File _patchinfo of Package patchinfo.25419
<patchinfo incident="25419">
<issue tracker="bnc" id="1200441">go1.19 release tracking</issue>
<packager>jfkw</packager>
<rating>moderate</rating>
<category>recommended</category>
<summary>Recommended update for go1.19</summary>
<description>This update for go1.19 fixes the following issues:
go1.19 (released 2022-08-02) is a major release of Go.
go1.19.x minor releases will be provided through August 2023.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.19 arrives five months after go1.18. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before. (Refs bsc#1200441 go1.19 release tracking)
* See release notes https://golang.org/doc/go1.19. Excerpts
relevant to OBS environment and for SUSE/openSUSE follow:
* There is only one small change to the language, a very small
correction to the scope of type parameters in method
declarations. Existing programs are unaffected.
* The Go memory model has been revised to align Go with the
memory model used by C, C++, Java, JavaScript, Rust, and
Swift. Go only provides sequentially consistent atomics, not
any of the more relaxed forms found in other languages. Along
with the memory model update, Go 1.19 introduces new types in
the sync/atomic package that make it easier to use atomic
values, such as atomic.Int64 and atomic.Pointer[T].
* go1.19 adds support for the Loongson 64-bit architecture
LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI
implemented is LP64D. Minimum kernel version supported is 5.19.
* The riscv64 port now supports passing function arguments and
result using registers. Benchmarking shows typical performance
improvements of 10% or more on riscv64.
* Go 1.19 adds support for links, lists, and clearer headings in
doc comments. As part of this change, gofmt now reformats doc
comments to make their rendered meaning clearer. See "Go Doc
Comments" for syntax details and descriptions of common
mistakes now highlighted by gofmt. As another part of this
change, the new package go/doc/comment provides parsing and
reformatting of doc comments as well as support for rendering
them to HTML, Markdown, and text.
* The new build constraint "unix" is now recognized in //go:build
lines. The constraint is satisfied if the target operating
system, also known as GOOS, is a Unix or Unix-like system. For
the 1.19 release it is satisfied if GOOS is one of aix,
android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux,
netbsd, openbsd, or solaris. In future releases the unix
constraint may match additional newly supported operating
systems.
* The -trimpath flag, if set, is now included in the build
settings stamped into Go binaries by go build, and can be
examined using go version -m or debug.ReadBuildInfo.
* go generate now sets the GOROOT environment variable explicitly
in the generator's environment, so that generators can locate
the correct GOROOT even if built with -trimpath.
* go test and go generate now place GOROOT/bin at the beginning
of the PATH used for the subprocess, so tests and generators
that execute the go command will resolve it to same GOROOT.
* go env now quotes entries that contain spaces in the
CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS,
CGO_LDFLAGS, and GOGCCFLAGS variables it reports.
* go list -json now accepts a comma-separated list of JSON fields
to populate. If a list is specified, the JSON output will
include only those fields, and go list may avoid work to
compute fields that are not included. In some cases, this may
suppress errors that would otherwise be reported.
* The go command now caches information necessary to load some
modules, which should result in a speed-up of some go list
invocations.
* The vet checker "errorsas" now reports when errors.As is called
with a second argument of type *error, a common mistake.
* The runtime now includes support for a soft memory limit. This
memory limit includes the Go heap and all other memory managed
by the runtime, and excludes external memory sources such as
mappings of the binary itself, memory managed in other
languages, and memory held by the operating system on behalf of
the Go program. This limit may be managed via
runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT
environment variable. The limit works in conjunction with
runtime/debug.SetGCPercent / GOGC, and will be respected even
if GOGC=off, allowing Go programs to always make maximal use of
their memory limit, improving resource efficiency in some
cases.
* In order to limit the effects of GC thrashing when the
program's live heap size approaches the soft memory limit, the
Go runtime also attempts to limit total GC CPU utilization to
50%, excluding idle time, choosing to use more memory over
preventing application progress. In practice, we expect this
limit to only play a role in exceptional cases, and the new
runtime metric /gc/limiter/last-enabled:gc-cycle reports when
this last occurred.
* The runtime now schedules many fewer GC worker goroutines on
idle operating system threads when the application is idle
enough to force a periodic GC cycle.
* The runtime will now allocate initial goroutine stacks based on
the historic average stack usage of goroutines. This avoids
some of the early stack growth and copying needed in the
average case in exchange for at most 2x wasted space on
below-average goroutines.
* On Unix operating systems, Go programs that import package os
now automatically increase the open file limit (RLIMIT_NOFILE)
to the maximum allowed value; that is, they change the soft
limit to match the hard limit. This corrects artificially low
limits set on some systems for compatibility with very old C
programs using the select system call. Go programs are not
helped by that limit, and instead even simple programs like
gofmt often ran out of file descriptors on such systems when
processing many files in parallel. One impact of this change is
that Go programs that in turn execute very old C programs in
child processes may run those programs with too high a
limit. This can be corrected by setting the hard limit before
invoking the Go program.
* Unrecoverable fatal errors (such as concurrent map writes, or
unlock of unlocked mutexes) now print a simpler traceback
excluding runtime metadata (equivalent to a fatal panic) unless
GOTRACEBACK=system or crash. Runtime-internal fatal error
tracebacks always include full metadata regardless of the value
of GOTRACEBACK
* Support for debugger-injected function calls has been added on
ARM64, enabling users to call functions from their binary in an
interactive debugging session when using a debugger that is
updated to make use of this functionality.
* The address sanitizer support added in Go 1.18 now handles
function arguments and global variables more precisely.
* The compiler now uses a jump table to implement large integer
and string switch statements. Performance improvements for the
switch statement vary but can be on the order of 20%
faster. (GOARCH=amd64 and GOARCH=arm64 only)
* The Go compiler now requires the -p=importpath flag to build a
linkable object file. This is already supplied by the go
command and by Bazel. Any other build systems that invoke the
Go compiler directly will need to make sure they pass this flag
as well.
* The Go compiler no longer accepts the -importmap flag. Build
systems that invoke the Go compiler directly must use the
-importcfg flag instead.
* Like the compiler, the assembler now requires the -p=importpath
flag to build a linkable object file. This is already supplied
by the go command. Any other build systems that invoke the Go
assembler directly will need to make sure they pass this flag
as well.
* Command and LookPath no longer allow results from a PATH search
to be found relative to the current directory. This removes a
common source of security problems but may also break existing
programs that depend on using, say, exec.Command("prog") to run
a binary named prog (or, on Windows, prog.exe) in the current
directory. See the os/exec package documentation for
information about how best to update such programs.
* On Windows, Command and LookPath now respect the
NoDefaultCurrentDirectoryInExePath environment variable, making
it possible to disable the default implicit search of “.” in
PATH lookups on Windows systems.
* crypto/elliptic: Operating on invalid curve points (those for
which the IsOnCurve method returns false, and which are never
returned by Unmarshal or by a Curve method operating on a valid
point) has always been undefined behavior and can lead to key
recovery attacks. If an invalid point is supplied to Marshal,
MarshalCompressed, Add, Double, or ScalarMult, they will now
panic. ScalarBaseMult operations on the P224, P384, and P521
curves are now up to three times faster, leading to similar
speedups in some ECDSA operations. The generic (not platform
optimized) P256 implementation was replaced with one derived
from a formally verified model; this might lead to significant
slowdowns on 32-bit platforms.
* crypto/rand: Read no longer buffers random data obtained from
the operating system between calls. Applications that perform
many small reads at high frequency might choose to wrap Reader
in a bufio.Reader for performance reasons, taking care to use
io.ReadFull to ensure no partial reads occur. The Prime
implementation was changed to use only rejection sampling,
which removes a bias when generating small primes in
non-cryptographic contexts, removes one possible minor timing
leak, and better aligns the behavior with BoringSSL, all while
simplifying the implementation. The change does produce
different outputs for a given random source stream compared to
the previous implementation, which can break tests written
expecting specific results from specific deterministic random
sources. To help prevent such problems in the future, the
implementation is now intentionally non-deterministic with
respect to the input stream.
* crypto/tls: The GODEBUG option tls10default=1 has been
removed. It is still possible to enable TLS 1.0 client-side by
setting Config.MinVersion. The TLS server and client now reject
duplicate extensions in TLS handshakes, as required by RFC
5246, Section 7.4.1.4 and RFC 8446, Section 4.2.
* crypto/x509: CreateCertificate no longer supports creating
certificates with SignatureAlgorithm set to
MD5WithRSA. CreateCertificate no longer accepts negative serial
numbers. CreateCertificate will not emit an empty SEQUENCE
anymore when the produced certificate has no
extensions. ParseCertificate and ParseCertificateRequest now
reject certificates and CSRs which contain duplicate
extensions. The new CertPool.Clone and CertPool.Equal methods
allow cloning a CertPool and checking the equivalence of two
CertPools respectively. The new function ParseRevocationList
provides a faster, safer to use CRL parser which returns a
RevocationList. Parsing a CRL also populates the new
RevocationList fields RawIssuer, Signature, AuthorityKeyId, and
Extensions, which are ignored by CreateRevocationList. The new
method RevocationList.CheckSignatureFrom checks that the
signature on a CRL is a valid signature from a Certificate. The
ParseCRL and ParseDERCRL functions are now deprecated in favor
of ParseRevocationList. The Certificate.CheckCRLSignature
method is deprecated in favor of
RevocationList.CheckSignatureFrom. The path builder of
Certificate.Verify was overhauled and should now produce better
chains and/or be more efficient in complicated scenarios. Name
constraints are now also enforced on non-leaf certificates.
* crypto/x509/pkix: The types CertificateList and
TBSCertificateList have been deprecated. The new crypto/x509
CRL functionality should be used instead.
* debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support
the loong64 port.
* debug/pe: The new File.COFFSymbolReadSectionDefAux method,
which returns a COFFSymbolAuxFormat5, provides access to COMDAT
information in PE file sections. These are supported by new
IMAGE_COMDAT_* and IMAGE_SCN_* constants.
* runtime: The GOROOT function now returns the empty string
(instead of "go") when the binary was built with the -trimpath
flag set and the GOROOT variable is not set in the process
environment.
* runtime/metrics: The new /sched/gomaxprocs:threads metric
reports the current runtime.GOMAXPROCS value. The new
/cgo/go-to-c-calls:calls metric reports the total number of
calls made from Go to C. This metric is identical to the
runtime.NumCgoCall function. The new
/gc/limiter/last-enabled:gc-cycle metric reports the last GC
cycle when the GC CPU limiter was enabled. See the runtime
notes for details about the GC CPU limiter.
* runtime/pprof: Stop-the-world pause times have been
significantly reduced when collecting goroutine profiles,
reducing the overall latency impact to the application. MaxRSS
is now reported in heap profiles for all Unix operating systems
(it was previously only reported for GOOS=android, darwin, ios,
and linux).
* runtime/race: The race detector has been upgraded to use thread
sanitizer version v3 on all supported platforms except
windows/amd64 and openbsd/amd64, which remain on v2. Compared
to v2, it is now typically 1.5x to 2x faster, uses half as much
memory, and it supports an unlimited number of goroutines. On
Linux, the race detector now requires at least glibc version
2.17 and GNU binutils 2.26. The race detector is now supported
on GOARCH=s390x. Race detector support for openbsd/amd64 has
been removed from thread sanitizer upstream, so it is unlikely
to ever be updated from v2.
* runtime/trace: When tracing and the CPU profiler are enabled
simultaneously, the execution trace includes CPU profile
samples as instantaneous events.
* syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6,
RawSyscall, and RawSyscall6 now always return 0 for return
value r2 instead of an undefined value. On AIX and Solaris,
Getrusage is now defined.
- Trace viewer html and javascript files moved from misc/trace in
previous versions to src/cmd/trace/static in go1.19.
* Added files with mode 0644:
/usr/share/go/1.19/src/cmd/trace/static
/usr/share/go/1.19/src/cmd/trace/static/README.md
/usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html
/usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js
</description>
</patchinfo>
