commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2024-02-18 20:22:59
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.1815 (New)
Package is "go1.20"
Sun Feb 18 20:22:59 2024 rev:17 rq:1147335 version:1.20.14
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2024-02-07
18:48:57.447879789 +0100
+++ /work/SRC/openSUSE:Factory/.go1.20.new.1815/go1.20.changes 2024-02-18
20:23:24.738536287 +0100
@@ -1,0 +2,7 @@
+Tue Feb 6 22:28:04 UTC 2024 - Jeff Kowalczyk
+
+- Packaging improvements:
+ * boo#1219988 ensure VERSION file is present in GOROOT
+as required by go tool dist and go tool distpack
+
+---
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.RQKBD5/_old 2024-02-18 20:23:25.358558663 +0100
+++ /var/tmp/diff_new_pack.RQKBD5/_new 2024-02-18 20:23:25.362558807 +0100
@@ -353,6 +353,8 @@
done
# executable bash scripts called by go tool, etc
find src -name "*.bash" -exec install -Dm655 \{\}
%{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
+# VERSION file referenced by go tool dist and go tool distpack
+find . -name VERSION -exec install -Dm655 \{\}
%{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
# Trace viewer html and javascript files moved from misc/trace in
# previous versions to src/cmd/trace/static in go1.19.
# static contains pprof trace viewer html javascript and markdown
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-11-09 21:34:19 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.17445 (New) Package is "go1.20" Thu Nov 9 21:34:19 2023 rev:13 rq:1124118 version:1.20.11 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-10-12 23:39:22.726967527 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.17445/go1.20.changes 2023-11-09 21:34:33.719036167 +0100 @@ -1,0 +2,12 @@ +Tue Nov 7 19:29:09 UTC 2023 - Jeff Kowalczyk + +- go1.20.11 (released 2023-11-07) includes security fixes to the + path/filepath package, as well as bug fixes to the linker and the + net/http package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-45283 CVE-2023-45284 + * go#63714 go#63713 boo#1216943 boo#1216944 security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths + * go#63316 cmd/link: split text sections for arm 32-bit + * go#63740 net/http: http2 page fails on firefox/safari if pushing resources + +--- Old: go1.20.10.src.tar.gz New: go1.20.11.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.QlYpKh/_old 2023-11-09 21:34:34.491064617 +0100 +++ /var/tmp/diff_new_pack.QlYpKh/_new 2023-11-09 21:34:34.491064617 +0100 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.10 +Version:1.20.11 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.10.src.tar.gz -> go1.20.11.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.10.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.17445/go1.20.11.src.tar.gz differ: char 50, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-10-12 23:39:02 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.1807 (New) Package is "go1.20" Thu Oct 12 23:39:02 2023 rev:12 rq:1116742 version:1.20.10 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-10-08 12:16:19.689863987 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.1807/go1.20.changes 2023-10-12 23:39:22.726967527 +0200 @@ -1,0 +2,9 @@ +Tue Oct 10 18:27:08 UTC 2023 - Jeff Kowalczyk + +- go1.20.10 (released 2023-10-10) includes a security fix to the + net/http package. + Refs boo#1206346 go1.20 release tracking + CVE-2023-39325 CVE-2023-44487 + * go#63426 go#63417 boo#1216109 security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work + +--- Old: go1.20.9.src.tar.gz New: go1.20.10.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.YH74n1/_old 2023-10-12 23:39:23.546997210 +0200 +++ /var/tmp/diff_new_pack.YH74n1/_new 2023-10-12 23:39:23.546997210 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.9 +Version:1.20.10 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.9.src.tar.gz -> go1.20.10.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.9.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.1807/go1.20.10.src.tar.gz differ: char 50, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-10-08 12:16:15 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.28202 (New) Package is "go1.20" Sun Oct 8 12:16:15 2023 rev:11 rq:1115933 version:1.20.9 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-09-10 13:09:41.769409514 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.28202/go1.20.changes 2023-10-08 12:16:19.689863987 +0200 @@ -1,0 +2,11 @@ +Thu Oct 5 20:28:19 UTC 2023 - Jeff Kowalczyk + +- go1.20.9 (released 2023-10-05) includes one security fixes to the + cmd/go package, as well as bug fixes to the go command and the + linker. + Refs boo#1206346 go1.20 release tracking + CVE-2023-39323 + * go#63213 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build + * go#62597 cmd/link: issues with Apple's new linker in Xcode 15 beta + +--- Old: go1.20.8.src.tar.gz New: go1.20.9.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.FE5ZXW/_old 2023-10-08 12:16:21.501929138 +0200 +++ /var/tmp/diff_new_pack.FE5ZXW/_new 2023-10-08 12:16:21.501929138 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.8 +Version:1.20.9 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.8.src.tar.gz -> go1.20.9.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.8.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.28202/go1.20.9.src.tar.gz differ: char 120, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-09-10 13:09:26
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.1766 (New)
Package is "go1.20"
Sun Sep 10 13:09:26 2023 rev:10 rq:1109621 version:1.20.8
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-08-03
17:27:12.902830855 +0200
+++ /work/SRC/openSUSE:Factory/.go1.20.new.1766/go1.20.changes 2023-09-10
13:09:41.769409514 +0200
@@ -1,0 +2,34 @@
+Wed Sep 6 15:08:50 UTC 2023 - Jeff Kowalczyk
+
+- go1.20.8 (released 2023-09-06) includes two security fixes to the
+ html/template package, as well as bug fixes to the compiler, the
+ go command, the runtime, and the crypto/tls, go/types, net/http,
+ and path/filepath packages.
+ Refs boo#1206346 go1.20 release tracking
+ CVE-2023-39318 CVE-2023-39319
+ * go#62395 go#62196 boo#1215084 security: fix CVE-2023-39318 html/template:
improper handling of HTML-like comments within script contexts
+ * go#62397 go#62197 boo#1215085 security: fix CVE-2023-39319 html/template:
improper handling of special tags within script contexts
+ * go#61198 cmd/go: extended forwards compatibility for Go
+ * go#61744 go/types: interface.Complete panics for interfaces with duplicate
methods
+ * go#61826 net/http: go 1.20.6 host validation breaks setting Host to a unix
socket address
+ * go#61867 path/filepath: Clean on some invalid Windows paths can lose ..
components
+ * go#61873 cmd/go: using a module path without dot fails to build after
toolchain selection
+ * go#61966 crypto/tls: add GODEBUG to control max RSA key size
+ * go#62018 runtime: execution halts with goroutines stuck in runtime.gopark
(protocol error E08 during memory read for packet)
+ * go#62056 cmd/compile: internal compiler error: 'F': func F, startMem[b1]
has different values
+ * go#62070 cmd/api: make non-importable
+
+---
+Tue Sep 5 19:12:05 UTC 2023 - Jeff Kowalczyk
+
+- Add missing directory pprof html asset directory to package.
+ Refs boo#1215090
+ * src/cmd/vendor/github.com/google/pprof/internal/driver/html/
+dir containing html assets is present in upstream Go
+distribution but missing from SUSE go1.x packages
+ * Go programs importing runtime/pprof may fail with error:
+
/usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
+pattern html: no matching files found
+ * Reformat adjacent commment in spec file
+
+---
Old:
go1.20.7.src.tar.gz
New:
go1.20.8.src.tar.gz
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.ajLNCb/_old 2023-09-10 13:09:43.621475683 +0200
+++ /var/tmp/diff_new_pack.ajLNCb/_new 2023-09-10 13:09:43.625475826 +0200
@@ -126,7 +126,7 @@
%endif
Name: go1.20
-Version:1.20.7
+Version:1.20.8
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
@@ -353,14 +353,14 @@
done
# executable bash scripts called by go tool, etc
find src -name "*.bash" -exec install -Dm655 \{\}
%{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
-# # Trace viewer html and javascript files moved from misc/trace in
-# # previous versions to src/cmd/trace/static in go1.19.
-# # static contains pprof trace viewer html javascript and markdown
-# echo "PWD:" `pwd`
-# echo "GOROOT:" $GOROOT
-# mkdir -v -p $GOROOT/src/cmd/trace/static
+# Trace viewer html and javascript files moved from misc/trace in
+# previous versions to src/cmd/trace/static in go1.19.
+# static contains pprof trace viewer html javascript and markdown
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static
install -Dm644 src/cmd/trace/static/*
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/trace/static
+# pprof viewer html templates are needed for import runtime/pprof
+install -d
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
+install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/*
%{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
mkdir -p $GOROOT/src
for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do
++ go1.20.7.src.tar.gz -> go1.20.8.src.tar.gz ++
/work/SRC/openSUSE:Factory/go1.20/go1.20.7.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.20.new.1766/go1.20.8.src.tar.gz differ: char
121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-08-03 17:27:11 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.22712 (New) Package is "go1.20" Thu Aug 3 17:27:11 2023 rev:9 rq:1101873 version:1.20.7 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-07-26 13:21:53.811297298 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.22712/go1.20.changes 2023-08-03 17:27:12.902830855 +0200 @@ -1,0 +2,13 @@ +Tue Aug 1 20:35:02 UTC 2023 - Jeff Kowalczyk + +- go1.20.7 (released 2023-08-01) includes a security fix to the + crypto/tls package, as well as bug fixes to the assembler and the + compiler. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29409 + * go#61580 go#61460 boo#1213880 security: fix CVE-2023-29409 crypto/tls: restrict RSA keys in certificates to <= 8192 bits + * go#61320 cmd/compile: ppc64le: sign extension issue in go 1.21rc2 + * go#61449 net: TestInterfaceArrivalAndDepartureZoneCache is broken on linux-arm64 + * go#61471 cmd/compile: failed to make Go on riscv64 CPU with numa + +--- @@ -8 +21 @@ - Refs boo#1206346 go1.20 release tracking. + Refs boo#1206346 go1.20 release tracking Old: go1.20.6.src.tar.gz New: go1.20.7.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.nvP514/_old 2023-08-03 17:27:13.630835261 +0200 +++ /var/tmp/diff_new_pack.nvP514/_new 2023-08-03 17:27:13.634835285 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.6 +Version:1.20.7 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.6.src.tar.gz -> go1.20.7.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.6.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.22712/go1.20.7.src.tar.gz differ: char 121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-07-26 13:21:46 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.15225 (New) Package is "go1.20" Wed Jul 26 13:21:46 2023 rev:8 rq:1098261 version:1.20.6 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-06-08 21:41:43.493694998 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.15225/go1.20.changes 2023-07-26 13:21:53.811297298 +0200 @@ -1,0 +2,27 @@ +Tue Jul 11 17:50:52 UTC 2023 - Jeff Kowalczyk + +- go1.20.6 (released 2023-07-11) includes a security fix to the + net/http package, as well as bug fixes to the compiler, cgo, the + cover tool, the go command, the runtime, and the crypto/ecdsa, + go/build, go/printer, net/mail, and text/template packages. + Refs boo#1206346 go1.20 release tracking. + CVE-2023-29406 + * go#61076 go#60374 boo#1213229 security: fix CVE-2023-29406 net/http: insufficient sanitization of Host header + * go#60352 cmd/go: go mod tidy introduces ambiguous imports in pruned modules + * go#60535 runtime: TLS slot index over 64 and crash + * go#60675 cmd/compile: internal compiler error: out of range for go.shape.int64 + * go#60698 cmd/go: go list fails with submodules which have test-only dependencies + * go#60744 crypto/ecdsa: P521 ecdsa.Verify panics with malformed message + * go#60754 cmd/go: panic: LoadImport called with empty package path when listing GOROOT/test/*.go + * go#60760 runtime: checkdead fires due to suspected race in the Go runtime when GOMAXPROCS=1 on AWS + * go#60802 text/template: key/value assignment is reversed within range loop + * go#60845 runtime: SIGSEGV in race + coverage mode + * go#60849 cmd/go: go test deadlocked without enforcing timeouts when killed with ^C + * go#60874 net/mail: mail.ReadMessage in 1.20 cannot parse mbox headers + * go#60875 net/mail: characters allowed in RFC 5322 are invalid while parsing email header + * go#60927 x/tools/go/analysis/unitchecker: TestVetStdlib failures + * go#60947 crypto/x509: TestSystemVerify/EKULeafValid fails on LUCI + * go#60949 runtime: goroutines that stop after calling runtime.RaceDisable break race detector + * go#61055 runtime: TestWindowsStackMemory flakes on windows-386-2016 + +--- Old: go1.20.5.src.tar.gz New: go1.20.6.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.WbPaM5/_old 2023-07-26 13:21:54.663302121 +0200 +++ /var/tmp/diff_new_pack.WbPaM5/_new 2023-07-26 13:21:54.671302166 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.5 +Version:1.20.6 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.5.src.tar.gz -> go1.20.6.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.5.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.15225/go1.20.6.src.tar.gz differ: char 12, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-06-08 21:41:41 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.15902 (New) Package is "go1.20" Thu Jun 8 21:41:41 2023 rev:7 rq:1091160 version:1.20.5 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-05-04 17:09:28.199976936 +0200 +++ /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.changes 2023-06-08 21:41:43.493694998 +0200 @@ -1,0 +2,19 @@ +Tue Jun 6 19:13:57 UTC 2023 - Jeff Kowalczyk + +- go1.20.5 (released 2023-06-06) includes four security fixes to + the cmd/go and runtime packages, as well as bug fixes to the + compiler, the go command, the runtime, and the crypto/rsa, net, + and os packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 + * go#60516 go#60167 boo#1212073 security: fix CVE-2023-29402 cmd/go: cgo code injection + * go#60518 go#60272 boo#1212074 security: fix CVE-2023-29403 runtime: unexpected behavior of setuid/setgid binaries + * go#60512 go#60305 boo#1212075 security: fix CVE-2023-29404 cmd/go: improper sanitization of LDFLAGS + * go#60514 go#60306 boo#1212076 security: fix CVE-2023-29405 cmd/go: improper sanitization of LDFLAGS + * go#58927 crypto/rsa: 4096 bit keys are not generated with BoringCrypto + * go#59975 cmd/compile: multiple memories live at block start + * go#60001 cmd/go: missing checksums for dependencies of go get arguments and tests of external dependencies + * go#60217 os: Read of a device driver fails only with Go 1.20 + * go#60458 cmd/go: document GOROOT/bin/go PATH entry for go test and go generate + +--- Old: go1.20.4.src.tar.gz New: go1.20.5.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.RZbjIj/_old 2023-06-08 21:41:44.265699548 +0200 +++ /var/tmp/diff_new_pack.RZbjIj/_new 2023-06-08 21:41:44.269699571 +0200 @@ -126,7 +126,7 @@ %endif Name: go1.20 -Version:1.20.4 +Version:1.20.5 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.4.src.tar.gz -> go1.20.5.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.4.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.15902/go1.20.5.src.tar.gz differ: char 12, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-05-04 17:09:22
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.1533 (New)
Package is "go1.20"
Thu May 4 17:09:22 2023 rev:6 rq:1084135 version:1.20.4
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-04-29
17:28:32.306642120 +0200
+++ /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.changes 2023-05-04
17:09:28.199976936 +0200
@@ -1,0 +2,30 @@
+Tue May 2 17:24:29 UTC 2023 - Jeff Kowalczyk
+
+- go1.20.4 (released 2023-05-02) includes three security fixes to
+ the html/template package, as well as bug fixes to the compiler,
+ the runtime, and the crypto/subtle, crypto/tls, net/http, and
+ syscall packages.
+ Refs boo#1206346 go1.20 release tracking
+ CVE-2023-29400 CVE-2023-24540 CVE-2023-24539
+ * go#59812 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template:
improper sanitization of CSS values
+ * go#59814 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template:
improper handling of JavaScript whitespace
+ * go#59816 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template:
improper handling of empty HTML attributes
+ * go#59064 runtime: automatically bump RLIMIT_NOFILE on Unix
+ * go#59336 crypto/subtle: xor fails when run with race+purego
+ * go#59374 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write
+ * go#59450 cmd/compile: internal compiler error: cannot call
SetType(go.shape.int) on v (type int)
+ * go#59468 cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex
+ * go#59469 net/http: FileServer no longer serves content for POST
+ * go#59540 crypto/tls: TLSv1.3 connection fails with invalid PSK binder
+ * go#59580 cmd/compile: incorrect inline function variable
+ * go#59585 cmd/compile: Unified IR exports table is binary unstable in
presence of generics
+ * go#59637 go/internal/gcimporter: lookupGorootExport should use the go
command from build.Default.GOROOT
+
+---
+Tue May 2 17:08:49 UTC 2023 - Jeff Kowalczyk
+
+- Packaging revert go1.x Suggests go1.x-race boo#1210963
+ * Upstream go binary distributions do include race detector .syso
+ * Default Recommends for subpackages is best suited in this case
+
+---
@@ -18,4 +48,4 @@
- * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of
service from excessive memory allocation â(CVE-2023-24534)
- * go#59270 go#59153 boo#1210128 security: net/http, net/textproto,
mime/multipart: denial of service from excessive resource consumption
(CVE-2023-24536)
- * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in
parsing (CVE-2023-24537)
- * go#59272 go#59234 boo#1210130 security: html/template: backticks not
treated as string delimiters (CVE-2023-24538)
+ * go#59268 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http,
net/textproto: denial of service from excessive memory allocation
+ * go#59270 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http,
net/textproto, mime/multipart: denial of service from excessive resource
consumption
+ * go#59274 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser:
infinite loop in parsing
+ * go#59272 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template:
backticks not treated as string delimiters
Old:
go1.20.3.src.tar.gz
New:
go1.20.4.src.tar.gz
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.vmxqZ1/_old 2023-05-04 17:09:29.219982908 +0200
+++ /var/tmp/diff_new_pack.vmxqZ1/_new 2023-05-04 17:09:29.223982931 +0200
@@ -126,7 +126,7 @@
%endif
Name: go1.20
-Version:1.20.3
+Version:1.20.4
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
@@ -155,7 +155,6 @@
%endif
BuildRequires: fdupes
Suggests: %{name}-doc = %{version}
-Suggests: %{name}-race = %{version}
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
Suggests: %{name}-libstd = %{version}
++ go1.20.3.src.tar.gz -> go1.20.4.src.tar.gz ++
/work/SRC/openSUSE:Factory/go1.20/go1.20.3.src.tar.gz
/work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.4.src.tar.gz differ: char
121, line 1
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-04-29 17:28:23
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.1533 (New)
Package is "go1.20"
Sat Apr 29 17:28:23 2023 rev:5 rq:1083592 version:1.20.3
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-04-05
21:35:18.510449784 +0200
+++ /work/SRC/openSUSE:Factory/.go1.20.new.1533/go1.20.changes 2023-04-29
17:28:32.306642120 +0200
@@ -1,0 +2,8 @@
+Fri Apr 28 23:47:22 UTC 2023 - Jeff Kowalczyk
+
+- Packaging improvements:
+ * Re-enable binary stripping and debuginfo boo#1210938
+ * go1.x Suggests go1.x-race do not install by default boo#1210963
+ * Use Group: Development/Languages/Go instead of Other
+
+---
@@ -28 +36 @@
-- Build subpackage go1.20-libstd compiled shared object libstd.so
+- Build subpackage go1.x-libstd compiled shared object libstd.so
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.pXeUnF/_old 2023-04-29 17:28:32.966644883 +0200
+++ /var/tmp/diff_new_pack.pXeUnF/_new 2023-04-29 17:28:32.974644918 +0200
@@ -14,16 +14,8 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-# nodebuginfo
-# strip will cause Go's .a archives to become invalid because strip appears to
-# reassemble the archive incorrectly. This is a known issue upstream
-# (https://github.com/golang/go/issues/17890), but we have to deal with it in
-# the meantime.
-%undefine _build_create_debug
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true
-
# Specify Go toolchain version used to bootstrap this package's Go toolchain
# go_bootstrap_version bootstrap go toolchain with specific existing go1.x
package
# gcc_go_version bootstrap go toolchain with specific version of gcc-go
@@ -163,6 +155,7 @@
%endif
BuildRequires: fdupes
Suggests: %{name}-doc = %{version}
+Suggests: %{name}-race = %{version}
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
Suggests: %{name}-libstd = %{version}
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-04-05 21:27:24
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.19717 (New)
Package is "go1.20"
Wed Apr 5 21:27:24 2023 rev:4 rq:1077385 version:1.20.3
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-03-13
12:41:25.595895113 +0100
+++ /work/SRC/openSUSE:Factory/.go1.20.new.19717/go1.20.changes 2023-04-05
21:35:18.510449784 +0200
@@ -1,0 +2,31 @@
+Tue Apr 4 20:42:31 UTC 2023 - Jeff Kowalczyk
+
+- go1.20.3 (released 2023-04-04) includes security fixes to the
+ go/parser, html/template, mime/multipart, net/http, and
+ net/textproto packages, as well as bug fixes to the compiler, the
+ linker, the runtime, and the time package.
+ Refs boo#1206346 go1.20 release tracking
+ CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538
+ * go#59268 go#58975 boo#1210127 security: net/http, net/textproto: denial of
service from excessive memory allocation â(CVE-2023-24534)
+ * go#59270 go#59153 boo#1210128 security: net/http, net/textproto,
mime/multipart: denial of service from excessive resource consumption
(CVE-2023-24536)
+ * go#59274 go#59180 boo#1210129 security: go/parser: infinite loop in
parsing (CVE-2023-24537)
+ * go#59272 go#59234 boo#1210130 security: html/template: backticks not
treated as string delimiters (CVE-2023-24538)
+ * go#58920 x/text: building as a plugin failure on darwin/arm64
+ * go#58938 cmd/go: timeout on darwin-amd64-race builder
+ * go#58942 internal/testpty: fails on some Linux machines due to incorrect
error handling
+ * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64
+ * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are
used
+ * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call
reachability calculation
+ * go#59075 time: time zone lookup using extend string makes wrong start time
for non-DST zones
+ * go#59220 runtime: crash on linux-ppc64le
+ * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode
+ * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument
+
+---
+Tue Apr 4 16:59:57 UTC 2023 - Jeff Kowalczyk
+
+- Build subpackage go1.20-libstd compiled shared object libstd.so
+ only on Tumbleweed at this time.
+ Refs jsc#PED-1962
+
+---
Old:
go1.20.2.src.tar.gz
New:
go1.20.3.src.tar.gz
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.yOHiNf/_old 2023-04-05 21:35:19.326454441 +0200
+++ /var/tmp/diff_new_pack.yOHiNf/_new 2023-04-05 21:35:19.330454464 +0200
@@ -134,7 +134,7 @@
%endif
Name: go1.20
-Version:1.20.2
+Version:1.20.3
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
@@ -163,7 +163,10 @@
%endif
BuildRequires: fdupes
Suggests: %{name}-doc = %{version}
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
Suggests: %{name}-libstd = %{version}
+%endif
%ifarch %{tsan_arch}
# Needed to compile compiler-rt/TSAN.
BuildRequires: gcc-c++
@@ -214,6 +217,8 @@
%endif
%if %{with_shared}
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
%package libstd
Summary:Go compiled shared library libstd.so
Group: Development/Languages/Go
@@ -222,6 +227,7 @@
%description libstd
Go standard library compiled to a dynamically loadable shared object libstd.so
%endif
+%endif
%prep
%ifarch %{tsan_arch}
@@ -295,6 +301,8 @@
%endif
%if %{with_shared}
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
# Compile Go standard library as a dynamically loaded shared object libstd.so
# for inclusion in a subpackage which can be installed standalone.
# Upstream Go binary releases do not ship a compiled libstd.so.
@@ -312,6 +320,7 @@
#created with -buildmode=shared.
bin/go install -buildmode=shared std
%endif
+%endif
%check
%ifarch %{tsan_arch}
@@ -452,9 +461,12 @@
# We don't include libstd.so in the main Go package.
%if %{with_shared}
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
%endif
+%endif
%files doc
%doc %{_docdir}/go/%{go_label}/*.html
@@ -465,8 +477,11 @@
%endif
%if %{with_shared}
+%if 0%{?suse_version} > 1500
+# openSUSE Tumbleweed
%files libstd
%{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
%endif
+%endif
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package go1.20 for openSUSE:Factory checked
in at 2023-03-13 12:40:44
Comparing /work/SRC/openSUSE:Factory/go1.20 (Old)
and /work/SRC/openSUSE:Factory/.go1.20.new.31432 (New)
Package is "go1.20"
Mon Mar 13 12:40:44 2023 rev:3 rq:1071065 version:1.20.2
Changes:
--- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-03-08
14:53:39.595031300 +0100
+++ /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.changes 2023-03-13
12:41:25.595895113 +0100
@@ -1,0 +2,20 @@
+Thu Mar 9 20:39:23 UTC 2023 - Jeff Kowalczyk
+
+- Add subpackage go1.x-libstd for compiled shared object libstd.so.
+ Refs jsc#PED-1962
+ * Main go1.x package included libstd.so in previous versions
+ * Split libstd.so into subpackage that can be installed standalone
+ * Continues the slimming down of main go1.x package by 40 Mb
+ * Experimental and not recommended for general use, Go currently has no ABI
+ * Upstream Go has not committed to support buildmode=shared long-term
+ * Do not use in packaging, build static single binaries (the default)
+ * Upstream Go go1.x binary releases do not include libstd.so
+ * go1.x Suggests go1.x-libstd so not installed by default Recommends
+ * go1.x-libstd does not Require: go1.x so can install standalone
+ * Provides go-libstd unversioned package name
+ * Fix build step -buildmode=shared std to omit -linkshared
+- Packaging improvements:
+ * go1.x Suggests go1.x-doc so not installed by default Recommends
+ * Use Group: Development/Languages/Go instead of Other
+
+---
Other differences:
--
++ go1.20.spec ++
--- /var/tmp/diff_new_pack.jkV62V/_old 2023-03-13 12:41:26.311898843 +0100
+++ /var/tmp/diff_new_pack.jkV62V/_new 2023-03-13 12:41:26.315898864 +0100
@@ -138,7 +138,7 @@
Release:0
Summary:A compiled, garbage-collected, concurrent programming language
License:BSD-3-Clause
-Group: Development/Languages/Other
+Group: Development/Languages/Go
URL:https://go.dev/
Source: https://go.dev/dl/go%{version}.src.tar.gz
Source1:go-rpmlintrc
@@ -162,7 +162,8 @@
BuildRequires: %{go_bootstrap_version}
%endif
BuildRequires: fdupes
-Recommends: %{name}-doc = %{version}
+Suggests: %{name}-doc = %{version}
+Suggests: %{name}-libstd = %{version}
%ifarch %{tsan_arch}
# Needed to compile compiler-rt/TSAN.
BuildRequires: gcc-c++
@@ -192,7 +193,6 @@
%package doc
Summary:Go documentation
Group: Documentation/Other
-Requires: %{name} = %{version}
Provides: go-doc = %{version}
%description doc
@@ -202,7 +202,7 @@
# boo#1052528
%package race
Summary:Go runtime race detector
-Group: Development/Languages/Other
+Group: Development/Languages/Go
URL:https://compiler-rt.llvm.org/
Requires: %{name} = %{version}
Supplements:%{name} = %{version}
@@ -213,6 +213,16 @@
-race option, in order to detect race conditions present in your Go programs.
%endif
+%if %{with_shared}
+%package libstd
+Summary:Go compiled shared library libstd.so
+Group: Development/Languages/Go
+Provides: go-libstd = %{version}
+
+%description libstd
+Go standard library compiled to a dynamically loadable shared object libstd.so
+%endif
+
%prep
%ifarch %{tsan_arch}
# compiler-rt (from LLVM)
@@ -285,7 +295,22 @@
%endif
%if %{with_shared}
-bin/go install -buildmode=shared -linkshared std
+# Compile Go standard library as a dynamically loaded shared object libstd.so
+# for inclusion in a subpackage which can be installed standalone.
+# Upstream Go binary releases do not ship a compiled libstd.so.
+# Standard practice is to build Go binaries as a single executable.
+# Upstream Go discussed removing this feature, opted to fix current support:
+# Relevant upstream comments on: https://github.com/golang/go/issues/47788
+#
+# -buildmode=shared
+#Combine all the listed non-main packages into a single shared
+#library that will be used when building with the -linkshared
+#option. Packages named main are ignored.
+#
+# -linkshared
+#build code that will be linked against shared libraries previously
+#created with -buildmode=shared.
+bin/go install -buildmode=shared std
%endif
%check
@@ -425,6 +450,12 @@
%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
%endif
+# We don't include libstd.so in the main Go package.
+%if %{with_shared}
+# ./go/1.20/pkg/linux_amd64_dynlink/libstd.so
+%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
+%endif
+
%files doc
commit go1.20 for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package go1.20 for openSUSE:Factory checked in at 2023-03-08 14:53:38 Comparing /work/SRC/openSUSE:Factory/go1.20 (Old) and /work/SRC/openSUSE:Factory/.go1.20.new.31432 (New) Package is "go1.20" Wed Mar 8 14:53:38 2023 rev:2 rq:1070083 version:1.20.2 Changes: --- /work/SRC/openSUSE:Factory/go1.20/go1.20.changes2023-02-17 16:46:06.111233250 +0100 +++ /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.changes 2023-03-08 14:53:39.595031300 +0100 @@ -1,0 +2,27 @@ +Tue Mar 7 18:03:10 UTC 2023 - Jeff Kowalczyk + +- go1.20.2 (released 2023-03-07) includes a security fix to the + crypto/elliptic package, as well as bug fixes to the compiler, + the covdata command, the linker, the runtime, and the + crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. + Refs boo#1206346 go1.20 release tracking + CVE-2023-24532 + * go#58720 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results + * go#58427 cmd/covdata: short read on string table when merging coverage counters + * go#58442 runtime: some linkname signatures do not match + * go#58444 cmd/compile: inline static init cause compile time error + * go#58467 cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry + * go#58498 crypto/ecdh: ECDH method doesn't check curve + * go#58503 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' + * go#58505 crypto/internal/bigmod: flag amd64 assembly as noescape + * go#58531 runtime: endless traceback when panic in generics funtion + * go#58536 runtime: long latency of sweep assists + * go#58624 syscall.Faccessat and os.LookPath regression in Go 1.20 + * go#58627 os: cmd/go gets error "copy_file_range: function not implemented" + * go#58717 net: TestTCPSelfConnect failures due to unexpected connections + * go#58774 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows + * go#58776 cmd/compile: ICE on method value involving imported anonymous interface + * go#58793 crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey + * go#58811 crypto/x509: TestSystemVerify consistently failing + +--- Old: go1.20.1.src.tar.gz New: go1.20.2.src.tar.gz Other differences: -- ++ go1.20.spec ++ --- /var/tmp/diff_new_pack.OEQ60O/_old 2023-03-08 14:53:40.183034502 +0100 +++ /var/tmp/diff_new_pack.OEQ60O/_new 2023-03-08 14:53:40.187034525 +0100 @@ -134,7 +134,7 @@ %endif Name: go1.20 -Version:1.20.1 +Version:1.20.2 Release:0 Summary:A compiled, garbage-collected, concurrent programming language License:BSD-3-Clause ++ go1.20.1.src.tar.gz -> go1.20.2.src.tar.gz ++ /work/SRC/openSUSE:Factory/go1.20/go1.20.1.src.tar.gz /work/SRC/openSUSE:Factory/.go1.20.new.31432/go1.20.2.src.tar.gz differ: char 120, line 1
