File go1.16.changes of Package go1.16.19044
-------------------------------------------------------------------
Fri Apr 2 12:26:15 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.3 (released 2021-04-01) includes fixes to the compiler,
linker, runtime, the go command, and the testing and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#45303 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
* go#45253 cmd/compile: fix long RMW bit operations on AMD64
* go#45240 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45192 Strange behaviour with loops
* go#45030 cmd/link: go 1.16 plugin does not initialize global variables correctly when not used directly
* go#44888 testing: Helper line number has changed in 1.16
* go#44885 cmd/go: import paths ending with '+' are rejected (affects executable like g++ or clang++)
* go#44869 time, runtime: zero duration timer takes 2 minutes to fire
* go#44860 cmd/go: documentation at golang.org for cmd/go has confusing formatting
* go#44812 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
* go#44640 cmd/link: fail to build when using time/tzdata on ARM
-------------------------------------------------------------------
Fri Mar 12 01:27:53 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.2 (released 2021-03-11) includes fixes to cgo, the
compiler, linker, the go command, and the syscall and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#44793 cmd/go: mod tidy should ignore missing standard library packages
* go#44746 cmd/go: improve error message when outside a module from "working directory is not part of a module"
* go#44676 cmd/go: warning message when getting a retracted module version is missing a trailing newline
* go#44659 runtime: marked free object in span
* go#44647 cmd/go: "malformed import path" in Go 1.16 for packages with path elements containing a leading dot
* go#44638 cmd/link: runtime crash, unexpected fault address 0xffffffffffffffff, h2_bundle.go, when using plugin
* go#44618 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44593 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44498 cmd/go: 'go mod edit -exclude' erroneously rejects '+incompatible' versions
* go#44496 cmd/go: malformed module path with retract v2+
* go#44464 cmd/compile: ICE on deferred call to syscall.LazyDLL.Call
* go#44462 x/tools/go/analysis, syscall: ptrace redeclared in this block
* go#44433 cmd/compile: Compiler regression in Go 1.16 - internal compiler error: child dcl collision on symbol
* go#44402 doc: Broken image in readme
* go#44358 cmd/compile: internal compiler error: Value live at entry. It shouldn't be.
* go#44346 runtime/cgo: cannot build with -Wsign-compare
-------------------------------------------------------------------
Wed Mar 10 17:33:27 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16.1 (released 2021-03-10) includes security fixes to the
archive/zip and encoding/xml packages.
CVE-2021-27918 CVE-2021-27919
Refs boo#1182345 go1.16 release tracking
* boo#1183333 CVE-2021-27918
* go#44915 encoding/xml: infinite loop when using `xml.NewTokenDecoder` with a custom `TokenReader`
* boo#1183334 CVE-2021-27919
* go#44917 archive/zip: can panic when calling Reader.Open
-------------------------------------------------------------------
Thu Feb 18 23:21:47 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- gcc6-go.patch fix typo go-7 to go-6 for bootstrap on SLE-12 gcc6
-------------------------------------------------------------------
Tue Feb 16 22:42:14 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16 (released 2021-02-16) Go 1.16 is a major release of Go.
go1.16.x minor releases will be provided through February 2022.
https://github.com/golang/go/wiki/Go-Release-Cycle
Most changes are in the implementation of the toolchain, runtime,
and libraries. As always, the release maintains the Go 1 promise
of compatibility. We expect almost all Go programs to continue to
compile and run as before.
Refs boo#1182345 go1.16 release tracking
* See release notes https://golang.org/doc/go1.16. Excerpts
relevant to OBS environment and for SUSE/openSUSE follow:
* Module-aware mode is enabled by default, regardless of whether
a go.mod file is present in the current working directory or a
parent directory. More precisely, the GO111MODULE environment
variable now defaults to on. To switch to the previous
behavior, set GO111MODULE to auto.
* Build commands like go build and go test no longer modify
go.mod and go.sum by default. Instead, they report an error if
a module requirement or checksum needs to be added or updated
(as if the -mod=readonly flag were used). Module requirements
and sums may be adjusted with go mod tidy or go get.
* go install now accepts arguments with version suffixes (for
example, go install example.com/cmd@v1.0.0). This causes go
install to build and install packages in module-aware mode,
ignoring the go.mod file in the current directory or any parent
directory, if there is one. This is useful for installing
executables without affecting the dependencies of the main
module.
* go install, with or without a version suffix (as described
above), is now the recommended way to build and install
packages in module mode. go get should be used with the -d flag
to adjust the current module's dependencies without building
packages, and use of go get to build and install packages is
deprecated. In a future release, the -d flag will always be
enabled.
* retract directives may now be used in a go.mod file to indicate
that certain published versions of the module should not be
used by other modules. A module author may retract a version
after a severe problem is discovered or if the version was
published unintentionally.
* The go mod vendor and go mod tidy subcommands now accept the -e
flag, which instructs them to proceed despite errors in
resolving missing packages.
* The go command now ignores requirements on module versions
excluded by exclude directives in the main module. Previously,
the go command used the next version higher than an excluded
version, but that version could change over time, resulting in
non-reproducible builds.
* In module mode, the go command now disallows import paths that
include non-ASCII characters or path elements with a leading
dot character (.). Module paths with these characters were
already disallowed (see Module paths and versions), so this
change affects only paths within module subdirectories.
* The go command now supports including static files and file
trees as part of the final executable, using the new //go:embed
directive. See the documentation for the new embed package for
details.
* When using go test, a test that calls os.Exit(0) during
execution of a test function will now be considered to
fail. This will help catch cases in which a test calls code
that calls os.Exit(0) and thereby stops running all future
tests. If a TestMain function calls os.Exit(0) that is still
considered to be a passing test.
* go test reports an error when the -c or -i flags are used
together with unknown flags. Normally, unknown flags are passed
to tests, but when -c or -i are used, tests are not run.
* The go get -insecure flag is deprecated and will be removed in
a future version. This flag permits fetching from repositories
and resolving custom domains using insecure schemes such as
HTTP, and also bypasses module sum validation using the
checksum database. To permit the use of insecure schemes, use
the GOINSECURE environment variable instead. To bypass module
sum validation, use GOPRIVATE or GONOSUMDB. See go help
environment for details.
* go get example.com/mod@patch now requires that some version of
example.com/mod already be required by the main
module. (However, go get -u=patch continues to patch even
newly-added dependencies.)
* GOVCS is a new environment variable that limits which version
control tools the go command may use to download source
code. This mitigates security issues with tools that are
typically used in trusted, authenticated environments. By
default, git and hg may be used to download code from any
repository. svn, bzr, and fossil may only be used to download
code from repositories with module paths or package paths
matching patterns in the GOPRIVATE environment variable. See go
help vcs for details.
* When the main module's go.mod file declares go 1.16 or higher,
the all package pattern now matches only those packages that
are transitively imported by a package or test found in the
main module. (Packages imported by tests of packages imported
by the main module are no longer included.) This is the same
set of packages retained by go mod vendor since Go 1.11.
* When the -toolexec build flag is specified to use a program
when invoking toolchain programs like compile or asm, the
environment variable TOOLEXEC_IMPORTPATH is now set to the
import path of the package being built.
* The -i flag accepted by go build, go install, and go test is
now deprecated. The -i flag instructs the go command to install
packages imported by packages named on the command line. Since
the build cache was introduced in Go 1.10, the -i flag no
longer has a significant effect on build times, and it causes
errors when the install directory is not writable.
* When the -export flag is specified, the BuildID field is now
set to the build ID of the compiled package. This is equivalent
to running go tool buildid on go list -exported -f {{.Export}},
but without the extra step.
* The -overlay flag specifies a JSON configuration file
containing a set of file path replacements. The -overlay flag
may be used with all build commands and go mod subcommands. It
is primarily intended to be used by editor tooling such as
gopls to understand the effects of unsaved changes to source
files. The config file maps actual file paths to replacement
file paths and the go command and its builds will run as if the
actual file paths exist with the contents given by the
replacement file paths, or don't exist if the replacement file
paths are empty.
* The cgo tool will no longer try to translate C struct bitfields
into Go struct fields, even if their size can be represented in
Go. The order in which C bitfields appear in memory is
implementation dependent, so in some cases the cgo tool
produced results that were silently incorrect.
* The linux/riscv64 port now supports cgo and -buildmode=pie.
This release also includes performance optimizations and code
generation improvements for RISC-V.
* The new runtime/metrics package introduces a stable interface
for reading implementation-defined metrics from the Go
runtime. It supersedes existing functions like
runtime.ReadMemStats and debug.GCStats and is significantly
more general and efficient. See the package documentation for
more details.
* Setting the GODEBUG environment variable to inittrace=1 now
causes the runtime to emit a single line to standard error for
each package init, summarizing its execution time and memory
allocation. This trace can be used to find bottlenecks or
regressions in Go startup performance. The GODEBUG
documentation describes the format.
* On Linux, the runtime now defaults to releasing memory to the
operating system promptly (using MADV_DONTNEED), rather than
lazily when the operating system is under memory pressure
(using MADV_FREE). This means process-level memory statistics
like RSS will more accurately reflect the amount of physical
memory being used by Go processes. Systems that are currently
using GODEBUG=madvdontneed=1 to improve memory monitoring
behavior no longer need to set this environment variable.
* Go 1.16 fixes a discrepancy between the race detector and the
Go memory model. The race detector now more precisely follows
the channel synchronization rules of the memory model. As a
result, the detector may now report races it previously missed.
* linker: This release includes additional improvements to the Go
linker, reducing linker resource usage (both time and memory)
and improving code robustness/maintainability. These changes
form the second half of a two-release project to modernize the
Go linker.
* The linker changes in 1.16 extend the 1.15 improvements to all
supported architecture/OS combinations (the 1.15 performance
improvements were primarily focused on ELF-based OSes and amd64
architectures). For a representative set of large Go programs,
linking is 20-25% faster than 1.15 and requires 5-15% less
memory on average for linux/amd64, with larger improvements for
other architectures and OSes. Most binaries are also smaller as
a result of more aggressive symbol pruning.
* The new embed package provides access to files embedded in the
program during compilation using the new //go:embed directive.
* The new io/fs package defines the fs.FS interface, an
abstraction for read-only trees of files. The standard library
packages have been adapted to make use of the interface as
appropriate.
* For testing code that implements fs.FS, the new testing/fstest
package provides a TestFS function that checks for and reports
common mistakes. It also provides a simple in-memory file
system implementation, MapFS, which can be useful for testing
code that accepts fs.FS implementations.
* syscall: On Linux, Setgid, Setuid, and related calls are now
implemented. Previously, they returned an syscall.EOPNOTSUPP
error. On Linux, the new functions AllThreadsSyscall and
AllThreadsSyscall6 may be used to make a system call on all Go
threads in the process. These functions may only be used by
programs that do not use cgo; if a program uses cgo, they will
always return syscall.ENOTSUP.
* time/tzdata: The slim timezone data format is now used for the
timezone database in $GOROOT/lib/time/zoneinfo.zip and the
embedded copy in this package. This reduces the size of the
timezone database by about 350 KB.
-------------------------------------------------------------------
Thu Jan 28 17:20:09 UTC 2021 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16rc1 (released 2021-01-28) is a release candidate of go1.16
cut from the master branch at the revision tagged go1.16rc1.
-------------------------------------------------------------------
Thu Dec 17 23:00:42 UTC 2020 - Jeff Kowalczyk <jkowalczyk@suse.com>
- go1.16beta1 (released 2020-12-08) is a beta version of go1.16 cut
from the master branch at the revision tagged go1.16beta1.
