Package Release Info

go1.16-1.16.15-2.3

Update Info: openSUSE-2023-358
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

go1.16
go1.16-doc

Change Logs

* Fri Apr 14 2023 jkowalczyk@suse.com
- Build subpackage go1.x-libstd compiled shared object libstd.so
  only on Tumbleweed at this time.
  Refs jsc#PED-1962
* Fri Apr 14 2023 jkowalczyk@suse.com
- Add subpackage go1.x-libstd for compiled shared object libstd.so.
  Refs jsc#PED-1962
  * Main go1.x package included libstd.so in previous versions
  * Split libstd.so into subpackage that can be installed standalone
  * Continues the slimming down of main go1.x package by 40 Mb
  * Experimental and not recommended for general use, Go currently has no ABI
  * Upstream Go has not committed to support buildmode=shared long-term
  * Do not use in packaging, build static single binaries (the default)
  * Upstream Go go1.x binary releases do not include libstd.so
  * go1.x Suggests go1.x-libstd so not installed by default Recommends
  * go1.x-libstd does not Require: go1.x so can install standalone
  * Provides go-libstd unversioned package name
  * Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
  * go1.x Suggests go1.x-doc so not installed by default Recommends
  * Use Group: Development/Languages/Go instead of Other
* Fri Apr 14 2023 jkowalczyk@suse.com
- Improvements to go1.x packaging spec:
  * On Tumbleweed bootstrap with current default gcc13 and gccgo118
  * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
    using go1.x package (%bcond_without gccgo). This is no longer
    needed on current SLE-12:Update and removing will consolidate
    the build configurations used.
  * Change source URLs to go.dev as per Go upstream
* Thu Apr 13 2023 mliska@suse.cz
- Use gcc13 compiler for Tumbleweed.
* Tue Aug 23 2022 schwab@suse.de
- Don't build with shared on riscv64 for < go1.18
* Thu Aug 11 2022 dmueller@suse.com
- switch to gcc-go, bootstrap via gcc-go 11/12 which
  should be available on leap, sle and factory
- add gcc-go.patch to bootstrap with gcc-go any version
- drop gcc6-go.patch, gcc7-go.patch: superseded by gcc-go.patch
* Fri Mar 11 2022 jkowalczyk@suse.com
- Add %define go_label as a configurable Go toolchain directory
  * go_label can be used to package multiple Go toolchains with
    the same go_api
  * go_label should be defined as go_api with an optional suffix
    e.g. %{go_api} or %{go_api}-foo
  * Default go_label = go_api makes no changes to package layout
* Wed Mar 09 2022 dmueller@suse.com
- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency
* Thu Mar 03 2022 jkowalczyk@suse.com
- go1.16.15 (released 2022-03-03) includes a security fix to the
  regexp/syntax package, as well as bug fixes to the compiler,
  runtime, the go command, and to the net package
  Refs boo#1182345 go1.16 release tracking
  CVE-2022-24921
  * boo#1196732 go#51112 CVE-2022-24921
  * go#51117 regexp: stack overflow (process exit) handling deeply nested regexp
  * go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
  * go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
  * go#51161 net: use EDNS to increase DNS packet size [freeze exception]
  * go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
* Fri Feb 18 2022 jkowalczyk@suse.com
- Add missing .bin binary test data to packaging.
  * Existing test data files added to packaging with mode 644:
    src/compress/bzip2/testdata/pass-random2.bin
    src/compress/bzip2/testdata/pass-random1.bin
    src/debug/dwarf/testdata/line-gcc-win.bin
* Thu Feb 10 2022 jkowalczyk@suse.com
- go1.16.14 (released 2022-02-10) includes security fixes to the
  crypto/elliptic, math/big packages and to the go command, as well
  as bug fixes to the compiler, linker, runtime, the go command,
  and the debug/macho, debug/pe, net/http/httptest, and testing
  packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
  * boo#1195838 go#50974 CVE-2022-23806
  * go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
  * boo#1195835 go#50699 CVE-2022-23772
  * go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
  * boo#1195834 go#35671 CVE-2022-23773
  * go#50686 cmd/go: do not treat branches with semantic-version names as releases
  * go#50866 cmd/compile: incorrect use of CMN on arm64
  * go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
  * go#50811 cmd/go: remove bitbucket VCS probing
  * go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
  * go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
  * go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
  * go#50645 testing: surprising interaction of subtests with TempDir
  * go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
  * go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package
* Thu Jan 06 2022 jkowalczyk@suse.com
- go1.16.13 (released 2022-01-06) includes fixes to the compiler,
  linker, runtime, and the net/http package.
  Refs boo#1182345 go1.16 release tracking
  * go#50449 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
  * go#50296 cmd/link: does not set section type of .init_array correctly
  * go#50194 runtime/race: building for iOS, but linking in object file built for macOS
  * go#50072 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
  * go#49923 cmd/link: support more load commands on Mach-O
  * go#49412 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
  * go#48115 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14
* Thu Dec 09 2021 jkowalczyk@suse.com
- go1.16.12 (released 2021-12-09) includes security fixes to the
  syscall and net/http packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-44716 CVE-2021-44717
  * boo#1193598 go#50057 CVE-2021-44717
  * go#50066 syscall: don’t close fd 0 on ForkExec error
  * boo#1193597 go#50058 CVE-2021-44716
  * go#50064 net/http: limit growth of header canonicalization cache
* Fri Dec 03 2021 jkowalczyk@suse.com
- go1.16.11 (released 2021-12-02) includes fixes to the compiler,
  runtime, and the net/http, net/http/httptest, and time packages.
  Refs boo#1182345 go1.16 release tracking
  * go#49910 x/net/http2: frequent failures in TestClientConnCloseAtBody
  * go#49908 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
  * go#49904 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
  * go#49867 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
  * go#49851 net/http/httptest: Close does not wait for the underlying Server's ConnState callbacks to complete
  * go#49728 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
  * go#49661 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
  * go#49623 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
  * go#49567 net/http: server responds with Transfer-Encoding: identity
  * go#49560 x/net/http2: setting Request.Close doesn't close TCP connections
  * go#49558 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
  * go#49406 time: ParseInLocation error
  * go#49391 cmd/compile: internal compiler error: Expand calls interface data problem
* Thu Nov 04 2021 jkowalczyk@suse.com
- go1.16.10 (released 2021-11-04) includes security fixes to the
  archive/zip and debug/macho packages, as well as bug fixes to the
  compiler, linker, runtime, the misc/wasm directory, and to the
  net/http package.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-41771 CVE-2021-41772
  * boo#1192377 go#48990 CVE-2021-41771
  * go#48991 debug/macho: invalid dynamic symbol table command can cause panic
  * boo#1192378 go#48085 CVE-2021-41772
  * go#48251 archive/zip: Reader.Open panics on empty string
  * go#49153 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
  * go#49076 x/net/http2: backport critical fixes
  * go#49009 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
  * go#48822 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
  * go#48649 x/net/http2: pool deadlock
  * go#48478 cmd/compile: 64 bits shifts on arm get wrong results
  * go#48474 cmd/compile: incorrect arm/arm64 simplification rules
* Fri Oct 08 2021 jkowalczyk@suse.com
- go1.16.9 (released 2021-10-07) includes a security fix to the
  linker and misc/wasm directory, as well as bug fixes to the
  runtime and to the text/template package.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-38297
  * boo#1191468 go#48797 CVE-2021-38297
  * go#48799 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
  * go#48443 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
  * go#47858 time: timer reset sometimes ignored, causing delayed ticks
* Fri Sep 10 2021 jkowalczyk@suse.com
- go1.16.8 (released 2021-09-09) includes a security fix to the
  archive/zip package, as well as bug fixes to the archive/zip,
  go/internal/gccgoimporter, html/template, net/http, and
  runtime/pprof packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-39293
  * boo#1190589 go#47801 CVE-2021-39293
  * go#47985 archive/zip: overflow in preallocation check can cause OOM panic
  * go#47691 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
  * go#47675 runtime/pprof: apparent deadlock in TestGoroutineSwitch on linux-armv6l
  * go#47610 go/internal/gccgoimporter: TestInstallationImporter broken with tip gccgo
  * go#47535 net/http: TestCancelRequestWhenSharingConnection can cause port exhaustion
  * go#47042 html/template: data race with concurrent ExecuteTemplate calls
* Thu Aug 12 2021 jkowalczyk@suse.com
- Add bash scripts used by go tool commands to provide a more
  complete cross-compiling go toolchain install.
  * Fixes "go tool dist list" error "all.bash does not exist"
  * Added to packaging:
    /usr/lib64/go/1.16/lib/time/update.bash (already packaged)
    /usr/lib64/go/1.16/src/all.bash
    /usr/lib64/go/1.16/src/bootstrap.bash
    /usr/lib64/go/1.16/src/buildall.bash
    /usr/lib64/go/1.16/src/clean.bash
    /usr/lib64/go/1.16/src/cmp.bash
    /usr/lib64/go/1.16/src/make.bash
    /usr/lib64/go/1.16/src/race.bash
    /usr/lib64/go/1.16/src/run.bash
    /usr/share/go/1.16/src/all.bash
    /usr/share/go/1.16/src/bootstrap.bash
    /usr/share/go/1.16/src/buildall.bash
    /usr/share/go/1.16/src/clean.bash
    /usr/share/go/1.16/src/cmd/compile/internal/ssa/gen/cover.bash
    /usr/share/go/1.16/src/cmd/vendor/golang.org/x/sys/windows/mkerrors.bash
    /usr/share/go/1.16/src/cmd/vendor/golang.org/x/sys/windows/mkknownfolderids.bash
    /usr/share/go/1.16/src/cmp.bash
    /usr/share/go/1.16/src/internal/trace/mkcanned.bash
    /usr/share/go/1.16/src/make.bash
    /usr/share/go/1.16/src/race.bash
    /usr/share/go/1.16/src/run.bash
* Thu Aug 05 2021 jkowalczyk@suse.com
- go1.16.7 (released 2021-08-05) includes a security fix to the
  net/http/httputil package, as well as bug fixes to the compiler,
  the linker, the runtime, the go command, and the net/http
  package.
  CVE-2021-36221
  Refs boo#1182345 go1.16 release tracking
  * boo#1189162 go#46866 CVE-2021-36221
  * go#47474 net/http: panic due to racy read of persistConn after handler panic
  * go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
  * go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
  * go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
  * go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
  * go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
  * go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
  * go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package
* Thu Aug 05 2021 jkowalczyk@suse.com
- Drop patch to fix crashes on PowerPC with kernel >= 5.13, fixed
  in next upstream release:
  * drop fix-ppc64-crashes.patch