* Mon Apr 15 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt binary
releases on older versions of GNU/Linux led to failures when linking programs
that used cgo. Only Linux users who hit this issue need to update.
Unpackaged go1.11.8 (released 2019/04/08) was accidentally released by
upstream without its intended fix. It is identical to go1.11.7, except for
its version number. The intended fix is in go1.11.9. go1.11.8 was never
packaged for SUSE and openSUSE.
Refs boo#1141688.
* go#31293 runtime/cgo: unrecognized relocation with binaries shipped in go1.11.7
* Sat Apr 06 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.7 (released 2019/04/05) includes fixes to the runtime
and the net packages.
Refs boo#1141688.
* go#30872 runtime: write barrier incorrect on wasm
* Thu Mar 14 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.6 (released 2019/03/14) includes fixes to includes fixes
to cgo, the compiler, linker, runtime, go command, and the
crypto/x509, encoding/json, net, and net/url packages.
Refs boo#1141688.
* go#30815 misc/cgo/test: failing TestCrossPackageTests
* go#30444 crypto/x509: darwin-386 build is broken
* go#30081 crypto/x509: certificates with AKID don't chain to parents without SKID
* go#29967 cmd/cgo: -Waddress-of-packed-member warnings poping up with gcc9 in cgo-gcc-prolog
* go#29944 x/tools/go/packages: TestLoadImportsGraph failure with custom GOCACHE
* go#29923 net/url: URL allows malformed query round trip
* go#29906 x/build/cmd/release: Go 1.11.5 amd64 tarball includes /gocache and /tmp Builders
* go#29700 net: TestLookupGmailTXT is failing
* go#29645 x/tools/godoc/redirect: offer Gerrit/Rietveld CL disambiguation when needed
* go#29565 runtime: fatal error: found bad pointer in Go heap
* go#29564 x/tools/cmd/godoc: add x/website redirect
* go#29503 cmd/compile: incorrect code generation bug when taking slice[:0]
* go#29447 x/sys/unix: go1.11 on mips64le fails at TestFstatat on Debian build
* go#29442 cmd/go: go1.11.4 toolchain3 build fail with "slice bounds out of range" on 32-bit MIPS on Debian build
* go#29364 encoding/json: custom UnmarshalTypeError no longer has struct context
* go#29307 cmd/compile, cmd/link: relocation target go.builtin.error.Error not defined
* go#28986 runtime: OS thread appears to be re-used despite never releasing runtime.LockOSThread()
* go#28346 cmd/go: `go test -c` does not respect gcflags sometimes
* go#26039 crypto/x509: root_cgo_darwin and root_nocgo_darwin omit some system certs
* go#25041 runtime: runtime.Caller returns invalid zero frame
* Mon Mar 11 2019 Martin Li?ka <mliska@suse.cz>
- Add gcc9-rsp-clobber.patch in order to fix bsc#1121397.
* Fri Feb 08 2019 Jan Engelhardt <jengelh@inai.de>
- Fix erroneous trailing backslash in %post script.
- Use better forms of -exec \; in some places.
* Thu Jan 24 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.5 (released 2019/01/23) security release fixes CVE-2019-6486 (bsc#1123013).
Refs boo#1141688.
* go#29903 crypto/elliptic: CPU DoS vulnerability affecting P-521 and P-384
* Sat Dec 15 2018 Aleksa Sarai <asarai@suse.com>
- Make our profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for go.sh
entirely (because GOPATH is also set automatically). boo#1119634
* Sat Dec 15 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
runtime, documentation, go command, and the net/http and go/types packages.
It includes a fix to a bug introduced in Go 1.11.3 that broke go get for
import path patterns containing "..." (boo#1119706). See the Go 1.11.4 milestone on our
issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+label%3ACherryPickApproved
Refs boo#1141688.
* go#29272 misc/cgo/test: issue24161 tests broken on Darwin
* go#29248 cmd/go: "go get" fails on import path patterns with wildcards ("...")
* go#29191 cmd/go: symbolic links not dropped from repo
* go#29112 cmd/link: too many open files on high object-count dependencies
* go#28974 cmd/go: need to backport relaxing of go.mod go verb constraints to 1.11 series
* go#28972 go/types: problem with alias type
* go#28916 cmd/cgo: nested structure has too much alignment padding
* go#28799 runtime: fatal error: out of memory on reslice with negative index
* go#28752 reflect: scanning invalid return slots during a makeFunc call
* go#28725 cmd/go: panic when argument doesn't match any packages
* go#28694 cmd/compile: inline multiplication corrupts an argument on arm
* go#28690 runtime: ThreadSanitizer CHECK failed
* go#28673 x/net/http2: Transport is leaking streams on broken Body
* go#28617 cmd/compile: panic during fuse with if true block containing a goto and a return
* go#28586 cmd/compile: go binaries not working on exynos 64 bit CPUs
* go#27395 cmd/cgo: typedef pointer arguments regression
* go#27383 cmd/compile: failure on a function type alias
* Thu Dec 13 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to Go 1.11.3 (released 2018/12/13). This includes fixes to
the crypto/x509 and cmd/go packages. See the Go 1.11.3 milestone
on upstream tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.11.3
Refs boo#1141688.
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "go get -u"
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
* Upstream is aware of a functionality regression in "go get" when
executed in GOPATH mode on an import path pattern containing "..."
(e.g., "go get github.com/golang/pkg/..."), when downloading
packages not already present in the GOPATH workspace. This is go#29241
and will be resolved in the next minor patch release go-1.11.4
* Mon Dec 10 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
- Fix build error with PIE linker flags on ppc64le. bsc#1113978 boo#1098017
* gccgo on ppc64le with default PIE enabled fails with:
error while loading shared libraries:
R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
* linuxppc-dev discussion:
"PIE binaries are no longer mapped below 4 GiB on ppc64le"
https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html
* Add for ppc64le only: #!BuildIgnore: gcc-PIE
* OBS environment defaults to PIE
* Upstream fix for go buildmode PIE desired, track upstream go#28531
* Fri Dec 07 2018 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Remove obsolete patch:
* armv6l.patch
- Enable %arm build
- Build with go1.4 instead of gccgo for Tumbleweed (fix %arm build)
* Mon Nov 05 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to go1.11.2 (released 2018/11/02)
* includes fixes to the compiler, linker, documentation, go command,
and the database/sql and go/types packages.
- cmd/compile:
* function argument hiding built-in function results in a compiler crash go#27399
* go build panics when 'len' keyword was unintentionally shadowed go#27973
- cmd/go:
* 'go test -coverprofile' emits slash-separated paths on Windows go#27487
* `go help build` mentions -mod=release, which is not supported go#27398
* for go mod download, -dir option does not exist go#27498
* git export-subst causes hash mismatches go#28094
- cmd/trace:
* SWEEP events' swept/reclaimed bytes info is not emitted go#27717
- database/sql:
* confusing MaxIdleClosed statistic go#28325
- go/types:
* embedded interface behavior now dependent on file name ordering go#28249
- misc/wasm:
* Microsoft Edge 18 (latest) crashes due to TextEncoder not being supported go#27393
- net:
* io.CopyN fails to copy from file to net.Conn on Windows go#27411
- runtime:
* wasm: all goroutines asleep and no JavaScript callback pending - deadlock go#27425
- Fix formatting in go1.11.changes
* Tue Oct 02 2018 Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to go1.11.1 (released 2018/10/01)
* includes fixes to the compiler, documentation, go command, runtime,
and the crypto/x509, encoding/json, go/types, net, net/http and reflect
packages.
- cmd/compile:
* bad walkinrange rewrites on constant above 2**63
* function compiled without bounds checking and -1 index access
* missing bounds checks in 1.11
* panic in cmd/compile/internal/gc.typecheck1
* race detector detects race with close(chan) and len(chan)
- cmd/go:
* 'go test -gcflags=all=-l' appears not to disable inlining
* GOMIPS environment variable does not affect caching of mipsle code
* TestScript/mod_install_versioned consistently failing on macOS High Sierra
* build fails when setting linker to lld using ldflags
* go list -json -compiled -test -e upspin.io/test fails with non-zero exit status
- doc:
* GOFLAGS environment variable not in 1.11 release notes
* downloads page claims that Go 1.11 supports unsupported operating systems Documentation
- encoding/json:
* empty fields in json.UnmarshalTypeError
- go/types:
* assertion failure setting up composite literal with incomplete element type
* some facts are missing after an error
- net/http:
* WASM Roundtripper crash when using "no-cors" mode
- net:
* LookupTXT bug
* empty DNS answers should fail fast
* testSpliceReaderAtEOF closed connection: got err = splice: invalid argument
- reflect:
* MethodByName().Interface() leads to fatal error: sweep increased allocation count
- runtime:
* invalid pointer found on stack
* timeouts in os/signal tests
* Tue Aug 28 2018 duyizhaozj321@yahoo.com
- Update to version 1.11:
* Most of its changes are in the implementation of the toolchain,
runtime, and libraries. As always, the release maintains the
Go 1 promise of compatibility. We expect almost all Go programs
to continue to compile and run as before.
* For more details check: https://golang.org/doc/go1.11
- Use gcc8 instead of gcc7 for Factory/Tumbleweed.
- Update compiler-rt TSAN binary: the precompiled versions of
LLVM's compiler-rt has updated to commit
fe2c72c59aa7f4afa45e3f65a5d16a374b6cce26 in go1.11 source.
- Remove patch:
* fix-sanitizer-build-against-latest-glibc.patch: upstream fixed.
- Add patch:
* gcc8-go.patch: use gcc8 instead of gcc7 for Factory/Tumbleweed.
* Mon Aug 27 2018 duyizhaozj321@yahoo.com
- Update to version 1.10.4:
* go1.10.4 (released 2018/08/24) includes fixes to the go command,
linker, and the net/http, mime/multipart, ld/macho, bytes, and
strings packages. See the Go 1.10.4 milestone on our issue
tracker for details.
* Sun Jun 10 2018 duyizhaozj321@yahoo.com
- Update to version1.10.3:
* go1.10.3 (released 2018/06/05) includes fixes to the go command,
and the crypto/tls, crypto/x509, and strings packages. In particular,
it adds minimal support to the go command for the vgo transition.
See the Go 1.10.3 milestone on our issue tracker for details.
* Thu May 17 2018 duyizhaozj321@yahoo.com
- Update to version 1.10.2:
* includes fixes to the compiler, linker, and go command.
- Changes in version 1.10.1:
* includes fixes to the compiler, runtime, and the archive/zip,
crypto/tls, crypto/x509, encoding/json, net, net/http, and net/http/pprof packages.
* Sun Apr 15 2018 duyizhaozj321@yahoo.com
- Removed
* go-1.5-install-dont-reinstall-stdlibs.patch: patch no longer needed.
- Changed
* gcc7-go.patch: go1.10 source code changed, patch is no longer applies.
* Sat Mar 03 2018 fcastelli@suse.com
- Update to go1.10:
* Most of its changes are in the implementation of the toolchain, runtime, and
libraries. As always, the release maintains the Go 1 promise of compatibility.
We expect almost all Go programs to continue to compile and run as before.
* This release improves caching of built packages, adds caching of successful
test results, runs vet automatically during tests, and permits passing
string values directly between Go and C using cgo. A new compiler option
whitelist may cause unexpected invalid flag errors in code that built
successfully with older releases.
* For more details check: https://golang.org/doc/go1.10
- Removed the following patches:
* verbose-build.patch: build system changed, patch is no longer applies
* go-1.5-install-dont-reinstall-stdlibs.patch: patch no longer needed
* Fri Mar 02 2018 fcastelli@suse.com
- Ensure go binaries are not stripped (eg: go tools trace), this cause
some of them to misbehave
- Ensure go trace html template is shipped as part of the installation,
otherwise the web UI won't work
- Fix license of go race
Version: 1.11.13-bp152.3.3
* Wed Apr 29 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Requires binutils-gold for %arm and aarch64 - boo#1170826
* Wed Apr 15 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- armv7 build hangs with gcc7-go on Leap 15.2, so use go1.4 (bsc#1167874)
* Mon Mar 16 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- %arm requires binutils-gold to build with go1.4 (bsc#1167874)
* Thu Nov 28 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Make use of gcc9-go for Tumbleweed since gcc8 has been dropped
- Drop gcc8-go.patch and add gcc9-go.patch
* Mon Oct 21 2019 Stefan BrĂ¼ns <stefan.bruens@rwth-aachen.de>
- Fix broken go_api evaluation (1.11 < 1.5, when evaluated as floats),
let RPM evaluate the expression, drop no longer required bc.
- Own the gdbinit.d directory, avoid the build dependency on gdb.
* Tue Aug 13 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.13 (released 2019/08/13) includes security fixes to the
net/http and net/url packages addressing CVEs:
CVE-2019-9512 CVE-2019-9514 CVE-2019-14809
Refs boo#1141688.
* bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
* bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
* bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
* go#33632 net/url: URL.Parse Multiple Parsing Issues
* go#33630 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
* Wed Jul 10 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.12 (released 2019/07/08) includes fixes to the compiler and
the linker.
Refs boo#1141688.
* go#32711 cmd/compile: wrong calculation result for bit operation
that's inlined and has all constant shifts in rewrite rules
* go#32696 debug/dwarf: cgo produces malformed DWARF data
* go#32582 cmd/compile: `switch` statement on a custom `int32` type
with negative values behaves differently in two consecutive calls
* Tue Jul 09 2019 Martin Li?ka <mliska@suse.cz>
- Set NO_BRP_AR in order to workaround issues when ar is used for
a Go ELF file.
* Tue Jun 18 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini.
Originally from Dominique Leuenberger <dimstar@opensuse.org>
* Mon Jun 17 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package.
Refs boo#1141688.
* go#32366 net/http: make Transport ignore 408 timeout messages from server
* go#32281 crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots
* go#30525 cmd/go: MacOS binaries invalid for eventual Apple Notary
* go#29618 cmd/go: downloads follow plain-HTTP redirects even when the -insecure flag is not set
* Tue May 07 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.11.10 (released 2019/05/06) includes fixes to the runtime and
the linker.
Refs boo#1141688.
* go#31195 cmd/go: pseudoversions can refer to external commits
* go#30989 runtime: dll injection vulnerabilities on Windows