SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for go1.17-1.17.13-6.3.x86_64.rpm :

* Tue Feb 27 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Fri Apr 14 2023 Jeff Kowalczyk - Build subpackage go1.x-libstd compiled shared object libstd.so only on Tumbleweed at this time. Refs jsc#PED-1962
* Fri Apr 14 2023 Jeff Kowalczyk - Add subpackage go1.x-libstd for compiled shared object libstd.so. Refs jsc#PED-1962
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
* Fri Apr 14 2023 Jeff Kowalczyk - Improvements to go1.x packaging spec:
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used.
* Change source URLs to go.dev as per Go upstream
* Thu Apr 13 2023 Martin Liška - Use gcc13 compiler for Tumbleweed.
* Tue Aug 23 2022 Andreas Schwab - Don\'t build with shared on riscv64 for < go1.18
* Mon Aug 22 2022 Jeff Kowalczyk - Define go_bootstrap_version go1.16 without suse_version checks- Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere
* Thu Aug 18 2022 Dirk Müller - Bootstrap using go1.16 on SLE-15 and newer. go1.16 is bootstrapped using gcc-go 11 or 12. This allows dropping older versions of Go from Factory.
* Mon Aug 01 2022 Jeff Kowalczyk - go1.17.13 (released 2022-08-01) includes security fixes to the encoding/gob and math/big packages, as well as bug fixes to the compiler and the runtime. Refs boo#1190649 go1.17 release tracking CVE-2022-32189
* boo#1202035 CVE-2022-32189 go#53871
* go#54094 math/big: index out of range in Float.GobDecode
* go#53846 runtime: modified timer results in extreme cpu load
* go#53617 cmd/compile: condition in for loop body is incorrectly optimised away
* go#53111 runtime: gentraceback() dead loop on arm64 casued the process hang
* go#52960 cmd/compile: miscompilation in pointer operations
* Tue Jul 12 2022 Jeff Kowalczyk - go1.17.12 (released 2022-07-12) includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the runtime, and the runtime/metrics package. Refs boo#1190649 go1.17 release tracking CVE-2022-1705 CVE-2022-32148 CVE-2022-30631 CVE-2022-30633 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30630 CVE-2022-1962
* boo#1201434 CVE-2022-1705 go#53188
* go#53432 net/http: improper sanitization of Transfer-Encoding header
* boo#1201436 CVE-2022-32148 go#53423
* go#53620 net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
* boo#1201437 CVE-2022-30631 go#53168
* go#53717 compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* boo#1201440 CVE-2022-30633 go#53611
* go#53715 encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* boo#1201443 CVE-2022-28131 go#53614
* go#53711 encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* boo#1201444 CVE-2022-30635 go#53615
* go#53709 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* boo#1201445 CVE-2022-30632 go#53416
* go#53713 path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* boo#1201447 CVE-2022-30630 go#53415
* go#53719 io/fs: stack exhaustion in Glob (CVE-2022-30630)
* boo#1201448 CVE-2022-1962 go#53616
* go#53707 go/parser: stack exhaustion in all Parse
* functions (CVE-2022-1962)
* go#53612 syscall: NewCallback triggers data race on Windows when used from different goroutine
* go#53589 runtime/metrics: data race detected in Read
* go#53470 cmd/compile: internal compiler error: width not calculated: int128
* go#53050 misc/cgo/test: failure with gcc 10
* go#52688 runtime: total allocation stats are managed in a uintptr which can quickly wrap around on 32-bit architectures
* go#51351 cmd/go: \"v1.x.y is not a tag\" when .gitconfig sets log.decorate to full
* Wed Jun 01 2022 Jeff Kowalczyk - go1.17.11 (released 2022-06-01) includes security fixes to the crypto/rand, crypto/tls, os/exec, and path/filepath packages, as well as bug fixes to the crypto/tls package. Refs boo#1190649 go1.17 release tracking CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804
* boo#1200134 go#52561 CVE-2022-30634
* go#52932 crypto/rand: Read hangs when passed buffer larger than 1<<32 - 1
* boo#1200135 go#52814 CVE-2022-30629
* go#52832 crypto/tls: randomly generate ticket_age_add
* boo#1200136 go#52574 CVE-2022-30580
* go#53056 os/exec: Cmd.{Run,Start} should fail if Cmd.Path is unset
* boo#1200137 go#52476 CVE-2022-29804
* go#52478 path/filepath: Clean(.\\c:) returns c: on Windows
* go#52790 crypto/tls: 500% increase in allocations from (
*tls.Conn).Read in go 1.17
* go#52826 runtime: TestGcSys is still flaky
* go#53042 misc/cgo/testsanitizers: occasional hangs in TestTSAN/tsan12
* go#53049 runtime: TestGdbBacktrace failures due to GDB \"internal-error: wait returned unexpected status 0x0\"
* go#53114 misc/cgo/testsanitizers: deadlock in TestTSAN/tsan11
* Tue May 10 2022 Jeff Kowalczyk - go1.17.10 (released 2022-05-10) includes security fixes to the syscall package, as well as bug fixes to the compiler, runtime, and the crypto/x509 and net/http/httptest packages. Refs boo#1190649 go1.17 release tracking CVE-2022-29526
* boo#1199413 go#52313 CVE-2022-29526
* go#52439 syscall: Faccessat checks wrong group
* go#51858 crypto/x509: x509 certificate with issuerUniqueID and/or subjectUniqueID parse error
* go#52095 cmd/compile: fails to compile very long files starting go1.17
* go#52148 syscall: TestGroupCleanupUserNamespace failure on linux-s390x-ibm
* go#52306 sync: TestWaitGroupMisuse2 is flaky
* go#52374 runtime: executable compiled under Go 1.17.7 will occasionally wedge
* go#52455 net/http/httptest: race in Close
* go#52705 net: TestDialCancel is not compatible with new macOS ARM64 builders
* Mon May 02 2022 Martin Liška - Remove remaining use of gold linker when bootstrapping with gccgo. The binutils-gold package will be removed in the future.
* History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x
* No information available why binutils-gold was used initially
* Unrelated to upstream recent hardcoded gold dependency for ARM
* Tue Apr 12 2022 Jeff Kowalczyk - go1.17.9 (released 2022-04-12) includes security fixes to the crypto/elliptic and encoding/pem packages, as well as bug fixes to the linker and runtime. Refs boo#1190649 go1.17 release tracking CVE-2022-24675 CVE-2022-28327
* boo#1198423 go#51853 CVE-2022-24675
* go#52036 encoding/pem: stack overflow
* boo#1198424 go#52075 CVE-2022-28327
* go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes
* go#51736 plugin: tls handshake panic: unreachable method called. linker bug?
* go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0
* go#51458 runtime: finalizer call has wrong frame size
* go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed
* Thu Apr 07 2022 Jeff Kowalczyk - Template gcc-go.patch to substitute gcc_go_version and eliminate multiple similar patches each with hardcoded gcc go binary name. gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate for current lack of gcc-go update-alternatives usage.
* add gcc-go.patch
* drop gcc6-go.patch
* drop gcc7-go.patch
* Thu Apr 07 2022 Jeff Kowalczyk - For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go. gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or go1.18 on SLE-12 aarch64 ppc64le or s390x.
* gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0): undefined reference to `__go_pimt__I4_DiagFrN4_boolee3
* Fri Mar 11 2022 Jeff Kowalczyk - Add %define go_label as a configurable Go toolchain directory
* go_label can be used to package multiple Go toolchains with the same go_api
* go_label should be defined as go_api with an optional suffix e.g. %{go_api} or %{go_api}-foo
* Default go_label = go_api makes no changes to package layout
* Wed Mar 09 2022 Dirk Müller - add dont-force-gold-on-arm64.patch (bsc#1183043)- drop binutils-gold dependency
* Thu Mar 03 2022 Jeff Kowalczyk - go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509, and net packages. Refs boo#1190649 go1.17 release tracking CVE-2022-24921
* boo#1196732 go#51112 CVE-2022-24921
* go#51118 regexp: stack overflow (process exit) handling deeply nested regexp
* go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
* go#51199 cmd/compile: \"runtime: bad pointer in frame\" in riscv64 with complier optimizations
* go#51162 net: use EDNS to increase DNS packet size [freeze exception]
* go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two
* go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18
* Fri Feb 18 2022 Jeff Kowalczyk - Add missing .bin binary test data to packaging.
* Existing test data files added to packaging with mode 644: src/compress/bzip2/testdata/pass-random2.bin src/compress/bzip2/testdata/pass-random1.bin src/debug/dwarf/testdata/line-gcc-win.bin
* Thu Feb 10 2022 Jeff Kowalczyk - go1.17.7 (released 2022-02-10) includes security fixes to the crypto/elliptic, math/big packages and to the go command, as well as bug fixes to the compiler, linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest packages. Refs boo#1190649 go1.17 release tracking CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50701 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50687 cmd/go: do not treat branches with semantic-version names as releases
* go#50942 cmd/asm: \"compile: loop\" compiler bug?
* go#50867 cmd/compile: incorrect use of CMN on arm64
* go#50812 cmd/go: remove bitbucket VCS probing
* go#50781 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50297 cmd/link: does not set section type of .init_array correctly
* go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of \"plugin\" Package
* Thu Jan 06 2022 Jeff Kowalczyk - go1.17.6 (released 2022-01-06) includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. Refs boo#1190649 go1.17 release tracking
* go#50165 crypto/x509: error parsing large ASN.1 identifiers
* go#50073 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49961 reflect: segmentation violation while using html/template
* go#49921 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream\'s window is out of space.
* go#49413 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48116 runtime: mallocs cause \"base outside usable address space\" panic when running on iOS 14
  
ICM