* Wed Apr 29 2020 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Requires binutils-gold for %arm and aarch64 - boo#1170826
* Thu Apr 16 2020 Jeff Kowalczyk <jkowalczyk@suse.com>
- Revert truncate changelog for versions older than go1.12
* Thu Feb 13 2020 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.17 (released 2020/02/12) includes a fix to the runtime.
Refs boo#1141689.
* go#36574 runtime: "PowerRegisterSuspendResumeNotification failed with errno= 87" when running in Windows docker containers
* Truncate changelog for versions older than go1.12
* Wed Jan 29 2020 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.16 (released 2020/01/28) includes two security fixes to
the crypto/x509 package.
Refs boo#1141689.
* go#36839 crypto/x509, x/crypto/cryptobyte: panic in certificate parsing
* go#36836 crypto/x509: certificate validation bypass on Windows 10
* Fri Jan 10 2020 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.15 (released 2020/01/09) includes fixes to the runtime
and the net/http package.
Refs boo#1141689.
* go#36433 net/http: racing write to t.ProxyConnectHeader in dialConn when proxy URL includes auth credentials
* go#36377 runtime: "fatal error: PowerRegisterSuspendResumeNotification failure" when running in Windows docker containers
* go#36376 runtime: Timer buckets may get "stuck" for long periods of time after Windows 8/10 systems wake from sleep
* go#36367 runtime: sweep increased allocation count crash on arm64
* go#36002 doc: release history webpage contains suboptimal links
* Thu Dec 05 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.14 (released 2019/12/04) includes a fix to the runtime.
Refs boo#1141689.
* go#35747 ensure that Go toolchain meets Apple's notarization requirements
* go#35210 runtime: function textOff returns incorrect value if multiple text sections are present
* Fri Nov 01 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15
Catalina where the non-notarized installer and binaries were
being rejected by Gatekeeper. Only macOS users who hit this issue
need to update.
Refs boo#1141689.
* Tue Oct 29 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- Add %ifarch %arm aarch64 BuildRequires: binutils-gold to fix
/usr/lib64/go/{version}/pkg/tool/linux_arm64/link: running gcc failed: exit status 1
collect2: fatal error: cannot find 'ld'-
* Wed Oct 23 2019 Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Remove unneeded systemd BuildRequires.
* Mon Oct 21 2019 Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Fix broken go_api evaluation (1.12 < 1.5, when evaluated as floats),
let RPM evaluate the expression, drop no longer required bc.
- Own the gdbinit.d directory, avoid the build dependency on gdb.
* Fri Oct 18 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.12 (released 2019/10/17) includes fixes to the go command,
runtime, syscall and net packages.
Refs boo#1141689.
* go#34881 net/http: Client.Do() panics when URL includes HTTP basic auth
* go#34789 cmd/go/internal/modconv: TestConvertLegacyConfig failing on release-branch.go1.12
* go#34713 runtime, internal/poll: darwin: ensure that no thread is consumed, nor a syscall.Read if FD isn't yet ready for I/O
* go#34711 runtime: "program exceeds 50-thread limit" in test of os package on darwin-arm-mg912baios
* go#34661 net: infinite loop in LookupAddr()
* go#34641 syscall: (*LazyProc).Call does not keep arguments alive (anymore)
* go#33983 cmd/cover: cannot run in directory with no .go files
* go#33982 x/sys/unix: TestPassFD consistently failing in aix-ppc64 builder on release-branch.go1.12
* go#33877 net/http: Transport leaks net.Conns if connections never become idle
* go#33758 x/build, cmd/go: TestGoGetInsecure failing in release-branch.go1.12
* go#33757 x/build, runtime: linux-s390x-ibm regression in TestGdbPython on release-branch.go1.12
* go#33756 x/build: skip `darwin-386-10_14` builder on release-branch.go1.12
* go#33673 cmd/go: regression on the default of CGO_ENABLED to 0 for cross builds
* go#31887 cmd/go: downloads follow plain-HTTP redirects even when the -insecure flag is not set
* go#31305 x/arch/arm64/arm64asm: TestObjdumpARM64TestDecode{GNU,Go}Syntaxdata failing at Go 1.12.3
* Thu Oct 17 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.11 (released 2019/10/17) includes security fixes to the
crypto/dsa package addressing the following CVE:
CVE-2019-17596
Refs boo#1141689.
* boo#1154402 CVE-2019-17596
* go#34961 crypto/dsa: invalid public key causes panic in dsa.Verify
* Thu Sep 26 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.10 (released 2019/09/25) includes security fixes to the
net/http package addressing the following CVE:
CVE-2019-16276
Refs boo#1141689.
* boo#1152082 CVE-2019-16276
* go#34540 net/http: invalid headers are normalized, allowing request smuggling
* Thu Aug 15 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.9 (released 2019/08/15) includes fixes to the linker and
the os and math/big packages.
Refs boo#1141689.
* go#33557 cmd/link: stack depth check too shallow
* go#33424 os.RemoveAll: openFdAt function without O_CLOEXEC and cause fd escape to child process
* go#33040 cmd/link: missing section for relocation target
* go#32940 math/big: arm64 assembly code for shlVU is incorrect
* go#30401 doc: syscall: document Setrlimit behavior change on Go 1.12 on macOS
* Tue Aug 13 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.8 (released 2019/08/13) includes security fixes to the
net/http and net/url packages addressing CVEs:
CVE-2019-9512 CVE-2019-9514 CVE-2019-14809
Refs boo#1141689.
* bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
* bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
* bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
* go#33633 net/url: URL.Parse Multiple Parsing Issues
* go#33631 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
* Wed Jul 10 2019 Martin Li?ka <mliska@suse.cz>
- Set NO_BRP_AR in order to workaround issues when ar is used for
a Go ELF file.
* Wed Jul 10 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.7 (released 2019/07/08) includes fixes to cgo, the compiler,
and the linker.
Refs boo#1141689.
* go#32756 cmd/cgo: generates code with inappropriate array copy
* go#32712 cmd/compile: wrong calculation result for bit operation
that's inlined and has all constant shifts in rewrite rules
* go#32697 debug/dwarf: cgo produces malformed DWARF data
* go#32583 cmd/compile: `switch` statement on a custom `int32` type
with negative values behaves differently in two consecutive calls
* Wed Jun 26 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- Use gcc9 by default by updating define gcc_go_version 9 (was 8)
* drop unneeded patch gcc8-go.patch
* Tue Jun 25 2019 Pavol Cupka <palica@liguros.net>
- adding Web Assembly stuff from misc/wasm to fix boo#1139210
- fixing some minor rpmlint warnings
* Mon Jun 17 2019 Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.12.6 (released 2019/06/11) includes fixes to the compiler, the linker,
the go command, and the crypto/x509, net/http, and os packages.
Refs boo#1141689.
* go#32484 cmd/link: fix deferreturn detector
* go#32367 net/http: make Transport ignore 408 timeout messages from server
* go#32295 cmd/go: tests failing on linux-amd64-longtest
* go#32282 crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots
* go#32261 syscall: Windows user32 function (SendInput) behaves incorrectly when called within golang environment
* go#32168 cmd/go: accept -Wl,-R,path
* go#32081 os: windows processes started with foreign token inherit the wrong environment [CVE-2019-11888]
* go#32013 cmd/compile: sparse slices with struct items are not initialized
* go#30526 cmd/go: MacOS binaries invalid for eventual Apple Notary