go1.17-1.17.13-2.1

- Build subpackage go1.x-libstd compiled shared object libstd.so
  only on Tumbleweed at this time.
  Refs jsc#PED-1962

- Add subpackage go1.x-libstd for compiled shared object libstd.so.
  Refs jsc#PED-1962
  * Main go1.x package included libstd.so in previous versions
  * Split libstd.so into subpackage that can be installed standalone
  * Continues the slimming down of main go1.x package by 40 Mb
  * Experimental and not recommended for general use, Go currently has no ABI
  * Upstream Go has not committed to support buildmode=shared long-term
  * Do not use in packaging, build static single binaries (the default)
  * Upstream Go go1.x binary releases do not include libstd.so
  * go1.x Suggests go1.x-libstd so not installed by default Recommends
  * go1.x-libstd does not Require: go1.x so can install standalone
  * Provides go-libstd unversioned package name
  * Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
  * go1.x Suggests go1.x-doc so not installed by default Recommends
  * Use Group: Development/Languages/Go instead of Other

- Improvements to go1.x packaging spec:
  * On Tumbleweed bootstrap with current default gcc13 and gccgo118
  * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
    using go1.x package (%bcond_without gccgo). This is no longer
    needed on current SLE-12:Update and removing will consolidate
    the build configurations used.
  * Change source URLs to go.dev as per Go upstream

- Use gcc13 compiler for Tumbleweed.

- Don't build with shared on riscv64 for < go1.18

- Define go_bootstrap_version go1.16 without suse_version checks
- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere

- Bootstrap using go1.16 on SLE-15 and newer. go1.16 is
  bootstrapped using gcc-go 11 or 12. This allows dropping older
  versions of Go from Factory.

- go1.17.13 (released 2022-08-01) includes security fixes to the
  encoding/gob and math/big packages, as well as bug fixes to the
  compiler and the runtime.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-32189
  * boo#1202035 CVE-2022-32189 go#53871
  * go#54094 math/big: index out of range in Float.GobDecode
  * go#53846 runtime: modified timer results in extreme cpu load
  * go#53617 cmd/compile: condition in for loop body is incorrectly optimised away
  * go#53111 runtime: gentraceback() dead loop on arm64 casued the process hang
  * go#52960 cmd/compile: miscompilation in pointer operations

- go1.17.12 (released 2022-07-12) includes security fixes to the
  compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
  net/http, and path/filepath packages, as well as bug fixes to the
  compiler, the go command, the runtime, and the runtime/metrics
  package.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962
  * boo#1201434 CVE-2022-1705 go#53188
  * go#53432 net/http: improper sanitization of Transfer-Encoding header
  * boo#1201436 CVE-2022-32148 go#53423
  * go#53620 net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  * boo#1201437 CVE-2022-30631 go#53168
  * go#53717 compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
  * boo#1201440 CVE-2022-30633 go#53611
  * go#53715 encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
  * boo#1201443 CVE-2022-28131 go#53614
  * go#53711 encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
  * boo#1201444 CVE-2022-30635 go#53615
  * go#53709 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
  * boo#1201445 CVE-2022-30632 go#53416
  * go#53713 path/filepath: stack exhaustion in Glob (CVE-2022-30632)
  * boo#1201447 CVE-2022-30630 go#53415
  * go#53719 io/fs: stack exhaustion in Glob (CVE-2022-30630)
  * boo#1201448 CVE-2022-1962 go#53616
  * go#53707 go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
  * go#53612 syscall: NewCallback triggers data race on Windows when used from different goroutine
  * go#53589 runtime/metrics: data race detected in Read
  * go#53470 cmd/compile: internal compiler error: width not calculated: int128
  * go#53050 misc/cgo/test: failure with gcc 10
  * go#52688 runtime: total allocation stats are managed in a uintptr which can quickly wrap around on 32-bit architectures
  * go#51351 cmd/go: "v1.x.y is not a tag" when .gitconfig sets log.decorate to full

- go1.17.11 (released 2022-06-01) includes security fixes to the
  crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
  well as bug fixes to the crypto/tls package.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
  * boo#1200134 go#52561 CVE-2022-30634
  * go#52932 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
  * boo#1200135 go#52814 CVE-2022-30629
  * go#52832 crypto/tls: randomly generate ticket_age_add
  * boo#1200136 go#52574 CVE-2022-30580
  * go#53056 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
  * boo#1200137 go#52476 CVE-2022-29804
  * go#52478 path/filepath: Clean(.\c:) returns c: on Windows
  * go#52790 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
  * go#52826 runtime: TestGcSys is still flaky
  * go#53042 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
  * go#53049 runtime: TestGdbBacktrace failures due to GDB "internal-error: wait returned unexpected status 0x0"
  * go#53114 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11

- go1.17.10 (released 2022-05-10) includes security fixes to the
  syscall package, as well as bug fixes to the compiler, runtime,
  and the crypto/x509 and net/http/httptest packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-29526
  * boo#1199413 go#52313 CVE-2022-29526
  * go#52439 syscall: Faccessat checks wrong group
  * go#51858 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
  * go#52095 cmd/compile: fails to compile very long files starting go1.17
  * go#52148 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
  * go#52306 sync: TestWaitGroupMisuse2 is flaky
  * go#52374 runtime: executable compiled under Go 1.17.7 will occasionally wedge
  * go#52455 net/http/httptest: race in Close
  * go#52705 net: TestDialCancel is not compatible with new macOS ARM64 builders

- Remove remaining use of gold linker when bootstrapping with
  gccgo. The binutils-gold package will be removed in the future.
  * History: go1.8.3 2017-06-18 added conditional if gccgo defined
    BuildRequires: binutils-gold for arches other than s390x
  * No information available why binutils-gold was used initially
  * Unrelated to upstream recent hardcoded gold dependency for ARM

- go1.17.9 (released 2022-04-12) includes security fixes to the
  crypto/elliptic and encoding/pem packages, as well as bug fixes
  to the linker and runtime.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-24675 CVE-2022-28327
  * boo#1198423 go#51853 CVE-2022-24675
  * go#52036 encoding/pem: stack overflow
  * boo#1198424 go#52075 CVE-2022-28327
  * go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
  * go#51736 plugin: tls handshake panic: unreachable method called. linker bug?
  * go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0
  * go#51458 runtime: finalizer call has wrong frame size
  * go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed

- Template gcc-go.patch to substitute gcc_go_version and eliminate
  multiple similar patches each with hardcoded gcc go binary name.
  gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
  for current lack of gcc-go update-alternatives usage.
  * add gcc-go.patch
  * drop gcc6-go.patch
  * drop gcc7-go.patch

- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
  gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
  go1.18 on SLE-12 aarch64 ppc64le or s390x.
  * gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
    undefined reference to `__go_pimt__I4_DiagFrN4_boolee3

- Add %define go_label as a configurable Go toolchain directory
  * go_label can be used to package multiple Go toolchains with
    the same go_api
  * go_label should be defined as go_api with an optional suffix
    e.g. %{go_api} or %{go_api}-foo
  * Default go_label = go_api makes no changes to package layout

- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency

- go1.17.8 (released 2022-03-03) includes a security fix to the
  regexp/syntax package, as well as bug fixes to the compiler,
  runtime, the go command, and the crypto/x509, and net packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-24921
  * boo#1196732 go#51112 CVE-2022-24921
  * go#51118 regexp: stack overflow (process exit) handling deeply nested regexp
  * go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
  * go#51199 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
  * go#51162 net: use EDNS to increase DNS packet size [freeze exception]
  * go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
  * go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18

- Add missing .bin binary test data to packaging.
  * Existing test data files added to packaging with mode 644:
    src/compress/bzip2/testdata/pass-random2.bin
    src/compress/bzip2/testdata/pass-random1.bin
    src/debug/dwarf/testdata/line-gcc-win.bin

- go1.17.7 (released 2022-02-10) includes security fixes to the
  crypto/elliptic, math/big packages and to the go command, as well
  as bug fixes to the compiler, linker, runtime, the go command,
  and the debug/macho, debug/pe, and net/http/httptest packages.
  Refs boo#1190649 go1.17 release tracking
  CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
  * boo#1195838 go#50974 CVE-2022-23806
  * go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
  * boo#1195835 go#50699 CVE-2022-23772
  * go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
  * boo#1195834 go#35671 CVE-2022-23773
  * go#50687 cmd/go: do not treat branches with semantic-version names as releases
  * go#50942 cmd/asm: "compile: loop" compiler bug?
  * go#50867 cmd/compile: incorrect use of CMN on arm64
  * go#50812 cmd/go: remove bitbucket VCS probing
  * go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
  * go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
  * go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
  * go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
  * go#50297 cmd/link: does not set section type of .init_array correctly
  * go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package