go1.11-1.11.9-bp151.2.1

- go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt binary
  releases on older versions of GNU/Linux led to failures when linking programs
  that used cgo. Only Linux users who hit this issue need to update.
  Unpackaged go1.11.8 (released 2019/04/08) was accidentally released by
  upstream without its intended fix. It is identical to go1.11.7, except for
  its version number. The intended fix is in go1.11.9. go1.11.8 was never
  packaged for SUSE and openSUSE.
  Refs boo#1141688.
  * go#31293 runtime/cgo: unrecognized relocation with binaries shipped in go1.11.7

- go1.11.7 (released 2019/04/05) includes fixes to the runtime
  and the net packages.
  Refs boo#1141688.
  * go#30872 runtime: write barrier incorrect on wasm

- go1.11.6 (released 2019/03/14) includes fixes to includes fixes
  to cgo, the compiler, linker, runtime, go command, and the
  crypto/x509, encoding/json, net, and net/url packages.
  Refs boo#1141688.
  * go#30815 misc/cgo/test: failing TestCrossPackageTests
  * go#30444 crypto/x509: darwin-386 build is broken
  * go#30081 crypto/x509: certificates with AKID don't chain to parents without SKID
  * go#29967 cmd/cgo: -Waddress-of-packed-member warnings poping up with gcc9 in cgo-gcc-prolog
  * go#29944 x/tools/go/packages: TestLoadImportsGraph failure with custom GOCACHE
  * go#29923 net/url: URL allows malformed query round trip
  * go#29906 x/build/cmd/release: Go 1.11.5 amd64 tarball includes /gocache and /tmp Builders
  * go#29700 net: TestLookupGmailTXT is failing
  * go#29645 x/tools/godoc/redirect: offer Gerrit/Rietveld CL disambiguation when needed
  * go#29565 runtime: fatal error: found bad pointer in Go heap
  * go#29564 x/tools/cmd/godoc: add x/website redirect
  * go#29503 cmd/compile: incorrect code generation bug when taking slice[:0]
  * go#29447 x/sys/unix: go1.11 on mips64le fails at TestFstatat on Debian build
  * go#29442 cmd/go: go1.11.4 toolchain3 build fail with "slice bounds out of range" on 32-bit MIPS on Debian build
  * go#29364 encoding/json: custom UnmarshalTypeError no longer has struct context
  * go#29307 cmd/compile, cmd/link: relocation target go.builtin.error.Error not defined
  * go#28986 runtime: OS thread appears to be re-used despite never releasing runtime.LockOSThread()
  * go#28346 cmd/go: `go test -c` does not respect gcflags sometimes
  * go#26039 crypto/x509: root_cgo_darwin and root_nocgo_darwin omit some system certs
  * go#25041 runtime: runtime.Caller returns invalid zero frame

- Add gcc9-rsp-clobber.patch in order to fix bsc#1121397.

- Fix erroneous trailing backslash in %post script.
- Use better forms of -exec \; in some places.

- go1.11.5 (released 2019/01/23) security release fixes CVE-2019-6486 (bsc#1123013).
  Refs boo#1141688.
  * go#29903 crypto/elliptic: CPU DoS vulnerability affecting P-521 and P-384

- Make our profile.d/go.sh no longer set GOROOT=, in order to make switching
  between versions no longer break. This ends up removing the need for go.sh
  entirely (because GOPATH is also set automatically). boo#1119634

- go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
  runtime, documentation, go command, and the net/http and go/types packages.
  It includes a fix to a bug introduced in Go 1.11.3 that broke go get for
  import path patterns containing "..." (boo#1119706). See the Go 1.11.4 milestone on our
  issue tracker for details.
  https://github.com/golang/go/issues?q=milestone%3AGo1.11.4+label%3ACherryPickApproved
  Refs boo#1141688.
  * go#29272 misc/cgo/test: issue24161 tests broken on Darwin
  * go#29248 cmd/go: "go get" fails on import path patterns with wildcards ("...")
  * go#29191 cmd/go: symbolic links not dropped from repo
  * go#29112 cmd/link: too many open files on high object-count dependencies
  * go#28974 cmd/go: need to backport relaxing of go.mod go verb constraints to 1.11 series
  * go#28972 go/types: problem with alias type
  * go#28916 cmd/cgo: nested structure has too much alignment padding
  * go#28799 runtime: fatal error: out of memory on reslice with negative index
  * go#28752 reflect: scanning invalid return slots during a makeFunc call
  * go#28725 cmd/go: panic when argument doesn't match any packages
  * go#28694 cmd/compile: inline multiplication corrupts an argument on arm
  * go#28690 runtime: ThreadSanitizer CHECK failed
  * go#28673 x/net/http2: Transport is leaking streams on broken Body
  * go#28617 cmd/compile: panic during fuse with if true block containing a goto and a return
  * go#28586 cmd/compile: go binaries not working on exynos 64 bit CPUs
  * go#27395 cmd/cgo: typedef pointer arguments regression
  * go#27383 cmd/compile: failure on a function type alias

- Update to Go 1.11.3 (released 2018/12/13). This includes fixes to
  the crypto/x509 and cmd/go packages. See the Go 1.11.3 milestone
  on upstream tracker for details:
  https://github.com/golang/go/issues?q=milestone%3AGo1.11.3
  Refs boo#1141688.
  * bsc#1118897 CVE-2018-16873
    go#29230 cmd/go: remote command execution during "go get -u"
  * bsc#1118898 CVE-2018-16874
    go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
  * bsc#1118899 CVE-2018-16875
    go#29233 crypto/x509: CPU denial of service
  * Upstream is aware of a functionality regression in "go get" when
    executed in GOPATH mode on an import path pattern containing "..."
    (e.g., "go get github.com/golang/pkg/..."), when downloading
    packages not already present in the GOPATH workspace. This is go#29241
    and will be resolved in the next minor patch release go-1.11.4

- Fix build error with PIE linker flags on ppc64le. bsc#1113978 boo#1098017
  * gccgo on ppc64le with default PIE enabled fails with:
    error while loading shared libraries:
    R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
  * linuxppc-dev discussion:
    "PIE binaries are no longer mapped below 4 GiB on ppc64le"
    https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html
  * Add for ppc64le only: #!BuildIgnore: gcc-PIE
  * OBS environment defaults to PIE
  * Upstream fix for go buildmode PIE desired, track upstream go#28531

- Remove obsolete patch:
  * armv6l.patch
- Enable %arm build
- Build with go1.4 instead of gccgo for Tumbleweed (fix %arm build)

- Update to go1.11.2 (released 2018/11/02)
  * includes fixes to the compiler, linker, documentation, go command,
    and the database/sql and go/types packages.
- cmd/compile:
  * function argument hiding built-in function results in a compiler crash go#27399
  * go build panics when 'len' keyword was unintentionally shadowed go#27973
- cmd/go:
  * 'go test -coverprofile' emits slash-separated paths on Windows go#27487
  * `go help build` mentions -mod=release, which is not supported go#27398
  * for go mod download, -dir option does not exist go#27498
  * git export-subst causes hash mismatches go#28094
- cmd/trace:
  * SWEEP events' swept/reclaimed bytes info is not emitted go#27717
- database/sql:
  * confusing MaxIdleClosed statistic go#28325
- go/types:
  * embedded interface behavior now dependent on file name ordering go#28249
- misc/wasm:
  * Microsoft Edge 18 (latest) crashes due to TextEncoder not being supported go#27393
- net:
  * io.CopyN fails to copy from file to net.Conn on Windows go#27411
- runtime:
  * wasm: all goroutines asleep and no JavaScript callback pending - deadlock go#27425
- Fix formatting in go1.11.changes

- Update to go1.11.1 (released 2018/10/01)
  * includes fixes to the compiler, documentation, go command, runtime,
    and the crypto/x509, encoding/json, go/types, net, net/http and reflect
    packages.
- cmd/compile:
  * bad walkinrange rewrites on constant above 2**63
  * function compiled without bounds checking and -1 index access
  * missing bounds checks in 1.11
  * panic in cmd/compile/internal/gc.typecheck1
  * race detector detects race with close(chan) and len(chan)
- cmd/go:
  * 'go test -gcflags=all=-l' appears not to disable inlining
  * GOMIPS environment variable does not affect caching of mipsle code
  * TestScript/mod_install_versioned consistently failing on macOS High Sierra
  * build fails when setting linker to lld using ldflags
  * go list -json -compiled -test -e upspin.io/test fails with non-zero exit status
- doc:
  * GOFLAGS environment variable not in 1.11 release notes
  * downloads page claims that Go 1.11 supports unsupported operating systems Documentation
- encoding/json:
  * empty fields in json.UnmarshalTypeError
- go/types:
  * assertion failure setting up composite literal with incomplete element type
  * some facts are missing after an error
- net/http:
  * WASM Roundtripper crash when using "no-cors" mode
- net:
  * LookupTXT bug
  * empty DNS answers should fail fast
  * testSpliceReaderAtEOF closed connection: got err = splice: invalid argument
- reflect:
  * MethodByName().Interface() leads to fatal error: sweep increased allocation count
- runtime:
  * invalid pointer found on stack
  * timeouts in os/signal tests

- Update to version 1.11:
  * Most of its changes are in the implementation of the toolchain,
    runtime, and libraries. As always, the release maintains the
    Go 1 promise of compatibility. We expect almost all Go programs
    to continue to compile and run as before.
  * For more details check: https://golang.org/doc/go1.11
- Use gcc8 instead of gcc7 for Factory/Tumbleweed.
- Update compiler-rt TSAN binary: the precompiled versions of
  LLVM's compiler-rt has updated to commit
  fe2c72c59aa7f4afa45e3f65a5d16a374b6cce26 in go1.11 source.
- Remove patch:
  * fix-sanitizer-build-against-latest-glibc.patch: upstream fixed.
- Add patch:
  * gcc8-go.patch: use gcc8 instead of gcc7 for Factory/Tumbleweed.

- Update to version 1.10.4:
  * go1.10.4 (released 2018/08/24) includes fixes to the go command,
    linker, and the net/http, mime/multipart, ld/macho, bytes, and
    strings packages. See the Go 1.10.4 milestone on our issue
    tracker for details.

- Update to version1.10.3:
  * go1.10.3 (released 2018/06/05) includes fixes to the go command,
    and the crypto/tls, crypto/x509, and strings packages. In particular,
    it adds minimal support to the go command for the vgo transition.
    See the Go 1.10.3 milestone on our issue tracker for details.

- Update to version 1.10.2:
  * includes fixes to the compiler, linker, and go command.
- Changes in version 1.10.1:
  * includes fixes to the compiler, runtime, and the archive/zip,
    crypto/tls, crypto/x509, encoding/json, net, net/http, and net/http/pprof packages.

- Removed
  * go-1.5-install-dont-reinstall-stdlibs.patch: patch no longer needed.
- Changed
  * gcc7-go.patch: go1.10 source code changed, patch is no longer applies.

- Update to go1.10:
  * Most of its changes are in the implementation of the toolchain, runtime, and
    libraries. As always, the release maintains the Go 1 promise of compatibility.
    We expect almost all Go programs to continue to compile and run as before.
  * This release improves caching of built packages, adds caching of successful
    test results, runs vet automatically during tests, and permits passing
    string values directly between Go and C using cgo. A new compiler option
    whitelist may cause unexpected invalid flag errors in code that built
    successfully with older releases.
  * For more details check: https://golang.org/doc/go1.10
- Removed the following patches:
  * verbose-build.patch: build system changed, patch is no longer applies
  * go-1.5-install-dont-reinstall-stdlibs.patch: patch no longer needed

- Ensure go binaries are not stripped (eg: go tools trace), this cause
  some of them to misbehave
- Ensure go trace html template is shipped as part of the installation,
  otherwise the web UI won't work
- Fix license of go race

- Ensure ARM arch is set properly - boo#1169832

- Requires binutils-gold for %arm and aarch64 - boo#1170826

- armv7 build hangs with gcc7-go on Leap 15.2, so use go1.4 (bsc#1167874)

- %arm requires binutils-gold to build with go1.4 (bsc#1167874)

- Make use of gcc9-go for Tumbleweed since gcc8 has been dropped
- Drop gcc8-go.patch and add gcc9-go.patch

- Fix broken go_api evaluation (1.11 < 1.5, when evaluated as floats),
  let RPM evaluate the expression, drop no longer required bc.
- Own the gdbinit.d directory, avoid the build dependency on gdb.

- go1.11.13 (released 2019/08/13) includes security fixes to the
  net/http and net/url packages addressing CVEs:
  CVE-2019-9512 CVE-2019-9514 CVE-2019-14809
  Refs boo#1141688.
  * bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
  * bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
  * bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
  * go#33632 net/url: URL.Parse Multiple Parsing Issues
  * go#33630 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation

- go1.11.12 (released 2019/07/08) includes fixes to the compiler and
  the linker.
  Refs boo#1141688.
  * go#32711 cmd/compile: wrong calculation result for bit operation
    that's inlined and has all constant shifts in rewrite rules
  * go#32696 debug/dwarf: cgo produces malformed DWARF data
  * go#32582 cmd/compile: `switch` statement on a custom `int32` type
    with negative values behaves differently in two consecutive calls

- Set NO_BRP_AR in order to workaround issues when ar is used for
  a Go ELF file.

- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut the build queues by allowing usage of systemd-mini.
  Originally from Dominique Leuenberger <dimstar@opensuse.org>

- Ensure ARM arch is set properly - boo#1169832

- Requires binutils-gold for %arm and aarch64 - boo#1170826

- armv7 build hangs with gcc7-go on Leap 15.2, so use go1.4 (bsc#1167874)

- %arm requires binutils-gold to build with go1.4 (bsc#1167874)

- Make use of gcc9-go for Tumbleweed since gcc8 has been dropped
- Drop gcc8-go.patch and add gcc9-go.patch

- Fix broken go_api evaluation (1.11 < 1.5, when evaluated as floats),
  let RPM evaluate the expression, drop no longer required bc.
- Own the gdbinit.d directory, avoid the build dependency on gdb.

- go1.11.13 (released 2019/08/13) includes security fixes to the
  net/http and net/url packages addressing CVEs:
  CVE-2019-9512 CVE-2019-9514 CVE-2019-14809
  Refs boo#1141688.
  * bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
  * bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
  * bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
  * go#33632 net/url: URL.Parse Multiple Parsing Issues
  * go#33630 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation

- go1.11.12 (released 2019/07/08) includes fixes to the compiler and
  the linker.
  Refs boo#1141688.
  * go#32711 cmd/compile: wrong calculation result for bit operation
    that's inlined and has all constant shifts in rewrite rules
  * go#32696 debug/dwarf: cgo produces malformed DWARF data
  * go#32582 cmd/compile: `switch` statement on a custom `int32` type
    with negative values behaves differently in two consecutive calls

- Set NO_BRP_AR in order to workaround issues when ar is used for
  a Go ELF file.

- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
  shortcut the build queues by allowing usage of systemd-mini.
  Originally from Dominique Leuenberger <dimstar@opensuse.org>

- go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package.
  Refs boo#1141688.
  * go#32366 net/http: make Transport ignore 408 timeout messages from server
  * go#32281 crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots
  * go#30525 cmd/go: MacOS binaries invalid for eventual Apple Notary
  * go#29618 cmd/go: downloads follow plain-HTTP redirects even when the -insecure flag is not set

- go1.11.10 (released 2019/05/06) includes fixes to the runtime and
  the linker.
  Refs boo#1141688.
  * go#31195 cmd/go: pseudoversions can refer to external commits
  * go#30989 runtime: dll injection vulnerabilities on Windows