commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2024-02-27 22:49:33
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.1770 (New)
Package is "go1.19"
Tue Feb 27 22:49:33 2024 rev:20 rq:1152299 version:1.19.13
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-09-10
13:09:36.397217581 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.1770/go1.19.changes 2024-02-27
22:49:45.321576914 +0100
@@ -1,0 +2,5 @@
+Tue Feb 27 11:32:47 UTC 2024 - Dominique Leuenberger
+
+- Use %patch -P N instead of deprecated %patchN.
+
+---
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.4TJbDv/_old 2024-02-27 22:49:46.237610116 +0100
+++ /var/tmp/diff_new_pack.4TJbDv/_new 2024-02-27 22:49:46.241610261 +0100
@@ -241,14 +241,14 @@
# go
%setup -q -n go
-%patch7 -p1
+%patch -P 7 -p1
%if %{with gccgo}
# Currently gcc-go does not manage an update-alternatives entry and will
# never be symlinked as "go", even if gcc-go is the only installed go
toolchain.
# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8
# Substitute defined gcc_go_version into gcc-go.patch
sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch
-%patch8 -p1
+%patch -P 8 -p1
%endif
cp %{SOURCE4} .
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2023-09-10 13:09:24
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.1766 (New)
Package is "go1.19"
Sun Sep 10 13:09:24 2023 rev:19 rq:1109620 version:1.19.13
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-08-03
17:27:10.794818097 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.1766/go1.19.changes 2023-09-10
13:09:36.397217581 +0200
@@ -1,0 +2,23 @@
+Wed Sep 6 15:08:50 UTC 2023 - Jeff Kowalczyk
+
+- go1.19.13 (released 2023-09-06) includes fixes to the go command,
+ and the crypto/tls and net/http packages.
+ Refs boo#1200441 go1.19 release tracking
+ * go#61197 cmd/go: extended forwards compatibility for Go
+ * go#61825 net/http: go 1.20.6 host validation breaks setting Host to a unix
socket address
+ * go#61968 crypto/tls: add GODEBUG to control max RSA key size
+
+---
+Tue Sep 5 19:12:05 UTC 2023 - Jeff Kowalczyk
+
+- Add missing directory pprof html asset directory to package.
+ Refs boo#1215090
+ * src/cmd/vendor/github.com/google/pprof/internal/driver/html/
+dir containing html assets is present in upstream Go
+distribution but missing from SUSE go1.x packages
+ * Go programs importing runtime/pprof may fail with error:
+
/usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
+pattern html: no matching files found
+ * Reformat adjacent commment in spec file
+
+---
Old:
go1.19.12.src.tar.gz
New:
go1.19.13.src.tar.gz
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.Q2n8YK/_old 2023-09-10 13:09:38.193281749 +0200
+++ /var/tmp/diff_new_pack.Q2n8YK/_new 2023-09-10 13:09:38.197281892 +0200
@@ -134,7 +134,7 @@
%endif
Name: go1.19
-Version:1.19.12
+Version:1.19.13
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
@@ -348,14 +348,14 @@
done
# executable bash scripts called by go tool, etc
find src -name "*.bash" -exec install -Dm655 \{\}
%{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
-# # Trace viewer html and javascript files moved from misc/trace in
-# # previous versions to src/cmd/trace/static in go1.19.
-# # static contains pprof trace viewer html javascript and markdown
-# echo "PWD:" `pwd`
-# echo "GOROOT:" $GOROOT
-# mkdir -v -p $GOROOT/src/cmd/trace/static
+# Trace viewer html and javascript files moved from misc/trace in
+# previous versions to src/cmd/trace/static in go1.19.
+# static contains pprof trace viewer html javascript and markdown
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static
install -Dm644 src/cmd/trace/static/*
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static
+# pprof viewer html templates are needed for import runtime/pprof
+install -d
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
+install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/*
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
mkdir -p $GOROOT/src
for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do
@@ -450,7 +450,7 @@
%if %{with_shared}
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
-# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so
+# ./go/1.19/pkg/linux_amd64_dynlink/libstd.so
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
%endif
%endif
++ go1.19.12.src.tar.gz -> go1.19.13.src.tar.gz ++
/work/SRC/openSUSE:Factory/go1.19/go1.19.12.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.19.new.1766/go1.19.13.src.tar.gz differ: char
120, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-08-03 17:27:09 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.22712 (New) Package is "go1.19" Thu Aug 3 17:27:09 2023 rev:18 rq:1101872 version:1.19.12 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-07-14 15:35:33.817909051 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.22712/go1.19.changes 2023-08-03 17:27:10.794818097 +0200 @@ -1,0 +2,13 @@ +Tue Aug 1 20:35:02 UTC 2023 - Jeff Kowalczyk + +- go1.19.12 (released 2023-08-01) includes a security fix to the + crypto/tls package, as well as bug fixes to the assembler and the + compiler. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29409 + * go#61579 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits + * go#61319 cmd/compile: ppc64le: sign extension issue in go 1.21rc2 + * go#61448 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64 + * go#61470 cmd/compile: failed to make Go on riscv64 CPU with numa + +--- Old: go1.19.11.src.tar.gz New: go1.19.12.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.ANhYxK/_old 2023-08-03 17:27:11.626823133 +0200 +++ /var/tmp/diff_new_pack.ANhYxK/_new 2023-08-03 17:27:11.634823181 +0200 @@ -134,7 +134,7 @@ %endif Name: go1.19 -Version:1.19.11 +Version:1.19.12 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.11.src.tar.gz -> go1.19.12.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.11.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.22712/go1.19.12.src.tar.gz differ: char 120, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-07-14 15:35:31 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.3193 (New) Package is "go1.19" Fri Jul 14 15:35:31 2023 rev:17 rq:1098260 version:1.19.11 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-06-08 21:41:41.837685239 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.3193/go1.19.changes 2023-07-14 15:35:33.817909051 +0200 @@ -1,0 +2,17 @@ +Tue Jul 11 17:50:52 UTC 2023 - Jeff Kowalczyk + +- go1.19.11 (released 2023-07-11) includes a security fix to the + net/http package, as well as bug fixes to cgo, the cover tool, + the go command, the runtime, and the go/printer package. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29406 + * go#61075 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header + * go#60351 cmd/go: go mod tidy introduces ambiguous imports in pruned modules + * go#60637 cmd/pprof: skip TestDisasm flaky failures on linux/arm64 + * go#60697 cmd/go: go list fails with submodules which have test-only dependencies + * go#60710 cmd/go: go list -export -e outputs errors to stderr and has non-zero exit code + * go#60844 runtime: SIGSEGV in race + coverage mode + * go#60948 runtime: goroutines that stop after calling runtime.RaceDisable break race detector + * go#61054 runtime: TestWindowsStackMemory flakes on windows-386-2016 + +--- Old: go1.19.10.src.tar.gz New: go1.19.11.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.6mzAig/_old 2023-07-14 15:35:35.477918706 +0200 +++ /var/tmp/diff_new_pack.6mzAig/_new 2023-07-14 15:35:35.481918730 +0200 @@ -134,7 +134,7 @@ %endif Name: go1.19 -Version:1.19.10 +Version:1.19.11 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.10.src.tar.gz -> go1.19.11.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.10.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.3193/go1.19.11.src.tar.gz differ: char 13, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-06-08 21:41:39 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.15902 (New) Package is "go1.19" Thu Jun 8 21:41:39 2023 rev:16 rq:1091159 version:1.19.10 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-05-04 17:10:05.412194812 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.15902/go1.19.changes 2023-06-08 21:41:41.837685239 +0200 @@ -1,0 +2,16 @@ +Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk + +- go1.19.10 (released 2023-06-06) includes four security fixes to + the cmd/go and runtime packages, as well as bug fixes to the + compiler, the go command, and the runtime. + Refs boo#1200441 go1.19 release tracking + CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 + * go#60515 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection + * go#60517 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries + * go#60511 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS + * go#60513 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS + * go#59974 cmd/compile: multiple memories live at block start + * go#6 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies + * go#60457 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate + +--- Old: go1.19.9.src.tar.gz New: go1.19.10.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.qugnPW/_old 2023-06-08 21:41:42.801690920 +0200 +++ /var/tmp/diff_new_pack.qugnPW/_new 2023-06-08 21:41:42.805690944 +0200 @@ -134,7 +134,7 @@ %endif Name: go1.19 -Version:1.19.9 +Version:1.19.10 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.9.src.tar.gz -> go1.19.10.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.9.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.15902/go1.19.10.src.tar.gz differ: char 13, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2023-05-04 17:09:56
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.1533 (New)
Package is "go1.19"
Thu May 4 17:09:56 2023 rev:15 rq:1084542 version:1.19.9
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-04-18
15:52:02.589126542 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.1533/go1.19.changes 2023-05-04
17:10:05.412194812 +0200
@@ -1,0 +2,60 @@
+Wed May 3 23:07:16 UTC 2023 - Jeff Kowalczyk
+
+- Revert re-enable binary stripping and debuginfo boo#1210938.
+ go1.19 and earlier store pre-compiled packages in $GOROOT/pkg as
+ Go .a files which are not ar archives. These .a are incorrectly
+ passed to strip by brp-15-strip-debug. strip incorrectly modifies
+ Go .a files rendering them invalid. Some Go applications fail to
+ build with "reference to nonexistent package" errors.
+ Refs boo#1210938 boo#1211073
+ * go1.19 and earlier store pre-compiled packages for the standard
+library as .a files under pkg/GOARCH[_{dynlink,race}].
+ * Go emitted .a files are a Go specific format, not ar archives.
+ * go1.10+ stores recently built packages in build cache GOCACHE.
+These are separate from the installed packages in $GOROOT/pkg.
+ * Go build cache objects use a different file format than Go .a.
+ * go1.20+ switches to the GOCACHE for both recently built
+packages and the installed packages in $GOROOT/pkg.
+ * Current versions of readelf detect Go .a files correctly, e.g.:
+readelf -d /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a
+File: /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a(__.PKGDEF )
+readelf: Error: This is a GO binary file - try using 'go tool objdump' or
'go tool nm'
+ * binutils strip as of 2.40 detects Go .a files correctly, but
+incorrectly modifies the .a files altering path resulting in
+"reference to nonexistent package" errors.
+ * brp_check_suse/brp-15-strip-debug passes files to strip based
+primarily on the file extension including .a.
+
+---
+Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk
+
+- go1.19.9 (released 2023-05-02) includes three security fixes to
+ the html/template package, as well as bug fixes to the compiler,
+ the runtime, and the crypto/tls and syscall packages.
+ Refs boo#1200441 go1.19 release tracking
+ CVE-2023-29400 CVE-2023-24540 CVE-2023-24539
+ * go#59811 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template:
improper sanitization of CSS values
+ * go#59813 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template:
improper handling of JavaScript whitespace
+ * go#59815 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template:
improper handling of empty HTML attributes
+ * go#59063 runtime: automatically bump RLIMIT_NOFILE on Unix
+ * go#59158 cmd/compile: inlining function that references function literals
generates bad code
+ * go#59373 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write
+ * go#59539 crypto/tls: TLSv1.3 connection fails with invalid PSK binder
+ * go#59579 cmd/compile: incorrect inline function variable
+
+---
+Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk
+
+- Packaging revert go1.x Suggests go1.x-race boo#1210963
+ * Upstream go binary distributions do include race detector .syso
+ * Default Recommends for subpackages is best suited in this case
+
+---
+Fri Apr 28 23:47:22 UTC 2023 - Jeff Kowalczyk
+
+- Packaging improvements:
+ * Re-enable binary stripping and debuginfo boo#1210938
+ * go1.x Suggests go1.x-race do not install by default boo#1210963
+ * Use Group: Development/Languages/Go instead of Other
+
+---
Old:
go1.19.8.src.tar.gz
New:
go1.19.9.src.tar.gz
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.zLw85X/_old 2023-05-04 17:10:06.184199332 +0200
+++ /var/tmp/diff_new_pack.zLw85X/_new 2023-05-04 17:10:06.188199356 +0200
@@ -134,7 +134,7 @@
%endif
Name: go1.19
-Version:1.19.8
+Version:1.19.9
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
++ go1.19.8.src.tar.gz -> go1.19.9.src.tar.gz ++
/work/SRC/openSUSE:Factory/go1.19/go1.19.8.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.19.new.1533/go1.19.9.src.tar.gz differ: char
120, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2023-04-18 15:52:01
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.2023 (New)
Package is "go1.19"
Tue Apr 18 15:52:01 2023 rev:14 rq:1079837 version:1.19.8
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-04-15
23:08:35.373825621 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.2023/go1.19.changes 2023-04-18
15:52:02.589126542 +0200
@@ -1,0 +2,41 @@
+Fri Apr 14 23:41:22 UTC 2023 - Jeff Kowalczyk
+
+- Build subpackage go1.1x-libstd compiled shared object libstd.so
+ only on Tumbleweed at this time.
+ Refs jsc#PED-1962
+
+---
+Fri Apr 14 23:20:06 UTC 2023 - Jeff Kowalczyk
+
+- Add subpackage go1.x-libstd for compiled shared object libstd.so.
+ Refs jsc#PED-1962
+ * Main go1.x package included libstd.so in previous versions
+ * Split libstd.so into subpackage that can be installed standalone
+ * Continues the slimming down of main go1.x package by 40 Mb
+ * Experimental and not recommended for general use, Go currently has no ABI
+ * Upstream Go has not committed to support buildmode=shared long-term
+ * Do not use in packaging, build static single binaries (the default)
+ * Upstream Go go1.x binary releases do not include libstd.so
+ * go1.x Suggests go1.x-libstd so not installed by default Recommends
+ * go1.x-libstd does not Require: go1.x so can install standalone
+ * Provides go-libstd unversioned package name
+ * Fix build step -buildmode=shared std to omit -linkshared
+- Packaging improvements:
+ * go1.x Suggests go1.x-doc so not installed by default Recommends
+ * Use Group: Development/Languages/Go instead of Other
+
+---
+Fri Apr 14 23:06:51 UTC 2023 - Jeff Kowalczyk
+
+- Improvements to go1.x packaging spec:
+ * On Tumbleweed bootstrap with current default gcc13 and gccgo118
+ * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
+using go1.x package (%bcond_without gccgo). This is no longer
+needed on current SLE-12:Update and removing will consolidate
+the build configurations used.
+ * Change source URLs to go.dev as per Go upstream
+ * On x86_64 export GOAMD64=v1 as per the current baseline.
+At this time forgo GOAMD64=v3 option for x86_64_v3 support.
+ * On x86_64 %define go_amd64=v1 as current instruction baseline
+
+---
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.tJ8Wbw/_old 2023-04-18 15:52:03.321130757 +0200
+++ /var/tmp/diff_new_pack.tJ8Wbw/_new 2023-04-18 15:52:03.325130781 +0200
@@ -24,29 +24,25 @@
%undefine _build_create_debug
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true
-# Used to bootstrap go toolchain with specific existing package
-%define go_bootstrap_version go1.16
-
-# Used to bootstrap go toolchain using specific version of gcc-go
+# Specify Go toolchain version used to bootstrap this package's Go toolchain
+# go_bootstrap_version bootstrap go toolchain with specific existing go1.x
package
+# gcc_go_version bootstrap go toolchain with specific version of gcc-go
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
+# Usually ahead of bootstrap version specified by upstream Go
+# Use Tumbleweed default gccgo and N-1 go1.x for testing
%define gcc_go_version 13
+%define go_bootstrap_version go1.18
%else
+# Use gccgo and go1.x specified by upstream Go
%define gcc_go_version 11
+%define go_bootstrap_version go1.17
%endif
# Bootstrap go toolchain using existing go package go_bootstrap_version
# To bootstrap using gccgo use '--with gccgo'
%bcond_with gccgo
-# Boostrapping using existing go package can fail on certain SLE-12
architectures
-# Override here as needed
-%if 0%{?suse_version} == 1315
-%ifarch aarch64 ppc64le ppc64
-%bcond_without gccgo
-%endif
-%endif
-
# gccgo on ppc64le with default PIE enabled fails with:
# error while loading shared libraries:
# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
@@ -74,7 +70,7 @@
#
# In order to update the TSAN version, modify _service. See boo#1052528 for
# more details.
-%ifarch x86_64
+%ifarch x86_64 %{?x86_64}
%define tsan_commit 127e59048cd3d8dbb80c14b3036918c114089529
%else
%define tsan_commit 41cb504b7c4b18ac15830107431a0c1eec73a6b2
@@ -115,6 +111,8 @@
%endif
%ifarch x86_64
%define go_arch amd64
+# set GOAMD64 consistently
+%define go_amd64 v1
%endif
%ifarch aarch64
%define go_arch arm64
@@ -140,9 +138,9 @@
Release:0
Summ
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2023-04-15 23:08:34
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.19717 (New)
Package is "go1.19"
Sat Apr 15 23:08:34 2023 rev:13 rq:1079525 version:1.19.8
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-04-07
18:16:16.800529428 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.19717/go1.19.changes 2023-04-15
23:08:35.373825621 +0200
@@ -1,0 +2,5 @@
+Thu Apr 13 04:58:20 UTC 2023 - Martin Liška
+
+- Use gcc13 compiler for Tumbleweed.
+
+---
@@ -10,4 +15,4 @@
- * go#59267 go#58975 boo#1210127 net/http, net/textproto: denial of service
from excessive memory allocation â(CVE-2023-24534)
- * go#59269 go#59153 boo#1210128 net/http, net/textproto, mime/multipart:
denial of service from excessive resource consumption (CVE-2023-24536)
- * go#59273 go#59180 boo#1210129 go/parser: infinite loop in parsing
(CVE-2023-24537)
- * go#59271 go#59234 boo#1210130 html/template: backticks not treated as
string delimiters (CVE-2023-24538)
+ * go#59267 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http,
net/textproto: denial of service from excessive memory allocation
+ * go#59269 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http,
net/textproto, mime/multipart: denial of service from excessive resource
consumption
+ * go#59273 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser:
infinite loop in parsing
+ * go#59271 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template:
backticks not treated as string delimiters
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.VOLAtR/_old 2023-04-15 23:08:36.757833655 +0200
+++ /var/tmp/diff_new_pack.VOLAtR/_new 2023-04-15 23:08:36.761833678 +0200
@@ -30,7 +30,7 @@
# Used to bootstrap go toolchain using specific version of gcc-go
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
-%define gcc_go_version 12
+%define gcc_go_version 13
%else
%define gcc_go_version 11
%endif
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-04-07 18:16:16 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.19717 (New) Package is "go1.19" Fri Apr 7 18:16:16 2023 rev:12 rq:1077384 version:1.19.8 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-03-09 17:44:42.578578854 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.19717/go1.19.changes 2023-04-07 18:16:16.800529428 +0200 @@ -1,0 +2,21 @@ +Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk + +- go1.19.8 (released 2023-04-04) includes security fixes to the + go/parser, html/template, mime/multipart, net/http, and + net/textproto packages, as well as bug fixes to the linker, the + runtime, and the time package. + Refs boo#1200441 go1.19 release tracking + CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 + * go#59267 go#58975 boo#1210127 net/http, net/textproto: denial of service from excessive memory allocation â(CVE-2023-24534) + * go#59269 go#59153 boo#1210128 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) + * go#59273 go#59180 boo#1210129 go/parser: infinite loop in parsing (CVE-2023-24537) + * go#59271 go#59234 boo#1210130 html/template: backticks not treated as string delimiters (CVE-2023-24538) + * go#58937 cmd/go: timeout on darwin-amd64-race builder + * go#58939 runtime/pprof: TestLabelSystemstack due to sample with no location + * go#58941 internal/testpty: fails on some Linux machines due to incorrect error handling + * go#59050 cmd/link: linker fails on linux/amd64 when gcc's lto options are used + * go#59058 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation + * go#59074 time: time zone lookup using extend string makes wrong start time for non-DST zones + * go#59219 runtime: crash on linux-ppc64le + +--- Old: go1.19.7.src.tar.gz New: go1.19.8.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.CZ2fJa/_old 2023-04-07 18:16:17.464533252 +0200 +++ /var/tmp/diff_new_pack.CZ2fJa/_new 2023-04-07 18:16:17.468533276 +0200 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.7 +Version:1.19.8 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.7.src.tar.gz -> go1.19.8.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.7.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.19717/go1.19.8.src.tar.gz differ: char 120, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-03-09 17:44:40 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.31432 (New) Package is "go1.19" Thu Mar 9 17:44:40 2023 rev:11 rq:1070082 version:1.19.7 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-02-17 16:43:52.978483498 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.31432/go1.19.changes 2023-03-09 17:44:42.578578854 +0100 @@ -1,0 +2,16 @@ +Tue Mar 7 18:03:10 UTC 2023 - Jeff Kowalczyk + +- go1.19.7 (released 2023-03-07) includes a security fix to the + crypto/elliptic package, as well as bug fixes to the linker, the + runtime, and the crypto/x509 and syscall packages. + Refs boo#1200441 go1.19 release tracking + CVE-2023-24532 + * go#58719 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results + * go#58441 runtime: some linkname signatures do not match + * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' + * go#58535 runtime: long latency of sweep assists + * go#58716 net: TestTCPSelfConnect failures due to unexpected connections + * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows + * go#58810 crypto/x509: TestSystemVerify consistently failing + +--- Old: go1.19.6.src.tar.gz New: go1.19.7.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.FnkDDV/_old 2023-03-09 17:44:43.422583346 +0100 +++ /var/tmp/diff_new_pack.FnkDDV/_new 2023-03-09 17:44:43.430583388 +0100 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.6 +Version:1.19.7 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.6.src.tar.gz -> go1.19.7.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.6.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.31432/go1.19.7.src.tar.gz differ: char 119, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2023-02-17 16:43:49
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.22824 (New)
Package is "go1.19"
Fri Feb 17 16:43:49 2023 rev:10 rq:1066111 version:1.19.6
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2023-01-11
17:14:29.347629508 +0100
+++ /work/SRC/openSUSE:Factory/.go1.19.new.22824/go1.19.changes 2023-02-17
16:43:52.978483498 +0100
@@ -1,0 +2,20 @@
+Tue Feb 14 18:28:32 UTC 2023 - Jeff Kowalczyk
+
+- go1.19.6 (released 2023-02-14) includes security fixes to the
+ crypto/tls, mime/multipart, net/http, and path/filepath packages,
+ as well as bug fixes to the go command, the linker, the runtime,
+ and the crypto/x509, net/http, and time packages.
+ Refs boo#1200441 go1.19 release tracking
+ CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725
+ * go#57275 boo#1208269 security: fix CVE-2022-41722
+ * go#58355 boo#1208270 security: fix CVE-2022-41723
+ * go#58358 boo#1208271 security: fix CVE-2022-41724
+ * go#58362 boo#1208272 security: fix CVE-2022-41725
+ * go#56154 net/http: bad handling of HEAD requests with a body
+ * go#57635 crypto/x509: TestBoringAllowCert failures
+ * go#57812 runtime: performance regression due to bad instruction used in
morestack_noctxt for ppc64 in CL 425396
+ * go#58118 time: update zoneinfo_abbrs on Windows
+ * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections
+ * go#58449 cmd/go/internal/modfetch:
TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing
+
+---
Old:
go1.19.5.src.tar.gz
New:
go1.19.6.src.tar.gz
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.3ZBZxU/_old 2023-02-17 16:43:53.670487395 +0100
+++ /var/tmp/diff_new_pack.3ZBZxU/_new 2023-02-17 16:43:53.678487440 +0100
@@ -136,7 +136,7 @@
%endif
Name: go1.19
-Version:1.19.5
+Version:1.19.6
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
@@ -223,8 +223,8 @@
%else
%setup -q -T -b 101 -n llvm-%{tsan_commit}
%endif
-
%endif
+
# go
%setup -q -n go
%patch7 -p1
++ go1.19.5.src.tar.gz -> go1.19.6.src.tar.gz ++
/work/SRC/openSUSE:Factory/go1.19/go1.19.5.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.19.new.22824/go1.19.6.src.tar.gz differ: char
12, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2023-01-11 17:14:22 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.32243 (New) Package is "go1.19" Wed Jan 11 17:14:22 2023 rev:9 rq:1057694 version:1.19.5 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-12-08 16:50:11.079175759 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.32243/go1.19.changes 2023-01-11 17:14:29.347629508 +0100 @@ -1,0 +2,26 @@ +Tue Jan 10 22:13:49 UTC 2023 - Jeff Kowalczyk + +- go1.19.5 (released 2023-01-10) includes fixes to the compiler, + the linker, and the crypto/x509, net/http, sync/atomic, and + syscall packages. + Refs boo#1200441 go1.19 release tracking + * go#57706 Misc/cgo: backport needed for dlltool fix + * go#57556 crypto/x509: re-allow duplicate attributes in CSRs + * go#57444 cmd/link: need to handle new-style LoongArch relocs + * go#57427 crypto/x509: Verify on macOS does not return typed errors + * go#57345 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its "old" argument. + * go#57339 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices + * go#57214 os: TestLstat failure on Linux Aarch64 + * go#57212 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length + * go#57124 sync/atomic: allow linked lists of atomic.Pointer + * go#57100 cmd/compile: non-retpoline-compatible errors + * go#57058 cmd/go: remove test dependency on gopkg.in service + * go#57055 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders + * go#56983 runtime: failure in TestRaiseException on windows-amd64-2012 + * go#56834 cmd/link/internal/ppc64: too-far trampoline is reused + * go#56770 cmd/compile: walkConvInterface produces broken IR + * go#56744 cmd/compile: internal compiler error: missing typecheck + * go#56712 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target + * go#56154 net/http: bad handling of HEAD requests with a body + +--- Old: go1.19.4.src.tar.gz New: go1.19.5.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.Rwi2JK/_old 2023-01-11 17:14:30.079633767 +0100 +++ /var/tmp/diff_new_pack.Rwi2JK/_new 2023-01-11 17:14:30.083633790 +0100 @@ -1,7 +1,7 @@ # # spec file for package go1.19 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.4 +Version:1.19.5 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.4.src.tar.gz -> go1.19.5.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.4.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.32243/go1.19.5.src.tar.gz differ: char 12, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-12-08 16:50:01 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.1835 (New) Package is "go1.19" Thu Dec 8 16:50:01 2022 rev:8 rq:1041235 version:1.19.4 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-11-02 12:46:46.817458009 +0100 +++ /work/SRC/openSUSE:Factory/.go1.19.new.1835/go1.19.changes 2022-12-08 16:50:11.079175759 +0100 @@ -1,0 +2,22 @@ +Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk + +- go1.19.4 (released 2022-12-06) includes security fixes to the + net/http and os packages, as well as bug fixes to the compiler, + the runtime, and the crypto/x509, os/exec, and sync/atomic + packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41717 CVE-2022-41720 + * go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries + * go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows + * go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate + * go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com + * go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072 + * go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions. + * go#56636 runtime: traceback stuck in runtime.systemstack + * go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable" + * go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8) + * go#56438 crypto/x509: respect GODEBUG changes during program lifetime + * go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter + * go#56360 cmd/compile: panic: offset too large + +--- Old: go1.19.3.src.tar.gz New: go1.19.4.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.j9G8IH/_old 2022-12-08 16:50:11.763179258 +0100 +++ /var/tmp/diff_new_pack.j9G8IH/_new 2022-12-08 16:50:11.767179279 +0100 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.3 +Version:1.19.4 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.3.src.tar.gz -> go1.19.4.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.3.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.1835/go1.19.4.src.tar.gz differ: char 19, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-11-02 12:46:30 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.2275 (New) Package is "go1.19" Wed Nov 2 12:46:30 2022 rev:7 rq:1032744 version:1.19.3 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-10-10 18:44:14.750827755 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.2275/go1.19.changes 2022-11-02 12:46:46.817458009 +0100 @@ -1,0 +2,13 @@ +Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk + +- go1.19.3 (released 2022-11-01) includes security fixes to the + os/exec and syscall packages, as well as bug fixes to the + compiler and the runtime. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41716 + * go#56328 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables + * go#56309 runtime: "runtime??lock: lock count" fatal error when cgo is enabled + * go#56168 cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch + * go#56106 internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing + +--- Old: go1.19.2.src.tar.gz New: go1.19.3.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.uHkZeO/_old 2022-11-02 12:46:48.509466598 +0100 +++ /var/tmp/diff_new_pack.uHkZeO/_new 2022-11-02 12:46:48.517466638 +0100 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.2 +Version:1.19.3 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.2.src.tar.gz -> go1.19.3.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.2.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.2275/go1.19.3.src.tar.gz differ: char 19, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-10-10 18:43:54 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.2275 (New) Package is "go1.19" Mon Oct 10 18:43:54 2022 rev:6 rq:1008078 version:1.19.2 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-09-08 14:21:35.410380039 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.2275/go1.19.changes 2022-10-10 18:44:14.750827755 +0200 @@ -1,0 +2,20 @@ +Tue Oct 4 18:21:57 UTC 2022 - Jeff Kowalczyk + +- go1.19.2 (released 2022-10-04) includes security fixes to the + archive/tar, net/http/httputil, and regexp packages, as well as + bug fixes to the compiler, the linker, the runtime, and the + go/types package. + Refs boo#1200441 go1.19 release tracking + CVE-2022-41715 CVE-2022-2879 CVE-2022-2880 + * go#55951 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps + * go#55926 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers + * go#55843 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters + * go#55270 cmd/compile: internal compiler error: method Len on *uint8 not found + * go#55152 cmd/compile: typebits.Set: invalid initial alignment: type Peer has alignment 8, but offset is 4 + * go#55149 go/types: no way to construct the signature of append(s, "string"...) via the API + * go#55124 fatal error: bulkBarrierPreWrite: unaligned arguments (go 1.19.1, looks like regression) + * go#55114 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation + * go#54917 cmd/compile: Value live at entry + * go#54764 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel (regression in 1.19 when building for i686) + +--- Old: go1.19.1.src.tar.gz New: go1.19.2.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.w9IscV/_old 2022-10-10 18:44:15.526829425 +0200 +++ /var/tmp/diff_new_pack.w9IscV/_new 2022-10-10 18:44:15.530829434 +0200 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19.1 +Version:1.19.2 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.1.src.tar.gz -> go1.19.2.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.1.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.2275/go1.19.2.src.tar.gz differ: char 120, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-09-08 14:21:20 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.2083 (New) Package is "go1.19" Thu Sep 8 14:21:20 2022 rev:5 rq:1001534 version:1.19.1 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-08-23 14:30:15.451689208 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.2083/go1.19.changes 2022-09-08 14:21:35.410380039 +0200 @@ -1,0 +2,30 @@ +Tue Sep 6 19:24:28 UTC 2022 - Jeff Kowalczyk + +- go1.19.1 (released 2022-09-06) includes security fixes to the + net/http and net/url packages, as well as bug fixes to the + compiler, the go command, the pprof command, the linker, the + runtime, and the crypto/tls and crypto/x509 packages. + Refs boo#1200441 go1.19 release tracking + CVE-2022-27664 CVE-2022-32190 + * go#54376 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY + * go#54635 bsc#1203186 CVE-2022-32190 net/url: JoinPath doesn't strip relative path components in all circumstances + * go#54736 cmd/go: cannot find package when importing dependencies with the unix build constraint + * go#54734 cmd/go: git fetch errors dropped when producing pseudo-versions for commits + * go#54726 cmd/compile: compile failed with "Value live at entry" + * go#54697 cmd/compile: ICE at composite literal assignment with alignment > PtrSize + * go#54675 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert + * go#54665 runtime: segfault running ppc64/linux binaries with kernel 5.18 + * go#54660 cmd/go: go test -race does not set implicit race build tag + * go#54643 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension + * go#54637 cmd/go: data race in TestScript + * go#54633 cmd/go/internal/modfetch/codehost: racing writes to Origin fields + * go#54629 cmd/compile: miscompilation of partially-overlapping array assignments + * go#54420 cmd/pprof: graphviz node names are funny with generics + * go#54406 cmd/link: trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64 + * go#54309 cmd/compile: internal compiler error: panic: runtime error: invalid memory address or nil pointer dereference + * go#54295 crypto/x509: panics on invalid curve instead of returning error + * go#54243 cmd/compile: internal compiler error when compiling code with unbound method of generic type + * go#54239 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT + * go#54235 cmd/compile: internal compiler error of atomic type and offsetof + +--- Old: go1.19.src.tar.gz New: go1.19.1.src.tar.gz Other differences: -- ++ go1.19.spec ++ --- /var/tmp/diff_new_pack.9Znk6o/_old 2022-09-08 14:21:36.062381793 +0200 +++ /var/tmp/diff_new_pack.9Znk6o/_new 2022-09-08 14:21:36.066381804 +0200 @@ -136,7 +136,7 @@ %endif Name: go1.19 -Version:1.19 +Version:1.19.1 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.19.src.tar.gz -> go1.19.1.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.19/go1.19.src.tar.gz /work/SRC/openSUSE:Factory/.go1.19.new.2083/go1.19.1.src.tar.gz differ: char 19, line 1
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2022-08-23 14:29:52
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.2083 (New)
Package is "go1.19"
Tue Aug 23 14:29:52 2022 rev:4 rq:998736 version:1.19
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-08-10
17:15:40.874080912 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.2083/go1.19.changes 2022-08-23
14:30:15.451689208 +0200
@@ -1,0 +2,19 @@
+Mon Aug 22 20:44:19 UTC 2022 - Jeff Kowalczyk
+
+- Define go_bootstrap_version go1.16 without suse_version checks
+- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere
+- Add _constraints for worker disk space 5G needed by SLE-15 x86_64
+- SLE-12 s390x use bcond_without gccgo to bootstrap using gcc11go
+ * Workaround for SLE-12 s390x build error while writing linker data:
+bad carrier sym for symbol crypto/internal/nistec.p256OrdMul.args_stackmap
+created by cmd/link/internal/ld.writeBlocks
+ /usr/lib64/go/1.19/src/cmd/link/internal/ld/data.go:958
+
+---
+Fri Aug 19 17:53:40 UTC 2022 - Dirk M??ller
+
+- Bootstrap using go1.16 on SLE-15 and newer. go1.16 is
+ bootstrapped using gcc-go 11 or 12. This allows dropping older
+ versions of Go from Factory.
+
+---
New:
_constraints
Other differences:
--
++ go1.19.spec ++
--- /var/tmp/diff_new_pack.A83ZAr/_old 2022-08-23 14:30:16.119690605 +0200
+++ /var/tmp/diff_new_pack.A83ZAr/_new 2022-08-23 14:30:16.123690613 +0200
@@ -24,36 +24,25 @@
%undefine _build_create_debug
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true
-%if 0%{?suse_version} == 1315
-%define gcc_go_version 8
-%define go_bootstrap_version go1.4
-%else
-%ifarch riscv64
-%define go_bootstrap_version go1.14
-%else
-%define go_bootstrap_version go1.9
-%endif
-%if 0%{?sle_version} == 15
-# SLE15 or Leap 15.x
-%define gcc_go_version 7
+# Used to bootstrap go toolchain with specific existing package
+%define go_bootstrap_version go1.16
+
+# Used to bootstrap go toolchain using specific version of gcc-go
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
+%define gcc_go_version 12
%else
-%define gcc_go_version 9
-%endif
+%define gcc_go_version 11
%endif
-# By default use go and not gccgo
+# Bootstrap go toolchain using existing go package go_bootstrap_version
+# To bootstrap using gccgo use '--with gccgo'
%bcond_withgccgo
-# The fallback boostrap method via %%{go_bootstrap_version} would work for Leap
-# but we don't have %%{go_bootstrap_version} in there. Same for SLE15+
-#if ( 0%{?suse_version} < 1550 && 0%{?is_opensuse} ) || ( 0%{?suse_version} >=
1500 && ! 0%{?is_opensuse} )
-#bcond_without gccgo
-#endif
-
-# The fallback bootstrap method via go1.4 doesn't work
-# for aarch64 nor ppc64le because go 1.4 did not support that architecture.
+# Boostrapping using existing go package can fail on certain SLE-12
architectures
+# Override here as needed
%if 0%{?suse_version} == 1315
-%ifarch aarch64 ppc64le ppc64 s390x
+%ifarch aarch64 ppc64le ppc64
%bcond_without gccgo
%endif
%endif
@@ -422,7 +411,6 @@
%endif
%files doc
-%defattr(-,root,root,-)
%doc %{_docdir}/go/%{go_label}/*.html
%ifarch %{tsan_arch}
++ _constraints ++
5
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.19 for openSUSE:Factory checked
in at 2022-08-10 17:14:27
Comparing /work/SRC/openSUSE:Factory/go1.19 (Old)
and /work/SRC/openSUSE:Factory/.go1.19.new.1521 (New)
Package is "go1.19"
Wed Aug 10 17:14:27 2022 rev:3 rq:994192 version:1.19
Changes:
--- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-08-09
15:28:21.609626520 +0200
+++ /work/SRC/openSUSE:Factory/.go1.19.new.1521/go1.19.changes 2022-08-10
17:15:40.874080912 +0200
@@ -1,0 +2,6 @@
+Tue Aug 9 05:56:23 UTC 2022 - Jeff Kowalczyk
+
+- Rebase gcc-go.patch onto upstream changes in go/src/make.bash and
+ go/src/make.rc. Used for SLE-12 go bootstrap builds with gcc8.
+
+---
Other differences:
--
++ gcc-go.patch ++
--- /var/tmp/diff_new_pack.p7JCxw/_old 2022-08-10 17:15:41.654082948 +0200
+++ /var/tmp/diff_new_pack.p7JCxw/_new 2022-08-10 17:15:41.658082958 +0200
@@ -2,7 +2,7 @@
===
--- go.orig/src/cmd/dist/buildtool.go
+++ go/src/cmd/dist/buildtool.go
-@@ -205,7 +205,7 @@ func bootstrapBuildTools() {
+@@ -210,7 +210,7 @@
// only applies to the final cmd/go binary, but that's OK: if this is
Go 1.10
// or later we don't need to disable inlining to work around bugs in
the Go 1.4 compiler.
cmd := []string{
@@ -10,12 +10,12 @@
+ pathf("%s/bin/go-$gcc_go_version", goroot_bootstrap),
"install",
"-gcflags=-l",
- "-tags=math_big_pure_go compiler_bootstrap",
+ "-tags=math_big_pure_go compiler_bootstrap purego",
Index: go/src/make.bash
===
--- go.orig/src/make.bash
+++ go/src/make.bash
-@@ -60,7 +60,7 @@
+@@ -68,7 +68,7 @@
# time goes when these scripts run.
#
# GOROOT_BOOTSTRAP: A working Go tree >= Go 1.4 for bootstrap.
@@ -24,7 +24,7 @@
# tried for all "go" in $PATH. $HOME/go1.4 by default.
set -e
-@@ -176,8 +176,8 @@
+@@ -179,8 +179,8 @@
fi
fi
done; unset IFS
@@ -35,12 +35,12 @@
echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
exit 1
fi
-@@ -195,7 +195,7 @@
+@@ -198,7 +198,7 @@
exit 1
fi
rm -f cmd/dist/dist
--GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off
"$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
-+GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off
"$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" build -o cmd/dist/dist ./cmd/dist
+-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT=""
GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist
./cmd/dist
++GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off GOEXPERIMENT=""
GOENV=off GOFLAGS="" "$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version" build -o
cmd/dist/dist ./cmd/dist
# -e doesn't propagate out of eval, so check success by hand.
eval $(./cmd/dist/dist env -p || echo FAIL=true)
@@ -48,7 +48,7 @@
===
--- go.orig/src/make.rc
+++ go/src/make.rc
-@@ -60,7 +60,7 @@ if(! ~ $#GOROOT_BOOTSTRAP 1){
+@@ -57,7 +57,7 @@
GOROOT_BOOTSTRAP = $home/$d
}
for(p in $path){
@@ -57,21 +57,23 @@
if(go_exe = `{path=$p whatis go}){
goroot = `{GOROOT='' $go_exe env GOROOT}
if(! ~ $goroot $GOROOT){
-@@ -73,7 +73,7 @@ for(p in $path){
+@@ -70,8 +70,8 @@
}
}
}
-if(! test -x $GOROOT_BOOTSTRAP/bin/go){
+- echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2]
+if(! test -x $GOROOT_BOOTSTRAP/bin/go-$gcc_go_version){
- echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2]
++ echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go-$gcc_go_version.'
>[1=2]
echo 'Set $GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4.' >[1=2]
exit bootstrap
-@@ -87,7 +87,7 @@ if(~ $GOROOT_BOOTSTRAP $GOROOT){
+ }
+@@ -84,7 +84,7 @@
echo 'Building Go cmd/dist using '^$GOROOT_BOOTSTRAP
if(~ $#vflag 1)
echo cmd/dist
--GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GO111MODULE=off
$GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist
-+GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GO111MODULE=off
$GOROOT_BOOTSTRAP/bin/go-$gcc_go_version build -o cmd/dist/dist ./cmd/dist
+-GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111MODULE=off
GOENV=off GOFLAGS='' $GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist
++GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' GOEXPERIMENT='' GO111
commit go1.19 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.19 for openSUSE:Factory checked in at 2022-08-09 15:27:48 Comparing /work/SRC/openSUSE:Factory/go1.19 (Old) and /work/SRC/openSUSE:Factory/.go1.19.new.1521 (New) Package is "go1.19" Tue Aug 9 15:27:48 2022 rev:2 rq:993860 version:1.19 Changes: --- /work/SRC/openSUSE:Factory/go1.19/go1.19.changes2022-06-12 17:43:08.858485431 +0200 +++ /work/SRC/openSUSE:Factory/.go1.19.new.1521/go1.19.changes 2022-08-09 15:28:21.609626520 +0200 @@ -1,0 +2,277 @@ +Tue Aug 2 17:19:11 UTC 2022 - Jeff Kowalczyk + +- go1.19 (released 2022-08-02) is a major release of Go. + go1.19.x minor releases will be provided through August 2023. + https://github.com/golang/go/wiki/Go-Release-Cycle + go1.19 arrives five months after go1.18. Most of its changes are + in the implementation of the toolchain, runtime, and libraries. + As always, the release maintains the Go 1 promise of + compatibility. We expect almost all Go programs to continue to + compile and run as before. + Refs boo#1200441 go1.19 release tracking + * See release notes https://golang.org/doc/go1.19. Excerpts +relevant to OBS environment and for SUSE/openSUSE follow: + * There is only one small change to the language, a very small +correction to the scope of type parameters in method +declarations. Existing programs are unaffected. + * The Go memory model has been revised to align Go with the +memory model used by C, C++, Java, JavaScript, Rust, and +Swift. Go only provides sequentially consistent atomics, not +any of the more relaxed forms found in other languages. Along +with the memory model update, Go 1.19 introduces new types in +the sync/atomic package that make it easier to use atomic +values, such as atomic.Int64 and atomic.Pointer[T]. + * go1.19 adds support for the Loongson 64-bit architecture +LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI +implemented is LP64D. Minimum kernel version supported is 5.19. + * The riscv64 port now supports passing function arguments and +result using registers. Benchmarking shows typical performance +improvements of 10% or more on riscv64. + * Go 1.19 adds support for links, lists, and clearer headings in +doc comments. As part of this change, gofmt now reformats doc +comments to make their rendered meaning clearer. See "Go Doc +Comments" for syntax details and descriptions of common +mistakes now highlighted by gofmt. As another part of this +change, the new package go/doc/comment provides parsing and +reformatting of doc comments as well as support for rendering +them to HTML, Markdown, and text. + * The new build constraint "unix" is now recognized in //go:build +lines. The constraint is satisfied if the target operating +system, also known as GOOS, is a Unix or Unix-like system. For +the 1.19 release it is satisfied if GOOS is one of aix, +android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, +netbsd, openbsd, or solaris. In future releases the unix +constraint may match additional newly supported operating +systems. + * The -trimpath flag, if set, is now included in the build +settings stamped into Go binaries by go build, and can be +examined using go version -m or debug.ReadBuildInfo. + * go generate now sets the GOROOT environment variable explicitly +in the generator's environment, so that generators can locate +the correct GOROOT even if built with -trimpath. + * go test and go generate now place GOROOT/bin at the beginning +of the PATH used for the subprocess, so tests and generators +that execute the go command will resolve it to same GOROOT. + * go env now quotes entries that contain spaces in the +CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, +CGO_LDFLAGS, and GOGCCFLAGS variables it reports. + * go list -json now accepts a comma-separated list of JSON fields +to populate. If a list is specified, the JSON output will +include only those fields, and go list may avoid work to +compute fields that are not included. In some cases, this may +suppress errors that would otherwise be reported. + * The go command now caches information necessary to load some +modules, which should result in a speed-up of some go list +invocations. + * The vet checker "errorsas" now reports when errors.As is called +with a second argument of type *error, a common mistake. + * The runtime now includes support for a soft memory limit. This +memory limit includes the Go heap and all other memory managed +by the runtime, and excludes external memory sources such as +mappings of the binary itself, memory managed in other +languages, and memory held
