Add reproducible.patch to avoid build-time race (boo#1102408) (forwarded request 1168495 from opensusedemobmw2)

• Files Changed
• Browse Source

Prepare for RPM 4.20 (forwarded request 1152224 from dimstar)

• Files Changed
• Browse Source

- go1.15.15 (released 2021-08-05) includes a security fix to the
  net/http/httputil package, as well as bug fixes to the compiler,
  the runtime, the go command, and the net/http package.
  CVE-2021-36221
  Refs boo#1175132 go1.15 release tracking
  * boo#1189162 go#46866 CVE-2021-36221
  * go#47473 net/http: panic due to racy read of persistConn after handler panic
  * go#47347 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
  * go#47014 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
  * go#46927 cmd/compile: register conflict between external linker and duffzero on arm64
  * go#46857 runtime: ppc64x binaries randomly segfault on linux 5.13rc6 (forwarded request 910388 from jfkw)

• Files Changed
• Browse Source

- Fix go#46803 boo#1188906, add fix-crash-on-ppc64le.patch (forwarded request 909269 from hillwood)

• Files Changed
• Browse Source

- go1.15.14 (released 2021-07-12) includes a security fix to the
  crypto/tls package, as well as bug fixes to the linker, and the
  net package.
  CVE-2021-34558
  Refs boo#1175132 go1.15 release tracking
  * boo#1188229 go#47143 CVE-2021-34558
  * go#47144 security: fix CVE-2021-34558
  * go#47012 net: LookupMX behaviour broken
  * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
  * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora
  * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing
  * go#46656 runtime: deeply nested struct initialized with non-zero values (forwarded request 905963 from jfkw)

• Files Changed
• Browse Source

- Fix extraneous trailing percent character %endif% in spec file. (forwarded request 903993 from jfkw)

• Files Changed
• Browse Source

- go1.15.13 (released 2021-06-03) includes security fixes to the
  archive/zip, math/big, net, and net/http/httputil packages, as
  well as bug fixes to the linker, the go command, and the math/big
  and net/http packages.
  CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
  Refs boo#1175132 go1.15 release tracking
  * boo#1187443 go#46241 CVE-2021-33195
  * go#46356 net: Lookup functions may return invalid host names
  * go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
  * boo#1186622 go#46242 CVE-2021-33196
  * go#46396 archive/zip: malformed archive may cause panic or memory exhaustion
  * boo#1187444 go#46313 CVE-2021-33197
  * go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
  * boo#1187445 go#45910 CVE-2021-33198
  * go#46305 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
  * go#46143 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
  * go#46127 cmd/link: internal error when externally linking very large binaries
  * go#46002 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
  * go#45335 math/big: Int.Lsh gives wrong results on s390x for n>=128 (forwarded request 900521 from jfkw)

• Files Changed
• Browse Source

- go1.15.12 (released 2021-05-06) includes a security fix to the
  net/http package, as well as bug fixes to the runtime and the
  time package.
  CVE-2021-31525
  Refs boo#1175132 go1.15 release tracking
  * boo#1185790 CVE-2021-31525
  * go#45711 net/http: ReadRequest can stack overflow
  * go#45731 time, runtime: scheduled timer may never fire if GOMAXPROCS is reduced
  * go#45481 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
  * go#45384 time: Europe/Dublin timezone handling broken with embedded timezone database (forwarded request 891371 from jfkw)

• Files Changed
• Browse Source

- go1.15.11 (released 2021-04-01) includes fixes to cgo, the
  compiler, linker, runtime, the go command, and the database/sql
  and net/http packages.
  Refs boo#1175132 go1.15 release tracking
  * go#45302 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
  * go#45239 all: run.{bash,bat,rc} sets GOPATH inconsistently
  * go#45187 Strange behaviour with loops
  * go#45076 net/http: transport caches permanently broken persistent connections if write error happens during h2 handshake
  * go#44872 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
  * go#44748 cmd/link: fail to build when using time/tzdata on ARM
  * go#43592 cmd/link: "x86_64-w64-mingw32/bin/ld.exe: Error: export ordinal too large" after upgrading to Go 1.15
  * go#43591 cmd/link: -buildmode=c-shared exports many functions, not just //export functions
  * go#42884 database/sql: deadlock on transaction stmt context cancel (forwarded request 882730 from jfkw)

• Files Changed
• Browse Source

- go1.15.10 (released 2021-03-11) includes fixes to the compiler,
  the go command, and the net/http, os, syscall, and time packages.
  Refs boo#1175132 go1.15 release tracking
  * go#44792 cmd/go: mod tidy should ignore missing standard library packages
  * go#44658 runtime: marked free object in span
  * go#44617 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
  * go#44592 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
  * go#44294 net/http: ServeContent()/ServeFile() doesn't return expected response when WriteTimeout happens
  * go#44273 os: copy_file_range system call fails on some file systems
  * go#42935 net/http: Transport race condition by Content-Length == 0 response
  * go#42930 cmd/compile: miscompilation of some arithmetic and conditionals on arm (forwarded request 878435 from jfkw)

• Files Changed
• Browse Source

- go1.15.8 (released 2021-02-04) includes fixes to the compiler,
  linker, runtime, the go command, and the net/http package.
  Refs boo#1175132 go1.15 release tracking
  * go#43861 cmd/go: TestScript/get_update_unknown_protocol test fails
  * go#43860 cmd/go: handle space in path to C compiler
  * go#43833 runtime: SIGSEGV in runtime.deltimer on linux-mips-rtrk during ReadMemStats
  * go#43797 cmd/go: TestScript/mod_get_fallback relies on x/tools not being tagged
  * go#43793 internal/execabs: disable tests on js-wasm
  * go#43575 cmd/compile: 32-bit random data corruption
  * go#43406 x/mobile/cmd/gomobile: gomobile build on simple program returns "ld: error: duplicate symbol: x_cgo_inittls"
  * go#43214 cmd/link: panic: runtime error: slice bounds out of range [::1751306] with length 1048576
  * go#42539 net/http: race in http2Transport
  * go#42384 cmd/link: PE linker segfaults in addpersrc when cross-compiling (forwarded request 869616 from jfkw)

• Files Changed
• Browse Source

- go1.15.7 (released 2021-01-19) includes security fixes to the
  cmd/go and crypto/elliptic packages.
  CVE-2021-3114 CVE-2021-3115
  Refs boo#1175132 go1.15 release tracking
  * boo#1181145 CVE-2021-3114
  * go#43788 crypto/elliptic: incorrect operations on the P-224 curve
  * boo#1181146 CVE-2021-3115
  * go#43785 cmd/go: packages using cgo can cause arbitrary code execution on Windows (forwarded request 864486 from jfkw)

• Files Changed
• Browse Source

- go1.15.6 (released 2020-12-03) includes fixes to the compiler,
  linker, runtime, the go command, and the io package.
  Refs boo#1175132 go1.15 release tracking
  * go#42948 cmd/link: unexpected bindingNone in '_go.buildid'
  * go#42753 cmd/compile: ICE due to bad ORL constant
  * go#42636 runtime: infinite loop in lockextra on linux/amd64
  * go#42567 cmd/go: allow flags in CGO_LDFLAGS environment variable not in security allowlist
  * go#42550 io: Copy leaves file zero bytes in Azure AKS with CIFS - Go1.15 regression
  * go#42521 cmd/link: debug_line can contain multiple entries for the same PC address in Go 1.15.4
  * go#42369 internal/poll: CopyFileRange returns EIO on CentOS 7 ( Linux Kernel 3.10.0-1127) when io.Copy in mounted CIFS

• Files Changed
• Browse Source

- go1.15.5 (released 2020-11-12) includes security fixes to the
  cmd/go and math/big packages.
  CVE-2020-28362 CVE-2020-28367 CVE-2020-28366
  Refs boo#1175132 go1.15 release tracking
  * boo#1178750 CVE-2020-28362
  * go#42554 math/big: panic during recursive division of very large numbers
  * boo#1178752 CVE-2020-28367
  * go#42562 cmd/go: arbitrary code can be injected into cgo generated files
  * boo#1178753 CVE-2020-28366
  * go#42558 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (forwarded request 848224 from jfkw)

• Files Changed
• Browse Source

- go1.15.4 (released 2020-11-05) includes fixes to cgo, the
  compiler, linker, runtime, and the compress/flate, net/http,
  reflect, and time packages.
  Refs boo#1175132 go1.15 release tracking
  * go#42169 cmd/compile, runtime, reflect: pointers to go:notinheap types must be stored indirectly in interfaces
  * go#42151 cmd/cgo: opaque struct pointers are broken since Go 1.15.3
  * go#42138 time: Location interprets wrong timezone (DST) with slim zoneinfo
  * go#42113 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly
  * go#41914 net/http: request.Clone doesn't deep copy TransferEncoding
  * go#41704 runtime: macOS syscall.Exec can get SIGILL due to preemption signal
  * go#41463 compress/flate: deflatefast produces corrupted output
  * go#41387 x/net/http2: connection-level flow control not returned if stream errors, causes server hang
  * go#40974 cmd/link: sectionForAddress(0xA9D67F) address not in any section file (forwarded request 846529 from jfkw)

• Files Changed
• Browse Source

- go1.15.3 (released 2020-10-14) includes fixes to cgo, the
  compiler, runtime, the go command, and the bytes, plugin, and
  testing packages.
  * go#41871 cmd/cgo: support other GOARCH values in 1.15
  * go#41797 runtime: memory corruption from stack-allocated defer on 32-bit
  * go#41720 cmd/compile: invalid instruction: MOVL $11553462026240, AX
  * go#41620 memory corruption on linux/386 with float32 arithmetic, GO386=387, buildmode pie/c-archive
  * go#41595 internal/bytealg: SIGILL on s390x [1.15 backport] CherryPickApproved
  * go#41543 cmd/compile: 1.15 heap allocations regression when calling Write on os.Stdout
  * go#41464 cmd/go: breakage with go version command and GOFLAGS environment variable
  * go#41453 cmd/addr2line: TestAddr2Line fails with double / in $GOROOT_FINAL
  * go#41432 cmd/cgo: jmethodID/jfieldID is not mapped to uintptr if building with the Android NDK
  * go#41317 runtime: "fatal error: unexpected signal during runtime execution" on windows-amd64-longtest builder of Go 1.15.2 commit
  * go#40881 testing: summary and test output interleaved
  * go#40742 runtime: pcdata is -2 and 12 locals stack map entries error on nil pointer
  * go#40693 plugin: program on linux/s390x sometimes hangs after calling "plugin.Open"
  * go#40643 runtime: race between stack shrinking and channel send/recv leads to bad sudog values (forwarded request 841836 from jfkw)

• Files Changed
• Browse Source

- go1.15.2 (released 2020-09-09) includes fixes to the compiler,
  runtime, documentation, the go command, and the net/mail, os,
  sync, and testing packages.
  Refs boo#1175132 go1.15 release tracking
  * go#41193 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test
  * go#41178 doc: include fix for #34437 in Go 1.14 release notes
  * go#41034 testing: Cleanup races with Logf and Errorf
  * go#41011 sync: sync.Map keys will never be garbage collected
  * go#40934 runtime: checkptr incorrectly -race flagging when using &^ arithmetic
  * go#40900 internal/poll: CopyFileRange returns EPERM on CircleCI Docker Host running 4.10.0-40-generic
  * go#40868 cmd/compile: R12 can be clobbered for write barrier call on PPC64
  * go#40849 testing: "=== PAUSE" lines do not change the test name for the next log line
  * go#40845 runtime: Panic if newstack at runtime.acquireLockRank
  * go#40805 cmd/test2json: tests that panic are marked as passing
  * go#40804 net/mail: change in behavior of ParseAddressList("") in 1.15
  * go#40802 cmd/go: in 1.15: change in "go test" argument parsing
  * go#40798 cmd/compile: inline marker targets not reachable after assembly on arm
  * go#40772 cmd/compile: compiler crashes in ssa: isNonNegative bad type
  * go#40767 cmd/compile: inline marker targets not reachable after assembly on ppc64x
  * go#40739 internal/poll: CopyFileRange returns ENOTSUP on Linux 3.10.0 kernel on NFS mount
  * go#40412 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment
- Add missing '?' before 'suse_version' test by Xia Lei <emricg2@gmail.com>

- replace binutils-gold requires by recommends for aarch64 on SLE. (bsc#1170826) (forwarded request 833831 from jfkw)

• Files Changed
• Browse Source

- go1.15.1 (released 2020-09-01) includes security fixes to the
  net/http/cgi, net/http/fcgi packages.
  CVE-2020-24553
  Refs boo#1175132 go1.15 release tracking
  * boo#1176031 CVE-2020-24553
  * go#41165 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified (forwarded request 831302 from jfkw)

• Files Changed
• Browse Source

- go1.15 (released 2020-08-11) Go 1.15 is a major release of Go.
  go1.15.x minor releases will be provided through August 2021.
  https://github.com/golang/go/wiki/Go-Release-Cycle
  Most changes are in the implementation of the toolchain, runtime,
  and libraries. As always, the release maintains the Go 1 promise
  of compatibility. We expect almost all Go programs to continue to
  compile and run as before.
  Refs boo#1175132 go1.15 release tracking

• Browse Source