Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
go1.19.27088
go1.19.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File go1.19.changes of Package go1.19.27088
------------------------------------------------------------------- Tue Dec 6 20:49:04 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19.4 (released 2022-12-06) includes security fixes to the net/http and os packages, as well as bug fixes to the compiler, the runtime, and the crypto/x509, os/exec, and sync/atomic packages. Refs boo#1200441 go1.19 release tracking CVE-2022-41717 CVE-2022-41720 * go#57009 boo#1206135 security: fix CVE-2022-41717 net/http: limit canonical header cache by bytes, not entries * go#57006 boo#1206134 security: fix CVE-2022-41720 os, net/http: avoid escapes from os.DirFS and http.Dir on Windows * go#56752 runtime,cmd/compile: apparent memory corruption in compress/flate * go#56710 net: builders failing TestLookupDotsWithRemoteSource and TestLookupGoogleSRV due to missing host for _xmpp-server._tcp.google.com * go#56672 crypto/tls: boringcrypto restricts RSA key sizes to 2048 and 3072 * go#56638 sync/atomic: atomic.Pointer[T] can be misused with type conversions. * go#56636 runtime: traceback stuck in runtime.systemstack * go#56557 cmd/compile: some x/sys versions no longer build due to "go:linkname must refer to declared function or variable" * go#56551 os/exec: Plan 9 build has been broken by a Windows security fix (also breaks 1.19.3 and 1.18.8) * go#56438 crypto/x509: respect GODEBUG changes during program lifetime * go#56397 runtime: on linux/PPC64, usleep computes incorrect tv_nsec parameter * go#56360 cmd/compile: panic: offset too large ------------------------------------------------------------------- Tue Nov 1 17:18:30 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19.3 (released 2022-11-01) includes security fixes to the os/exec and syscall packages, as well as bug fixes to the compiler and the runtime. Refs boo#1200441 go1.19 release tracking CVE-2022-41716 * go#56328 boo#1204941 security: fix CVE-2022-41716 syscall, os/exec: unsanitized NUL in environment variables * go#56309 runtime: "runtime·lock: lock count" fatal error when cgo is enabled * go#56168 cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch * go#56106 internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing ------------------------------------------------------------------- Tue Oct 4 18:21:57 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19.2 (released 2022-10-04) includes security fixes to the archive/tar, net/http/httputil, and regexp packages, as well as bug fixes to the compiler, the linker, the runtime, and the go/types package. Refs boo#1200441 go1.19 release tracking CVE-2022-41715 CVE-2022-2879 CVE-2022-2880 * go#55951 boo#1204023 security: fix CVE-2022-41715 regexp/syntax: limit memory used by parsing regexps * go#55926 boo#1204024 security: fix CVE-2022-2879 archive/tar: unbounded memory consumption when reading headers * go#55843 boo#1204025 security: fix CVE-2022-2880 net/http/httputil: ReverseProxy should not forward unparseable query parameters * go#55270 cmd/compile: internal compiler error: method Len on *uint8 not found * go#55152 cmd/compile: typebits.Set: invalid initial alignment: type Peer has alignment 8, but offset is 4 * go#55149 go/types: no way to construct the signature of append(s, "string"...) via the API * go#55124 fatal error: bulkBarrierPreWrite: unaligned arguments (go 1.19.1, looks like regression) * go#55114 cmd/link: new darwin linker warning on -pagezero_size and -no_pie deprecation * go#54917 cmd/compile: Value live at entry * go#54764 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel (regression in 1.19 when building for i686) ------------------------------------------------------------------- Tue Sep 6 19:24:28 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19.1 (released 2022-09-06) includes security fixes to the net/http and net/url packages, as well as bug fixes to the compiler, the go command, the pprof command, the linker, the runtime, and the crypto/tls and crypto/x509 packages. Refs boo#1200441 go1.19 release tracking CVE-2022-27664 CVE-2022-32190 * go#54376 bsc#1203185 CVE-2022-27664 net/http: handle server errors after sending GOAWAY * go#54635 bsc#1203186 CVE-2022-32190 net/url: JoinPath doesn't strip relative path components in all circumstances * go#54736 cmd/go: cannot find package when importing dependencies with the unix build constraint * go#54734 cmd/go: git fetch errors dropped when producing pseudo-versions for commits * go#54726 cmd/compile: compile failed with "Value live at entry" * go#54697 cmd/compile: ICE at composite literal assignment with alignment > PtrSize * go#54675 runtime: morestack_noctxt missing SPWRITE, causes "traceback stuck" assert * go#54665 runtime: segfault running ppc64/linux binaries with kernel 5.18 * go#54660 cmd/go: go test -race does not set implicit race build tag * go#54643 crypto/tls: support ECDHE key exchanges when ec_point_formats is missing in ClientHello extension * go#54637 cmd/go: data race in TestScript * go#54633 cmd/go/internal/modfetch/codehost: racing writes to Origin fields * go#54629 cmd/compile: miscompilation of partially-overlapping array assignments * go#54420 cmd/pprof: graphviz node names are funny with generics * go#54406 cmd/link: trampoline insertion breaks DWARF Line Program Table output on Darwin/ARM64 * go#54309 cmd/compile: internal compiler error: panic: runtime error: invalid memory address or nil pointer dereference * go#54295 crypto/x509: panics on invalid curve instead of returning error * go#54243 cmd/compile: internal compiler error when compiling code with unbound method of generic type * go#54239 misc/cgo: TestSignalForwardingExternal sometimes fails with wrong signal SIGINT * go#54235 cmd/compile: internal compiler error of atomic type and offsetof ------------------------------------------------------------------- Mon Aug 22 20:44:19 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - Define go_bootstrap_version go1.16 without suse_version checks - Simplify conditional gcc_go_version 12 on Tumbleweed, 11 elsewhere - Add _constraints for worker disk space 5G needed by SLE-15 x86_64 - SLE-12 s390x use bcond_without gccgo to bootstrap using gcc11go * Workaround for SLE-12 s390x build error while writing linker data: bad carrier sym for symbol crypto/internal/nistec.p256OrdMul.args_stackmap created by cmd/link/internal/ld.writeBlocks /usr/lib64/go/1.19/src/cmd/link/internal/ld/data.go:958 ------------------------------------------------------------------- Fri Aug 19 17:53:40 UTC 2022 - Dirk Müller <dmueller@suse.com> - Bootstrap using go1.16 on SLE-15 and newer. go1.16 is bootstrapped using gcc-go 11 or 12. This allows dropping older versions of Go from Factory. ------------------------------------------------------------------- Tue Aug 9 05:56:23 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - Rebase gcc-go.patch onto upstream changes in go/src/make.bash and go/src/make.rc. Used for SLE-12 go bootstrap builds with gcc8. ------------------------------------------------------------------- Tue Aug 2 17:19:11 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19 (released 2022-08-02) is a major release of Go. go1.19.x minor releases will be provided through August 2023. https://github.com/golang/go/wiki/Go-Release-Cycle go1.19 arrives five months after go1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Refs boo#1200441 go1.19 release tracking * See release notes https://golang.org/doc/go1.19. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected. * The Go memory model has been revised to align Go with the memory model used by C, C++, Java, JavaScript, Rust, and Swift. Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages. Along with the memory model update, Go 1.19 introduces new types in the sync/atomic package that make it easier to use atomic values, such as atomic.Int64 and atomic.Pointer[T]. * go1.19 adds support for the Loongson 64-bit architecture LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI implemented is LP64D. Minimum kernel version supported is 5.19. * The riscv64 port now supports passing function arguments and result using registers. Benchmarking shows typical performance improvements of 10% or more on riscv64. * Go 1.19 adds support for links, lists, and clearer headings in doc comments. As part of this change, gofmt now reformats doc comments to make their rendered meaning clearer. See "Go Doc Comments" for syntax details and descriptions of common mistakes now highlighted by gofmt. As another part of this change, the new package go/doc/comment provides parsing and reformatting of doc comments as well as support for rendering them to HTML, Markdown, and text. * The new build constraint "unix" is now recognized in //go:build lines. The constraint is satisfied if the target operating system, also known as GOOS, is a Unix or Unix-like system. For the 1.19 release it is satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future releases the unix constraint may match additional newly supported operating systems. * The -trimpath flag, if set, is now included in the build settings stamped into Go binaries by go build, and can be examined using go version -m or debug.ReadBuildInfo. * go generate now sets the GOROOT environment variable explicitly in the generator's environment, so that generators can locate the correct GOROOT even if built with -trimpath. * go test and go generate now place GOROOT/bin at the beginning of the PATH used for the subprocess, so tests and generators that execute the go command will resolve it to same GOROOT. * go env now quotes entries that contain spaces in the CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, CGO_LDFLAGS, and GOGCCFLAGS variables it reports. * go list -json now accepts a comma-separated list of JSON fields to populate. If a list is specified, the JSON output will include only those fields, and go list may avoid work to compute fields that are not included. In some cases, this may suppress errors that would otherwise be reported. * The go command now caches information necessary to load some modules, which should result in a speed-up of some go list invocations. * The vet checker "errorsas" now reports when errors.As is called with a second argument of type *error, a common mistake. * The runtime now includes support for a soft memory limit. This memory limit includes the Go heap and all other memory managed by the runtime, and excludes external memory sources such as mappings of the binary itself, memory managed in other languages, and memory held by the operating system on behalf of the Go program. This limit may be managed via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT environment variable. The limit works in conjunction with runtime/debug.SetGCPercent / GOGC, and will be respected even if GOGC=off, allowing Go programs to always make maximal use of their memory limit, improving resource efficiency in some cases. * In order to limit the effects of GC thrashing when the program's live heap size approaches the soft memory limit, the Go runtime also attempts to limit total GC CPU utilization to 50%, excluding idle time, choosing to use more memory over preventing application progress. In practice, we expect this limit to only play a role in exceptional cases, and the new runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last occurred. * The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle. * The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines. * On Unix operating systems, Go programs that import package os now automatically increase the open file limit (RLIMIT_NOFILE) to the maximum allowed value; that is, they change the soft limit to match the hard limit. This corrects artificially low limits set on some systems for compatibility with very old C programs using the select system call. Go programs are not helped by that limit, and instead even simple programs like gofmt often ran out of file descriptors on such systems when processing many files in parallel. One impact of this change is that Go programs that in turn execute very old C programs in child processes may run those programs with too high a limit. This can be corrected by setting the hard limit before invoking the Go program. * Unrecoverable fatal errors (such as concurrent map writes, or unlock of unlocked mutexes) now print a simpler traceback excluding runtime metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or crash. Runtime-internal fatal error tracebacks always include full metadata regardless of the value of GOTRACEBACK * Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality. * The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely. * The compiler now uses a jump table to implement large integer and string switch statements. Performance improvements for the switch statement vary but can be on the order of 20% faster. (GOARCH=amd64 and GOARCH=arm64 only) * The Go compiler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command and by Bazel. Any other build systems that invoke the Go compiler directly will need to make sure they pass this flag as well. * The Go compiler no longer accepts the -importmap flag. Build systems that invoke the Go compiler directly must use the -importcfg flag instead. * Like the compiler, the assembler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command. Any other build systems that invoke the Go assembler directly will need to make sure they pass this flag as well. * Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs. * On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath environment variable, making it possible to disable the default implicit search of “.” in PATH lookups on Windows systems. * crypto/elliptic: Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or by a Curve method operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or ScalarMult, they will now panic. ScalarBaseMult operations on the P224, P384, and P521 curves are now up to three times faster, leading to similar speedups in some ECDSA operations. The generic (not platform optimized) P256 implementation was replaced with one derived from a formally verified model; this might lead to significant slowdowns on 32-bit platforms. * crypto/rand: Read no longer buffers random data obtained from the operating system between calls. Applications that perform many small reads at high frequency might choose to wrap Reader in a bufio.Reader for performance reasons, taking care to use io.ReadFull to ensure no partial reads occur. The Prime implementation was changed to use only rejection sampling, which removes a bias when generating small primes in non-cryptographic contexts, removes one possible minor timing leak, and better aligns the behavior with BoringSSL, all while simplifying the implementation. The change does produce different outputs for a given random source stream compared to the previous implementation, which can break tests written expecting specific results from specific deterministic random sources. To help prevent such problems in the future, the implementation is now intentionally non-deterministic with respect to the input stream. * crypto/tls: The GODEBUG option tls10default=1 has been removed. It is still possible to enable TLS 1.0 client-side by setting Config.MinVersion. The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section 4.2. * crypto/x509: CreateCertificate no longer supports creating certificates with SignatureAlgorithm set to MD5WithRSA. CreateCertificate no longer accepts negative serial numbers. CreateCertificate will not emit an empty SEQUENCE anymore when the produced certificate has no extensions. ParseCertificate and ParseCertificateRequest now reject certificates and CSRs which contain duplicate extensions. The new CertPool.Clone and CertPool.Equal methods allow cloning a CertPool and checking the equivalence of two CertPools respectively. The new function ParseRevocationList provides a faster, safer to use CRL parser which returns a RevocationList. Parsing a CRL also populates the new RevocationList fields RawIssuer, Signature, AuthorityKeyId, and Extensions, which are ignored by CreateRevocationList. The new method RevocationList.CheckSignatureFrom checks that the signature on a CRL is a valid signature from a Certificate. The ParseCRL and ParseDERCRL functions are now deprecated in favor of ParseRevocationList. The Certificate.CheckCRLSignature method is deprecated in favor of RevocationList.CheckSignatureFrom. The path builder of Certificate.Verify was overhauled and should now produce better chains and/or be more efficient in complicated scenarios. Name constraints are now also enforced on non-leaf certificates. * crypto/x509/pkix: The types CertificateList and TBSCertificateList have been deprecated. The new crypto/x509 CRL functionality should be used instead. * debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support the loong64 port. * debug/pe: The new File.COFFSymbolReadSectionDefAux method, which returns a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_* constants. * runtime: The GOROOT function now returns the empty string (instead of "go") when the binary was built with the -trimpath flag set and the GOROOT variable is not set in the process environment. * runtime/metrics: The new /sched/gomaxprocs:threads metric reports the current runtime.GOMAXPROCS value. The new /cgo/go-to-c-calls:calls metric reports the total number of calls made from Go to C. This metric is identical to the runtime.NumCgoCall function. The new /gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when the GC CPU limiter was enabled. See the runtime notes for details about the GC CPU limiter. * runtime/pprof: Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application. MaxRSS is now reported in heap profiles for all Unix operating systems (it was previously only reported for GOOS=android, darwin, ios, and linux). * runtime/race: The race detector has been upgraded to use thread sanitizer version v3 on all supported platforms except windows/amd64 and openbsd/amd64, which remain on v2. Compared to v2, it is now typically 1.5x to 2x faster, uses half as much memory, and it supports an unlimited number of goroutines. On Linux, the race detector now requires at least glibc version 2.17 and GNU binutils 2.26. The race detector is now supported on GOARCH=s390x. Race detector support for openbsd/amd64 has been removed from thread sanitizer upstream, so it is unlikely to ever be updated from v2. * runtime/trace: When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events. * syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6, RawSyscall, and RawSyscall6 now always return 0 for return value r2 instead of an undefined value. On AIX and Solaris, Getrusage is now defined. ------------------------------------------------------------------- Tue Jul 12 23:39:16 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19rc2 (released 2022-07-12) is a release candidate version of go1.19 cut from the master branch at the revision tagged go1.19rc2. Refs boo#1200441 go1.19 release tracking ------------------------------------------------------------------- Wed Jul 6 21:40:49 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19rc1 (released 2022-07-06) is a release candidate version of go1.19 cut from the master branch at the revision tagged go1.19rc1. Refs boo#1200441 go1.19 release tracking ------------------------------------------------------------------- Tue Jun 14 20:00:43 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - Trace viewer html and javascript files moved from misc/trace in previous versions to src/cmd/trace/static in go1.19. * Added files with mode 0644: /usr/share/go/1.19/src/cmd/trace/static /usr/share/go/1.19/src/cmd/trace/static/README.md /usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html /usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js ------------------------------------------------------------------- Fri Jun 10 20:39:05 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - go1.19beta1 (released 2022-06-10) is a beta version of go1.19 cut from the master branch at the revision tagged go1.19beta1. Refs boo#1200441 go1.19 release tracking
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor