commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2024-02-18 20:22:59 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1815 (New) Package is "go1.20" Sun Feb 18 20:22:59 2024 rev:17 rq:1147335 version:1.20.14 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2024-02-07 18:48:57.447879789 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1815/go1.20.changes 2024-02-18 20:23:24.738536287 +0100 @@ -1,0 +2,7 @@ +Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * boo#1219988 ensure VERSION file is present in GOROOT +as required by go tool dist and go tool distpack + +--- Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.RQKBD5/_old 2024-02-18 20:23:25.358558663 +0100 +++ /var/tmp/diff_new_pack.RQKBD5/_new 2024-02-18 20:23:25.362558807 +0100 @@ -353,6 +353,8 @@ done # executable bash scripts called by go tool, etc find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; +# VERSION file referenced by go tool dist and go tool distpack +find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; # Trace viewer html and javascript files moved from misc/trace in # previous versions to src/cmd/trace/static in go1.19. # static contains pprof trace viewer html javascript and markdown
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-11-09 21:34:19 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.17445 (New) Package is "go1.20" Thu Nov 9 21:34:19 2023 rev:13 rq:1124118 version:1.20.11 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-10-12 23:39:22.726967527 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.17445/go1.20.changes 2023-11-09 21:34:33.719036167 +0100 @@ -1,0 +2,12 @@ +Tue Nov 7 19:29:09 UTC 2023 - Jeff Kowalczyk + +- go1.20.11 (released 2023-11-07) includes security fixes to the + path/filepath package, as well as bug fixes to the linker and the + net/http package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-45283 CVE-2023-45284 + * go#63714 go#63713 boo#1216943 boo#1216944 security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths + * go#63316 cmd/link: split text sections for arm 32-bit + * go#63740 net/http: http2 page fails on firefox/safari if pushing resources + +--- Old: go1.20.10.src.tar.gz New: go1.20.11.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.QlYpKh/_old 2023-11-09 21:34:34.491064617 +0100 +++ /var/tmp/diff_new_pack.QlYpKh/_new 2023-11-09 21:34:34.491064617 +0100 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.10 +Version:1.20.11 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.10.src.tar.gz -> go1.20.11.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.10.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.17445/go1.20.11.src.tar.gz differ: char 50, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-10-12 23:39:02 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1807 (New) Package is "go1.20" Thu Oct 12 23:39:02 2023 rev:12 rq:1116742 version:1.20.10 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-10-08 12:16:19.689863987 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1807/go1.20.changes 2023-10-12 23:39:22.726967527 +0200 @@ -1,0 +2,9 @@ +Tue Oct 10 18:27:08 UTC 2023 - Jeff Kowalczyk + +- go1.20.10 (released 2023-10-10) includes a security fix to the + net/http package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-39325 CVE-2023-44487 + * go#63426 go#63417 boo#1216109 security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work + +--- Old: go1.20.9.src.tar.gz New: go1.20.10.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.YH74n1/_old 2023-10-12 23:39:23.546997210 +0200 +++ /var/tmp/diff_new_pack.YH74n1/_new 2023-10-12 23:39:23.546997210 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.9 +Version:1.20.10 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.9.src.tar.gz -> go1.20.10.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.9.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.1807/go1.20.10.src.tar.gz differ: char 50, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-10-08 12:16:15 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.28202 (New) Package is "go1.20" Sun Oct 8 12:16:15 2023 rev:11 rq:1115933 version:1.20.9 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-09-10 13:09:41.769409514 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.28202/go1.20.changes 2023-10-08 12:16:19.689863987 +0200 @@ -1,0 +2,11 @@ +Thu Oct 5 20:28:19 UTC 2023 - Jeff Kowalczyk + +- go1.20.9 (released 2023-10-05) includes one security fixes to the + cmd/go package, as well as bug fixes to the go command and the + linker. + Refs boo#1206346 go1.20 release tracking + CVE-2023-39323 + * go#63213 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build + * go#62597 cmd/link: issues with Apple's new linker in Xcode 15 beta + +--- Old: go1.20.8.src.tar.gz New: go1.20.9.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.FE5ZXW/_old 2023-10-08 12:16:21.501929138 +0200 +++ /var/tmp/diff_new_pack.FE5ZXW/_new 2023-10-08 12:16:21.501929138 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.8 +Version:1.20.9 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.8.src.tar.gz -> go1.20.9.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.8.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.28202/go1.20.9.src.tar.gz differ: char 120, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-09-10 13:09:26 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1766 (New) Package is "go1.20" Sun Sep 10 13:09:26 2023 rev:10 rq:1109621 version:1.20.8 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-08-03 17:27:12.902830855 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1766/go1.20.changes 2023-09-10 13:09:41.769409514 +0200 @@ -1,0 +2,34 @@ +Wed Sep 6 15:08:50 UTC 2023 - Jeff Kowalczyk + +- go1.20.8 (released 2023-09-06) includes two security fixes to the + html/template package, as well as bug fixes to the compiler, the + go command, the runtime, and the crypto/tls, go/types, net/http, + and path/filepath packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-39318 CVE-2023-39319 + * go#62395 go#62196 boo#1215084 security: fix CVE-2023-39318 html/template: improper handling of HTML-like comments within script contexts + * go#62397 go#62197 boo#1215085 security: fix CVE-2023-39319 html/template: improper handling of special tags within script contexts + * go#61198 cmd/go: extended forwards compatibility for Go + * go#61744 go/types: interface.Complete panics for interfaces with duplicate methods + * go#61826 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address + * go#61867 path/filepath: Clean on some invalid Windows paths can lose .. components + * go#61873 cmd/go: using a module path without dot fails to build after toolchain selection + * go#61966 crypto/tls: add GODEBUG to control max RSA key size + * go#62018 runtime: execution halts with goroutines stuck in runtime.gopark (protocol error E08 during memory read for packet) + * go#62056 cmd/compile: internal compiler error: 'F': func F, startMem[b1] has different values + * go#62070 cmd/api: make non-importable + +--- +Tue Sep 5 19:12:05 UTC 2023 - Jeff Kowalczyk + +- Add missing directory pprof html asset directory to package. + Refs boo#1215090 + * src/cmd/vendor/github.com/google/pprof/internal/driver/html/ +dir containing html assets is present in upstream Go +distribution but missing from SUSE go1.x packages + * Go programs importing runtime/pprof may fail with error: + /usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go +pattern html: no matching files found + * Reformat adjacent commment in spec file + +--- Old: go1.20.7.src.tar.gz New: go1.20.8.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.ajLNCb/_old 2023-09-10 13:09:43.621475683 +0200 +++ /var/tmp/diff_new_pack.ajLNCb/_new 2023-09-10 13:09:43.625475826 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.7 +Version:1.20.8 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause @@ -353,14 +353,14 @@ done # executable bash scripts called by go tool, etc find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \; -# # Trace viewer html and javascript files moved from misc/trace in -# # previous versions to src/cmd/trace/static in go1.19. -# # static contains pprof trace viewer html javascript and markdown -# echo "PWD:" `pwd` -# echo "GOROOT:" $GOROOT -# mkdir -v -p $GOROOT/src/cmd/trace/static +# Trace viewer html and javascript files moved from misc/trace in +# previous versions to src/cmd/trace/static in go1.19. +# static contains pprof trace viewer html javascript and markdown install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static install -Dm644 src/cmd/trace/static/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static +# pprof viewer html templates are needed for import runtime/pprof +install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html +install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html mkdir -p $GOROOT/src for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do ++ go1.20.7.src.tar.gz -> go1.20.8.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.7.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.1766/go1.20.8.src.tar.gz differ: char 121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-08-03 17:27:11 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.22712 (New) Package is "go1.20" Thu Aug 3 17:27:11 2023 rev:9 rq:1101873 version:1.20.7 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-07-26 13:21:53.811297298 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.22712/go1.20.changes 2023-08-03 17:27:12.902830855 +0200 @@ -1,0 +2,13 @@ +Tue Aug 1 20:35:02 UTC 2023 - Jeff Kowalczyk + +- go1.20.7 (released 2023-08-01) includes a security fix to the + crypto/tls package, as well as bug fixes to the assembler and the + compiler. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29409 + * go#61580 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits + * go#61320 cmd/compile: ppc64le: sign extension issue in go 1.21rc2 + * go#61449 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64 + * go#61471 cmd/compile: failed to make Go on riscv64 CPU with numa + +--- @@ -8 +21 @@ - Refs boo#1206346 go1.20 release tracking. + Refs boo#1206346 go1.20 release tracking Old: go1.20.6.src.tar.gz New: go1.20.7.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.nvP514/_old 2023-08-03 17:27:13.630835261 +0200 +++ /var/tmp/diff_new_pack.nvP514/_new 2023-08-03 17:27:13.634835285 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.6 +Version:1.20.7 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.6.src.tar.gz -> go1.20.7.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.6.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.22712/go1.20.7.src.tar.gz differ: char 121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-07-26 13:21:46 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.15225 (New) Package is "go1.20" Wed Jul 26 13:21:46 2023 rev:8 rq:1098261 version:1.20.6 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-06-08 21:41:43.493694998 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.15225/go1.20.changes 2023-07-26 13:21:53.811297298 +0200 @@ -1,0 +2,27 @@ +Tue Jul 11 17:50:52 UTC 2023 - Jeff Kowalczyk + +- go1.20.6 (released 2023-07-11) includes a security fix to the + net/http package, as well as bug fixes to the compiler, cgo, the + cover tool, the go command, the runtime, and the crypto/ecdsa, + go/build, go/printer, net/mail, and text/template packages. + Refs boo#1206346 go1.20 release tracking. + CVE-2023-29406 + * go#61076 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header + * go#60352 cmd/go: go mod tidy introduces ambiguous imports in pruned modules + * go#60535 runtime: TLS slot index over 64 and crash + * go#60675 cmd/compile: internal compiler error: out of range for go.shape.int64 + * go#60698 cmd/go: go list fails with submodules which have test-only dependencies + * go#60744 crypto/ecdsa: P521 ecdsa.Verify panics with malformed message + * go#60754 cmd/go: panic: LoadImport called with empty package path when listing GOROOT/test/*.go + * go#60760 runtime: checkdead fires due to suspected race in the Go runtime when GOMAXPROCS=1 on AWS + * go#60802 text/template: key/value assignment is reversed within range loop + * go#60845 runtime: SIGSEGV in race + coverage mode + * go#60849 cmd/go: go test deadlocked without enforcing timeouts when killed with ^C + * go#60874 net/mail: mail.ReadMessage in 1.20 cannot parse mbox headers + * go#60875 net/mail: characters allowed in RFC 5322 are invalid while parsing email header + * go#60927 x/tools/go/analysis/unitchecker: TestVetStdlib failures + * go#60947 crypto/x509: TestSystemVerify/EKULeafValid fails on LUCI + * go#60949 runtime: goroutines that stop after calling runtime.RaceDisable break race detector + * go#61055 runtime: TestWindowsStackMemory flakes on windows-386-2016 + +--- Old: go1.20.5.src.tar.gz New: go1.20.6.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.WbPaM5/_old 2023-07-26 13:21:54.663302121 +0200 +++ /var/tmp/diff_new_pack.WbPaM5/_new 2023-07-26 13:21:54.671302166 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.5 +Version:1.20.6 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.5.src.tar.gz -> go1.20.6.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.5.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.15225/go1.20.6.src.tar.gz differ: char 12, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-06-08 21:41:41 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.15902 (New) Package is "go1.20" Thu Jun 8 21:41:41 2023 rev:7 rq:1091160 version:1.20.5 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-05-04 17:09:28.199976936 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.changes 2023-06-08 21:41:43.493694998 +0200 @@ -1,0 +2,19 @@ +Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk + +- go1.20.5 (released 2023-06-06) includes four security fixes to + the cmd/go and runtime packages, as well as bug fixes to the + compiler, the go command, the runtime, and the crypto/rsa, net, + and os packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 + * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection + * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries + * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS + * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS + * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto + * go#59975 cmd/compile: multiple memories live at block start + * go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies + * go#60217 os: Read of a device driver fails only with Go 1.20 + * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate + +--- Old: go1.20.4.src.tar.gz New: go1.20.5.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.RZbjIj/_old 2023-06-08 21:41:44.265699548 +0200 +++ /var/tmp/diff_new_pack.RZbjIj/_new 2023-06-08 21:41:44.269699571 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.4 +Version:1.20.5 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.4.src.tar.gz -> go1.20.5.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.4.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.5.src.tar.gz differ: char 12, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-05-04 17:09:22 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1533 (New) Package is "go1.20" Thu May 4 17:09:22 2023 rev:6 rq:1084135 version:1.20.4 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-04-29 17:28:32.306642120 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.changes 2023-05-04 17:09:28.199976936 +0200 @@ -1,0 +2,30 @@ +Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk + +- go1.20.4 (released 2023-05-02) includes three security fixes to + the html/template package, as well as bug fixes to the compiler, + the runtime, and the crypto/subtle, crypto/tls, net/http, and + syscall packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 + * go#59812 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template: improper sanitization of CSS values + * go#59814 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template: improper handling of JavaScript whitespace + * go#59816 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template: improper handling of empty HTML attributes + * go#59064 runtime: automatically bump RLIMIT_NOFILE on Unix + * go#59336 crypto/subtle: xor fails when run with race+purego + * go#59374 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write + * go#59450 cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int) + * go#59468 cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex + * go#59469 net/http: FileServer no longer serves content for POST + * go#59540 crypto/tls: TLSv1.3 connection fails with invalid PSK binder + * go#59580 cmd/compile: incorrect inline function variable + * go#59585 cmd/compile: Unified IR exports table is binary unstable in presence of generics + * go#59637 go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT + +--- +Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk + +- Packaging revert go1.x Suggests go1.x-race boo#1210963 + * Upstream go binary distributions do include race detector .syso + * Default Recommends for subpackages is best suited in this case + +--- @@ -18,4 +48,4 @@ - * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation â(CVE-2023-24534) - * go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) - * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537) - * go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538) + * go#59268 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http, net/textproto: denial of service from excessive memory allocation + * go#59270 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption + * go#59274 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser: infinite loop in parsing + * go#59272 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template: backticks not treated as string delimiters Old: go1.20.3.src.tar.gz New: go1.20.4.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.vmxqZ1/_old 2023-05-04 17:09:29.219982908 +0200 +++ /var/tmp/diff_new_pack.vmxqZ1/_new 2023-05-04 17:09:29.223982931 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.3 +Version:1.20.4 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause @@ -155,7 +155,6 @@ %endif BuildRequires: fdupes Suggests: %{name}-doc = %{version} -Suggests: %{name}-race = %{version} %if 0%{?suse_version} > 1500 # openSUSE Tumbleweed Suggests: %{name}-libstd = %{version} ++ go1.20.3.src.tar.gz -> go1.20.4.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.3.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.4.src.tar.gz differ: char 121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-04-29 17:28:23 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1533 (New) Package is "go1.20" Sat Apr 29 17:28:23 2023 rev:5 rq:1083592 version:1.20.3 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-04-05 21:35:18.510449784 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.changes 2023-04-29 17:28:32.306642120 +0200 @@ -1,0 +2,8 @@ +Fri Apr 28 23:47:22 UTC 2023 - Jeff Kowalczyk + +- Packaging improvements: + * Re-enable binary stripping and debuginfo boo#1210938 + * go1.x Suggests go1.x-race do not install by default boo#1210963 + * Use Group: Development/Languages/Go instead of Other + +--- @@ -28 +36 @@ -- Build subpackage go1.20-libstd compiled shared object libstd.so +- Build subpackage go1.x-libstd compiled shared object libstd.so Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.pXeUnF/_old 2023-04-29 17:28:32.966644883 +0200 +++ /var/tmp/diff_new_pack.pXeUnF/_new 2023-04-29 17:28:32.974644918 +0200 @@ -14,16 +14,8 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -# nodebuginfo -# strip will cause Go's .a archives to become invalid because strip appears to -# reassemble the archive incorrectly. This is a known issue upstream -# (https://github.com/golang/go/issues/17890), but we have to deal with it in -# the meantime. -%undefine _build_create_debug -%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true - # Specify Go toolchain version used to bootstrap this package's Go toolchain # go_bootstrap_version bootstrap go toolchain with specific existing go1.x package # gcc_go_version bootstrap go toolchain with specific version of gcc-go @@ -163,6 +155,7 @@ %endif BuildRequires: fdupes Suggests: %{name}-doc = %{version} +Suggests: %{name}-race = %{version} %if 0%{?suse_version} > 1500 # openSUSE Tumbleweed Suggests: %{name}-libstd = %{version}
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-04-05 21:27:24 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.19717 (New) Package is "go1.20" Wed Apr 5 21:27:24 2023 rev:4 rq:1077385 version:1.20.3 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-03-13 12:41:25.595895113 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.19717/go1.20.changes 2023-04-05 21:35:18.510449784 +0200 @@ -1,0 +2,31 @@ +Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk + +- go1.20.3 (released 2023-04-04) includes security fixes to the + go/parser, html/template, mime/multipart, net/http, and + net/textproto packages, as well as bug fixes to the compiler, the + linker, the runtime, and the time package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 + * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of service from excessive memory allocation â(CVE-2023-24534) + * go#59270 go#59153 boo#1210128 security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) + * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in parsing (CVE-2023-24537) + * go#59272 go#59234 boo#1210130 security: html/template: backticks not treated as string delimiters (CVE-2023-24538) + * go#58920 x/text: building as a plugin failure on darwin/arm64 + * go#58938 cmd/go: timeout on darwin-amd64-race builder + * go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling + * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64 + * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used + * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation + * go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones + * go#59220 runtime: crash on linux-ppc64le + * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode + * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument + +--- +Tue Apr 4 16:59:57 UTC 2023 - Jeff Kowalczyk + +- Build subpackage go1.20-libstd compiled shared object libstd.so + only on Tumbleweed at this time. + Refs jsc#PED-1962 + +--- Old: go1.20.2.src.tar.gz New: go1.20.3.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.yOHiNf/_old 2023-04-05 21:35:19.326454441 +0200 +++ /var/tmp/diff_new_pack.yOHiNf/_new 2023-04-05 21:35:19.330454464 +0200 @@ -134,7 +134,7 @@ %endif Name: go1.20 -Version:1.20.2 +Version:1.20.3 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause @@ -163,7 +163,10 @@ %endif BuildRequires: fdupes Suggests: %{name}-doc = %{version} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed Suggests: %{name}-libstd = %{version} +%endif %ifarch %{tsan_arch} # Needed to compile compiler-rt/TSAN. BuildRequires: gcc-c++ @@ -214,6 +217,8 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed %package libstd Summary:Go compiled shared library libstd.so Group: Development/Languages/Go @@ -222,6 +227,7 @@ %description libstd Go standard library compiled to a dynamically loadable shared object libstd.so %endif +%endif %prep %ifarch %{tsan_arch} @@ -295,6 +301,8 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed # Compile Go standard library as a dynamically loaded shared object libstd.so # for inclusion in a subpackage which can be installed standalone. # Upstream Go binary releases do not ship a compiled libstd.so. @@ -312,6 +320,7 @@ #created with -buildmode=shared. bin/go install -buildmode=shared std %endif +%endif %check %ifarch %{tsan_arch} @@ -452,9 +461,12 @@ # We don't include libstd.so in the main Go package. %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed # ./go/1.20/pkg/linux_amd64_dynlink/libstd.so %exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so %endif +%endif %files doc %doc %{_docdir}/go/%{go_label}/*.html @@ -465,8 +477,11 @@ %endif %if %{with_shared} +%if 0%{?suse_version} > 1500 +# openSUSE Tumbleweed %files libstd %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so %endif +%endif
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-03-13 12:40:44 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.31432 (New) Package is "go1.20" Mon Mar 13 12:40:44 2023 rev:3 rq:1071065 version:1.20.2 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-03-08 14:53:39.595031300 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.changes 2023-03-13 12:41:25.595895113 +0100 @@ -1,0 +2,20 @@ +Thu Mar 9 20:39:23 UTC 2023 - Jeff Kowalczyk + +- Add subpackage go1.x-libstd for compiled shared object libstd.so. + Refs jsc#PED-1962 + * Main go1.x package included libstd.so in previous versions + * Split libstd.so into subpackage that can be installed standalone + * Continues the slimming down of main go1.x package by 40 Mb + * Experimental and not recommended for general use, Go currently has no ABI + * Upstream Go has not committed to support buildmode=shared long-term + * Do not use in packaging, build static single binaries (the default) + * Upstream Go go1.x binary releases do not include libstd.so + * go1.x Suggests go1.x-libstd so not installed by default Recommends + * go1.x-libstd does not Require: go1.x so can install standalone + * Provides go-libstd unversioned package name + * Fix build step -buildmode=shared std to omit -linkshared +- Packaging improvements: + * go1.x Suggests go1.x-doc so not installed by default Recommends + * Use Group: Development/Languages/Go instead of Other + +--- Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.jkV62V/_old 2023-03-13 12:41:26.311898843 +0100 +++ /var/tmp/diff_new_pack.jkV62V/_new 2023-03-13 12:41:26.315898864 +0100 @@ -138,7 +138,7 @@ Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause -Group: Development/Languages/Other +Group: Development/Languages/Go URL:https://go.dev/ Source: https://go.dev/dl/go%{version}.src.tar.gz Source1:go-rpmlintrc @@ -162,7 +162,8 @@ BuildRequires: %{go_bootstrap_version} %endif BuildRequires: fdupes -Recommends: %{name}-doc = %{version} +Suggests: %{name}-doc = %{version} +Suggests: %{name}-libstd = %{version} %ifarch %{tsan_arch} # Needed to compile compiler-rt/TSAN. BuildRequires: gcc-c++ @@ -192,7 +193,6 @@ %package doc Summary:Go documentation Group: Documentation/Other -Requires: %{name} = %{version} Provides: go-doc = %{version} %description doc @@ -202,7 +202,7 @@ # boo#1052528 %package race Summary:Go runtime race detector -Group: Development/Languages/Other +Group: Development/Languages/Go URL:https://compiler-rt.llvm.org/ Requires: %{name} = %{version} Supplements:%{name} = %{version} @@ -213,6 +213,16 @@ -race option, in order to detect race conditions present in your Go programs. %endif +%if %{with_shared} +%package libstd +Summary:Go compiled shared library libstd.so +Group: Development/Languages/Go +Provides: go-libstd = %{version} + +%description libstd +Go standard library compiled to a dynamically loadable shared object libstd.so +%endif + %prep %ifarch %{tsan_arch} # compiler-rt (from LLVM) @@ -285,7 +295,22 @@ %endif %if %{with_shared} -bin/go install -buildmode=shared -linkshared std +# Compile Go standard library as a dynamically loaded shared object libstd.so +# for inclusion in a subpackage which can be installed standalone. +# Upstream Go binary releases do not ship a compiled libstd.so. +# Standard practice is to build Go binaries as a single executable. +# Upstream Go discussed removing this feature, opted to fix current support: +# Relevant upstream comments on: https://github.com/golang/go/issues/47788 +# +# -buildmode=shared +#Combine all the listed non-main packages into a single shared +#library that will be used when building with the -linkshared +#option. Packages named main are ignored. +# +# -linkshared +#build code that will be linked against shared libraries previously +#created with -buildmode=shared. +bin/go install -buildmode=shared std %endif %check @@ -425,6 +450,12 @@ %exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso %endif +# We don't include libstd.so in the main Go package. +%if %{with_shared} +# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so +%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so +%endif + %files doc
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-03-08 14:53:38 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.31432 (New) Package is "go1.20" Wed Mar 8 14:53:38 2023 rev:2 rq:1070083 version:1.20.2 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-02-17 16:46:06.111233250 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.changes 2023-03-08 14:53:39.595031300 +0100 @@ -1,0 +2,27 @@ +Tue Mar 7 18:03:10 UTC 2023 - Jeff Kowalczyk + +- go1.20.2 (released 2023-03-07) includes a security fix to the + crypto/elliptic package, as well as bug fixes to the compiler, + the covdata command, the linker, the runtime, and the + crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-24532 + * go#58720 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results + * go#58427 cmd/covdata: short read on string table when merging coverage counters + * go#58442 runtime: some linkname signatures do not match + * go#58444 cmd/compile: inline static init cause compile time error + * go#58467 cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry + * go#58498 crypto/ecdh: ECDH method doesn't check curve + * go#58503 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' + * go#58505 crypto/internal/bigmod: flag amd64 assembly as noescape + * go#58531 runtime: endless traceback when panic in generics funtion + * go#58536 runtime: long latency of sweep assists + * go#58624 syscall.Faccessat and os.LookPath regression in Go 1.20 + * go#58627 os: cmd/go gets error "copy_file_range: function not implemented" + * go#58717 net: TestTCPSelfConnect failures due to unexpected connections + * go#58774 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows + * go#58776 cmd/compile: ICE on method value involving imported anonymous interface + * go#58793 crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey + * go#58811 crypto/x509: TestSystemVerify consistently failing + +--- Old: go1.20.1.src.tar.gz New: go1.20.2.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.OEQ60O/_old 2023-03-08 14:53:40.183034502 +0100 +++ /var/tmp/diff_new_pack.OEQ60O/_new 2023-03-08 14:53:40.187034525 +0100 @@ -134,7 +134,7 @@ %endif Name: go1.20 -Version:1.20.1 +Version:1.20.2 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.1.src.tar.gz -> go1.20.2.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.1.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.2.src.tar.gz differ: char 120, line 1