pool/go1.15
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
go1.15/go1.15.changes

382 lines
21 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Mon Apr 15 18:00:45 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
- Add reproducible.patch to avoid build-time race (boo#1102408)
-------------------------------------------------------------------
Tue Feb 27 11:32:23 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Thu Aug 5 21:03:30 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.15 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler,
the runtime, the go command, and the net/http package.
CVE-2021-36221
Refs boo#1175132 go1.15 release tracking
* boo#1189162 go#46866 CVE-2021-36221
* go#47473 net/http: panic due to racy read of persistConn after handler panic
* go#47347 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
* go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
* go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
* go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
-------------------------------------------------------------------
Thu Aug 5 20:51:24 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Drop patch to fix crashes on PowerPC with kernel >= 5.13, fixed
in next upstream release:
* drop fix-crash-on-ppc64le.patch
-------------------------------------------------------------------
Sun Jul 25 14:50:13 UTC 2021 - Hillwood Yang <hillwood@opensuse.org>
- Fix go#46803 boo#1188906, add fix-crash-on-ppc64le.patch
-------------------------------------------------------------------
Mon Jul 12 23:51:55 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.14 (released 2021-07-12) includes a security fix to the
crypto/tls package, as well as bug fixes to the linker, and the
net package.
CVE-2021-34558
Refs boo#1175132 go1.15 release tracking
* boo#1188229 go#47143 CVE-2021-34558
* go#47144 security: fix CVE-2021-34558
* go#47012 net: LookupMX behaviour broken
* go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing
* go#46656 runtime: deeply nested struct initialized with non-zero values
-------------------------------------------------------------------
Thu Jun 10 17:31:11 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Fix extraneous trailing percent character %endif% in spec file.
-------------------------------------------------------------------
Thu Jun 3 22:46:45 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.13 (released 2021-06-03) includes security fixes to the
archive/zip, math/big, net, and net/http/httputil packages, as
well as bug fixes to the linker, the go command, and the math/big
and net/http packages.
CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
Refs boo#1175132 go1.15 release tracking
* boo#1187443 go#46241 CVE-2021-33195
* go#46356 net: Lookup functions may return invalid host names
* go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
* boo#1186622 go#46242 CVE-2021-33196
* go#46396 archive/zip: malformed archive may cause panic or memory exhaustion
* boo#1187444 go#46313 CVE-2021-33197
* go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
* boo#1187445 go#45910 CVE-2021-33198
* go#46305 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
* go#46143 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
* go#46127 cmd/link: internal error when externally linking very large binaries
* go#46002 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
* go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128
-------------------------------------------------------------------
Fri May 7 16:28:32 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.12 (released 2021-05-06) includes a security fix to the
net/http package, as well as bug fixes to the runtime and the
time package.
CVE-2021-31525
Refs boo#1175132 go1.15 release tracking
* boo#1185790 CVE-2021-31525
* go#45711 net/http: ReadRequest can stack overflow
* go#45731 time, runtime: scheduled timer may never fire if GOMAXPROCS is reduced
* go#45481 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
* go#45384 time: Europe/Dublin timezone handling broken with embedded timezone database
-------------------------------------------------------------------
Fri Apr 2 12:26:15 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.11 (released 2021-04-01) includes fixes to cgo, the
compiler, linker, runtime, the go command, and the database/sql
and net/http packages.
Refs boo#1175132 go1.15 release tracking
* go#45302 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
* go#45239 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45187 Strange behaviour with loops
* go#45076 net/http: transport caches permanently broken persistent connections if write error happens during h2 handshake
* go#44872 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
* go#44748 cmd/link: fail to build when using time/tzdata on ARM
* go#43592 cmd/link: "x86_64-w64-mingw32/bin/ld.exe: Error: export ordinal too large" after upgrading to Go 1.15
* go#43591 cmd/link: -buildmode=c-shared exports many functions, not just //export functions
* go#42884 database/sql: deadlock on transaction stmt context cancel
-------------------------------------------------------------------
Fri Mar 12 01:27:53 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.10 (released 2021-03-11) includes fixes to the compiler,
the go command, and the net/http, os, syscall, and time packages.
Refs boo#1175132 go1.15 release tracking
* go#44792 cmd/go: mod tidy should ignore missing standard library packages
* go#44658 runtime: marked free object in span
* go#44617 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44592 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44294 net/http: ServeContent()/ServeFile() doesn't return expected response when WriteTimeout happens
* go#44273 os: copy_file_range system call fails on some file systems
* go#42935 net/http: Transport race condition by Content-Length == 0 response
* go#42930 cmd/compile: miscompilation of some arithmetic and conditionals on arm
-------------------------------------------------------------------
Wed Mar 10 17:33:27 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.9 (released 2021-03-10) includes security fixes to the
encoding/xml package.
CVE-2021-27918
Refs boo#1175132 go1.15 release tracking
* boo#1183333 CVE-2021-27918
* go#44914 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`
-------------------------------------------------------------------
Fri Feb 5 02:41:52 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.8 (released 2021-02-04) includes fixes to the compiler,
linker, runtime, the go command, and the net/http package.
Refs boo#1175132 go1.15 release tracking
* go#43861 cmd/go: TestScript/get_update_unknown_protocol test fails
* go#43860 cmd/go: handle space in path to C compiler
* go#43833 runtime: SIGSEGV in runtime.deltimer on linux-mips-rtrk during ReadMemStats
* go#43797 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged
* go#43793 internal/execabs: disable tests on js-wasm
* go#43575 cmd/compile: 32-bit random data corruption
* go#43406 x/mobile/cmd/gomobile: gomobile build on simple program returns "ld: error: duplicate symbol: x_cgo_inittls"
* go#43214 cmd/link: panic: runtime error: slice bounds out of range [::1751306] with length 1048576
* go#42539 net/http: race in http2Transport
* go#42384 cmd/link: PE linker segfaults in addpersrc when cross-compiling
-------------------------------------------------------------------
Tue Jan 19 23:21:26 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.7 (released 2021-01-19) includes security fixes to the
go command and crypto/elliptic package.
CVE-2021-3114 CVE-2021-3115
Refs boo#1175132 go1.15 release tracking
* boo#1181145 CVE-2021-3114
* go#43788 crypto/elliptic: incorrect operations on the P-224 curve
* boo#1181146 CVE-2021-3115
* go#43785 cmd/go: packages using cgo can cause arbitrary code execution on Windows
-------------------------------------------------------------------
Thu Dec 3 22:31:19 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.6 (released 2020-12-03) includes fixes to the compiler,
linker, runtime, the go command, and the io package.
Refs boo#1175132 go1.15 release tracking
* go#42948 cmd/link: unexpected bindingNone in '_go.buildid'
* go#42753 cmd/compile: ICE due to bad ORL constant
* go#42636 runtime: infinite loop in lockextra on linux/amd64
* go#42567 cmd/go: allow flags in CGO_LDFLAGS environment variable not in security allowlist
* go#42550 io: Copy leaves file zero bytes in Azure AKS with CIFS - Go1.15 regression
* go#42521 cmd/link: debug_line can contain multiple entries for the same PC address in Go 1.15.4
* go#42369 internal/poll: CopyFileRange returns EIO on CentOS 7 ( Linux Kernel 3.10.0-1127) when io.Copy in mounted CIFS
-------------------------------------------------------------------
Thu Nov 12 21:10:05 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.5 (released 2020-11-12) includes security fixes to the
cmd/go and math/big packages.
CVE-2020-28362 CVE-2020-28367 CVE-2020-28366
Refs boo#1175132 go1.15 release tracking
* boo#1178750 CVE-2020-28362
* go#42554 math/big: panic during recursive division of very large numbers
* boo#1178752 CVE-2020-28367
* go#42562 cmd/go: arbitrary code can be injected into cgo generated files
* boo#1178753 CVE-2020-28366
* go#42558 cmd/go: improper validation of cgo flags can lead to remote code execution at build time
-------------------------------------------------------------------
Fri Nov 6 14:50:07 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.4 (released 2020-11-05) includes fixes to cgo, the
compiler, linker, runtime, and the compress/flate, net/http,
reflect, and time packages.
Refs boo#1175132 go1.15 release tracking
* go#42169 cmd/compile, runtime, reflect: pointers to go:notinheap types must be stored indirectly in interfaces
* go#42151 cmd/cgo: opaque struct pointers are broken since Go 1.15.3
* go#42138 time: Location interprets wrong timezone (DST) with slim zoneinfo
* go#42113 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly
* go#41914 net/http: request.Clone doesn't deep copy TransferEncoding
* go#41704 runtime: macOS syscall.Exec can get SIGILL due to preemption signal
* go#41463 compress/flate: deflatefast produces corrupted output
* go#41387 x/net/http2: connection-level flow control not returned if stream errors, causes server hang
* go#40974 cmd/link: sectionForAddress(0xA9D67F) address not in any section file
-------------------------------------------------------------------
Thu Oct 15 02:42:36 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.3 (released 2020-10-14) includes fixes to cgo, the
compiler, runtime, the go command, and the bytes, plugin, and
testing packages.
Refs boo#1175132 go1.15 release tracking
* go#41871 cmd/cgo: support other GOARCH values in 1.15
* go#41797 runtime: memory corruption from stack-allocated defer on 32-bit
* go#41720 cmd/compile: invalid instruction: MOVL $11553462026240, AX
* go#41620 memory corruption on linux/386 with float32 arithmetic, GO386=387, buildmode pie/c-archive
* go#41595 internal/bytealg: SIGILL on s390x [1.15 backport] CherryPickApproved
* go#41543 cmd/compile: 1.15 heap allocations regression when calling Write on os.Stdout
* go#41464 cmd/go: breakage with go version command and GOFLAGS environment variable
* go#41453 cmd/addr2line: TestAddr2Line fails with double / in $GOROOT_FINAL
* go#41432 cmd/cgo: jmethodID/jfieldID is not mapped to uintptr if building with the Android NDK
* go#41317 runtime: "fatal error: unexpected signal during runtime execution" on windows-amd64-longtest builder of Go 1.15.2 commit
* go#40881 testing: summary and test output interleaved
* go#40742 runtime: pcdata is -2 and 12 locals stack map entries error on nil pointer
* go#40693 plugin: program on linux/s390x sometimes hangs after calling "plugin.Open"
* go#40643 runtime: race between stack shrinking and channel send/recv leads to bad sudog values
-------------------------------------------------------------------
Thu Sep 09 22:51:08 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.2 (released 2020-09-09) includes fixes to the compiler,
runtime, documentation, the go command, and the net/mail, os,
sync, and testing packages.
Refs boo#1175132 go1.15 release tracking
* go#41193 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test
* go#41178 doc: include fix for #34437 in Go 1.14 release notes
* go#41034 testing: Cleanup races with Logf and Errorf
* go#41011 sync: sync.Map keys will never be garbage collected
* go#40934 runtime: checkptr incorrectly -race flagging when using &^ arithmetic
* go#40900 internal/poll: CopyFileRange returns EPERM on CircleCI Docker Host running 4.10.0-40-generic
* go#40868 cmd/compile: R12 can be clobbered for write barrier call on PPC64
* go#40849 testing: "=== PAUSE" lines do not change the test name for the next log line
* go#40845 runtime: Panic if newstack at runtime.acquireLockRank
* go#40805 cmd/test2json: tests that panic are marked as passing
* go#40804 net/mail: change in behavior of ParseAddressList("") in 1.15
* go#40802 cmd/go: in 1.15: change in "go test" argument parsing
* go#40798 cmd/compile: inline marker targets not reachable after assembly on arm
* go#40772 cmd/compile: compiler crashes in ssa: isNonNegative bad type
* go#40767 cmd/compile: inline marker targets not reachable after assembly on ppc64x
* go#40739 internal/poll: CopyFileRange returns ENOTSUP on Linux 3.10.0 kernel on NFS mount
* go#40412 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment
- Add missing '?' before 'suse_version' test by Xia Lei <emricg2@gmail.com>
-------------------------------------------------------------------
Fri Sep 4 14:51:12 UTC 2020 - Marcus Meissner <meissner@suse.com>
- replace binutils-gold requires by recommends for aarch64 on SLE. (bsc#1170826)
-------------------------------------------------------------------
Tue Sep 1 17:01:46 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15.1 (released 2020-09-01) includes security fixes to the
net/http/cgi and net/http/fcgi packages.
CVE-2020-24553
Refs boo#1175132 go1.15 release tracking
* boo#1176031 CVE-2020-24553
* go#41165 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
-------------------------------------------------------------------
Wed Aug 11 23:53:56 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15 (released 2020-08-11) Go 1.15 is a major release of Go.
go1.15.x minor releases will be provided through August 2021.
https://github.com/golang/go/wiki/Go-Release-Cycle
Most changes are in the implementation of the toolchain, runtime,
and libraries. As always, the release maintains the Go 1 promise
of compatibility. We expect almost all Go programs to continue to
compile and run as before.
Refs boo#1175132 go1.15 release tracking
* See release notes https://golang.org/doc/go1.15. Excerpts
relevant to OBS environment and for SUSE/openSUSE follow:
* Module support in the go command is ready for production use,
and we encourage all users to migrate to Go modules for
dependency management.
* Module cache: The location of the module cache may now be set
with the GOMODCACHE environment variable. The default value of
GOMODCACHE is GOPATH[0]/pkg/mod, the location of the module
cache before this change.
* Compiler flag parsing: Various flag parsing issues in go test
and go vet have been fixed. Notably, flags specified in
GOFLAGS are handled more consistently, and the -outputdir flag
now interprets relative paths relative to the working
directory of the go command (rather than the working directory
of each individual test).
* The GOPROXY environment variable now supports skipping proxies
that return errors. Proxy URLs may now be separated with
either commas (,) or pipe characters (|). If a proxy URL is
followed by a comma, the go command will only try the next
proxy in the list after a 404 or 410 HTTP response. If a proxy
URL is followed by a pipe character, the go command will try
the next proxy in the list after any error. Note that the
default value of GOPROXY remains
https://proxy.golang.org,direct, which does not fall back to
direct in case of errors.
* On a Unix system, if the kill command or kill system call is
used to send a SIGSEGV, SIGBUS, or SIGFPE signal to a Go
program, and if the signal is not being handled via
os/signal.Notify, the Go program will now reliably crash with
a stack trace. In earlier releases the behavior was
unpredictable.
* Allocation of small objects now performs much better at high
core counts, and has lower worst-case latency.
* Go 1.15 reduces typical binary sizes by around 5% compared to
Go 1.14 by eliminating certain types of GC metadata and more
aggressively eliminating unused type metadata.
* The toolchain now mitigates Intel CPU erratum SKX102 on
GOARCH=amd64 by aligning functions to 32 byte boundaries and
padding jump instructions. While this padding increases binary
sizes, this is more than made up for by the binary size
improvements mentioned above.
* Go 1.15 adds a -spectre flag to both the compiler and the
assembler, to allow enabling Spectre mitigations. These should
almost never be needed and are provided mainly as a "defense
in depth" mechanism. See the Spectre Go wiki page for details.
* The compiler now rejects //go: compiler directives that have
no meaning for the declaration they are applied to with a
"misplaced compiler directive" error. Such misapplied
directives were broken before, but were silently ignored by
the compiler.
* Substantial improvements to the Go linker, which reduce linker
resource usage (both time and memory) and improve code
robustness/maintainability. Linking is 20% faster and requires
30% less memory on average. These changes are part of a
multi-release project to modernize the Go linker, meaning that
there will be additional linker improvements expected in
future releases.
* The linker now defaults to internal linking mode for
-buildmode=pie on linux/amd64 and linux/arm64, so these
configurations no longer require a C linker.
* There has been progress in improving the stability and
performance of the 64-bit RISC-V port on Linux (GOOS=linux,
GOARCH=riscv64). It also now supports asynchronous preemption.
* crypto/x509: The deprecated, legacy behavior of treating the
CommonName field on X.509 certificates as a host name when no
Subject Alternative Names are present is now disabled by
default. It can be temporarily re-enabled by adding the value
x509ignoreCN=0 to the GODEBUG environment variable. Note that
if the CommonName is an invalid host name, it's always
ignored, regardless of GODEBUG settings. Invalid names include
those with any characters other than letters, digits, hyphens
and underscores, and those with empty labels or trailing dots.
* crypto/x509: go1.15 applications with an AWS DB instance that
was created or updated to the rds-ca-2019 certificate prior to
July 28, 2020, you must update the certificate again. If you
created your DB instance or updated its certificate after July
28, 2020, no action is required. For more information, see
go#39568
-------------------------------------------------------------------
Fri Aug 7 23:30:11 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15rc2 (released 2020-08-07) is a release candidate of go1.15
cut from the master branch at the revision tagged go1.15rc2.
-------------------------------------------------------------------
Fri Jul 24 21:15:52 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15rc1 (released 2020-07-24) is a release candidate of go1.15
cut from the master branch at the revision tagged go1.15rc1.
-------------------------------------------------------------------
Fri Jun 12 16:21:05 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.15beta1 (released 2020-06-11) is a beta version of go1.15 cut
from the master branch at the revision tagged go1.15beta1.
Reference in New Issue View Git Blame Copy Permalink