist +-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist ++GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT="" GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" build -o cmd/dist/dist ./cmd/dist + + # -e doesn't propagate out of eval, so check success by hand. + eval $(./cmd/dist/dist env -p || echo FAIL=true) +--- go.orig/src/make.rc ++++ go/src/make.rc +@@ -58,7 +58,7 @@ + GOROOT_BOOTSTRAP = $home/$d + } + for(p in $path){ +- if(! test -x $GOROOT_BOOTSTRAP/bin/go){ ++ if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){ + if(go_exe = `{path=$p whatis go}){ + goroot = `{GOROOT='' $go_exe env GOROOT} + if(! ~ $goroot $GOROOT){ +@@ -71,8 +71,8 @@ + } + } + } +-if(! test -x $GOROOT_BOOTSTRAP/bin/go){ +- echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2] ++if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){ ++ echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go-$gcc_go_version.' >[1=2] + echo 'Set $GOROOT_BOOTSTRAP to a working Go tree >= Go '$bootgo'.' >[1=2] + exit bootstrap + } +@@ -89,7 +89,7 @@ + echo 'Building Go cmd/dist using '$GOROOT_BOOTSTRAP'. ('$"GOROOT_BOOTSTRAP_VERSION')' + if(~ $#vflag 1) + echo cmd/dist +-GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111MODULE=off GOENV=off GOFLAGS='' $GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist ++GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111MODULE=off GOENV=off GOFLAGS='' $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version build -o cmd/dist/dist ./cmd/dist + + eval `{./cmd/dist/dist env -9} + if(~ $#vflag 1) diff --git a/go-rpmlintrc b/go-rpmlintrc new file mode 100644 index 0000000..aeffb39 --- /dev/null +++ b/go-rpmlintrc @@ -0,0 +1,9 @@ +addFilter("binaryinfo-readelf-failed") # go binaries are suposedly ELF-compliant +addFilter("statically-linked-binary") # go doesn't yet support dynamic linking + +# .syso files are special. Note that while they are architecture-dependent, +# they are named to avoid conflicts (and we make sure of that in the RPM +# through go_arch). +addFilter("unstripped-binary-or-object.*\.syso$") +addFilter("arch-dependent-file-in-usr-share.*\.syso$") +addFilter("W: position-independent-executable-suggested") diff --git a/go.gdbinit b/go.gdbinit new file mode 100644 index 0000000..589a923 --- /dev/null +++ b/go.gdbinit @@ -0,0 +1 @@ +add-auto-load-safe-path /usr/lib/go/$go_label/src/runtime/runtime-gdb.py diff --git a/go1.22-openssl.changes b/go1.22-openssl.changes new file mode 100644 index 0000000..2a16171 --- /dev/null +++ b/go1.22-openssl.changes @@ -0,0 +1,807 @@ +------------------------------------------------------------------- +Tue Oct 1 00:31:42 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + Refs jsc#SLE-18320 + * Iterate over all patches in the upstream patch set. In addition + to the two large primary patches 000-initial-setup.patch and + 001-initial-openssl-for-fips.patch, various fixes are being + applied in smaller patches. Ensure that we apply all of these. + * Application of all patches fixes dlopen() errors seen starting + in go1.22-openssl related to the new v2 openssl binding. + +------------------------------------------------------------------- +Thu Sep 12 12:55:01 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.7.1 cut from the go1.22-fips-release + branch at the revision tagged go1.22.7-1-openssl-fips. + Refs jsc#SLE-18320 + * Update to Go 1.22.7 (#229) + +------------------------------------------------------------------- +Thu Sep 5 15:20:28 UTC 2024 - Jeff Kowalczyk + +- go1.22.7 (released 2024-09-05) includes security fixes to the + encoding/gob, go/build/constraint, and go/parser packages, as + well as bug fixes to the fix command and the runtime. + Refs boo#1218424 go1.22 release tracking + CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 + - go#69142 go#69138 boo#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155) + - go#69144 go#69139 boo#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156) + - go#69148 go#69141 boo#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158) + - go#68811 os: TestChtimes failures + - go#68825 cmd/fix: fails to run on modules whose go directive value is in "1.n.m" format introduced in Go 1.21.0 + - go#68972 cmd/cgo: aix c-archive corrupting stack + +------------------------------------------------------------------- +Tue Aug 6 17:39:11 UTC 2024 - Jeff Kowalczyk + +- go1.22.6 (released 2024-08-06) includes fixes to the go command, + the compiler, the linker, the trace command, the covdata command, + and the bytes, go/types, and os/exec packages. + Refs boo#1218424 go1.22 release tracking + * go#68594 cmd/compile: internal compiler error with zero-size types + * go#68546 cmd/trace/v2: pprof profiles always empty + * go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop + * go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm + * go#68370 go/types: assertion failure in recent range statement checking logic + * go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows + * go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race + * go#68222 cmd/go: list with -export and -covermode=atomic fails to build + * go#68198 cmd/link: issues with Xcode 16 beta + +------------------------------------------------------------------- +Mon Aug 5 14:36:00 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.5.3 cut from the go1.22-fips-release + branch at the revision tagged go1.22.5-3-openssl-fips. + Refs jsc#SLE-18320 + * Only load openssl if fips == "1" + Avoid loading openssl whenever GOLANG_FIPS is not 1. + Previously only an unset variable would cause the library load + to be skipped, but users may also expect to be able to set eg. + GOLANG_FIPS=0 in environments without openssl. + +------------------------------------------------------------------- +Mon Aug 5 13:51:15 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.5.2 cut from the go1.22-fips-release + branch at the revision tagged go1.22.5-2-openssl-fips. + Refs jsc#SLE-18320 + * Only load OpenSSL when in FIPS mode + +------------------------------------------------------------------- +Thu Jul 11 07:50:37 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.5.1 cut from the go1.22-fips-release + branch at the revision tagged go1.22.5-1-openssl-fips. + Refs jsc#SLE-18320 + * Update to go1.22.5 + +------------------------------------------------------------------- +Tue Jul 2 18:51:45 UTC 2024 - Jeff Kowalczyk + +- go1.22.5 (released 2024-07-02) includes security fixes to the + net/http package, as well as bug fixes to the compiler, cgo, the + go command, the linker, the runtime, and the crypto/tls, + go/types, net, net/http, and os/exec packages. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24791 + * go#68200 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways + * go#65983 cmd/compile: hash of unhashable type + * go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault() + * go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without ".exe" no longer implicitly adds ".exe" in Go 1.22 + * go#67298 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds + * go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders + * go#67798 cmd/compile: internal compiler error: unexpected type: () in for-range + * go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec + * go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0 + * go#67934 net: go DNS resolver fails to connect to local DNS server + * go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure + * go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N) + * go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT)) + +------------------------------------------------------------------- +Wed Jun 5 19:13:46 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.4.1 cut from the go1.22-fips-release + branch at the revision tagged go1.22.4-1-openssl-fips. + Refs jsc#SLE-18320 + * Update to go1.22.4 + +------------------------------------------------------------------- +Tue Jun 4 18:08:59 UTC 2024 - Jeff Kowalczyk + +- go1.22.4 (released 2024-06-04) includes security fixes to the + archive/zip and net/netip packages, as well as bug fixes to the + compiler, the go command, the linker, the runtime, and the os + package. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24789 CVE-2024-24790 + * go#67554 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations + * go#67682 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses + * go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes + * go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 + * go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21' + * go#67258 runtime: unexpected fault address 0 + * go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally + * go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID + * go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections + * go#67460 cmd/compile: internal compiler error: panic with range over integer value + * go#67527 cmd/link: panic: machorelocsect: size mismatch + * go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start + * go#67696 os: RemoveAll susceptible to symlink race + +------------------------------------------------------------------- +Thu May 30 21:42:06 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.3.3 cut from the go1.22-fips-release + branch at the revision tagged go1.22.3-3-openssl-fips. + Refs jsc#SLE-18320 + * config: update openssl backend (#201) + +------------------------------------------------------------------- +Thu May 23 20:38:55 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.3.2 cut from the go1.22-fips-release + branch at the revision tagged go1.22.3-2-openssl-fips. + Refs jsc#SLE-18320 + * patches: restore signature of HashSign/HashVerify (#199) + +------------------------------------------------------------------- +Tue May 21 22:00:34 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.3.1 cut from the go1.22-fips-release + branch at the revision tagged go1.22.3-1-openssl-fips. + Refs jsc#SLE-18320 + * Update to go1.22.3 + * fix: rename patch file + * Backport change https://go-review.googlesource.com/c/go/+/554615 to Go1.22 (#193) + runtime: crash asap and extend total sleep time for slow machine in test + Running with few threads usually does not need 500ms to crash, so let it + crash as soon as possible. While the test may caused more time on slow + machine, try to expand the sleep time in test. + * cmd/go: re-enable CGO for Go toolchain commands (#190) + * crypto/ecdsa: Restore HashSign and HashVerify (#189) + +------------------------------------------------------------------- +Tue May 7 16:00:41 UTC 2024 - Jeff Kowalczyk + +- go1.22.3 (released 2024-05-07) includes security fixes to the go + command and the net package, as well as bug fixes to the + compiler, the runtime, and the net/http package. + Refs boo#1218424 go1.22 release tracking + CVE-2024-24787 CVE-2024-24788 + * go#67122 go#67119 boo#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin + * go#67040 go#66754 boo#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode + * go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le + * go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE + * go#66886 runtime: deterministic fallback hashes across process boundary + * go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 + +------------------------------------------------------------------- +Thu Apr 4 19:11:15 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.2.1 cut from the go1.22-fips-release + branch at the revision tagged go1.22.2-1-openssl-fips. + Refs jsc#SLE-18320 + * Update to go1.22.2 + +------------------------------------------------------------------- +Wed Apr 3 15:35:18 UTC 2024 - Jeff Kowalczyk + +- go1.22.2 (released 2024-04-03) includes a security fix to the + net/http package, as well as bug fixes to the compiler, the go + command, the linker, and the encoding/gob, go/types, net/http, + and runtime/trace packages. + Refs boo#1218424 go1.22 release tracking + CVE-2023-45288 + * go#66298 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers + * go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1 + * go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation + * go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64 + * go#66134 cmd/compile: go test . results in CLOSURE ... : internal compiler error: assertion failed + * go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument + * go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr + * go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows + * go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock + * go#66256 cmd/go: git shallow fetches broken at CL 556358 + * go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22 + * go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le + +------------------------------------------------------------------- +Fri Mar 29 01:08:32 UTC 2024 - Jeff Kowalczyk + +- Update to version 1.22.1.2 cut from the go1.22-fips-release + branch at the revision tagged go1.22.1-2-openssl-fips. + Refs jsc#SLE-18320 + * config: Update openssl v2 module (#178) + +------------------------------------------------------------------- +Wed Mar 13 14:06:49 UTC 2024 - Jeff Kowalczyk + +- Remove subpackage go1.x-openssl-libstd for compiled shared object + libstd.so. + Refs jsc#PED-1962 jsc#SLE-18320 + * Continue to build experimental libstd only on go1.x Tumbleweed. + * Removal fixes build errors on go1.x-openssl Factory and ALP. + * Use of libstd.so is experimental and not recommended for + general use, Go currently has no ABI. + * Feature go build -buildmode=shared is deprecated by upstream, + but not yet removed. + +------------------------------------------------------------------- +Mon Mar 11 22:12:46 UTC 2024 - Jeff Kowalczyk + +- Initial package go1.22-openssl version 1.22.1.1 cut from the + go1.22-fips-release branch at the revision tagged + go1.22.1-1-openssl-fips. + Refs jsc#SLE-18320 + * Go upstream merged branch dev.boringcrypto in go1.19+. + * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. + * In go1.x-openssl enable FIPS mode (or boring mode as the + package is named) either via an environment variable + GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. + * When the operating system is operating in FIPS mode, Go + applications which import crypto/tls/fipsonly limit operations + to the FIPS ciphersuite. + * go1.x-openssl is delivered as two large patches to go1.x + applying necessary modifications from the golang-fips/go GitHub + project for the Go crypto library to use OpenSSL as the + external cryptographic library in a FIPS compliant way. + * go1.x-openssl modifies the crypto/* packages to use OpenSSL for + cryptographic operations. + * go1.x-openssl uses dlopen() to call into OpenSSL. + * SUSE RPM packaging introduces a fourth version digit go1.x.y.z + corresponding to the golang-fips/go patchset tagged revision. + * Patchset improvements can be updated independently of upstream + Go maintenance releases. + +------------------------------------------------------------------- +Tue Mar 5 17:38:51 UTC 2024 - Jeff Kowalczyk + +- go1.22.1 (released 2024-03-05) includes security fixes to the + crypto/x509, html/template, net/http, net/http/cookiejar, and + net/mail packages, as well as bug fixes to the compiler, the go + command, the runtime, the trace command, and the go/types and + net/http packages. + Refs boo#1218424 go1.22 release tracking + CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 + * go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm + * go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled + * go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm + * go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect + * go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping + * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module + * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders + * go#65474 internal/testenv: support LUCI mobile builders in testenv tests + * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently + * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change + * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0 + * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing + * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer + * go#65728 go/types: nil pointer dereference in Alias.Underlying() + * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22 + * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux + * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer + * go#65852 cmd/go: "missing ziphash" error with go.work + * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms + +------------------------------------------------------------------- +Tue Feb 27 05:45:13 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * Use %patch -P N instead of deprecated %patchN + +------------------------------------------------------------------- +Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * boo#1219988 ensure VERSION file is present in GOROOT + as required by go tool dist and go tool distpack + +------------------------------------------------------------------- +Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk + +- go1.22 (released 2024-02-06) is a major release of Go. + go1.22.x minor releases will be provided through February 2024. + https://github.com/golang/go/wiki/Go-Release-Cycle + go1.22 arrives six months after go1.21. Most of its changes are + in the implementation of the toolchain, runtime, and libraries. + As always, the release maintains the Go 1 promise of + compatibility. We expect almost all Go programs to continue to + compile and run as before. + Refs boo#1218424 go1.22 release tracking + * Language change: go1.22 makes two changes to for loops. + Previously, the variables declared by a for loop were created + once and updated by each iteration. In go1.22, each iteration + of the loop creates new variables, to avoid accidental sharing + bugs. The transition support tooling described in the proposal + continues to work in the same way it did in Go 1.21. + * Language change: For loops may now range over integers + * Language change: go1.22 includes a preview of a language change + we are considering for a future version of Go: + range-over-function iterators. Building with + GOEXPERIMENT=rangefunc enables this feature. + * go command: Commands in workspaces can now use a vendor + directory containing the dependencies of the workspace. The + directory is created by go work vendor, and used by build + commands when the -mod flag is set to vendor, which is the + default when a workspace vendor directory is present. Note + that the vendor directory's contents for a workspace are + different from those of a single module: if the directory at + the root of a workspace also contains one of the modules in the + workspace, its vendor directory can contain the dependencies of + either the workspace or of the module, but not both. + * go get is no longer supported outside of a module in the legacy + GOPATH mode (that is, with GO111MODULE=off). Other build + commands, such as go build and go test, will continue to work + indefinitely for legacy GOPATH programs. + * go mod init no longer attempts to import module requirements + from configuration files for other vendoring tools (such as + Gopkg.lock). + * go test -cover now prints coverage summaries for covered + packages that do not have their own test files. Prior to Go + 1.22 a go test -cover run for such a package would report: ? + mymod/mypack [no test files] and now with go1.22, functions in + the package are treated as uncovered: mymod/mypack coverage: + 0.0% of statements Note that if a package contains no + executable code at all, we can't report a meaningful coverage + percentage; for such packages the go tool will continue to + report that there are no test files. + * trace: The trace tool's web UI has been gently refreshed as + part of the work to support the new tracer, resolving several + issues and improving the readability of various sub-pages. The + web UI now supports exploring traces in a thread-oriented + view. The trace viewer also now displays the full duration of + all system calls. These improvements only apply for viewing + traces produced by programs built with go1.22 or newer. A + future release will bring some of these improvements to traces + produced by older version of Go. + * vet: References to loop variables The behavior of the vet tool + has changed to match the new semantics (see above) of loop + variables in go1.22. When analyzing a file that requires go1.22 + or newer (due to its go.mod file or a per-file build + constraint), vetcode> no longer reports references to loop + variables from within a function literal that might outlive the + iteration of the loop. In Go 1.22, loop variables are created + anew for each iteration, so such references are no longer at + risk of using a variable after it has been updated by the loop. + * vet: New warnings for missing values after append The vet tool + now reports calls to append that pass no values to be appended + to the slice, such as slice = append(slice). Such a statement + has no effect, and experience has shown that is nearly always a + mistake. + * vet: New warnings for deferring time.Since The vet tool now + reports a non-deferred call to time.Since(t) within a defer + statement. This is equivalent to calling time.Now().Sub(t) + before the defer statement, not when the deferred function is + called. In nearly all cases, the correct code requires + deferring the time.Since call. + * vet: New warnings for mismatched key-value pairs in log/slog + calls The vet tool now reports invalid arguments in calls to + functions and methods in the structured logging package, + log/slog, that accept alternating key/value pairs. It reports + calls where an argument in a key position is neither a string + nor a slog.Attr, and where a final key is missing its value. + * runtime: The runtime now keeps type-based garbage collection + metadata nearer to each heap object, improving the CPU + performance (latency or throughput) of Go programs by + 1-3%. This change also reduces the memory overhead of the + majority Go programs by approximately 1% by deduplicating + redundant metadata. Some programs may see a smaller improvement + because this change adjusts the size class boundaries of the + memory allocator, so some objects may be moved up a size class. + A consequence of this change is that some objects' addresses + that were previously always aligned to a 16 byte (or higher) + boundary will now only be aligned to an 8 byte boundary. Some + programs that use assembly instructions that require memory + addresses to be more than 8-byte aligned and rely on the memory + allocator's previous alignment behavior may break, but we + expect such programs to be rare. Such programs may be built + with GOEXPERIMENT=noallocheaders to revert to the old metadata + layout and restore the previous alignment behavior, but package + owners should update their assembly code to avoid the alignment + assumption, as this workaround will be removed in a future + release. + * runtime: On the windows/amd64 port, programs linking or loading + Go libraries built with -buildmode=c-archive or + -buildmode=c-shared can now use the SetUnhandledExceptionFilter + Win32 function to catch exceptions not handled by the Go + runtime. Note that this was already supported on the + windows/386 port. + * compiler: Profile-guided Optimization (PGO) builds can now + devirtualize a higher proportion of calls than previously + possible. Most programs from a representative set of Go + programs now see between 2 and 14% improvement from enabling + PGO. + * compiler: The compiler now interleaves devirtualization and + inlining, so interface method calls are better optimized. + * compiler: go1.22 also includes a preview of an enhanced + implementation of the compiler's inlining phase that uses + heuristics to boost inlinability at call sites deemed + "important" (for example, in loops) and discourage inlining at + call sites deemed "unimportant" (for example, on panic + paths). Building with GOEXPERIMENT=newinliner enables the new + call-site heuristics; see issue #61502 for more info and to + provide feedback. + * linker: The linker's -s and -w flags are now behave more + consistently across all platforms. The -w flag suppresses DWARF + debug information generation. The -s flag suppresses symbol + table generation. The -s flag also implies the -w flag, which + can be negated with -w=0. That is, -s -w=0 will generate a + binary with DWARF debug information generation but without the + symbol table. + * linker: On ELF platforms, the -B linker flag now accepts a + special form: with -B gobuildid, the linker will generate a GNU + build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go + build ID. + * linker: On Windows, when building with -linkmode=internal, the + linker now preserves SEH information from C object files by + copying the .pdata and .xdata sections into the final + binary. This helps with debugging and profiling binaries using + native tools, such as WinDbg. Note that until now, C functions' + SEH exception handlers were not being honored, so this change + may cause some programs to behave differently. + -linkmode=external is not affected by this change, as external + linkers already preserve SEH information. + * bootstrap: As mentioned in the Go 1.20 release notes, go1.22 + now requires the final point release of Go 1.20 or later for + bootstrap. We expect that Go 1.24 will require the final point + release of go1.22 or later for bootstrap. + * core library: New math/rand/v2 package: go1.22 includes the + first “v2” package in the standard library, math/rand/v2. The + changes compared to math/rand are detailed in proposal + go#61716. The most important changes are: + - The Read method, deprecated in math/rand, was not carried + forward for math/rand/v2. (It remains available in + math/rand.) The vast majority of calls to Read should use + crypto/rand’s Read instead. Otherwise a custom Read can be + constructed using the Uint64 method. + - The global generator accessed by top-level functions is + unconditionally randomly seeded. Because the API guarantees + no fixed sequence of results, optimizations like per-thread + random generator states are now possible. + - The Source interface now has a single Uint64 method; there is + no Source64 interface. + - Many methods now use faster algorithms that were not possible + to adopt in math/rand because they changed the output + streams. + - The Intn, Int31, Int31n, Int63, and Int64n top-level + functions and methods from math/rand are spelled more + idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64, + and Int64N. There are also new top-level functions and + methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN. + - The new generic function N is like Int64N or Uint64N but + works for any integer type. For example a random duration + from 0 up to 5 minutes is rand.N(5*time.Minute). + - The Mitchell & Reeds LFSR generator provided by math/rand’s + Source has been replaced by two more modern pseudo-random + generator sources: ChaCha8 PCG. ChaCha8 is a new, + cryptographically strong random number generator roughly + similar to PCG in efficiency. ChaCha8 is the algorithm used + for the top-level functions in math/rand/v2. As of go1.22, + math/rand's top-level functions (when not explicitly seeded) + and the Go runtime also use ChaCha8 for randomness. + - We plan to include an API migration tool in a future release, + likely Go 1.23. + * core library: New go/version package: The new go/version + package implements functions for validating and comparing Go + version strings. + * core library: Enhanced routing patterns: HTTP routing in the + standard library is now more expressive. The patterns used by + net/http.ServeMux have been enhanced to accept methods and + wildcards. This change breaks backwards compatibility in small + ways, some obvious—patterns with "{" and "}" behave + differently— and some less so—treatment of escaped paths has + been improved. The change is controlled by a GODEBUG field + named httpmuxgo121. Set httpmuxgo121=1 to restore the old + behavior. + * Minor changes to the library As always, there are various minor + changes and updates to the library, made with the Go 1 promise + of compatibility in mind. There are also various performance + improvements, not enumerated here. + * archive/tar: The new method Writer.AddFS adds all of the files + from an fs.FS to the archive. + * archive/zip: The new method Writer.AddFS adds all of the files + from an fs.FS to the archive. + * bufio: When a SplitFunc returns ErrFinalToken with a nil token, + Scanner will now stop immediately. Previously, it would report + a final empty token before stopping, which was usually not + desired. Callers that do want to report a final empty token can + do so by returning []byte{} rather than nil. + * cmp: The new function Or returns the first in a sequence of + values that is not the zero value. + * crypto/tls: ConnectionState.ExportKeyingMaterial will now + return an error unless TLS 1.3 is in use, or the + extended_master_secret extension is supported by both the + server and client. crypto/tls has supported this extension + since Go 1.20. This can be disabled with the tlsunsafeekm=1 + GODEBUG setting. + * crypto/tls: By default, the minimum version offered by + crypto/tls servers is now TLS 1.2 if not specified with + config.MinimumVersion, matching the behavior of crypto/tls + clients. This change can be reverted with the tls10server=1 + GODEBUG setting. + * crypto/tls: By default, cipher suites without ECDHE support are + no longer offered by either clients or servers during pre-TLS + 1.3 handshakes. This change can be reverted with the + tlsrsakex=1 GODEBUG setting. + * crypto/x509: The new CertPool.AddCertWithConstraint method can + be used to add customized constraints to root certificates to + be applied during chain building. + * crypto/x509: On Android, root certificates will now be loaded + from /data/misc/keychain/certs-added as well as + /system/etc/security/cacerts. + * crypto/x509: A new type, OID, supports ASN.1 Object Identifiers + with individual components larger than 31 bits. A new field + which uses this type, Policies, is added to the Certificate + struct, and is now populated during parsing. Any OIDs which + cannot be represented using a asn1.ObjectIdentifier will appear + in Policies, but not in the old PolicyIdentifiers field. When + calling CreateCertificate, the Policies field is ignored, and + policies are taken from the PolicyIdentifiers field. Using the + x509usepolicies=1 GODEBUG setting inverts this, populating + certificate policies from the Policies field, and ignoring the + PolicyIdentifiers field. We may change the default value of + x509usepolicies in Go 1.23, making Policies the default field + for marshaling. + * database/sql: The new Null[T] type provide a way to scan + nullable columns for any column types. + * debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 + systems. Additional R_LARCH_* constants are defined for use + with LoongArch systems. + * encoding: The new methods AppendEncode and AppendDecode added + to each of the Encoding types in the packages encoding/base32, + encoding/base64, and encoding/hex simplify encoding and + decoding from and to byte slices by taking care of byte slice + buffer management. + * encoding: The methods base32.Encoding.WithPadding and + base64.Encoding.WithPadding now panic if the padding argument + is a negative value other than NoPadding. + * encoding/json: Marshaling and encoding functionality now + escapes '\b' and '\f' characters as \b and \f instead of \u0008 + and \u000c. + * go/ast: The following declarations related to syntactic + identifier resolution are now deprecated: Ident.Obj, Object, + Scope, File.Scope, File.Unresolved, Importer, Package, + NewPackage. In general, identifiers cannot be accurately + resolved without type information. Consider, for example, the + identifier K in T{K: ""}: it could be the name of a local + variable if T is a map type, or the name of a field if T is a + struct type. New programs should use the go/types package to + resolve identifiers; see Object, Info.Uses, and Info.Defs for + details. + * go/ast: The new ast.Unparen function removes any enclosing + parentheses from an expression. + * go/types: The new Alias type represents type + aliases. Previously, type aliases were not represented + explicitly, so a reference to a type alias was equivalent to + spelling out the aliased type, and the name of the alias was + lost. The new representation retains the intermediate + Alias. This enables improved error reporting (the name of a + type alias can be reported), and allows for better handling of + cyclic type declarations involving type aliases. In a future + release, Alias types will also carry type parameter + information. The new function Unalias returns the actual type + denoted by an Alias type (or any other Type for that matter). + * go/types: Because Alias types may break existing type switches + that do not know to check for them, this functionality is + controlled by a GODEBUG field named gotypesalias. With + gotypesalias=0, everything behaves as before, and Alias types + are never created. With gotypesalias=1, Alias types are created + and clients must expect them. The default is gotypesalias=0. In + a future release, the default will be changed to + gotypesalias=1. Clients of go/types are urged to adjust their + code as soon as possible to work with gotypesalias=1 to + eliminate problems early. + * go/types: The Info struct now exports the FileVersions map + which provides per-file Go version information. + * go/types: The new helper method PkgNameOf returns the local + package name for the given import declaration. + * go/types: The implementation of SizesFor has been adjusted to + compute the same type sizes as the compiler when the compiler + argument for SizesFor is "gc". The default Sizes implementation + used by the type checker is now types.SizesFor("gc", "amd64"). + * go/types: The start position (Pos) of the lexical environment + block (Scope) that represents a function body has changed: it + used to start at the opening curly brace of the function body, + but now starts at the function's func token. + * html/template: Javascript template literals may now contain Go + template actions, and parsing a template containing one will no + longer return ErrJSTemplate. Similarly the GODEBUG setting + jstmpllitinterp no longer has any effect. + * io: The new SectionReader.Outer method returns the ReaderAt, + offset, and size passed to NewSectionReader. + * log/slog: The new SetLogLoggerLevel function controls the level + for the bridge between the `slog` and `log` packages. It sets + the minimum level for calls to the top-level `slog` logging + functions, and it sets the level for calls to `log.Logger` that + go through `slog`. + * math/big: The new method Rat.FloatPrec computes the number of + fractional decimal digits required to represent a rational + number accurately as a floating-point number, and whether + accurate decimal representation is possible in the first place. + * net: When io.Copy copies from a TCPConn to a UnixConn, it will + now use Linux's splice(2) system call if possible, using the + new method TCPConn.WriteTo. + * net: The Go DNS Resolver, used when building with + "-tags=netgo", now searches for a matching name in the Windows + hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, + before making a DNS query. + * net/http: The new functions ServeFileFS, FileServerFS, and + NewFileTransportFS are versions of the existing ServeFile, + FileServer, and NewFileTransport, operating on an fs.FS. + * net/http: The HTTP server and client now reject requests and + responses containing an invalid empty Content-Length + header. The previous behavior may be restored by setting + GODEBUG field httplaxcontentlength=1. + * net/http: The new method Request.PathValue returns path + wildcard values from a request and the new method + Request.SetPathValue sets path wildcard values on a request. + * net/http/cgi: When executing a CGI process, the PATH_INFO + variable is now always set to the empty string or a value + starting with a / character, as required by RFC 3875. It was + previously possible for some combinations of Handler.Root and + request URL to violate this requirement. + * net/netip: The new AddrPort.Compare method compares two + AddrPorts. + * os: On Windows, the Stat function now follows all reparse + points that link to another named entity in the system. It was + previously only following IO_REPARSE_TAG_SYMLINK and + IO_REPARSE_TAG_MOUNT_POINT reparse points. + * os: On Windows, passing O_SYNC to OpenFile now causes write + operations to go directly to disk, equivalent to O_SYNC on Unix + platforms. + * os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and + File.Readdirnames functions now read directory entries in + batches to reduce the number of system calls, improving + performance up to 30%. + * os: When io.Copy copies from a File to a net.UnixConn, it will + now use Linux's sendfile(2) system call if possible, using the + new method File.WriteTo. + * os/exec: On Windows, LookPath now ignores empty entries + in %PATH%, and returns ErrNotFound (instead of ErrNotExist) + if no executable file extension is found to resolve an + otherwise-unambiguous name. + * os/exec: On Windows, Command and Cmd.Start no longer call + LookPath if the path to the executable is already absolute and + has an executable file extension. In addition, Cmd.Start no + longer writes the resolved extension back to the Path field, so + it is now safe to call the String method concurrently with a + call to Start. + * reflect: The Value.IsZero method will now return true for a + floating-point or complex negative zero, and will return true + for a struct value if a blank field (a field named _) somehow + has a non-zero value. These changes make IsZero consistent with + comparing a value to zero using the language == operator. + * reflect: The PtrTo function is deprecated, in favor of + PointerTo. + * reflect: The new function TypeFor returns the Type that + represents the type argument T. Previously, to get the + reflect.Type value for a type, one had to use + reflect.TypeOf((*T)(nil)).Elem(). This may now be written as + reflect.TypeFor[T](). + * runtime/metrics: Four new histogram metrics + /sched/pauses/stopping/gc:seconds, + /sched/pauses/stopping/other:seconds, + /sched/pauses/total/gc:seconds, and + /sched/pauses/total/other:seconds provide additional details + about stop-the-world pauses. The "stopping" metrics report the + time taken from deciding to stop the world until all goroutines + are stopped. The "total" metrics report the time taken from + deciding to stop the world until it is started again. + * runtime/metrics: The /gc/pauses:seconds metric is deprecated, + as it is equivalent to the new /sched/pauses/total/gc:seconds + metric. + * runtime/metrics: /sync/mutex/wait/total:seconds now includes + contention on runtime-internal locks in addition to sync.Mutex + and sync.RWMutex. + * runtime/pprof: Mutex profiles now scale contention by the + number of goroutines blocked on the mutex. This provides a more + accurate representation of the degree to which a mutex is a + bottleneck in a Go program. For instance, if 100 goroutines are + blocked on a mutex for 10 milliseconds, a mutex profile will + now record 1 second of delay instead of 10 milliseconds of + delay. + * runtime/pprof: Mutex profiles also now include contention on + runtime-internal locks in addition to sync.Mutex and + sync.RWMutex. Contention on runtime-internal locks is always + reported at runtime._LostContendedRuntimeLock. A future release + will add complete stack traces in these cases. + * runtime/pprof: CPU profiles on Darwin platforms now contain the + process's memory map, enabling the disassembly view in the + pprof tool. + * runtime/trace: The execution tracer has been completely + overhauled in this release, resolving several long-standing + issues and paving the way for new use-cases for execution + traces. + * runtime/trace: Execution traces now use the operating system's + clock on most platforms (Windows excluded) so it is possible to + correlate them with traces produced by lower-level + components. Execution traces no longer depend on the + reliability of the platform's clock to produce a correct + trace. Execution traces are now partitioned regularly + on-the-fly and as a result may be processed in a streamable + way. Execution traces now contain complete durations for all + system calls. Execution traces now contain information about + the operating system threads that goroutines executed on. The + latency impact of starting and stopping execution traces has + been dramatically reduced. Execution traces may now begin or + end during the garbage collection mark phase. + * runtime/trace: To allow Go developers to take advantage of + these improvements, an experimental trace reading package is + available at golang.org/x/exp/trace. Note that this package + only works on traces produced by programs built with go1.22 at + the moment. Please try out the package and provide feedback on + the corresponding proposal issue. + * runtime/trace: If you experience any issues with the new + execution tracer implementation, you may switch back to the old + implementation by building your Go program with + GOEXPERIMENT=noexectracer2. If you do, please file an issue, + otherwise this option will be removed in a future release. + * slices: The new function Concat concatenates multiple slices. + * slices: Functions that shrink the size of a slice (Delete, + DeleteFunc, Compact, CompactFunc, and Replace) now zero the + elements between the new length and the old length. + * slices: Insert now always panics if the argument i is out of + range. Previously it did not panic in this situation if there + were no elements to be inserted. + * syscall: The syscall package has been frozen since Go 1.4 and + was marked as deprecated in Go 1.11, causing many editors to + warn about any use of the package. However, some non-deprecated + functionality requires use of the syscall package, such as the + os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints + on such code, the syscall package is no longer marked as + deprecated. The package remains frozen to most new + functionality, and new code remains encouraged to use + golang.org/x/sys/unix or golang.org/x/sys/windows where + possible. + * syscall: On Linux, the new SysProcAttr.PidFD field allows + obtaining a PID FD when starting a child process via + StartProcess or os/exec. + * syscall: On Windows, passing O_SYNC to Open now causes write + operations to go directly to disk, equivalent to O_SYNC on Unix + platforms. + * testing/slogtest: The new Run function uses sub-tests to run + test cases, providing finer-grained control. + * Ports: Darwin: On macOS on 64-bit x86 architecture (the + darwin/amd64 port), the Go toolchain now generates + position-independent executables (PIE) by default. Non-PIE + binaries can be generated by specifying the -buildmode=exe + build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), + the Go toolchain already generates PIE by default. go1.22 is + the last release that will run on macOS 10.15 Catalina. Go 1.23 + will require macOS 11 Big Sur or later. + * Ports: Arm: The GOARM environment variable now allows you to + select whether to use software or hardware floating + point. Previously, valid GOARM values were 5, 6, or 7. Now + those same values can be optionally followed by ,softfloat or + ,hardfloat to select the floating-point implementation. This + new option defaults to softfloat for version 5 and hardfloat + for versions 6 and 7. + * Ports: Loong64: The loong64 port now supports passing function + arguments and results using registers. The linux/loong64 port + now supports the address sanitizer, memory sanitizer, new-style + linker relocations, and the plugin build mode. + * OpenBSD go1.22 adds an experimental port to OpenBSD on + big-endian 64-bit PowerPC (openbsd/ppc64). + +------------------------------------------------------------------- +Wed Jan 24 16:35:35 UTC 2024 - Jeff Kowalczyk + +- go1.22rc2 (released 2024-01-24) is a release candidate version of + go1.22 cut from the master branch at the revision tagged + go1.22rc2. + Refs boo#1218424 go1.22 release tracking + +------------------------------------------------------------------- +Tue Dec 19 20:59:26 UTC 2023 - Jeff Kowalczyk + +- go1.22rc1 (released 2023-12-19) is a release candidate version of + go1.22 cut from the master branch at the revision tagged + go1.22rc1. + Refs boo#1218424 go1.22 release tracking + * go1.22 now requires the final point release of go1.20 or later + for bootstrap. Go upstream expects that go1.24 will require the + final point release of Go 1.22 or later for bootstrap. diff --git a/go1.22-openssl.spec b/go1.22-openssl.spec new file mode 100644 index 0000000..9ca3f3e --- /dev/null +++ b/go1.22-openssl.spec @@ -0,0 +1,467 @@ +# +# spec file for package go1.22-openssl +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# Specify Go toolchain version used to bootstrap this package's Go toolchain +# go_bootstrap_version bootstrap go toolchain with specific existing go1.x package +# gcc_go_version bootstrap go toolchain with specific version of gcc-go +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +# Usually ahead of bootstrap version specified by upstream Go +# Use Tumbleweed default gccgo and N-1 go1.x for testing +%define gcc_go_version 13 +%define go_bootstrap_version go1.20 +%else +# Use gccgo and go1.x specified by upstream Go +%define gcc_go_version 11 +%define go_bootstrap_version go1.20 +%endif + +# Bootstrap go toolchain using existing go package go_bootstrap_version +# To bootstrap using gccgo use '--with gccgo' +%bcond_with gccgo + +# gccgo on ppc64le with default PIE enabled fails with: +# error while loading shared libraries: +# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range +# track https://github.com/golang/go/issues/28531 +# linuxppc-dev discussion: +# "PIE binaries are no longer mapped below 4 GiB on ppc64le" +# https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html +%ifarch ppc64le +#!BuildIgnore: gcc-PIE +%endif + +# Build go-race only on platforms where C++14 is supported (SLE-15) +%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000 +%define tsan_arch x86_64 aarch64 s390x ppc64le +%else +# Cannot use {nil} here (ifarch doesn't like it) so just make up a fake +# architecture that no build will ever match. +%define tsan_arch openSUSE_FAKE_ARCH +%endif + +# Go has precompiled versions of LLVM's compiler-rt inside their source code. +# We cannot ship pre-compiled binaries so we have to recompile said source, +# however they vendor specific commits from upstream. This value comes from +# src/runtime/race/README (and we verify that it matches in check). +# +# In order to update the TSAN version, modify _service. See boo#1052528 for +# more details. +%define tsan_commit 51bfeff0e4b0757ff773da6882f4d538996c9b04 + +# go_api is the major version of Go. +# Used by go1.x packages and go metapackage for: +# RPM Provides: golang(API), RPM Requires: and rpm_vercmp +# as well as derived variables such as go_label. +%define go_api 1.22 + +# go_label is the configurable Go toolchain directory name. +# Used for packaging multiple Go toolchains with the same go_api. +# go_label should be defined as go_api with optional suffix, e.g. +# go_api or go_api-foo +%define go_label %{go_api}-openssl + +# shared library support +%if "%{rpm_vercmp %{go_api} 1.5}" > "0" +%if %{with gccgo} +%define with_shared 1 +%else +%ifarch %ix86 %arm x86_64 aarch64 +%define with_shared 1 +%else +%define with_shared 0 +%endif +%endif +%else +%define with_shared 0 +%endif +%ifarch ppc64 +%define with_shared 0 +%endif +# setup go_arch (BSD-like scheme) +%ifarch %ix86 +%define go_arch 386 +%endif +%ifarch x86_64 +%define go_arch amd64 +# set GOAMD64 consistently +%define go_amd64 v1 +%endif +%ifarch aarch64 +%define go_arch arm64 +%endif +%ifarch %arm +%define go_arch arm +%endif +%ifarch ppc64 +%define go_arch ppc64 +%endif +%ifarch ppc64le +%define go_arch ppc64le +%endif +%ifarch s390x +%define go_arch s390x +%endif +%ifarch riscv64 +%define go_arch riscv64 +%endif + +Name: go1.22-openssl +Version: 1.22.7.1 +# Drop our added final dot and digit to define upstream version +%define shortversion 1.22.7 +Release: 0 +Summary: A compiled, garbage-collected, concurrent programming language +License: BSD-3-Clause +Group: Development/Languages/Go +URL: https://go.dev/ +Source: https://go.dev/dl/go%{shortversion}.src.tar.gz +Source1: go-rpmlintrc +Source4: README.SUSE +Source6: go.gdbinit +Source10: go%{version}-openssl.src.tar.gz +# We have to compile TSAN ourselves. boo#1052528 +# Preferred form when all arches share llvm race version +# Source100: llvm-%{tsan_commit}.tar.xz +Source100: llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz +# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115 +Patch7: dont-force-gold-on-arm64.patch +# PATCH-FIX-UPSTREAM marguerite@opensuse.org - find /usr/bin/go-8 when bootstrapping with gcc8-go +Patch8: gcc-go.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +# boostrap +%if %{with gccgo} +BuildRequires: gcc%{gcc_go_version}-go +%else +# no gcc-go +BuildRequires: %{go_bootstrap_version} +%endif +BuildRequires: fdupes +Suggests: %{name}-doc = %{version} +%ifarch %{tsan_arch} +# Needed to compile compiler-rt/TSAN. +BuildRequires: gcc-c++ +%endif +#BNC#818502 debug edit tool of rpm fails on i586 builds +BuildRequires: rpm >= 4.11.1 +Requires(post): update-alternatives +Requires(postun): update-alternatives +Requires: gcc +BuildRequires: libopenssl-devel +Requires: libopenssl-devel +Provides: go = %{version} +Provides: go-devel = go%{version} +Provides: go-devel-static = go%{version} +Provides: golang(API) = %{go_api} +Obsoletes: go-devel < go%{version} +# go-vim/emacs were separate projects starting from 1.4 +Obsoletes: go-emacs <= 1.3.3 +Obsoletes: go-vim <= 1.3.3 +ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64 + +%description +Go is an expressive, concurrent, garbage collected systems programming language +that is type safe and memory safe. It has pointers but no pointer arithmetic. +Go has fast builds, clean syntax, garbage collection, methods for any type, and +run-time reflection. It feels like a dynamic language but has the speed and +safety of a static language. + +%package doc +Summary: Go documentation +Group: Documentation/Other +Provides: go-doc = %{version} + +%description doc +Go examples and documentation. + +%ifarch %{tsan_arch} +# boo#1052528 +%package race +Summary: Go runtime race detector +Group: Development/Languages/Go +URL: https://compiler-rt.llvm.org/ +Requires: %{name} = %{version} +Supplements: %{name} = %{version} +ExclusiveArch: %{tsan_arch} + +%description race +Go runtime race detector libraries. Install this package if you wish to use the +-race option, in order to detect race conditions present in your Go programs. +%endif + +%prep +%ifarch %{tsan_arch} +# compiler-rt (from LLVM) +%setup -q -T -b 100 -n llvm-%{tsan_commit} +%endif + +# go +%setup -q -n go +# Write go version into VERSION file in go source top level directory. +# Needed for go build scripts to operate without assuming .git/ present. +echo -n "go%{version}" > %{_builddir}/go/VERSION +%patch -P 7 -p1 +%if %{with gccgo} +# Currently gcc-go does not manage an update-alternatives entry and will +# never be symlinked as "go", even if gcc-go is the only installed go toolchain. +# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8 +# Substitute defined gcc_go_version into gcc-go.patch +sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch +%patch -P 8 -p1 +%endif + +cp %{SOURCE4} . + +# Apply golang-fips OpenSSL patch set to upstream go1.x sources +%setup -q -D -T -b 10 -n go +# The patchset is comprised of two large primary patches plus accumulated fixes +for file in patches/*.patch; do + if [ -f "$file" ]; then + patch -p1 <"$file" + fi +done + +%build +# Remove the pre-included .sysos, to avoid shipping things we didn't compile +# (which is against the openSUSE guidelines for packaging). +# FIPS: retain boringcrypto .syso for now, not in use case for FIPS mode +# go/src/crypto/internal/boring/nboringcrypto/goboringcrypto_linux_amd64.syso +find . -type f -name '*.syso' ! -name '*boring*.syso' -print -delete +# TODO: Rebuild using +# BuildRequire: boringssl-devel +# GO_LDFLAGS pkg-config(libboringssl1) (spelling TBD) +# boringssl packages are currently present in Factory, not in SLE + +# First, compile LLVM's TSAN, and replace the built-in with it. We can only do +# this for amd64. +%ifarch %{tsan_arch} +TSAN_DIR="../llvm-%{tsan_commit}/compiler-rt/lib/tsan/go" +pushd "$TSAN_DIR" +./buildgo.sh +popd +cp -v "$TSAN_DIR/race_linux_%{go_arch}.syso" src/runtime/race/ +%endif + +# Now, compile Go. +%if %{with gccgo} +export GOROOT_BOOTSTRAP=%{_prefix} +%else +export GOROOT_BOOTSTRAP=%{_libdir}/%{go_bootstrap_version} +%endif +# Ensure ARM arch is set properly - boo#1169832 +%ifarch armv6l armv6hl +export GOARCH=arm +export GOARM=6 +%endif +%ifarch armv7l armv7hl +export GOARCH=arm +export GOARM=7 +%endif +%ifarch x86_64 %{?x86_64} +# use the baseline defined above. Other option is GOAMD64=v3 for x86_64_v3 support +export GOAMD64=%go_amd64 +%endif +export GOROOT="`pwd`" +export GOROOT_FINAL=%{_libdir}/go/%{go_label} +export GOBIN="$GOROOT/bin" +mkdir -p "$GOBIN" +cd src +HOST_EXTRA_CFLAGS="%{optflags} -Wno-error" ./make.bash -v + +cd ../ +%ifarch %{tsan_arch} +# Install TSAN-friendly version of the std libraries. +bin/go install -race std +%endif + +%check +%ifarch %{tsan_arch} +# Make sure that we have the right TSAN checked out. +# As of go1.20, README x86_64 race_linux.syso +# includes path prefix and omits arch in filename e.g. +# internal/amd64v1/race_linux.syso +%ifarch x86_64 %{?x86_64} +grep "^internal/amd64%{go_amd64}/race_linux.syso built with LLVM %{tsan_commit}" src/runtime/race/README +%else +grep "^race_linux_%{go_arch}.syso built with LLVM %{tsan_commit}" src/runtime/race/README +%endif +%endif + +%install +export GOROOT="%{buildroot}%{_libdir}/go/%{go_label}" + +# remove pre-compiled .a package archives no longer used as of go1.20 +# find %{_builddir}/go/pkg -name "*.a" -type f |wc -l +# 259 +# TODO isolate the build step where .a files are created and delete then +find %{_builddir}/go/pkg -name "*.a" -type f -delete + +# locations for third party libraries, see README-openSUSE for info about locations. +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib +install -d $GOROOT/contrib/pkg/linux_%{go_arch} +ln -s %{_libdir}/go/%{go_label}/contrib/pkg/ %{buildroot}%{_datadir}/go/%{go_label}/contrib/pkg +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/cmd +install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/src +ln -s %{_datadir}/go/%{go_label}/contrib/src/ %{buildroot}%{_libdir}/go/%{go_label}/contrib/src +install -Dm644 README.SUSE $GOROOT/contrib/ +ln -s %{_libdir}/go/%{go_label}/contrib/README.SUSE %{buildroot}%{_datadir}/go/%{go_label}/contrib/README.SUSE + +# go.env sets defaults for: GOPROXY GOSUMDB GOTOOLCHAIN +install -Dm644 go.env $GOROOT/ + +# Change go.env GOTOOLCHAIN default to "local" so Go app builds never +# automatically download newer toolchains as specified by go.mod files. +# When GOTOOLCHAIN is set to local, the go command always runs the bundled Go toolchain. +# See https://go.dev/doc/toolchain for details. +# The default behavior "auto": +# a) Assumes network access that is not available in OBS +# b) Downloads third-party toolchain binaries that would be used in build +# Need for "auto" is rare as openSUSE and SUSE ship go1.x versions near their release date. +# The user can override the defaults in ~/.config/go/env. +sed -i "s/GOTOOLCHAIN=auto/GOTOOLCHAIN=local/" $GOROOT/go.env + +# source files for go install, godoc, etc +install -d %{buildroot}%{_datadir}/go/%{go_label} +for ext in *.{go,c,h,s,S,py,syso,bin}; do + find src -name ${ext} -exec install -Dm644 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +done +# executable bash scripts called by go tool, etc +find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# VERSION file referenced by go tool dist and go tool distpack +find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# Trace viewer html and javascript files have moved in recent Go versions +# Prior to go1.19 misc/trace +# go1.19 to go1.21 src/cmd/trace/static +# go1.22 src/internal/trace/traceviewer/static +# Static contains pprof trace viewer html javascript and markdown +install -d %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static +install -Dm644 src/internal/trace/traceviewer/static/* %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static +# pprof viewer html templates are needed for import runtime/pprof +install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html +install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html + +mkdir -p $GOROOT/src +for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do + ln -s /usr/share/go/%{go_label}/src/$i $GOROOT/src/$i +done +# add lib files that are needed (such as the timezone database). +install -d $GOROOT/lib +find lib -type f -exec install -D -m644 {} $GOROOT/{} \; + +# copy document templates, packages, obj libs and command utilities +mkdir -p $GOROOT/bin +# remove bootstrap +rm -rf pkg/bootstrap +mv pkg $GOROOT +mv bin/* $GOROOT/bin +# add wasm (Web Assembly) boo#1139210 +mkdir -p $GOROOT/misc/wasm +mv misc/wasm/* $GOROOT/misc/wasm +rm -f %{buildroot}%{_bindir}/{hgpatch,quietgcc} + +# gdbinit +install -Dm644 %{SOURCE6} $GOROOT/bin/gdbinit.d/go.gdb +%if "%{_lib}" == "lib64" +sed -i "s/lib/lib64/" $GOROOT/bin/gdbinit.d/go.gdb +sed -i "s/\$go_label/%{go_label}/" $GOROOT/bin/gdbinit.d/go.gdb +%endif + +# update-alternatives +mkdir -p %{buildroot}%{_sysconfdir}/alternatives +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sysconfdir}/profile.d +mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d +touch %{buildroot}%{_sysconfdir}/alternatives/{go,gofmt,go.gdb} +ln -sf %{_sysconfdir}/alternatives/go %{buildroot}%{_bindir}/go +ln -sf %{_sysconfdir}/alternatives/gofmt %{buildroot}%{_bindir}/gofmt +ln -sf %{_sysconfdir}/alternatives/go.gdb %{buildroot}%{_sysconfdir}/gdbinit.d/go.gdb + +# documentation and examples +# fix documetation permissions (rpmlint warning) +find doc/ misc/ -type f -exec chmod 0644 '{}' + +# remove unwanted arch-dependant binaries (rpmlint warning) +rm -rf misc/cgo/test/{_*,*.o,*.out,*.6,*.8} +# prepare go-doc +mkdir -p %{buildroot}%{_docdir}/go/%{go_label} +cp -r CONTRIBUTING.md LICENSE PATENTS README.md README.OpenSSL README.SUSE %{buildroot}%{_docdir}/go/%{go_label} +cp -r doc/* %{buildroot}%{_docdir}/go/%{go_label} + +%fdupes -s %{buildroot}%{_prefix} + +%post + +update-alternatives \ + --install %{_bindir}/go go %{_libdir}/go/%{go_label}/bin/go $((21+$(echo %{go_label} | cut -d. -f2))) \ + --slave %{_bindir}/gofmt gofmt %{_libdir}/go/%{go_label}/bin/gofmt \ + --slave %{_sysconfdir}/gdbinit.d/go.gdb go.gdb %{_libdir}/go/%{go_label}/bin/gdbinit.d/go.gdb + +%postun +if [ $1 -eq 0 ] ; then + update-alternatives --remove go %{_libdir}/go/%{go_label}/bin/go +fi + +%files +%{_bindir}/go +%{_bindir}/gofmt +%dir %{_libdir}/go +%{_libdir}/go/%{go_label} +%dir %{_datadir}/go +%{_datadir}/go/%{go_label} +%dir %{_sysconfdir}/gdbinit.d/ +%config %{_sysconfdir}/gdbinit.d/go.gdb +%ghost %{_sysconfdir}/alternatives/go +%ghost %{_sysconfdir}/alternatives/gofmt +%ghost %{_sysconfdir}/alternatives/go.gdb +%dir %{_docdir}/go +%dir %{_docdir}/go/%{go_label} +%doc %{_docdir}/go/%{go_label}/CONTRIBUTING.md +%doc %{_docdir}/go/%{go_label}/PATENTS +%doc %{_docdir}/go/%{go_label}/README.md +%doc %{_docdir}/go/%{go_label}/README.SUSE +%doc %{_docdir}/go/%{go_label}/README.OpenSSL +%if 0%{?suse_version} < 1500 +%doc %{_docdir}/go/%{go_label}/LICENSE +%else +%license %{_docdir}/go/%{go_label}/LICENSE +%endif + +# We don't include TSAN in the main Go package. +%ifarch %{tsan_arch} +%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso +%endif + +# We don't include libstd.so in the main Go package. +%if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed +# ./go/1.22/pkg/linux_amd64_dynlink/libstd.so +%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so +%endif +%endif + +%files doc +# SLE-12 SP5 rpm macro environment does not work with single glob {*.html,godebug.md} +%doc %{_docdir}/go/%{go_label}/*.html +%doc %{_docdir}/go/%{go_label}/godebug.md + +%ifarch %{tsan_arch} +%files race +%{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso +%endif + +%changelog diff --git a/go1.22.7.1-openssl.src.tar.gz b/go1.22.7.1-openssl.src.tar.gz new file mode 100644 index 0000000..554a1bf --- /dev/null +++ b/go1.22.7.1-openssl.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0f9ffb50ebe808b2d7ab07d5f5260563488e39ca1f1dd1290d2084e0c3513daa +size 107337 diff --git a/go1.22.7.src.tar.gz b/go1.22.7.src.tar.gz new file mode 100644 index 0000000..a4216a5 --- /dev/null +++ b/go1.22.7.src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:66432d87d85e0cfac3edffe637d5930fc4ddf5793313fe11e4a0f333023c879f +size 27562038 diff --git a/llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz b/llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz new file mode 100644 index 0000000..b6894ae --- /dev/null +++ b/llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2ed5dce5ab08d6df9fa0951df56b5d387d2f9f1f4bc642255f7ece9c7071ac72 +size 2455948