- Add subpackage go1.x-libstd for compiled shared object libstd.so.
only on Tumbleweed at this time.
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
using go1.x package (%bcond_without gccgo). This is no longer
needed on current SLE-12:Update and removing will consolidate
the build configurations used.
* Change source URLs to go.dev as per Go upstream (forwarded request 1079832 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1079833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=22
- Add subpackage go1.x-libstd for compiled shared object libstd.so.
only on Tumbleweed at this time.
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
using go1.x package (%bcond_without gccgo). This is no longer
needed on current SLE-12:Update and removing will consolidate
the build configurations used.
* Change source URLs to go.dev as per Go upstream
OBS-URL: https://build.opensuse.org/request/show/1079832
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=41
- go1.17.13 (released 2022-08-01) includes security fixes to the
encoding/gob and math/big packages, as well as bug fixes to the
compiler and the runtime.
Refs boo#1190649 go1.17 release tracking
CVE-2022-32189
* boo#1202035 CVE-2022-32189 go#53871
* go#54094 math/big: index out of range in Float.GobDecode
* go#53846 runtime: modified timer results in extreme cpu load
* go#53617 cmd/compile: condition in for loop body is incorrectly optimised away
* go#53111 runtime: gentraceback() dead loop on arm64 casued the process hang
* go#52960 cmd/compile: miscompilation in pointer operations (forwarded request 992075 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/992079
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=18
- go1.17.13 (released 2022-08-01) includes security fixes to the
encoding/gob and math/big packages, as well as bug fixes to the
compiler and the runtime.
Refs boo#1190649 go1.17 release tracking
CVE-2022-32189
* boo#1202035 CVE-2022-32189 go#53871
* go#54094 math/big: index out of range in Float.GobDecode
* go#53846 runtime: modified timer results in extreme cpu load
* go#53617 cmd/compile: condition in for loop body is incorrectly optimised away
* go#53111 runtime: gentraceback() dead loop on arm64 casued the process hang
* go#52960 cmd/compile: miscompilation in pointer operations
OBS-URL: https://build.opensuse.org/request/show/992075
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=31
- go1.17.12 (released 2022-07-12) includes security fixes to the
compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
net/http, and path/filepath packages, as well as bug fixes to the
compiler, the go command, the runtime, and the runtime/metrics
package.
Refs boo#1190649 go1.17 release tracking
CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962 (forwarded request 988806 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/988808
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=17
- go1.17.12 (released 2022-07-12) includes security fixes to the
compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
net/http, and path/filepath packages, as well as bug fixes to the
compiler, the go command, the runtime, and the runtime/metrics
package.
Refs boo#1190649 go1.17 release tracking
CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962
OBS-URL: https://build.opensuse.org/request/show/988806
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=29
- go1.17.11 (released 2022-06-01) includes security fixes to the
crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
well as bug fixes to the crypto/tls package.
Refs boo#1190649 go1.17 release tracking
CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
* boo#1200134 go#52561 CVE-2022-30634
* go#52932 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
* boo#1200135 go#52814 CVE-2022-30629
* go#52832 crypto/tls: randomly generate ticket_age_add
* boo#1200136 go#52574 CVE-2022-30580
* go#53056 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
* boo#1200137 go#52476 CVE-2022-29804
* go#52478 path/filepath: Clean(.\c:) returns c: on Windows
* go#52790 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
* go#52826 runtime: TestGcSys is still flaky
* go#53042 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
* go#53049 runtime: TestGdbBacktrace failures due to GDB "internal-error: wait returned unexpected status 0x0"
* go#53114 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11 (forwarded request 980417 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/980419
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=16
- go1.17.11 (released 2022-06-01) includes security fixes to the
crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
well as bug fixes to the crypto/tls package.
Refs boo#1190649 go1.17 release tracking
CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
* boo#1200134 go#52561 CVE-2022-30634
* go#52932 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
* boo#1200135 go#52814 CVE-2022-30629
* go#52832 crypto/tls: randomly generate ticket_age_add
* boo#1200136 go#52574 CVE-2022-30580
* go#53056 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
* boo#1200137 go#52476 CVE-2022-29804
* go#52478 path/filepath: Clean(.\c:) returns c: on Windows
* go#52790 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
* go#52826 runtime: TestGcSys is still flaky
* go#53042 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
* go#53049 runtime: TestGdbBacktrace failures due to GDB "internal-error: wait returned unexpected status 0x0"
* go#53114 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11
OBS-URL: https://build.opensuse.org/request/show/980417
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=27
- go1.17.10 (released 2022-05-10) includes security fixes to the
syscall package, as well as bug fixes to the compiler, runtime,
and the crypto/x509 and net/http/httptest packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-29526
* boo#1199413 go#52313 CVE-2022-29526
* go#52439 syscall: Faccessat checks wrong group
* go#51858 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
* go#52095 cmd/compile: fails to compile very long files starting go1.17
* go#52148 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
* go#52306 sync: TestWaitGroupMisuse2 is flaky
* go#52374 runtime: executable compiled under Go 1.17.7 will occasionally wedge
* go#52455 net/http/httptest: race in Close
* go#52705 net: TestDialCancel is not compatible with new macOS ARM64 builders (forwarded request 976169 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/976172
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=15
- go1.17.10 (released 2022-05-10) includes security fixes to the
syscall package, as well as bug fixes to the compiler, runtime,
and the crypto/x509 and net/http/httptest packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-29526
* boo#1199413 go#52313 CVE-2022-29526
* go#52439 syscall: Faccessat checks wrong group
* go#51858 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
* go#52095 cmd/compile: fails to compile very long files starting go1.17
* go#52148 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
* go#52306 sync: TestWaitGroupMisuse2 is flaky
* go#52374 runtime: executable compiled under Go 1.17.7 will occasionally wedge
* go#52455 net/http/httptest: race in Close
* go#52705 net: TestDialCancel is not compatible with new macOS ARM64 builders
OBS-URL: https://build.opensuse.org/request/show/976169
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=25
- Remove remaining use of gold linker when bootstrapping with
gccgo. The binutils-gold package will be removed in the future.
* History: go1.8.3 2017-06-18 added conditional if gccgo defined
BuildRequires: binutils-gold for arches other than s390x
* No information available why binutils-gold was used initially
* Unrelated to upstream recent hardcoded gold dependency for ARM (forwarded request 974490 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/974491
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=14
- Remove remaining use of gold linker when bootstrapping with
gccgo. The binutils-gold package will be removed in the future.
* History: go1.8.3 2017-06-18 added conditional if gccgo defined
BuildRequires: binutils-gold for arches other than s390x
* No information available why binutils-gold was used initially
* Unrelated to upstream recent hardcoded gold dependency for ARM
OBS-URL: https://build.opensuse.org/request/show/974490
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=23
- go1.17.9 (released 2022-04-12) includes security fixes to the
crypto/elliptic and encoding/pem packages, as well as bug fixes
to the linker and runtime.
Refs boo#1190649 go1.17 release tracking
CVE-2022-24675 CVE-2022-28327
* boo#1198423 go#51853 CVE-2022-24675
* go#52036 encoding/pem: stack overflow
* boo#1198424 go#52075 CVE-2022-28327
* go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
* go#51736 plugin: tls handshake panic: unreachable method called. linker bug?
* go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0
* go#51458 runtime: finalizer call has wrong frame size
* go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed (forwarded request 969622 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/969625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=13
- go1.17.9 (released 2022-04-12) includes security fixes to the
crypto/elliptic and encoding/pem packages, as well as bug fixes
to the linker and runtime.
Refs boo#1190649 go1.17 release tracking
CVE-2022-24675 CVE-2022-28327
* boo#1198423 go#51853 CVE-2022-24675
* go#52036 encoding/pem: stack overflow
* boo#1198424 go#52075 CVE-2022-28327
* go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
* go#51736 plugin: tls handshake panic: unreachable method called. linker bug?
* go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0
* go#51458 runtime: finalizer call has wrong frame size
* go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed
OBS-URL: https://build.opensuse.org/request/show/969622
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=21
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 (forwarded request 967627 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/967629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=12
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
OBS-URL: https://build.opensuse.org/request/show/967627
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=19
- go1.17.8 (released 2022-03-03) includes a security fix to the
regexp/syntax package, as well as bug fixes to the compiler,
runtime, the go command, and the crypto/x509, and net packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-24921
* boo#1196732 go#51112 CVE-2022-24921
* go#51118 regexp: stack overflow (process exit) handling deeply nested regexp
* go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
* go#51199 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
* go#51162 net: use EDNS to increase DNS packet size [freeze exception]
* go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
* go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 (forwarded request 959306 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/959308
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=9
- go1.17.8 (released 2022-03-03) includes a security fix to the
regexp/syntax package, as well as bug fixes to the compiler,
runtime, the go command, and the crypto/x509, and net packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-24921
* boo#1196732 go#51112 CVE-2022-24921
* go#51118 regexp: stack overflow (process exit) handling deeply nested regexp
* go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
* go#51199 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
* go#51162 net: use EDNS to increase DNS packet size [freeze exception]
* go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
* go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18
OBS-URL: https://build.opensuse.org/request/show/959306
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=13
- go1.17.7 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, and net/http/httptest packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50687 cmd/go: do not treat branches with semantic-version names as releases
* go#50942 cmd/asm: "compile: loop" compiler bug?
* go#50867 cmd/compile: incorrect use of CMN on arm64
* go#50812 cmd/go: remove bitbucket VCS probing
* go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50297 cmd/link: does not set section type of .init_array correctly
* go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package (forwarded request 953823 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/953825
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=7
- go1.17.7 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, and net/http/httptest packages.
Refs boo#1190649 go1.17 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50687 cmd/go: do not treat branches with semantic-version names as releases
* go#50942 cmd/asm: "compile: loop" compiler bug?
* go#50867 cmd/compile: incorrect use of CMN on arm64
* go#50812 cmd/go: remove bitbucket VCS probing
* go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50297 cmd/link: does not set section type of .init_array correctly
* go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package
OBS-URL: https://build.opensuse.org/request/show/953823
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=11
- go1.17.6 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the crypto/x509, net/http, and reflect
packages.
Refs boo#1190649 go1.17 release tracking
* go#50165 crypto/x509: error parsing large ASN.1 identifiers
* go#50073 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49961 reflect: segmentation violation while using html/template
* go#49921 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#49413 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48116 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 (forwarded request 944560 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/944562
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=6
- go1.17.6 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the crypto/x509, net/http, and reflect
packages.
Refs boo#1190649 go1.17 release tracking
* go#50165 crypto/x509: error parsing large ASN.1 identifiers
* go#50073 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49961 reflect: segmentation violation while using html/template
* go#49921 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#49413 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48116 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14
OBS-URL: https://build.opensuse.org/request/show/944560
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=10
- go1.17.4 (released 2021-12-02) includes fixes to the compiler,
linker, runtime, and the go/types, net/http, and time packages.
Refs boo#1190649 go1.17 release tracking
* go#49911 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49909 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49905 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49868 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49729 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49662 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49624 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49568 net/http: server responds with Transfer-Encoding: identity
* go#49561 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49559 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49511 cmd/compile: init info of OAS node in a select case is being dropped
* go#49479 runtime: "morestack on g0" in x/perf/storage/app on windows/arm64
* go#49407 time: ParseInLocation error
* go#49392 cmd/compile: internal compiler error: Expand calls interface data problem
* go#49369 runtime: time goes backwards on windows-arm64 (frequent TestGcLastTime failures)
* go#49129 cmd/compile: internal compiler error: can't find source for b12->b4: v31 = MOVBload <bool> v14 v1 : DX
* go#48825 go/types, types2: stack overflow in hasVarSize for invalid type (forwarded request 935320 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/935322
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=4
- go1.17.4 (released 2021-12-02) includes fixes to the compiler,
linker, runtime, and the go/types, net/http, and time packages.
Refs boo#1190649 go1.17 release tracking
* go#49911 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49909 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49905 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49868 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49729 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49662 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49624 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49568 net/http: server responds with Transfer-Encoding: identity
* go#49561 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49559 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49511 cmd/compile: init info of OAS node in a select case is being dropped
* go#49479 runtime: "morestack on g0" in x/perf/storage/app on windows/arm64
* go#49407 time: ParseInLocation error
* go#49392 cmd/compile: internal compiler error: Expand calls interface data problem
* go#49369 runtime: time goes backwards on windows-arm64 (frequent TestGcLastTime failures)
* go#49129 cmd/compile: internal compiler error: can't find source for b12->b4: v31 = MOVBload <bool> v14 v1 : DX
* go#48825 go/types, types2: stack overflow in hasVarSize for invalid type
OBS-URL: https://build.opensuse.org/request/show/935320
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=8
- go1.17.3 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the go command, the misc/wasm
directory, and to the net/http and syscall packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48992 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48252 archive/zip: Reader.Open panics on empty string
* go#49199 cmd/go: go list all breaks in //go:build-only repos
* go#49154 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49086 cmd/link: -buildmode=pie -linkshared panic at runtime
* go#49077 x/net/http2: backport critical fixes
* go#49010 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48823 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48650 x/net/http2: pool deadlock
* go#48479 cmd/compile: 64 bits shifts on arm get wrong results
* go#48475 cmd/compile: incorrect arm/arm64 simplification rules
* go#48075 syscall: SysProcAttr{ NoInheritHandles: true } broken in 1.17 on Windows (forwarded request 929548 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/929550
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=3
- go1.17.3 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the go command, the misc/wasm
directory, and to the net/http and syscall packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48992 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48252 archive/zip: Reader.Open panics on empty string
* go#49199 cmd/go: go list all breaks in //go:build-only repos
* go#49154 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49086 cmd/link: -buildmode=pie -linkshared panic at runtime
* go#49077 x/net/http2: backport critical fixes
* go#49010 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48823 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48650 x/net/http2: pool deadlock
* go#48479 cmd/compile: 64 bits shifts on arm get wrong results
* go#48475 cmd/compile: incorrect arm/arm64 simplification rules
* go#48075 syscall: SysProcAttr{ NoInheritHandles: true } broken in 1.17 on Windows
OBS-URL: https://build.opensuse.org/request/show/929548
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=7
- go1.17.2 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
compiler, the runtime, the go command, and to the time and
text/template packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48800 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48561 cmd/compile: unsafe.Add bug when adding uint8 value to a pointer
* go#48444 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#48177 time: output does not respect comma as millisecond separator
* go#47859 time: timer reset sometimes ignored, causing delayed ticks
* go#47756 cmd/go: mod tidy -go=1.17 should move indirect dependencies to the second require part (forwarded request 924124 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/924126
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.17?expand=0&rev=2
- go1.17.2 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
compiler, the runtime, the go command, and to the time and
text/template packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48800 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48561 cmd/compile: unsafe.Add bug when adding uint8 value to a pointer
* go#48444 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#48177 time: output does not respect comma as millisecond separator
* go#47859 time: timer reset sometimes ignored, causing delayed ticks
* go#47756 cmd/go: mod tidy -go=1.17 should move indirect dependencies to the second require part
OBS-URL: https://build.opensuse.org/request/show/924124
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=6
- go1.17.1 (released 2021-09-09) includes a security fix to the
archive/zip package, as well as bug fixes to the compiler,
linker, the go command, and to the crypto/rand, embed, go/types,
html/template, and net/http packages.
Refs boo#1190649 go1.17 release tracking
CVE-2021-39293
* boo#1190589 go#47801 CVE-2021-39293
* go#47986 archive/zip: overflow in preallocation check can cause OOM panic
* go#48156 cmd/go: get panics with "can't find reason for requirement on"
* go#48102 cmd/compile: panic during export method expression
* go#48082 go/types: panic in error reporting for invalid use of "init"
* go#47857 cmd/go: module dependencies not updated with go get -u in 1.17
* go#47854 go/types: incorrect type reported for comma-err C functions (manifests itself in IDEs)
* go#47814 crypto/rand: getentropy is not available on iOS
* go#47782 cmd/link: wrong dynamic linker path when cross-compiling to OpenBSD
* go#47754 embed: 1.17 rejects types with underlying type []byte
* go#47692 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
OBS-URL: https://build.opensuse.org/request/show/920224
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.17?expand=0&rev=4
