go1.23-1.23.12-160000.1.2

- Packaging improvements:
  * Update go_bootstrap_version to go1.21 from go1.20 to shorten
    the bootstrap chain. go1.21 can optionally be bootstrapped with
    gccgo and serve as the inital version of go1.x.
  * Refs boo#1247816 bootstrap go1.21 with gccgo

- go1.23.12 (released 2025-08-06) includes security fixes to the
  database/sql and os/exec packages, as well as bug fixes to the
  runtime.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-47906 CVE-2025-47907
  * go#74803 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and ".." in some PATH configurations
  * go#74832 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan
  * go#74415 runtime: use-after-free of allpSnapshot in findRunnable
  * go#74693 runtime: segfaults in runtime.(*unwinder).next
  * go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on release-branch.go1.23
  * go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation fault or exit status 66

- go1.23.11 (released 2025-07-08) includes security fixes to the go
  command, as well as bug fixes to the compiler, the linker, and
  the runtime.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-4674
  * go#74382 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module
  * go#73907 runtime: bad frame pointer during panic during duffcopy
  * go#74289 runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning
  * go#74293 internal/trace: stress tests triggering suspected deadlock in tracer
  * go#74362 runtime/pprof: crash "cannot read stack of running goroutine" in goroutine profile
  * go#74402 cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN

- go1.23.10 (released 2025-06-05) includes security fixes to the
  net/http and os packages, as well as bug fixes to the linker.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-0913 CVE-2025-4673
  * go#73719 go#73612 boo#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows
  * go#73905 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect
  * go#73677 runtime/debug: BuildSetting does not document DefaultGODEBUG
  * go#73831 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen

- go1.23.9 (released 2025-05-06) includes fixes to the runtime and
  the linker.
  Refs boo#1229122 go1.23 release tracking
  * go#73091 cmd/link: linkname directive on userspace variable can override runtime variable
  * go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64

- go1.23.8 (released 2025-04-01) includes security fixes to the
  net/http package, as well as bug fixes to the runtime and the go
  command.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-22871
  * go#72010 go#71988 boo#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding
  * go#72114 runtime: process hangs for mips hardware
  * go#72871 runtime: cgo callback on extra M treated as external code after nested cgo callback returns
  * go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22

- go1.23.7 (released 2025-03-04) includes security fixes to the
  net/http package, as well as bug fixes to cgo, the compiler, and
  the reflect, runtime, and syscall packages.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-22870
  * go#71985 go#71984 boo#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs
  * go#71727 runtime: usleep computes wrong tv_nsec on s390x
  * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error
  * go#71848 os: spurious SIGCHILD on running child process
  * go#71875 reflect: Value.Seq panicking on functional iterator methods
  * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types
  * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement

- go1.23.6 (released 2025-02-04) includes security fixes to the
  crypto/elliptic package, as well as bug fixes to the compiler and
  the go command.
  Refs boo#1229122 go1.23 release tracking
  CVE-2025-22866
  * go#71423 go#71383 boo#1236801 security: fix CVE-2025-22866 crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le
  * go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1
  * go#71230 cmd/compile: broken write barrier

- go1.23.5 (released 2025-01-16) includes security fixes to the
  crypto/x509 and net/http packages, as well as bug fixes to the
  compiler, the runtime, and the net package.
  Refs boo#1229122 go1.23 release tracking
  CVE-2024-45341 CVE-2024-45336
  * go#71208 go#71156 boo#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints
  * go#71211 go#70530 boo#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect
  * go#69988 runtime: severe performance drop for cgo calls in go1.22.5
  * go#70517 cmd/compile/internal/importer: flip enable alias to true
  * go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input
  * go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures
  * go#71147 internal/trace: TestTraceCPUProfile/Stress failures

- Enable loongarch64 builds