Prepare for RPM 4.20 (forwarded request 1152220 from dimstar)

• Files Changed
• Browse Source

- Add subpackage go1.x-libstd for compiled shared object libstd.so.
  only on Tumbleweed at this time.
  * Main go1.x package included libstd.so in previous versions
  * Split libstd.so into subpackage that can be installed standalone
  * Continues the slimming down of main go1.x package by 40 Mb
  * Experimental and not recommended for general use, Go currently has no ABI
  * Upstream Go has not committed to support buildmode=shared long-term
  * Do not use in packaging, build static single binaries (the default)
  * Upstream Go go1.x binary releases do not include libstd.so
  * go1.x Suggests go1.x-libstd so not installed by default Recommends
  * go1.x-libstd does not Require: go1.x so can install standalone
  * Provides go-libstd unversioned package name
  * Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
  * go1.x Suggests go1.x-doc so not installed by default Recommends
  * Use Group: Development/Languages/Go instead of Other
  * On Tumbleweed bootstrap with current default gcc13 and gccgo118
  * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
    using go1.x package (%bcond_without gccgo). This is no longer
    needed on current SLE-12:Update and removing will consolidate
    the build configurations used.
  * Change source URLs to go.dev as per Go upstream
  * On x86_64 export GOAMD64=v1 as per the current baseline.
    At this time forgo GOAMD64=v3 option for x86_64_v3 support.
  * On x86_64 %define go_amd64=v1 as current instruction baseline (forwarded request 1079834 from jfkw)

• Files Changed
• Browse Source

- Use gcc13 compiler for Tumbleweed. (forwarded request 1079522 from jfkw)

• Files Changed
• Browse Source

Add bugzilla references:
  * go#57855 boo#1208270 security: fix CVE-2022-41723 bsc1208491.patch
  * go#58001 boo#1208271 security: fix CVE-2022-41724 bsc1208491-41724.patch
  * go#58006 boo#1208272 security: fix CVE-2022-41725 bsc1208491-41725.patch (forwarded request 1072628 from jfkw)

• Files Changed
• Browse Source

- go1.18.10 (released 2023-01-10) includes fixes to cgo, the
  compiler, the linker, and the crypto/x509, net/http, and syscall
  packages.
  Refs boo#1193742 go1.18 release tracking
  * go#57705 misc/cgo: backport needed for dlltool fix
  * go#57426 crypto/x509: Verify on macOS does not return typed errors
  * go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument.
  * go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
  * go#57213 os: TestLstat failure on Linux Aarch64
  * go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
  * go#57057 cmd/go: remove test dependency on gopkg.in service
  * go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
  * go#57044 cgo: malformed DWARF TagVariable entry
  * go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
  * go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
  * go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
  * go#56323 net/http: bad handling of HEAD requests with a body (forwarded request 1057691 from jfkw)

• Files Changed
• Browse Source

- go1.18.9 (released 2022-12-06) includes security fixes to the
  net/http and os packages, as well as bug fixes to cgo, the
  compiler, the runtime, and the crypto/x509 and os/exec packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-41717 CVE-2022-41720
  * go#57008 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries
  * go#57005 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
  * go#56751 runtime,cmd/compile: apparent memory corruption in compress/flate
  * go#56709 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com
  * go#56675 x/net/http2/h2c: ineffective mitigation for unsafe io.ReadAll
  * go#56635 runtime: traceback stuck in runtime.systemstack
  * go#56556 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable"
  * go#56550 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8)
  * go#56437 crypto/x509: respect GODEBUG changes during program lifetime
  * go#56396 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter
  * go#56359 cmd/compile: panic: offset too large (forwarded request 1041231 from jfkw)

• Files Changed
• Browse Source

- go1.18.8 (released 2022-11-01) includes security fixes to the
  os/exec and syscall packages, as well as bug fixes to the
  runtime.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-41716
  * go#56327 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables
  * go#56308 runtime: "runtime·lock: lock count" fatal error when cgo is enabled (forwarded request 1032741 from jfkw)

• Files Changed
• Browse Source

- go1.18.7 (released 2022-10-04) includes security fixes to the
  archive/tar, net/http/httputil, and regexp packages, as well as
  bug fixes to the compiler, the linker, and the go/types package.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-41715 CVE-2022-2879 CVE-2022-2880
  * go#55950 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps
  * go#55925 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers
  * go#55842 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters
  * go#55151 fatal error: bulkBarrierPreWrite: unaligned arguments
  * go#55148 go/types: no way to construct the signature of append(s, "string"...) via the API
  * go#55113 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation
  * go#54918 cmd/compile: Value live at entry (forwarded request 1008075 from jfkw)

• Files Changed
• Browse Source

- go1.18.6 (released 2022-09-06) includes security fixes to the
  net/http package, as well as bug fixes to the compiler, the go
  command, the pprof command, the runtime, and the crypto/tls,
  encoding/xml, and net packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-27664
  * go#53977 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY
  * go#54733 cmd/go: git fetch errors dropped when producing pseudo-versions for commits
  * go#54725 cmd/compile: compile failed with "Value live at entry"
  * go#54674 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert
  * go#54664 runtime: segfault running ppc64/linux binaries with kernel 5.18
  * go#54659 cmd/go: go test -race does not set implicit race build tag
  * go#54642 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension
  * go#54636 cmd/go: data race in TestScript
  * go#54603 cmd/compile: miscompilation of partially-overlapping array assignments
  * go#54502 cmd/link: Trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64
  * go#54464 cmd/pprof: graphviz node names are funny with generics
  * go#54128 encoding/xml: crash on android/arm64 due to https://go.dev/cl/417062
  * go#54074 net: WriteMsgUDPAddrPort should accept IPv4 destination addresses on IPv6 UDP sockets
  * go#54056 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT
  * go#53397 go/reflect: Incorrect behavior on arm64 when using MakeFunc / Call (forwarded request 1001531 from jfkw)

• Files Changed
• Browse Source

- Define go_bootstrap_version go1.16 without suse_version checks
- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere (forwarded request 998732 from jfkw)

• Files Changed
• Browse Source

- go1.18.5 (released 2022-08-01) includes security fixes to the
  encoding/gob and math/big packages, as well as bug fixes to the
  compiler, the go command, the runtime, and the testing package.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-32189
  * boo#1202035 CVE-2022-32189 go#53871
  * go#54095 math/big: index out of range in Float.GobDecode
  * go#53883 cmd/compile: interface conversion with generics reports "types from different scopes"
  * go#53875 cmd/go: livelock when computing module graph in a workspace with GOPROXY=off
  * go#53852 cmd/compile: internal compiler error: assertion failed
  * go#53847 runtime: modified timer results in extreme cpu load
  * go#53119 cmd/go: Build information embedded by Go 1.18 impairs build reproducibility with cgo flags
  * go#53112 runtime: gentraceback() dead loop on arm64 casued the process hang
  * go#52986 testing: TempDir RemoveAll cleanup failures with "The process cannot access the file because it is being used by another process."
  * go#52961 cmd/compile: miscompilation in pointer operations (forwarded request 992076 from jfkw)

• Files Changed
• Browse Source

- go1.18.4 (released 2022-07-12) includes security fixes to the
  compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs,
  net/http, and path/filepath packages, as well as bug fixes to the
  compiler, the go command, the linker, the runtime, and the
  runtime/metrics package.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962 (forwarded request 988807 from jfkw)

• Files Changed
• Browse Source

- go1.18.3 (released 2022-06-01) includes security fixes to the
  crypto/rand, crypto/tls, os/exec, and path/filepath packages, as
  well as bug fixes to the compiler, and the crypto/tls and
  text/template/parse packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
  * boo#1200134 go#52561 CVE-2022-30634
  * go#52933 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
  * boo#1200135 go#52814 CVE-2022-30629
  * go#52833 crypto/tls: randomly generate ticket_age_add
  * boo#1200136 go#52574 CVE-2022-30580
  * go#53057 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
  * boo#1200137 go#52476 CVE-2022-29804
  * go#52479 path/filepath: Clean(.\c:) returns c: on Windows
  * go#51849 cmd/compile: crash on pointer conversion in call to mapaccess2
  * go#52242 cmd/compile: compiler crash on valid code
  * go#52286 cmd/compile: compiler crash with "Dictionary should have already been generated"
  * go#52791 crypto/tls: 500% increase in allocations from (*tls.Conn).Read in go 1.17
  * go#52878 text/template: break/continue require no whitespace around them
  * go#53043 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
  * go#53115 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11 (forwarded request 980418 from jfkw)

• Files Changed
• Browse Source

- go1.18.2 (released 2022-05-10) includes security fixes to the
  syscall package, as well as bug fixes to the compiler, runtime,
  the go command, and the crypto/x509, go/types, net/http/httptest,
  reflect, and sync/atomic packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-29526
  * boo#1199413 go#52313 CVE-2022-29526
  * go#52440 syscall: Faccessat checks wrong group
  * go#51738 runtime: wrong type assertion result when using generic types
  * go#51798 cmd/go: add (and default to) -buildvcs=auto
  * go#51859 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
  * go#51897 net/http/httptest: race in Close
  * go#52028 go/types: documentation on instance de-duplication is unclear about guarantees
  * go#52149 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
  * go#52244 go/types, types2: go generic assert compile escape
  * go#52305 runtime: doAllThreadsSyscall has an unaligned atomic load on 32-bit architectures
  * go#52366 cmd/compile/internal/ssa: occurred the wrong rewrite cycle detection
  * go#52375 runtime: executable compiled under Go 1.17.7 will occasionally wedge
  * go#52386 reflect: can set map elem with string key of a different string type
  * go#52441 cmd/compile: incorrect handling of iota in 1.18
  * go#52468 cmd/go: go run -mod=mod [files...] does not update go.mod and go.sum
  * go#52558 cmd/compile: cannot convert v (variable of type *Bar[T]) to type *Foo[T]
  * go#52606 cmd/compile: internal compiler error: weird package in name: .dict0 => .dict0 from "", not "test/p"
  * go#52615 sync/atomic: compare and swap of inconsistently typed values with uninitialized Value
  * go#52691 cmd/compile: generic function appears to use incorrect type descriptor
  * go#52699 runtime: support debugCall on arm64
  * go#52706 net: TestDialCancel is not compatible with new macOS ARM64 builders
  * go#52804 go/types: NewMethodSet doesn't terminate for recursively embedded generics (forwarded request 976170 from jfkw)

• Files Changed
• Browse Source

- Remove remaining use of gold linker when bootstrapping with
  gccgo. The binutils-gold package will be removed in the future.
  * History: go1.8.3 2017-06-18 added conditional if gccgo defined
    BuildRequires: binutils-gold for arches other than s390x
  * No information available why binutils-gold was used initially
  * Unrelated to upstream recent hardcoded gold dependency for ARM (forwarded request 974489 from jfkw)

• Files Changed
• Browse Source

- go1.18.1 (released 2022-04-12) includes security fixes to the
  crypto/elliptic, crypto/x509, and encoding/pem packages, as well
  as bug fixes to the compiler, linker, runtime, the go command,
  vet, and the bytes, crypto/x509, and go/types packages.
  Refs boo#1193742 go1.18 release tracking
  CVE-2022-24675 CVE-2022-28327 CVE-2022-27536
  * boo#1198423 go#51853 CVE-2022-24675
  * go#52037 encoding/pem: stack overflow
    boo#1198424 go#52075 CVE-2022-28327
  * go#52077 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
  * boo#1198427 go#51759 CVE-2022-27536
  * go#51763 crypto/x509: Certificate.Verify crash on macOS with Go 1.18
  * go#52140 cmd/go: go work use -r panics when given a directory that does not exist
  * go#52119 go/types, cmd/compile: type set overlapping implementation for interface types might be not correct
  * go#52032 go/types: spurious diagnostics for untyped shift operands with GoVersion < go1.13
  * go#52007 go/types, types2: scope is unset on receivers of instantiated methods
  * go#51874 cmd/go: Segfault on ppc64le during Go 1.18 build on Alpine Linux
  * go#51855 cmd/compile: internal compiler error: panic: runtime error: index out of range [0] with length 0
  * go#51852 crypto/x509: reject SHA-1 signatures in Verify
  * go#51847 cmd/compile: cannot import "package" (type parameter bound more than once)
  * go#51846 cmd/compile: internal compiler error: walkExpr: switch 1 unknown op RECOVER
  * go#51796 bytes: Trim returns empty slice instead of nil in 1.18
  * go#51767 cmd/go: "go test" seems to now require git due to -buildvcs
  * go#51764 cmd/go: go work use panics when given a file
  * go#51741 cmd/cgo: pointer to incomplete C type is mangled when passed through interface type and generic type assert
  * go#51737 plugin: tls handshake panic: unreachable method called. linker bug?
  * go#51727 cmd/vet, go/types: go vet crash when using self-recursive anonymous types in constraints
  * go#51697 runtime: some tests fails on Windows with CGO_ENABLED=0
  * go#51669 cmd/compile: irgen uses wrong dict param to generate code for getting dict type
  * go#51665 go/types, types2: gopls crash in recordTypeAndValue (forwarded request 969623 from jfkw)

• Files Changed
• Browse Source

- Template gcc-go.patch to substitute gcc_go_version and eliminate
  multiple similar patches each with hardcoded gcc go binary name.
  gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate
  for current lack of gcc-go update-alternatives usage.
  * add gcc-go.patch
  * drop gcc6-go.patch
  * drop gcc7-go.patch

- For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go.
  gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or
  go1.18 on SLE-12 aarch64 ppc64le or s390x.
  * gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0):
    undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 (forwarded request 967904 from jfkw)

• Files Changed
• Browse Source

- Add %define go_label as a configurable Go toolchain directory
  * go_label can be used to package multiple Go toolchains with
    the same go_api
  * go_label should be defined as go_api with an optional suffix
    e.g. %{go_api} or %{go_api}-foo
  * Default go_label = go_api makes no changes to package layout (forwarded request 966742 from jfkw)

• Files Changed
• Browse Source

- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency (forwarded request 962202 from dirkmueller)

• Files Changed
• Browse Source

- Add .bin assembler pattern table file and test data to packaging.
  * Error manifests building some Go applications as:
    src/crypto/elliptic/p256_asm.go:24:12:
    pattern p256_asm_table.bin: no matching files found
  * A Quick Guide to Go's Assembler https://go.dev/doc/asm
  * New assembler pattern file added to packaging with mode 644:
    src/crypto/elliptic/p256_asm_table.bin
  * Existing test data files added to packaging with mode 644:
    src/compress/bzip2/testdata/pass-random2.bin
    src/compress/bzip2/testdata/pass-random1.bin
    src/debug/dwarf/testdata/line-gcc-win.bin (forwarded request 955775 from jfkw)

• Files Changed
• Browse Source