- go1.18.9 (released 2022-12-06) includes security fixes to the
net/http and os packages, as well as bug fixes to cgo, the
compiler, the runtime, and the crypto/x509 and os/exec packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41717 CVE-2022-41720
* go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
* go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
* go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
* go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
* go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
* go#56635 runtime: traceback stuck in runtime.systemstack
* go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
* go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
* go#56437 crypto/x509: respect GODEBUG changes during program lifetime
* go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
* go#56359 cmd/compile: panic: offset too large (forwarded request 1041231 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1041234
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=18
- go1.18.9 (released 2022-12-06) includes security fixes to the
net/http and os packages, as well as bug fixes to cgo, the
compiler, the runtime, and the crypto/x509 and os/exec packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41717 CVE-2022-41720
* go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
* go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
* go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
* go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
* go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
* go#56635 runtime: traceback stuck in runtime.systemstack
* go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
* go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
* go#56437 crypto/x509: respect GODEBUG changes during program lifetime
* go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
* go#56359 cmd/compile: panic: offset too large
OBS-URL: https://build.opensuse.org/request/show/1041231
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=37
- go1.18.8 (released 2022-11-01) includes security fixes to the
os/exec and syscall packages, as well as bug fixes to the
runtime.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41716
* go#56327 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables
* go#56308 runtime: "runtime·lock: lock count" fatal error when cgo is enabled (forwarded request 1032741 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1032743
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=17
- go1.18.8 (released 2022-11-01) includes security fixes to the
os/exec and syscall packages, as well as bug fixes to the
runtime.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41716
* go#56327 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables
* go#56308 runtime: "runtime·lock: lock count" fatal error when cgo is enabled
OBS-URL: https://build.opensuse.org/request/show/1032741
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=35
- go1.18.7 (released 2022-10-04) includes security fixes to the
archive/tar, net/http/httputil, and regexp packages, as well as
bug fixes to the compiler, the linker, and the go/types package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41715 CVE-2022-2879 CVE-2022-2880
* go#55950 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
* go#55925 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers
* go#55842 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters
* go#55151 fatal error: bulkBarrierPreWrite: unaligned arguments
* go#55148 go/types: no way to construct the signature of append(s, "string"...) via the API
* go#55113 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation
* go#54918 cmd/compile: Value live at entry (forwarded request 1008075 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1008077
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=16
- go1.18.7 (released 2022-10-04) includes security fixes to the
archive/tar, net/http/httputil, and regexp packages, as well as
bug fixes to the compiler, the linker, and the go/types package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-41715 CVE-2022-2879 CVE-2022-2880
* go#55950 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
* go#55925 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers
* go#55842 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters
* go#55151 fatal error: bulkBarrierPreWrite: unaligned arguments
* go#55148 go/types: no way to construct the signature of append(s, "string"...) via the API
* go#55113 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation
* go#54918 cmd/compile: Value live at entry
OBS-URL: https://build.opensuse.org/request/show/1008075
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=33
- go1.18.6 (released 2022-09-06) includes security fixes to the
net/http package, as well as bug fixes to the compiler, the go
command, the pprof command, the runtime, and the crypto/tls,
encoding/xml, and net packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-27664
* go#53977 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY
* go#54733 cmd/go: git fetch errors dropped when producing pseudo-versions for commits
* go#54725 cmd/compile: compile failed with "Value live at entry"
* go#54674 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert
* go#54664 runtime: segfault running ppc64/linux binaries with kernel 5.18
* go#54659 cmd/go: go test -race does not set implicit race build tag
* go#54642 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension
* go#54636 cmd/go: data race in TestScript
* go#54603 cmd/compile: miscompilation of partially-overlapping array assignments
* go#54502 cmd/link: Trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64
* go#54464 cmd/pprof: graphviz node names are funny with generics
* go#54128 encoding/xml: crash on android/arm64 due to https://go.dev/cl/417062
* go#54074 net: WriteMsgUDPAddrPort should accept IPv4 destination addresses on IPv6 UDP sockets
* go#54056 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT
* go#53397 go/reflect: Incorrect behavior on arm64 when using MakeFunc / Call (forwarded request 1001531 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/1001533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=15
- go1.18.6 (released 2022-09-06) includes security fixes to the
net/http package, as well as bug fixes to the compiler, the go
command, the pprof command, the runtime, and the crypto/tls,
encoding/xml, and net packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-27664
* go#53977 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY
* go#54733 cmd/go: git fetch errors dropped when producing pseudo-versions for commits
* go#54725 cmd/compile: compile failed with "Value live at entry"
* go#54674 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert
* go#54664 runtime: segfault running ppc64/linux binaries with kernel 5.18
* go#54659 cmd/go: go test -race does not set implicit race build tag
* go#54642 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension
* go#54636 cmd/go: data race in TestScript
* go#54603 cmd/compile: miscompilation of partially-overlapping array assignments
* go#54502 cmd/link: Trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64
* go#54464 cmd/pprof: graphviz node names are funny with generics
* go#54128 encoding/xml: crash on android/arm64 due to https://go.dev/cl/417062
* go#54074 net: WriteMsgUDPAddrPort should accept IPv4 destination addresses on IPv6 UDP sockets
* go#54056 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT
* go#53397 go/reflect: Incorrect behavior on arm64 when using MakeFunc / Call
OBS-URL: https://build.opensuse.org/request/show/1001531
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=31
- go1.18.5 (released 2022-08-01) includes security fixes to the
encoding/gob and math/big packages, as well as bug fixes to the
compiler, the go command, the runtime, and the testing package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-32189
* boo#1202035 CVE-2022-32189 go#53871
* go#54095 math/big: index out of range in Float.GobDecode
* go#53883 cmd/compile: interface conversion with generics reports "types from different scopes"
* go#53875 cmd/go: livelock when computing module graph in a workspace with GOPROXY=off
* go#53852 cmd/compile: internal compiler error: assertion failed
* go#53847 runtime: modified timer results in extreme cpu load
* go#53119 cmd/go: Build information embedded by Go 1.18 impairs build reproducibility with cgo flags
* go#53112 runtime: gentraceback() dead loop on arm64 casued the process hang
* go#52986 testing: TempDir RemoveAll cleanup failures with "The process cannot access the file because it is being used by another process."
* go#52961 cmd/compile: miscompilation in pointer operations (forwarded request 992076 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/992080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=13
- go1.18.5 (released 2022-08-01) includes security fixes to the
encoding/gob and math/big packages, as well as bug fixes to the
compiler, the go command, the runtime, and the testing package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-32189
* boo#1202035 CVE-2022-32189 go#53871
* go#54095 math/big: index out of range in Float.GobDecode
* go#53883 cmd/compile: interface conversion with generics reports "types from different scopes"
* go#53875 cmd/go: livelock when computing module graph in a workspace with GOPROXY=off
* go#53852 cmd/compile: internal compiler error: assertion failed
* go#53847 runtime: modified timer results in extreme cpu load
* go#53119 cmd/go: Build information embedded by Go 1.18 impairs build reproducibility with cgo flags
* go#53112 runtime: gentraceback() dead loop on arm64 casued the process hang
* go#52986 testing: TempDir RemoveAll cleanup failures with "The process cannot access the file because it is being used by another process."
* go#52961 cmd/compile: miscompilation in pointer operations
OBS-URL: https://build.opensuse.org/request/show/992076
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=25
- go1.18.4 (released 2022-07-12) includes security fixes to the
compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
net/http, and path/filepath packages, as well as bug fixes to the
compiler, the go command, the linker, the runtime, and the
runtime/metrics package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962 (forwarded request 988807 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/988809
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=12
- go1.18.4 (released 2022-07-12) includes security fixes to the
compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
net/http, and path/filepath packages, as well as bug fixes to the
compiler, the go command, the linker, the runtime, and the
runtime/metrics package.
Refs boo#1193742 go1.18 release tracking
CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962
OBS-URL: https://build.opensuse.org/request/show/988807
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=23
- go1.18.3 (released 2022-06-01) includes security fixes to the
crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
well as bug fixes to the compiler, and the crypto/tls and
text/template/parse packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
* boo#1200134 go#52561 CVE-2022-30634
* go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
* boo#1200135 go#52814 CVE-2022-30629
* go#52833 crypto/tls: randomly generate ticket_age_add
* boo#1200136 go#52574 CVE-2022-30580
* go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
* boo#1200137 go#52476 CVE-2022-29804
* go#52479 path/filepath: Clean(.\c:) returns c: on Windows
* go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2
* go#52242 cmd/compile: compiler crash on valid code
* go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated"
* go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
* go#52878 text/template: break/continue require no whitespace around them
* go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
* go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11 (forwarded request 980418 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/980420
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=11
- go1.18.3 (released 2022-06-01) includes security fixes to the
crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
well as bug fixes to the compiler, and the crypto/tls and
text/template/parse packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
* boo#1200134 go#52561 CVE-2022-30634
* go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
* boo#1200135 go#52814 CVE-2022-30629
* go#52833 crypto/tls: randomly generate ticket_age_add
* boo#1200136 go#52574 CVE-2022-30580
* go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
* boo#1200137 go#52476 CVE-2022-29804
* go#52479 path/filepath: Clean(.\c:) returns c: on Windows
* go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2
* go#52242 cmd/compile: compiler crash on valid code
* go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated"
* go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
* go#52878 text/template: break/continue require no whitespace around them
* go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
* go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11
OBS-URL: https://build.opensuse.org/request/show/980418
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=21
- go1.18.2 (released 2022-05-10) includes security fixes to the
syscall package, as well as bug fixes to the compiler, runtime,
the go command, and the crypto/x509, go/types, net/http/httptest,
reflect, and sync/atomic packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-29526
* boo#1199413 go#52313 CVE-2022-29526
* go#52440 syscall: Faccessat checks wrong group
* go#51738 runtime: wrong type assertion result when using generic types
* go#51798 cmd/go: add (and default to) -buildvcs=auto
* go#51859 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
* go#51897 net/http/httptest: race in Close
* go#52028 go/types: documentation on instance de-duplication is unclear about guarantees
* go#52149 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
* go#52244 go/types, types2: go generic assert compile escape
* go#52305 runtime: doAllThreadsSyscall has an unaligned atomic load on 32-bit architectures
* go#52366 cmd/compile/internal/ssa: occurred the wrong rewrite cycle detection
* go#52375 runtime: executable compiled under Go 1.17.7 will occasionally wedge
* go#52386 reflect: can set map elem with string key of a different string type
* go#52441 cmd/compile: incorrect handling of iota in 1.18
* go#52468 cmd/go: go run -mod=mod [files...] does not update go.mod and go.sum
* go#52558 cmd/compile: cannot convert v (variable of type *Bar[T]) to type *Foo[T]
* go#52606 cmd/compile: internal compiler error: weird package in name: .dict0 => .dict0 from "", not "test/p"
* go#52615 sync/atomic: compare and swap of inconsistently typed values with uninitialized Value
* go#52691 cmd/compile: generic function appears to use incorrect type descriptor
* go#52699 runtime: support debugCall on arm64
* go#52706 net: TestDialCancel is not compatible with new macOS ARM64 builders
* go#52804 go/types: NewMethodSet doesn't terminate for recursively embedded generics (forwarded request 976170 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/976173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=10
- go1.18.2 (released 2022-05-10) includes security fixes to the
syscall package, as well as bug fixes to the compiler, runtime,
the go command, and the crypto/x509, go/types, net/http/httptest,
reflect, and sync/atomic packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-29526
* boo#1199413 go#52313 CVE-2022-29526
* go#52440 syscall: Faccessat checks wrong group
* go#51738 runtime: wrong type assertion result when using generic types
* go#51798 cmd/go: add (and default to) -buildvcs=auto
* go#51859 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
* go#51897 net/http/httptest: race in Close
* go#52028 go/types: documentation on instance de-duplication is unclear about guarantees
* go#52149 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
* go#52244 go/types, types2: go generic assert compile escape
* go#52305 runtime: doAllThreadsSyscall has an unaligned atomic load on 32-bit architectures
* go#52366 cmd/compile/internal/ssa: occurred the wrong rewrite cycle detection
* go#52375 runtime: executable compiled under Go 1.17.7 will occasionally wedge
* go#52386 reflect: can set map elem with string key of a different string type
* go#52441 cmd/compile: incorrect handling of iota in 1.18
* go#52468 cmd/go: go run -mod=mod [files...] does not update go.mod and go.sum
* go#52558 cmd/compile: cannot convert v (variable of type *Bar[T]) to type *Foo[T]
* go#52606 cmd/compile: internal compiler error: weird package in name: .dict0 => .dict0 from "", not "test/p"
* go#52615 sync/atomic: compare and swap of inconsistently typed values with uninitialized Value
* go#52691 cmd/compile: generic function appears to use incorrect type descriptor
* go#52699 runtime: support debugCall on arm64
* go#52706 net: TestDialCancel is not compatible with new macOS ARM64 builders
* go#52804 go/types: NewMethodSet doesn't terminate for recursively embedded generics
OBS-URL: https://build.opensuse.org/request/show/976170
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=19
- Remove remaining use of gold linker when bootstrapping with
gccgo. The binutils-gold package will be removed in the future.
* History: go1.8.3 2017-06-18 added conditional if gccgo defined
BuildRequires: binutils-gold for arches other than s390x
* No information available why binutils-gold was used initially
* Unrelated to upstream recent hardcoded gold dependency for ARM (forwarded request 974489 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/974492
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=9
- Remove remaining use of gold linker when bootstrapping with
gccgo. The binutils-gold package will be removed in the future.
* History: go1.8.3 2017-06-18 added conditional if gccgo defined
BuildRequires: binutils-gold for arches other than s390x
* No information available why binutils-gold was used initially
* Unrelated to upstream recent hardcoded gold dependency for ARM
OBS-URL: https://build.opensuse.org/request/show/974489
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=17
- go1.18.1 (released 2022-04-12) includes security fixes to the
crypto/elliptic, crypto/x509, and encoding/pem packages, as well
as bug fixes to the compiler, linker, runtime, the go command,
vet, and the bytes, crypto/x509, and go/types packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-24675 CVE-2022-28327 CVE-2022-27536
* boo#1198423 go#51853 CVE-2022-24675
* go#52037 encoding/pem: stack overflow
boo#1198424 go#52075 CVE-2022-28327
* go#52077 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
* boo#1198427 go#51759 CVE-2022-27536
* go#51763 crypto/x509: Certificate.Verify crash on macOS with Go 1.18
* go#52140 cmd/go: go work use -r panics when given a directory that does not exist
* go#52119 go/types, cmd/compile: type set overlapping implementation for interface types might be not correct
* go#52032 go/types: spurious diagnostics for untyped shift operands with GoVersion < go1.13
* go#52007 go/types, types2: scope is unset on receivers of instantiated methods
* go#51874 cmd/go: Segfault on ppc64le during Go 1.18 build on Alpine Linux
* go#51855 cmd/compile: internal compiler error: panic: runtime error: index out of range [0] with length 0
* go#51852 crypto/x509: reject SHA-1 signatures in Verify
* go#51847 cmd/compile: cannot import "package" (type parameter bound more than once)
* go#51846 cmd/compile: internal compiler error: walkExpr: switch 1 unknown op RECOVER
* go#51796 bytes: Trim returns empty slice instead of nil in 1.18
* go#51767 cmd/go: "go test" seems to now require git due to -buildvcs
* go#51764 cmd/go: go work use panics when given a file
* go#51741 cmd/cgo: pointer to incomplete C type is mangled when passed through interface type and generic type assert
* go#51737 plugin: tls handshake panic: unreachable method called. linker bug?
* go#51727 cmd/vet, go/types: go vet crash when using self-recursive anonymous types in constraints
* go#51697 runtime: some tests fails on Windows with CGO_ENABLED=0
* go#51669 cmd/compile: irgen uses wrong dict param to generate code for getting dict type
* go#51665 go/types, types2: gopls crash in recordTypeAndValue (forwarded request 969623 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/969626
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=8
- go1.18.1 (released 2022-04-12) includes security fixes to the
crypto/elliptic, crypto/x509, and encoding/pem packages, as well
as bug fixes to the compiler, linker, runtime, the go command,
vet, and the bytes, crypto/x509, and go/types packages.
Refs boo#1193742 go1.18 release tracking
CVE-2022-24675 CVE-2022-28327 CVE-2022-27536
* boo#1198423 go#51853 CVE-2022-24675
* go#52037 encoding/pem: stack overflow
boo#1198424 go#52075 CVE-2022-28327
* go#52077 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
* boo#1198427 go#51759 CVE-2022-27536
* go#51763 crypto/x509: Certificate.Verify crash on macOS with Go 1.18
* go#52140 cmd/go: go work use -r panics when given a directory that does not exist
* go#52119 go/types, cmd/compile: type set overlapping implementation for interface types might be not correct
* go#52032 go/types: spurious diagnostics for untyped shift operands with GoVersion < go1.13
* go#52007 go/types, types2: scope is unset on receivers of instantiated methods
* go#51874 cmd/go: Segfault on ppc64le during Go 1.18 build on Alpine Linux
* go#51855 cmd/compile: internal compiler error: panic: runtime error: index out of range [0] with length 0
* go#51852 crypto/x509: reject SHA-1 signatures in Verify
* go#51847 cmd/compile: cannot import "package" (type parameter bound more than once)
* go#51846 cmd/compile: internal compiler error: walkExpr: switch 1 unknown op RECOVER
* go#51796 bytes: Trim returns empty slice instead of nil in 1.18
* go#51767 cmd/go: "go test" seems to now require git due to -buildvcs
* go#51764 cmd/go: go work use panics when given a file
* go#51741 cmd/cgo: pointer to incomplete C type is mangled when passed through interface type and generic type assert
* go#51737 plugin: tls handshake panic: unreachable method called. linker bug?
* go#51727 cmd/vet, go/types: go vet crash when using self-recursive anonymous types in constraints
* go#51697 runtime: some tests fails on Windows with CGO_ENABLED=0
* go#51669 cmd/compile: irgen uses wrong dict param to generate code for getting dict type
* go#51665 go/types, types2: gopls crash in recordTypeAndValue
OBS-URL: https://build.opensuse.org/request/show/969623
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=15
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 (forwarded request 967904 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/967905
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=7
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
OBS-URL: https://build.opensuse.org/request/show/967904
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=13
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
OBS-URL: https://build.opensuse.org/request/show/967639
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=12
- Template gcc-go.patch to substitute gcc_go_version and eliminate
multiple similar patches each with hardcoded gcc go binary name.
gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
OBS-URL: https://build.opensuse.org/request/show/967628
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=11
- Add .bin assembler pattern table file and test data to packaging.
* Error manifests building some Go applications as:
src/crypto/elliptic/p256_asm.go:24:12:
pattern p256_asm_table.bin: no matching files found
* A Quick Guide to Go's Assembler https://go.dev/doc/asm
* New assembler pattern file added to packaging with mode 644:
src/crypto/elliptic/p256_asm_table.bin
* Existing test data files added to packaging with mode 644:
src/compress/bzip2/testdata/pass-random2.bin
src/compress/bzip2/testdata/pass-random1.bin
src/debug/dwarf/testdata/line-gcc-win.bin (forwarded request 955775 from jfkw)
OBS-URL: https://build.opensuse.org/request/show/955776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/go1.18?expand=0&rev=4
- Add .bin assembler pattern table file and test data to packaging.
* Error manifests building some Go applications as:
src/crypto/elliptic/p256_asm.go:24:12:
pattern p256_asm_table.bin: no matching files found
* A Quick Guide to Go's Assembler https://go.dev/doc/asm
* New assembler pattern file added to packaging with mode 644:
src/crypto/elliptic/p256_asm_table.bin
* Existing test data files added to packaging with mode 644:
src/compress/bzip2/testdata/pass-random2.bin
src/compress/bzip2/testdata/pass-random1.bin
src/debug/dwarf/testdata/line-gcc-win.bin
OBS-URL: https://build.opensuse.org/request/show/955775
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/go1.18?expand=0&rev=5