Revisions of go1.22

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1222506 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 15)
- go1.22.9 (released 2024-11-06) includes fixes to the linker.
  Refs boo#1218424 go1.22 release tracking
  * go#69745 runtime: TestGdbAutotmpTypes failures
  * go#69991 cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15
  * go#70124 cmd/cgo/internal/testcarchive: TestManyCalls failures (forwarded request 1222504 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1205006 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 14)
- go1.22.8 (released 2024-10-01) includes fixes to cgo, and the
  maps and syscall packages.
  Refs boo#1218424 go1.22 release tracking
  * go#69155 maps: segmentation violation in maps.Clone
  * go#69218 cmd/cgo: alignment issue with int128 inside of a struct
  * go#69366 syscall: TestAmbientCapsUserns fails on Ubuntu 24.04/Linux 6.8.0 (forwarded request 1205004 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1199062 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 13)
- go1.22.7 (released 2024-09-05) includes security fixes to the
  encoding/gob, go/build/constraint, and go/parser packages, as
  well as bug fixes to the fix command and the runtime.
  Refs boo#1218424 go1.22 release tracking
  CVE-2024-34155 CVE-2024-34156 CVE-2024-34158
  - go#69142 go#69138 boo#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155)
  - go#69144 go#69139 boo#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156)
  - go#69148 go#69141 boo#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158)
  - go#68811 os: TestChtimes failures
  - go#68825 cmd/fix: fails to run on modules whose go directive value is in "1.n.m" format introduced in Go 1.21.0
  - go#68972 cmd/cgo: aix c-archive corrupting stack (forwarded request 1199061 from jfkw)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1192314 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 12)
- go1.22.6 (released 2024-08-06) includes fixes to the go command,
  the compiler, the linker, the trace command, the covdata command,
  and the bytes, go/types, and os/exec packages.
  Refs boo#1218424 go1.22 release tracking
  * go#68594 cmd/compile: internal compiler error with zero-size types
  * go#68546 cmd/trace/v2: pprof profiles always empty
  * go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop
  * go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
  * go#68370 go/types: assertion failure in recent range statement checking logic
  * go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows
  * go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race
  * go#68222 cmd/go: list with -export and -covermode=atomic fails to build
  * go#68198 cmd/link: issues with Xcode 16 beta (forwarded request 1192312 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1184954 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 11)
- go1.22.5 (released 2024-07-02) includes security fixes to the
  net/http package, as well as bug fixes to the compiler, cgo, the
  go command, the linker, the runtime, and the crypto/tls,
  go/types, net, net/http, and os/exec packages.
  Refs boo#1218424 go1.22 release tracking
  CVE-2024-24791
  * go#68200 go#67555 boo#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
  * go#65983 cmd/compile: hash of unhashable type
  * go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault()
  * go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without ".exe" no longer implicitly adds ".exe" in Go 1.22
  * go#67298 runtime: "fatal: morestack on g0" on amd64 after upgrade to Go 1.21, stale bounds
  * go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
  * go#67798 cmd/compile: internal compiler error: unexpected type: <nil> (<nil>) in for-range
  * go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec
  * go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0
  * go#67934 net: go DNS resolver fails to connect to local DNS server
  * go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
  * go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)
  * go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT)) (forwarded request 1184952 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1178641 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 10)
- go1.22.4 (released 2024-06-04) includes security fixes to the
  archive/zip and net/netip packages, as well as bug fixes to the
  compiler, the go command, the linker, the runtime, and the os
  package.
  Refs boo#1218424 go1.22 release tracking
  CVE-2024-24789 CVE-2024-24790
  * go#67554 go#66869 boo#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
  * go#67682 go#67680 boo#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
  * go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes
  * go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
  * go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
  * go#67258 runtime: unexpected fault address 0
  * go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
  * go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID
  * go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
  * go#67460 cmd/compile: internal compiler error: panic with range over integer value
  * go#67527 cmd/link: panic: machorelocsect: size mismatch
  * go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start
  * go#67696 os: RemoveAll susceptible to symlink race (forwarded request 1178639 from jfkw)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1172536 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 9)
- go1.22.3 (released 2024-05-07) includes security fixes to the go
  command and the net package, as well as bug fixes to the
  compiler, the runtime, and the net/http package.
  Refs boo#1218424 go1.22 release tracking
  CVE-2024-24787 CVE-2024-24788
  * go#67122 go#67119 boo#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin
  * go#67040 go#66754 boo#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode
  * go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
  * go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
  * go#66886 runtime: deterministic fallback hashes across process boundary
  * go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 (forwarded request 1172534 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1164438 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 8)
- go1.22.2 (released 2024-04-03) includes a security fix to the
  net/http package, as well as bug fixes to the compiler, the go
  command, the linker, and the encoding/gob, go/types, net/http,
  and runtime/trace packages.
  Refs boo#1218424 go1.22 release tracking
  CVE-2023-45288
  * go#66298 go#65051 boo#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
  * go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1
  * go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation
  * go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64
  * go#66134 cmd/compile: go test . results in CLOSURE ... <unknown line number>: internal compiler error: assertion failed
  * go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument
  * go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr
  * go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows
  * go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
  * go#66256 cmd/go: git shallow fetches broken at CL 556358
  * go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22
  * go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le (forwarded request 1164436 from jfkw)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1155403 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 7)
- go1.22.1 (released 2024-03-05) includes security fixes to the
  crypto/x509, html/template, net/http, net/http/cookiejar, and
  net/mail packages, as well as bug fixes to the compiler, the go
  command, the runtime, the trace command, and the go/types and
  net/http packages.
  Refs boo#1218424 go1.22 release tracking
  CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
  * go#65831 go#65390 boo#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
  * go#65849 go#65083 boo#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
  * go#65850 go#65383 boo#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
  * go#65859 go#65065 boo#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
  * go#65969 go#65697 boo#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
  * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
  * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
  * go#65474 internal/testenv: support LUCI mobile builders in testenv tests
  * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
  * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
  * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
  * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
  * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
  * go#65728 go/types: nil pointer dereference in Alias.Underlying()
  * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
  * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
  * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
  * go#65852 cmd/go: "missing ziphash" error with go.work
  * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms (forwarded request 1155401 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1152006 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 6)
- Packaging improvements:
  * Use %patch -P N instead of deprecated %patchN (forwarded request 1152003 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147337 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 5)
- Packaging improvements:
  * boo#1219988 ensure VERSION file is present in GOROOT
    as required by go tool dist and go tool distpack (forwarded request 1147334 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1144766 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 4)
- go1.22 (released 2024-02-06) is a major release of Go.
  go1.22.x minor releases will be provided through February 2024.
  https://github.com/golang/go/wiki/Go-Release-Cycle
  go1.22 arrives six months after go1.21. Most of its changes are
  in the implementation of the toolchain, runtime, and libraries.
  As always, the release maintains the Go 1 promise of
  compatibility. We expect almost all Go programs to continue to
  compile and run as before.
  Refs boo#1218424 go1.22 release tracking (forwarded request 1144765 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1141357 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 3)
- go1.22rc2 (released 2024-01-24) is a release candidate version of
  go1.22 cut from the master branch at the revision tagged
  go1.22rc2.
  Refs boo#1218424 go1.22 release tracking (forwarded request 1141356 from jfkw)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1137626 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 2)
Fix typo Refs boo#1218424 go1.22 release tracking (forwarded request 1137625 from jfkw)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1136678 from Jeff Kowalczyk's avatar Jeff Kowalczyk (jfkw) (revision 1)
New package go1.22 version rc1 submitted for testing.

Due to prjconf Prefer: go most Go application packages will only
be built with go1.22 once a subsequent SR is submitted bumping
the go metapackage to version 1.22.
Displaying all 15 revisions
openSUSE Build Service is sponsored by