baserev update by copy to link target

• Files Changed
• Browse Source

Prepare for RPM 4.20

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.19.13 (released 2023-09-06) includes fixes to the go command,
  and the crypto/tls and net/http packages.
  Refs boo#1200441 go1.19 release tracking
  * go#61197 cmd/go: extended forwards compatibility for Go
  * go#61825 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address
  * go#61968 crypto/tls: add GODEBUG to control max RSA key size

- Add missing directory pprof html asset directory to package.
  Refs boo#1215090
  * src/cmd/vendor/github.com/google/pprof/internal/driver/html/
    dir containing html assets is present in upstream Go
    distribution but missing from SUSE go1.x packages
  * Go programs importing runtime/pprof may fail with error:
    /usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
    pattern html: no matching files found
  * Reformat adjacent commment in spec file

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.19.12 (released 2023-08-01) includes a security fix to the
  crypto/tls package, as well as bug fixes to the assembler and the
  compiler.
  Refs boo#1200441 go1.19 release tracking
  CVE-2023-29409
  * go#61579 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits
  * go#61319 cmd/compile: ppc64le: sign extension issue in go 1.21rc2
  * go#61448 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64
  * go#61470 cmd/compile: failed to make Go on riscv64 CPU with numa

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

Remove trailing whitespace from changelog entry

• Files Changed
• Browse Source

- go1.19.11 (released 2023-07-11) includes a security fix to the
  net/http package, as well as bug fixes to cgo, the cover tool,
  the go command, the runtime, and the go/printer package.
  Refs boo#1200441 go1.19 release tracking
  CVE-2023-29406 
  * go#61075 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header
  * go#60351 cmd/go: go mod tidy introduces ambiguous imports in pruned modules
  * go#60637 cmd/pprof: skip TestDisasm flaky failures on linux/arm64
  * go#60697 cmd/go: go list fails with submodules which have test-only dependencies
  * go#60710 cmd/go: go list -export -e outputs errors to stderr and has non-zero exit code
  * go#60844 runtime: SIGSEGV in race + coverage mode
  * go#60948 runtime: goroutines that stop after calling runtime.RaceDisable break race detector
  * go#61054 runtime: TestWindowsStackMemory flakes on windows-386-2016

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- go1.19.10 (released 2023-06-06) includes four security fixes to
  the cmd/go and runtime packages, as well as bug fixes to the
  compiler, the go command, and the runtime.
  Refs boo#1200441 go1.19 release tracking
  CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405
  * go#60515 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection
  * go#60517 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries
  * go#60511 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS
  * go#60513 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS
  * go#59974 cmd/compile: multiple memories live at block start
  * go#60000 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies
  * go#60457 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Revert re-enable binary stripping and debuginfo boo#1210938.
  go1.19 and earlier store pre-compiled packages in $GOROOT/pkg as
  Go .a files which are not ar archives. These .a are incorrectly
  passed to strip by brp-15-strip-debug. strip incorrectly modifies
  Go .a files rendering them invalid. Some Go applications fail to
  build with "reference to nonexistent package" errors.
  Refs boo#1210938 boo#1211073
  * go1.19 and earlier store pre-compiled packages for the standard
    library as .a files under pkg/GOARCH[_{dynlink,race}].
  * Go emitted .a files are a Go specific format, not ar archives.
  * go1.10+ stores recently built packages in build cache GOCACHE.
    These are separate from the installed packages in $GOROOT/pkg.
  * Go build cache objects use a different file format than Go .a.
  * go1.20+ switches to the GOCACHE for both recently built
    packages and the installed packages in $GOROOT/pkg.
  * Current versions of readelf detect Go .a files correctly, e.g.:
    readelf -d /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a
    File: /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a(__.PKGDEF       )
    readelf: Error: This is a GO binary file - try using 'go tool objdump' or 'go tool nm'
  * binutils strip as of 2.40 detects Go .a files correctly, but
    incorrectly modifies the .a files altering path resulting in
    "reference to nonexistent package" errors.
  * brp_check_suse/brp-15-strip-debug passes files to strip based
    primarily on the file extension including .a.

• Files Changed
• Browse Source

- go1.19.9 (released 2023-05-02) includes three security fixes to
  the html/template package, as well as bug fixes to the compiler,
  the runtime, and the crypto/tls and syscall packages.
  Refs boo#1200441 go1.19 release tracking
  CVE-2023-29400 CVE-2023-24540 CVE-2023-24539

- Packaging revert go1.x Suggests go1.x-race boo#1210963
  * Upstream go binary distributions do include race detector .syso
  * Default Recommends for subpackages is best suited in this case

• Files Changed
• Browse Source

- Packaging improvements:
* Re-enable binary stripping and debuginfo boo#1210938
* go1.x Suggests go1.x-race do not install by default boo#1210963
* Use Group: Development/Languages/Go instead of Other

• Files Changed
• Browse Source

- Packaging improvements:
  * Re-enable binary stripping and debuginfo boo#1210938
  * go1.x Suggests go1.x-race do not install by default boo#1210963
  * Use Group: Development/Languages/Go instead of Other

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Add subpackage go1.x-libstd for compiled shared object libstd.so.
  only on Tumbleweed at this time.
  * Main go1.x package included libstd.so in previous versions
  * Split libstd.so into subpackage that can be installed standalone
  * Continues the slimming down of main go1.x package by 40 Mb
  * Experimental and not recommended for general use, Go currently has no ABI
  * Upstream Go has not committed to support buildmode=shared long-term
  * Do not use in packaging, build static single binaries (the default)
  * Upstream Go go1.x binary releases do not include libstd.so
  * go1.x Suggests go1.x-libstd so not installed by default Recommends
  * go1.x-libstd does not Require: go1.x so can install standalone
  * Provides go-libstd unversioned package name
  * Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
  * go1.x Suggests go1.x-doc so not installed by default Recommends
  * Use Group: Development/Languages/Go instead of Other
  * On Tumbleweed bootstrap with current default gcc13 and gccgo118
  * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
    using go1.x package (%bcond_without gccgo). This is no longer
    needed on current SLE-12:Update and removing will consolidate
    the build configurations used.
  * Change source URLs to go.dev as per Go upstream
  * On x86_64 export GOAMD64=v1 as per the current baseline.
    At this time forgo GOAMD64=v3 option for x86_64_v3 support.
  * On x86_64 %define go_amd64=v1 as current instruction baseline

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Use gcc13 compiler for Tumbleweed.
- Format one recent changelog entry for better visibility of CVEs

• Files Changed
• Browse Source