- Add subpackage go1.x-libstd for compiled shared object libstd.so
only on Tumbleweed at this time.
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
using go1.x package (%bcond_without gccgo). This is no longer
needed on current SLE-12:Update and removing will consolidate
the build configurations used.
* Change source URLs to go.dev as per Go upstream
OBS-URL: https://build.opensuse.org/request/show/1079830
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=43
- go1.16.15 (released 2022-03-03) includes a security fix to the
regexp/syntax package, as well as bug fixes to the compiler,
runtime, the go command, and to the net package
Refs boo#1182345 go1.16 release tracking
CVE-2022-24921
* boo#1196732 go#51112 CVE-2022-24921
* go#51117 regexp: stack overflow (process exit) handling deeply nested regexp
* go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
* go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
* go#51161 net: use EDNS to increase DNS packet size [freeze exception]
* go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
OBS-URL: https://build.opensuse.org/request/show/959305
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=27
- go1.16.14 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, net/http/httptest, and testing
packages.
Refs boo#1182345 go1.16 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50686 cmd/go: do not treat branches with semantic-version names as releases
* go#50866 cmd/compile: incorrect use of CMN on arm64
* go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
* go#50811 cmd/go: remove bitbucket VCS probing
* go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50645 testing: surprising interaction of subtests with TempDir
* go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package
OBS-URL: https://build.opensuse.org/request/show/953822
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=25
- go1.16.13 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the net/http package.
Refs boo#1182345 go1.16 release tracking
* go#50449 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#50296 cmd/link: does not set section type of .init_array correctly
* go#50194 runtime/race: building for iOS, but linking in object file built for macOS
* go#50072 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49923 cmd/link: support more load commands on Mach-O
* go#49412 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48115 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14
OBS-URL: https://build.opensuse.org/request/show/944559
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=24
- go1.16.11 (released 2021-12-02) includes fixes to the compiler,
runtime, and the net/http, net/http/httptest, and time packages.
Refs boo#1182345 go1.16 release tracking
* go#49910 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49908 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49904 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49867 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49851 net/http/httptest: Close does not wait for the underlying Server's ConnState callbacks to complete
* go#49728 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49661 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49623 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49567 net/http: server responds with Transfer-Encoding: identity
* go#49560 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49558 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49406 time: ParseInLocation error
* go#49391 cmd/compile: internal compiler error: Expand calls interface data problem
OBS-URL: https://build.opensuse.org/request/show/935319
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=22
- go1.16.10 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the misc/wasm directory, and to the
net/http package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48991 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48251 archive/zip: Reader.Open panics on empty string
* go#49153 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49076 x/net/http2: backport critical fixes
* go#49009 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48822 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48649 x/net/http2: pool deadlock
* go#48478 cmd/compile: 64 bits shifts on arm get wrong results
* go#48474 cmd/compile: incorrect arm/arm64 simplification rules
OBS-URL: https://build.opensuse.org/request/show/929547
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=21
- go1.16.9 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
runtime and to the text/template package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48799 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48443 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#47858 time: timer reset sometimes ignored, causing delayed ticks
OBS-URL: https://build.opensuse.org/request/show/924123
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=20
- go1.16.8 (released 2021-09-09) includes a security fix to the
archive/zip package, as well as bug fixes to the archive/zip,
go/internal/gccgoimporter, html/template, net/http, and
runtime/pprof packages.
Refs boo#1182345 go1.16 release tracking
CVE-2021-39293
* boo#1190589 go#47801 CVE-2021-39293
* go#47985 archive/zip: overflow in preallocation check can cause OOM panic
* go#47691 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
* go#47675 runtime/pprof: apparent deadlock in TestGoroutineSwitch on linux-armv6l
* go#47610 go/internal/gccgoimporter: TestInstallationImporter broken with tip gccgo
* go#47535 net/http: TestCancelRequestWhenSharingConnection can cause port exhaustion
* go#47042 html/template: data race with concurrent ExecuteTemplate calls
- Add bash scripts used by go tool commands to provide a more
complete cross-compiling go toolchain install.
* Fixes "go tool dist list" error "all.bash does not exist"
OBS-URL: https://build.opensuse.org/request/show/919685
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=18
- go1.16.7 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler,
the linker, the runtime, the go command, and the net/http
package.
CVE-2021-36221
Refs boo#1182345 go1.16 release tracking
* boo#1189162 go#46866 CVE-2021-36221
* go#47474 net/http: panic due to racy read of persistConn after handler panic
* go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
* go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
* go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
* go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
* go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
* go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
* go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package
OBS-URL: https://build.opensuse.org/request/show/910389
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=17
- go1.16.6 (released 2021-07-12) includes a security fix to the
crypto/tls package, as well as bug fixes to the compiler, and the
net and net/http packages.
CVE-2021-34558
Refs boo#1182345 go1.16 release tracking
* boo#1188229 go#47143 CVE-2021-34558
* go#47145 security: fix CVE-2021-34558
* go#46999 net: LookupMX behaviour broken
* go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46657 runtime: deeply nested struct initialized with non-zero values
* go#44984 net/http: server not setting Content-Length in certain cases
OBS-URL: https://build.opensuse.org/request/show/905962
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=15
- go1.16.5 (released 2021-06-03) includes security fixes to the
archive/zip, math/big, net, and net/http/httputil packages, as
well as bug fixes to the linker, the go command, and the net/http
package.
CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
Refs boo#1182345 go1.16 release tracking
* boo#1187443 go#46241 CVE-2021-33195
* go#46357 net: Lookup functions may return invalid host names
* go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
* boo#1186622 go#46242 CVE-2021-33196
* go#46397 archive/zip: malformed archive may cause panic or memory exhaustion
* boo#1187444 go#46313 CVE-2021-33197
* go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
* boo#1187445 go#45910 CVE-2021-33198
* go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
* go#46214 cmd/go: make go mod download with no arguments leave go.sum alone
* go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
* go#46128 cmd/link: internal error when externally linking very large binaries
* go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
* go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le
OBS-URL: https://build.opensuse.org/request/show/900520
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=12
- go1.16.4 (released 2021-05-06) includes a security fix to the
net/http package, as well as bug fixes to the runtime, the
compiler, and the archive/zip, time, and syscall packages.
CVE-2021-31525
Refs boo#1182345 go1.16 release tracking
* boo#1185790 CVE-2021-31525
* go#45712 net/http: ReadRequest can stack overflow
* go#45636 cmd/compile: internal compiler error: Invalid PPC64 rotate mask
* go#45482 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
* go#45385 time: Europe/Dublin timezone handling broken with embedded timezone database
* go#45347 archive/zip: duplicate entries in FS interface
* go#45307 os/signal: timeout in TestAllThreadsSyscallSignals
OBS-URL: https://build.opensuse.org/request/show/891377
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=10
- go1.16.3 (released 2021-04-01) includes fixes to the compiler,
linker, runtime, the go command, and the testing and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#45303 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
* go#45253 cmd/compile: fix long RMW bit operations on AMD64
* go#45240 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45192 Strange behaviour with loops
* go#45030 cmd/link: go 1.16 plugin does not initialize global variables correctly when not used directly
* go#44888 testing: Helper line number has changed in 1.16
* go#44885 cmd/go: import paths ending with '+' are rejected (affects executable like g++ or clang++)
* go#44869 time, runtime: zero duration timer takes 2 minutes to fire
* go#44860 cmd/go: documentation at golang.org for cmd/go has confusing formatting
* go#44812 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
* go#44640 cmd/link: fail to build when using time/tzdata on ARM
OBS-URL: https://build.opensuse.org/request/show/882731
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=8
- go1.16.2 (released 2021-03-11) includes fixes to cgo, the
compiler, linker, the go command, and the syscall and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#44793 cmd/go: mod tidy should ignore missing standard library packages
* go#44746 cmd/go: improve error message when outside a module from "working directory is not part of a module"
* go#44676 cmd/go: warning message when getting a retracted module version is missing a trailing newline
* go#44659 runtime: marked free object in span
* go#44647 cmd/go: "malformed import path" in Go 1.16 for packages with path elements containing a leading dot
* go#44638 cmd/link: runtime crash, unexpected fault address 0xffffffffffffffff, h2_bundle.go, when using plugin
* go#44618 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44593 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44498 cmd/go: 'go mod edit -exclude' erroneously rejects '+incompatible' versions
* go#44496 cmd/go: malformed module path with retract v2+
* go#44464 cmd/compile: ICE on deferred call to syscall.LazyDLL.Call
* go#44462 x/tools/go/analysis, syscall: ptrace redeclared in this block
* go#44433 cmd/compile: Compiler regression in Go 1.16 - internal compiler error: child dcl collision on symbol
* go#44402 doc: Broken image in readme
* go#44358 cmd/compile: internal compiler error: Value live at entry. It shouldn't be.
* go#44346 runtime/cgo: cannot build with -Wsign-compare
OBS-URL: https://build.opensuse.org/request/show/878434
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=6
- go1.16.1 (released 2021-03-10) includes security fixes to the
encoding/xml and archive/zip packages.
CVE-2021-27918 CVE-2021-27919
Refs boo#1182345 go1.16 release tracking
* boo#1183333 CVE-2021-27918
* go#44915 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`
* boo#1183334 CVE-2021-27919
* go#44917 archive/zip: can panic when calling Reader.Open
OBS-URL: https://build.opensuse.org/request/show/878218
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.16?expand=0&rev=5
