Version: 1.11.13-bp152.3.3
* Wed Apr 29 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Requires binutils-gold for %arm and aarch64 - boo#1170826
* Wed Apr 15 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- armv7 build hangs with gcc7-go on Leap 15.2, so use go1.4 (bsc#1167874)
* Mon Mar 16 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- %arm requires binutils-gold to build with go1.4 (bsc#1167874)
* Thu Nov 28 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Make use of gcc9-go for Tumbleweed since gcc8 has been dropped
- Drop gcc8-go.patch and add gcc9-go.patch
* Mon Oct 21 2019 Stefan BrĂ¼ns <stefan.bruens@rwth-aachen.de>
- Fix broken go_api evaluation (1.11 < 1.5, when evaluated as floats),
let RPM evaluate the expression, drop no longer required bc.
- Own the gdbinit.d directory, avoid the build dependency on gdb.
* Tue Aug 13 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.13 (released 2019/08/13) includes security fixes to the
net/http and net/url packages addressing CVEs:
CVE-2019-9512 CVE-2019-9514 CVE-2019-14809
Refs boo#1141688.
* bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
* bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
* bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
* go#33632 net/url: URL.Parse Multiple Parsing Issues
* go#33630 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
* Wed Jul 10 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.12 (released 2019/07/08) includes fixes to the compiler and
the linker.
Refs boo#1141688.
* go#32711 cmd/compile: wrong calculation result for bit operation
that's inlined and has all constant shifts in rewrite rules
* go#32696 debug/dwarf: cgo produces malformed DWARF data
* go#32582 cmd/compile: `switch` statement on a custom `int32` type
with negative values behaves differently in two consecutive calls
* Tue Jul 09 2019 Martin Li?ka <mliska@suse.cz>
- Set NO_BRP_AR in order to workaround issues when ar is used for
a Go ELF file.
* Tue Jun 18 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini.
Originally from Dominique Leuenberger <dimstar@opensuse.org>
* Mon Jun 17 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package.
Refs boo#1141688.
* go#32366 net/http: make Transport ignore 408 timeout messages from server
* go#32281 crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots
* go#30525 cmd/go: MacOS binaries invalid for eventual Apple Notary
* go#29618 cmd/go: downloads follow plain-HTTP redirects even when the -insecure flag is not set
* Tue May 07 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.10 (released 2019/05/06) includes fixes to the runtime and
the linker.
Refs boo#1141688.
* go#31195 cmd/go: pseudoversions can refer to external commits
* go#30989 runtime: dll injection vulnerabilities on Windows