Prepare for RPM 4.20 (forwarded request 1152227 from dimstar)

• Files Changed
• Browse Source

- Add subpackage go1.x-libstd for compiled shared object libstd.so.
  only on Tumbleweed at this time.
  * Main go1.x package included libstd.so in previous versions
  * Split libstd.so into subpackage that can be installed standalone
  * Continues the slimming down of main go1.x package by 40 Mb
  * Experimental and not recommended for general use, Go currently has no ABI
  * Upstream Go has not committed to support buildmode=shared long-term
  * Do not use in packaging, build static single binaries (the default)
  * Upstream Go go1.x binary releases do not include libstd.so
  * go1.x Suggests go1.x-libstd so not installed by default Recommends
  * go1.x-libstd does not Require: go1.x so can install standalone
  * Provides go-libstd unversioned package name
  * Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
  * go1.x Suggests go1.x-doc so not installed by default Recommends
  * Use Group: Development/Languages/Go instead of Other
  * On Tumbleweed bootstrap with current default gcc13 and gccgo118
  * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
    using go1.x package (%bcond_without gccgo). This is no longer
    needed on current SLE-12:Update and removing will consolidate
    the build configurations used.
  * Change source URLs to go.dev as per Go upstream (forwarded request 1079832 from jfkw)

• Files Changed
• Browse Source

- Use gcc13 compiler for Tumbleweed. (forwarded request 1079520 from jfkw)

• Files Changed
• Browse Source

- Don't build with shared on riscv64 for < go1.18 (forwarded request 999102 from jfkw)

• Files Changed
• Browse Source

- Define go_bootstrap_version go1.16 without suse_version checks
- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere (forwarded request 998731 from jfkw)

• Files Changed
• Browse Source

- go1.17.13 (released 2022-08-01) includes security fixes to the
  encoding/gob and math/big packages, as well as bug fixes to the
  compiler and the runtime.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-32189
  * boo#1202035 CVE-2022-32189 go#53871
  * go#54094 math/big: index out of range in Float.GobDecode
  * go#53846 runtime: modified timer results in extreme cpu load
  * go#53617 cmd/compile: condition in for loop body is incorrectly optimised away
  * go#53111 runtime: gentraceback() dead loop on arm64 casued the process hang
  * go#52960 cmd/compile: miscompilation in pointer operations (forwarded request 992075 from jfkw)

• Files Changed
• Browse Source

- go1.17.12 (released 2022-07-12) includes security fixes to the
  compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
  net/http, and path/filepath packages, as well as bug fixes to the
  compiler, the go command, the runtime, and the runtime/metrics
  package.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962 (forwarded request 988806 from jfkw)

• Files Changed
• Browse Source

- go1.17.11 (released 2022-06-01) includes security fixes to the
  crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
  well as bug fixes to the crypto/tls package.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
  * boo#1200134 go#52561 CVE-2022-30634
  * go#52932 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
  * boo#1200135 go#52814 CVE-2022-30629
  * go#52832 crypto/tls: randomly generate ticket_age_add
  * boo#1200136 go#52574 CVE-2022-30580
  * go#53056 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
  * boo#1200137 go#52476 CVE-2022-29804
  * go#52478 path/filepath: Clean(.\c:) returns c: on Windows
  * go#52790 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
  * go#52826 runtime: TestGcSys is still flaky
  * go#53042 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
  * go#53049 runtime: TestGdbBacktrace failures due to GDB "internal-error: wait returned unexpected status 0x0"
  * go#53114 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11 (forwarded request 980417 from jfkw)

• Files Changed
• Browse Source

- go1.17.10 (released 2022-05-10) includes security fixes to the
  syscall package, as well as bug fixes to the compiler, runtime,
  and the crypto/x509 and net/http/httptest packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-29526
  * boo#1199413 go#52313 CVE-2022-29526
  * go#52439 syscall: Faccessat checks wrong group
  * go#51858 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
  * go#52095 cmd/compile: fails to compile very long files starting go1.17
  * go#52148 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
  * go#52306 sync: TestWaitGroupMisuse2 is flaky
  * go#52374 runtime: executable compiled under Go 1.17.7 will occasionally wedge
  * go#52455 net/http/httptest: race in Close
  * go#52705 net: TestDialCancel is not compatible with new macOS ARM64 builders (forwarded request 976169 from jfkw)

• Files Changed
• Browse Source

- Remove remaining use of gold linker when bootstrapping with
  gccgo. The binutils-gold package will be removed in the future.
  * History: go1.8.3 2017-06-18 added conditional if gccgo defined
    BuildRequires: binutils-gold for arches other than s390x
  * No information available why binutils-gold was used initially
  * Unrelated to upstream recent hardcoded gold dependency for ARM (forwarded request 974490 from jfkw)

• Files Changed
• Browse Source

- go1.17.9 (released 2022-04-12) includes security fixes to the
  crypto/elliptic and encoding/pem packages, as well as bug fixes
  to the linker and runtime.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-24675 CVE-2022-28327
  * boo#1198423 go#51853 CVE-2022-24675
  * go#52036 encoding/pem: stack overflow
  * boo#1198424 go#52075 CVE-2022-28327
  * go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
  * go#51736 plugin: tls handshake panic: unreachable method called. linker bug?
  * go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0
  * go#51458 runtime: finalizer call has wrong frame size
  * go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed (forwarded request 969622 from jfkw)

• Files Changed
• Browse Source

- Template gcc-go.patch to substitute gcc_go_version and eliminate
  multiple similar patches each with hardcoded gcc go binary name.
  gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
  for current lack of gcc-go update-alternatives usage.
  * add gcc-go.patch
  * drop gcc6-go.patch
  * drop gcc7-go.patch

- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
  gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
  go1.18 on SLE-12 aarch64 ppc64le or s390x.
  * gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
    undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 (forwarded request 967627 from jfkw)

• Files Changed
• Browse Source

- Add %define go_label as a configurable Go toolchain directory
  * go_label can be used to package multiple Go toolchains with
    the same go_api
  * go_label should be defined as go_api with an optional suffix
    e.g. %{go_api} or %{go_api}-foo
  * Default go_label = go_api makes no changes to package layout (forwarded request 966741 from jfkw)

• Files Changed
• Browse Source

- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency (forwarded request 962203 from dirkmueller)

• Files Changed
• Browse Source

- go1.17.8 (released 2022-03-03) includes a security fix to the
  regexp/syntax package, as well as bug fixes to the compiler,
  runtime, the go command, and the crypto/x509, and net packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-24921
  * boo#1196732 go#51112 CVE-2022-24921
  * go#51118 regexp: stack overflow (process exit) handling deeply nested regexp
  * go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
  * go#51199 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
  * go#51162 net: use EDNS to increase DNS packet size [freeze exception]
  * go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
  * go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 (forwarded request 959306 from jfkw)

• Files Changed
• Browse Source

- Add missing .bin binary test data to packaging.
  * Existing test data files added to packaging with mode 644:
    src/compress/bzip2/testdata/pass-random2.bin
    src/compress/bzip2/testdata/pass-random1.bin
    src/debug/dwarf/testdata/line-gcc-win.bin (forwarded request 955952 from jfkw)

• Files Changed
• Browse Source

- go1.17.7 (released 2022-02-10) includes security fixes to the
  crypto/elliptic, math/big packages and to the go command, as well
  as bug fixes to the compiler, linker, runtime, the go command,
  and the debug/macho, debug/pe, and net/http/httptest packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
  * boo#1195838 go#50974 CVE-2022-23806
  * go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
  * boo#1195835 go#50699 CVE-2022-23772
  * go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
  * boo#1195834 go#35671 CVE-2022-23773
  * go#50687 cmd/go: do not treat branches with semantic-version names as releases
  * go#50942 cmd/asm: "compile: loop" compiler bug?
  * go#50867 cmd/compile: incorrect use of CMN on arm64
  * go#50812 cmd/go: remove bitbucket VCS probing
  * go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
  * go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
  * go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
  * go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
  * go#50297 cmd/link: does not set section type of .init_array correctly
  * go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package (forwarded request 953823 from jfkw)

• Files Changed
• Browse Source

- go1.17.6 (released 2022-01-06) includes fixes to the compiler,
  linker, runtime, and the crypto/x509, net/http, and reflect
  packages.
  Refs boo#1190649 go1.17 release tracking
  * go#50165 crypto/x509: error parsing large ASN.1 identifiers
  * go#50073 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
  * go#49961 reflect: segmentation violation while using html/template
  * go#49921 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
  * go#49413 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
  * go#48116 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 (forwarded request 944560 from jfkw)

• Files Changed
• Browse Source

- go1.17.5 (released 2021-12-09) includes security fixes to the
  syscall and net/http packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2021-44716 CVE-2021-44717
  * boo#1193598 go#50057 CVE-2021-44717
  * go#50067 syscall: don’t close fd 0 on ForkExec error
  * boo#1193597 go#50058 CVE-2021-44716
  * go#50065 net/http: limit growth of header canonicalization cache (forwarded request 938745 from jfkw)

• Files Changed
• Browse Source

- go1.17.4 (released 2021-12-02) includes fixes to the compiler,
  linker, runtime, and the go/types, net/http, and time packages.
  Refs boo#1190649 go1.17 release tracking
  * go#49911 x/net/http2: frequent failures in TestClientConnCloseAtBody
  * go#49909 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
  * go#49905 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
  * go#49868 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
  * go#49729 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
  * go#49662 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
  * go#49624 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
  * go#49568 net/http: server responds with Transfer-Encoding: identity
  * go#49561 x/net/http2: setting Request.Close doesn't close TCP connections
  * go#49559 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
  * go#49511 cmd/compile: init info of OAS node in a select case is being dropped
  * go#49479 runtime: "morestack on g0" in x/perf/storage/app on windows/arm64
  * go#49407 time: ParseInLocation error
  * go#49392 cmd/compile: internal compiler error: Expand calls interface data problem
  * go#49369 runtime: time goes backwards on windows-arm64 (frequent TestGcLastTime failures)
  * go#49129 cmd/compile: internal compiler error: can't find source for b12->b4: v31 = MOVBload <bool> v14 v1 : DX
  * go#48825 go/types, types2: stack overflow in hasVarSize for invalid type (forwarded request 935320 from jfkw)

• Files Changed
• Browse Source