Prepare for RPM 4.20 (forwarded request 1152226 from dimstar)

• Files Changed
• Browse Source

- Use gcc13 compiler for Tumbleweed. (forwarded request 1079518 from jfkw)

• Files Changed
• Browse Source

- Don't build with shared on riscv64 for < go1.18 (forwarded request 999101 from jfkw)

• Files Changed
• Browse Source

- switch to gcc-go, bootstrap via gcc-go 11/12 which
  should be available on leap, sle and factory
- add gcc-go.patch to bootstrap with gcc-go any version
- drop gcc6-go.patch, gcc7-go.patch: superseded by gcc-go.patch (forwarded request 998265 from jfkw)

• Files Changed
• Browse Source

- Add %define go_label as a configurable Go toolchain directory
  * go_label can be used to package multiple Go toolchains with
    the same go_api
  * go_label should be defined as go_api with an optional suffix
    e.g. %{go_api} or %{go_api}-foo
  * Default go_label = go_api makes no changes to package layout (forwarded request 966740 from jfkw)

• Files Changed
• Browse Source

- add dont-force-gold-on-arm64.patch (bsc#1183043)
- drop binutils-gold dependency (forwarded request 962279 from jfkw)

• Files Changed
• Browse Source

- go1.16.15 (released 2022-03-03) includes a security fix to the
  regexp/syntax package, as well as bug fixes to the compiler,
  runtime, the go command, and to the net package
  Refs boo#1182345 go1.16 release tracking
  CVE-2022-24921
  * boo#1196732 go#51112 CVE-2022-24921
  * go#51117 regexp: stack overflow (process exit) handling deeply nested regexp
  * go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists
  * go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations
  * go#51161 net: use EDNS to increase DNS packet size [freeze exception]
  * go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two (forwarded request 959305 from jfkw)

• Files Changed
• Browse Source

- Add missing .bin binary test data to packaging.
  * Existing test data files added to packaging with mode 644:
    src/compress/bzip2/testdata/pass-random2.bin
    src/compress/bzip2/testdata/pass-random1.bin
    src/debug/dwarf/testdata/line-gcc-win.bin (forwarded request 955951 from jfkw)

• Files Changed
• Browse Source

- go1.16.14 (released 2022-02-10) includes security fixes to the
  crypto/elliptic, math/big packages and to the go command, as well
  as bug fixes to the compiler, linker, runtime, the go command,
  and the debug/macho, debug/pe, net/http/httptest, and testing
  packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
  * boo#1195838 go#50974 CVE-2022-23806
  * go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
  * boo#1195835 go#50699 CVE-2022-23772
  * go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
  * boo#1195834 go#35671 CVE-2022-23773
  * go#50686 cmd/go: do not treat branches with semantic-version names as releases
  * go#50866 cmd/compile: incorrect use of CMN on arm64
  * go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
  * go#50811 cmd/go: remove bitbucket VCS probing
  * go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
  * go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
  * go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
  * go#50645 testing: surprising interaction of subtests with TempDir
  * go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
  * go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package (forwarded request 953822 from jfkw)

• Files Changed
• Browse Source

- go1.16.13 (released 2022-01-06) includes fixes to the compiler,
  linker, runtime, and the net/http package.
  Refs boo#1182345 go1.16 release tracking
  * go#50449 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
  * go#50296 cmd/link: does not set section type of .init_array correctly
  * go#50194 runtime/race: building for iOS, but linking in object file built for macOS
  * go#50072 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
  * go#49923 cmd/link: support more load commands on Mach-O
  * go#49412 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
  * go#48115 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 (forwarded request 944559 from jfkw)

• Files Changed
• Browse Source

- go1.16.12 (released 2021-12-09) includes security fixes to the
  syscall and net/http packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-44716 CVE-2021-44717 
  * boo#1193598 go#50057 CVE-2021-44717
  * go#50066 syscall: don’t close fd 0 on ForkExec error
  * boo#1193597 go#50058 CVE-2021-44716
  * go#50064 net/http: limit growth of header canonicalization cache (forwarded request 938740 from jfkw)

• Files Changed
• Browse Source

- go1.16.11 (released 2021-12-02) includes fixes to the compiler,
  runtime, and the net/http, net/http/httptest, and time packages.
  Refs boo#1182345 go1.16 release tracking
  * go#49910 x/net/http2: frequent failures in TestClientConnCloseAtBody
  * go#49908 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
  * go#49904 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
  * go#49867 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
  * go#49851 net/http/httptest: Close does not wait for the underlying Server's ConnState callbacks to complete
  * go#49728 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
  * go#49661 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
  * go#49623 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
  * go#49567 net/http: server responds with Transfer-Encoding: identity
  * go#49560 x/net/http2: setting Request.Close doesn't close TCP connections
  * go#49558 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
  * go#49406 time: ParseInLocation error
  * go#49391 cmd/compile: internal compiler error: Expand calls interface data problem (forwarded request 935319 from jfkw)

• Files Changed
• Browse Source

- go1.16.10 (released 2021-11-04) includes security fixes to the
  archive/zip and debug/macho packages, as well as bug fixes to the
  compiler, linker, runtime, the misc/wasm directory, and to the
  net/http package.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-41771 CVE-2021-41772
  * boo#1192377 go#48990 CVE-2021-41771
  * go#48991 debug/macho: invalid dynamic symbol table command can cause panic
  * boo#1192378 go#48085 CVE-2021-41772
  * go#48251 archive/zip: Reader.Open panics on empty string
  * go#49153 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
  * go#49076 x/net/http2: backport critical fixes
  * go#49009 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
  * go#48822 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
  * go#48649 x/net/http2: pool deadlock
  * go#48478 cmd/compile: 64 bits shifts on arm get wrong results
  * go#48474 cmd/compile: incorrect arm/arm64 simplification rules (forwarded request 929547 from jfkw)

• Files Changed
• Browse Source

- go1.16.9 (released 2021-10-07) includes a security fix to the
  linker and misc/wasm directory, as well as bug fixes to the
  runtime and to the text/template package.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-38297
  * boo#1191468 go#48797 CVE-2021-38297
  * go#48799 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
  * go#48443 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
  * go#47858 time: timer reset sometimes ignored, causing delayed ticks (forwarded request 924123 from jfkw)

• Files Changed
• Browse Source

- go1.16.8 (released 2021-09-09) includes a security fix to the
  archive/zip package, as well as bug fixes to the archive/zip,
  go/internal/gccgoimporter, html/template, net/http, and
  runtime/pprof packages.
  Refs boo#1182345 go1.16 release tracking
  CVE-2021-39293
  * boo#1190589 go#47801 CVE-2021-39293
  * go#47985 archive/zip: overflow in preallocation check can cause OOM panic
  * go#47691 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
  * go#47675 runtime/pprof: apparent deadlock in TestGoroutineSwitch on linux-armv6l
  * go#47610 go/internal/gccgoimporter: TestInstallationImporter broken with tip gccgo
  * go#47535 net/http: TestCancelRequestWhenSharingConnection can cause port exhaustion
  * go#47042 html/template: data race with concurrent ExecuteTemplate calls

- Add bash scripts used by go tool commands to provide a more
  complete cross-compiling go toolchain install.
  * Fixes "go tool dist list" error "all.bash does not exist"

• Files Changed
• Browse Source

- go1.16.7 (released 2021-08-05) includes a security fix to the
  net/http/httputil package, as well as bug fixes to the compiler,
  the linker, the runtime, the go command, and the net/http
  package.
  CVE-2021-36221
  Refs boo#1182345 go1.16 release tracking
  * boo#1189162 go#46866 CVE-2021-36221
  * go#47474 net/http: panic due to racy read of persistConn after handler panic
  * go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
  * go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
  * go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
  * go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
  * go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
  * go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
  * go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package (forwarded request 910389 from jfkw)

• Files Changed
• Browse Source

- Add patch to fix crashes on PowerPC with kernel >= 5.13:
  * fix-ppc64-crashes.patch (forwarded request 907144 from favogt)

• Files Changed
• Browse Source

- go1.16.6 (released 2021-07-12) includes a security fix to the
  crypto/tls package, as well as bug fixes to the compiler, and the
  net and net/http packages.
  CVE-2021-34558
  Refs boo#1182345 go1.16 release tracking
  * boo#1188229 go#47143 CVE-2021-34558
  * go#47145 security: fix CVE-2021-34558
  * go#46999 net: LookupMX behaviour broken
  * go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
  * go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora
  * go#46657 runtime: deeply nested struct initialized with non-zero values
  * go#44984 net/http: server not setting Content-Length in certain cases (forwarded request 905962 from jfkw)

• Files Changed
• Browse Source

- Fix extraneous trailing percent character %endif% in spec file. (forwarded request 903994 from jfkw)

• Files Changed
• Browse Source

- go1.16.5 (released 2021-06-03) includes security fixes to the
  archive/zip, math/big, net, and net/http/httputil packages, as
  well as bug fixes to the linker, the go command, and the net/http
  package.
  CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
  Refs boo#1182345 go1.16 release tracking
  * boo#1187443 go#46241 CVE-2021-33195
  * go#46357 net: Lookup functions may return invalid host names
  * go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
  * boo#1186622 go#46242 CVE-2021-33196
  * go#46397 archive/zip: malformed archive may cause panic or memory exhaustion
  * boo#1187444 go#46313 CVE-2021-33197
  * go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
  * boo#1187445 go#45910 CVE-2021-33198
  * go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
  * go#46214 cmd/go: make go mod download with no arguments leave go.sum alone
  * go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
  * go#46128 cmd/link: internal error when externally linking very large binaries
  * go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
  * go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le (forwarded request 900520 from jfkw)

• Files Changed
• Browse Source