go1.21-1.21.13-160000.1.2

- The support for -buildmode=shared only depends on the go version and
  architecture, not how it was bootstrapped
  * Refs boo#1247816 bootstrap go1.21 with gccgo
  * Refs bsc#1247326 SLFO:Main go1.21 fails to build on s390x at
  - buildmode=shared std for some workers only
  * Refs jsc#PED-1962 Reduce go1.x RPM installed file size by
    splitting .so and .a files into an optional subpackage

- Packaging improvements:
  * Refs bsc#1245292 go1.16 unresolveable on SLFO:Main. Recommended
    mitigation for SLFO:Main is to bootstrap go1.21 with gccgo and
    delete go1.16 through go1.20, all of which are EOL.
  * Refs boo#1247816 bootstrap go1.21 with gccgo
  * Update %bcond_with gccgo_go121 to a version unique name from
    %bcond_with gccgo. OBS prjconf does not support a conditional
    %_with configuration to match just one package. Use a unique
    name that is defined only in go1.21 packaging. Bootstrap
    go1.21 with gcc-go by adding the following to prjconf:
    Macros:
    %_with_gccgo_go121 1
    :Macros
  * Update to %define gcc_go_version from 11 to 13 for SLE. gcc13
    provides go1.18 needed for bootstrapping go1.21.
  * Current Go bootstrap status: gcc13, gcc14, gcc15 all provide
    go1.18 language level gccgo. go1.21 is the latest Go toolchain
    that can bootstrap with go1.18 and thus gccgo, newer Go
    toolchains require newer bootstrap versions. No newer gccgo
    language level support has been announced, so go1.21 is the
    initial Go bootstrap version until that changes. Recommended
    for all distribution repositories to use the above prjconf to
    shorten the bootstrap toolchain and optionally remove EOL go
    versions older than go1.21.

- Packaging improvements:
  * Rebase gcc-go.patch for go1.21
  * Refs boo#1247816 bootstrap go1.21 with gccgo

- Enable loongarch64 builds

- go1.21.13 (released 2024-08-06) includes fixes to the go command,
  the covdata command, and the bytes package.
  Refs boo#1212475 go1.21 release tracking
  * go#68491 cmd/covdata: too many open files due to defer f.Close() in for loop
  * go#68474 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
  * go#68221 cmd/go: list with -export and -covermode=atomic fails to build

- go1.21.12 (released 2024-07-02) includes security fixes to the
  net/http package, as well as bug fixes to the compiler, the go
  command, the runtime, and the crypto/x509, net/http, net/netip,
  and os packages.
  Refs boo#1212475 go1.21 release tracking
  CVE-2024-24791
  * go#68199 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
  * go#67297 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds
  * go#67426 cmd/link: need to handle new-style loong64 relocs
  * go#67714 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
  * go#67849 go/internal/gccgoimporter: go building failing with gcc 14.1.0
  * go#67933 net: go DNS resolver fails to connect to local DNS server
  * go#67944 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
  * go#68051 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)

- go1.21.11 (released 2024-06-04) includes security fixes to the
  archive/zip and net/netip packages, as well as bug fixes to the
  compiler, the go command, the runtime, and the os package.
  Refs boo#1212475 go1.21 release tracking
  CVE-2024-24789 CVE-2024-24790
  * go#67553 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
  * go#67681 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
  * go#64586 cmd/go: spurious "v1.x.y is not a tag" error when a tag's commit was previously download without the tag
  * go#67164 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
  * go#67187 runtime/metrics: /memory/classes/heap/unused:bytes spikes
  * go#67235 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
  * go#67310 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
  * go#67351 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
  * go#67695 os: RemoveAll susceptible to symlink race

- go1.21.10 (released 2024-05-07) includes security fixes to the go
  command, as well as bug fixes to the net/http package.
  Refs boo#1212475 go1.21 release tracking
  CVE-2024-24787
  * go#67121 go#67119 boo#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin
  * go#66697 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0

- go1.21.9 (released 2024-04-03) includes a security fix to the
  net/http package, as well as bug fixes to the linker, and the
  go/types and net/http packages.
  Refs boo#1212475 go1.21 release tracking
  CVE-2023-45288
  * go#65387 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
  * go#66254 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
  * go#66326 cmd/compile: //go:build file version ignored when using generic function from package "slices" in Go 1.21
  * go#66411 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le

- go1.21.8 (released 2024-03-05) includes security fixes to the
  crypto/x509, html/template, net/http, net/http/cookiejar, and
  net/mail packages, as well as bug fixes to the go command and the
  runtime.
  Refs boo#1212475 go1.21 release tracking
  CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
  * go#65385 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
  * go#65389 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
  * go#65392 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
  * go#65848 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
  * go#65968 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
  * go#65472 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
  * go#65475 internal/testenv: support LUCI mobile builders in testenv tests
  * go#65478 runtime: don't let the tests leave core files behind
  * go#65640 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
  * go#65851 cmd/go: "missing ziphash" error with go.work
  * go#65882 internal/poll: invalid uintptr conversion in call to windows.SetFileInformationByHandle