baserev update by copy to link target

• Files Changed
• Browse Source

Add reproducible.patch to avoid build-time race (boo#1102408)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

Prepare for RPM 4.20

• Files Changed
• Browse Source

- go1.15.15 (released 2021-08-05) includes a security fix to the
  net/http/httputil package, as well as bug fixes to the compiler,
  the runtime, the go command, and the net/http package.
  CVE-2021-36221
  Refs boo#1175132 go1.15 release tracking
  * boo#1189162 go#46866 CVE-2021-36221
  * go#47473 net/http: panic due to racy read of persistConn after handler panic
  * go#47347 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
  * go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
  * go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
  * go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6

• Files Changed
• Browse Source

- Fix go#46803 boo#1188906, add fix-crash-on-ppc64le.patch

• Files Changed
• Browse Source

- go1.15.14 (released 2021-07-12) includes a security fix to the
  crypto/tls package, as well as bug fixes to the linker, and the
  net package.
  CVE-2021-34558
  Refs boo#1175132 go1.15 release tracking
  * boo#1188229 go#47143 CVE-2021-34558
  * go#47144 security: fix CVE-2021-34558
  * go#47012 net: LookupMX behaviour broken
  * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
  * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora
  * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing
  * go#46656 runtime: deeply nested struct initialized with non-zero values

• Files Changed
• Browse Source

- Fix extraneous trailing percent character %endif% in spec file.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.15.13 (released 2021-06-03) includes security fixes to the
  archive/zip, math/big, net, and net/http/httputil packages, as
  well as bug fixes to the linker, the go command, and the math/big
  and net/http packages.
  CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
  Refs boo#1175132 go1.15 release tracking
  * boo#1187443 go#46241 CVE-2021-33195
  * go#46356 net: Lookup functions may return invalid host names
  * go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
  * boo#1186622 go#46242 CVE-2021-33196
  * go#46396 archive/zip: malformed archive may cause panic or memory exhaustion
  * boo#1187444 go#46313 CVE-2021-33197
  * go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
  * boo#1187445 go#45910 CVE-2021-33198
  * go#46305 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
  * go#46143 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
  * go#46127 cmd/link: internal error when externally linking very large binaries
  * go#46002 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
  * go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.15.12 (released 2021-05-06) includes a security fix to the
  net/http package, as well as bug fixes to the runtime and the
  time package.
  CVE-2021-31525
  Refs boo#1175132 go1.15 release tracking
  * boo#1185790 CVE-2021-31525
  * go#45711 net/http: ReadRequest can stack overflow
  * go#45731 time, runtime: scheduled timer may never fire if GOMAXPROCS is reduced
  * go#45481 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
  * go#45384 time: Europe/Dublin timezone handling broken with embedded timezone database

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.15.11 (released 2021-04-01) includes fixes to cgo, the
  compiler, linker, runtime, the go command, and the database/sql
  and net/http packages.
  Refs boo#1175132 go1.15 release tracking
  * go#45302 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
  * go#45239 all: run.{bash,bat,rc} sets GOPATH inconsistently
  * go#45187 Strange behaviour with loops
  * go#45076 net/http: transport caches permanently broken persistent connections if write error happens during h2 handshake
  * go#44872 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
  * go#44748 cmd/link: fail to build when using time/tzdata on ARM
  * go#43592 cmd/link: "x86_64-w64-mingw32/bin/ld.exe: Error: export ordinal too large" after upgrading to Go 1.15
  * go#43591 cmd/link: -buildmode=c-shared exports many functions, not just //export functions
  * go#42884 database/sql: deadlock on transaction stmt context cancel

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.15.10 (released 2021-03-11) includes fixes to the compiler,
  the go command, and the net/http, os, syscall, and time packages.
  Refs boo#1175132 go1.15 release tracking
  * go#44792 cmd/go: mod tidy should ignore missing standard library packages
  * go#44658 runtime: marked free object in span
  * go#44617 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
  * go#44592 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
  * go#44294 net/http: ServeContent()/ServeFile() doesn't return expected response when WriteTimeout happens
  * go#44273 os: copy_file_range system call fails on some file systems
  * go#42935 net/http: Transport race condition by Content-Length == 0 response
  * go#42930 cmd/compile: miscompilation of some arithmetic and conditionals on arm

• Files Changed
• Browse Source

- go1.15.9 (released 2021-03-10) includes security fixes to the
  archive/zip package.
  CVE-2021-27918
  Refs boo#1175132 go1.15 release tracking
  * boo#1183333 CVE-2021-27918
  * go#44914 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.15.8 (released 2021-02-04) includes fixes to the compiler,
  linker, runtime, the go command, and the net/http package.
  Refs boo#1175132 go1.15 release tracking
  * go#43861 cmd/go: TestScript/get_update_unknown_protocol test fails
  * go#43860 cmd/go: handle space in path to C compiler
  * go#43833 runtime: SIGSEGV in runtime.deltimer on linux-mips-rtrk during ReadMemStats
  * go#43797 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged
  * go#43793 internal/execabs: disable tests on js-wasm
  * go#43575 cmd/compile: 32-bit random data corruption
  * go#43406 x/mobile/cmd/gomobile: gomobile build on simple program returns "ld: error: duplicate symbol: x_cgo_inittls"
  * go#43214 cmd/link: panic: runtime error: slice bounds out of range [::1751306] with length 1048576
  * go#42539 net/http: race in http2Transport
  * go#42384 cmd/link: PE linker segfaults in addpersrc when cross-compiling

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source