Hello community, here is the log from the commit of package go1.11 for openSUSE:Leap:15.2 checked in at 2020-04-14 14:20:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/go1.11 (Old) and /work/SRC/openSUSE:Leap:15.2/.go1.11.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "go1.11" Tue Apr 14 14:20:12 2020 rev:5 rq:791647 version:1.11.13 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/go1.11/go1.11.changes 2020-01-15 15:05:41.537912442 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.go1.11.new.3248/go1.11.changes 2020-04-14 14:20:18.713244519 +0200 @@ -1,0 +2,129 @@ +Mon Mar 16 08:50:35 UTC 2020 - Guillaume GARDET <[email protected]> + +- %arm requires binutils-gold to build with go1.4 (bsc#1167874) + +------------------------------------------------------------------- +Thu Nov 28 12:37:35 UTC 2019 - Guillaume GARDET <[email protected]> + +- Make use of gcc9-go for Tumbleweed since gcc8 has been dropped +- Drop gcc8-go.patch and add gcc9-go.patch + +------------------------------------------------------------------- +Mon Oct 21 17:28:27 UTC 2019 - Stefan Brüns <[email protected]> + +- Fix broken go_api evaluation (1.11 < 1.5, when evaluated as floats), + let RPM evaluate the expression, drop no longer required bc. +- Own the gdbinit.d directory, avoid the build dependency on gdb. + +------------------------------------------------------------------- +Tue Aug 13 21:06:30 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.13 (released 2019/08/13) includes security fixes to the + net/http and net/url packages addressing CVEs: + CVE-2019-9512 CVE-2019-9514 CVE-2019-14809 + Refs boo#1141688. + * bnc#1146111 VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth + * bnc#1146115 VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service + * bnc#1146123 VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass + * go#33632 net/url: URL.Parse Multiple Parsing Issues + * go#33630 net/http: Denial of Service vulnerabilities in the HTTP/2 implementation + +------------------------------------------------------------------- +Wed Jul 10 19:51:45 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.12 (released 2019/07/08) includes fixes to the compiler and + the linker. + Refs boo#1141688. + * go#32711 cmd/compile: wrong calculation result for bit operation + that's inlined and has all constant shifts in rewrite rules + * go#32696 debug/dwarf: cgo produces malformed DWARF data + * go#32582 cmd/compile: `switch` statement on a custom `int32` type + with negative values behaves differently in two consecutive calls + +------------------------------------------------------------------- +Tue Jul 9 10:48:17 UTC 2019 - Martin Liška <[email protected]> + +- Set NO_BRP_AR in order to workaround issues when ar is used for + a Go ELF file. + +------------------------------------------------------------------- +Tue Jun 18 20:02:09 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini. + Originally from Dominique Leuenberger <[email protected]> + +------------------------------------------------------------------- +Mon Jun 17 20:43:45 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. + Refs boo#1141688. + * go#32366 net/http: make Transport ignore 408 timeout messages from server + * go#32281 crypto/x509: macos 10.14 SIGSEGV in crypto/x509._Cfunc_FetchPEMRoots + * go#30525 cmd/go: MacOS binaries invalid for eventual Apple Notary + * go#29618 cmd/go: downloads follow plain-HTTP redirects even when the -insecure flag is not set + +------------------------------------------------------------------- +Tue May 7 14:54:06 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.10 (released 2019/05/06) includes fixes to the runtime and + the linker. + Refs boo#1141688. + * go#31195 cmd/go: pseudoversions can refer to external commits + * go#30989 runtime: dll injection vulnerabilities on Windows + +------------------------------------------------------------------- +Mon Apr 15 07:14:17 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.9 (released 2019/04/11) fixes an issue where using the prebuilt binary + releases on older versions of GNU/Linux led to failures when linking programs + that used cgo. Only Linux users who hit this issue need to update. + Unpackaged go1.11.8 (released 2019/04/08) was accidentally released by + upstream without its intended fix. It is identical to go1.11.7, except for + its version number. The intended fix is in go1.11.9. go1.11.8 was never + packaged for SUSE and openSUSE. + Refs boo#1141688. + * go#31293 runtime/cgo: unrecognized relocation with binaries shipped in go1.11.7 + +------------------------------------------------------------------- +Sat Apr 6 06:30:51 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.7 (released 2019/04/05) includes fixes to the runtime + and the net packages. + Refs boo#1141688. + * go#30872 runtime: write barrier incorrect on wasm + +------------------------------------------------------------------- +Thu Mar 14 23:10:07 UTC 2019 - Jeff Kowalczyk <[email protected]> + +- go1.11.6 (released 2019/03/14) includes fixes to includes fixes + to cgo, the compiler, linker, runtime, go command, and the + crypto/x509, encoding/json, net, and net/url packages. + Refs boo#1141688. + * go#30815 misc/cgo/test: failing TestCrossPackageTests + * go#30444 crypto/x509: darwin-386 build is broken + * go#30081 crypto/x509: certificates with AKID don't chain to parents without SKID + * go#29967 cmd/cgo: -Waddress-of-packed-member warnings poping up with gcc9 in cgo-gcc-prolog + * go#29944 x/tools/go/packages: TestLoadImportsGraph failure with custom GOCACHE + * go#29923 net/url: URL allows malformed query round trip + * go#29906 x/build/cmd/release: Go 1.11.5 amd64 tarball includes /gocache and /tmp Builders + * go#29700 net: TestLookupGmailTXT is failing + * go#29645 x/tools/godoc/redirect: offer Gerrit/Rietveld CL disambiguation when needed + * go#29565 runtime: fatal error: found bad pointer in Go heap + * go#29564 x/tools/cmd/godoc: add x/website redirect + * go#29503 cmd/compile: incorrect code generation bug when taking slice[:0] + * go#29447 x/sys/unix: go1.11 on mips64le fails at TestFstatat on Debian build + * go#29442 cmd/go: go1.11.4 toolchain3 build fail with "slice bounds out of range" on 32-bit MIPS on Debian build + * go#29364 encoding/json: custom UnmarshalTypeError no longer has struct context + * go#29307 cmd/compile, cmd/link: relocation target go.builtin.error.Error not defined + * go#28986 runtime: OS thread appears to be re-used despite never releasing runtime.LockOSThread() + * go#28346 cmd/go: `go test -c` does not respect gcflags sometimes + * go#26039 crypto/x509: root_cgo_darwin and root_nocgo_darwin omit some system certs + * go#25041 runtime: runtime.Caller returns invalid zero frame + +------------------------------------------------------------------- +Mon Mar 11 12:55:04 UTC 2019 - Martin Liška <[email protected]> + +- Add gcc9-rsp-clobber.patch in order to fix bsc#1121397. + +------------------------------------------------------------------- @@ -10,0 +140 @@ + Refs boo#1141688. @@ -28,0 +159 @@ + Refs boo#1141688. @@ -53,0 +185 @@ + Refs boo#1141688. @@ -93,0 +226 @@ + Refs boo#1141688. @@ -122,0 +256 @@ + Refs boo#1141688. @@ -163,0 +298 @@ + Refs boo#1141688. Old: ---- gcc8-go.patch go1.11.5.src.tar.gz New: ---- gcc9-go.patch gcc9-rsp-clobber.patch go1.11.13.src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ go1.11.spec ++++++ --- /var/tmp/diff_new_pack.s8QKsb/_old 2020-04-14 14:20:19.417245044 +0200 +++ /var/tmp/diff_new_pack.s8QKsb/_new 2020-04-14 14:20:19.417245044 +0200 @@ -1,7 +1,7 @@ # # spec file for package go1.11 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ # (https://github.com/golang/go/issues/17890), but we have to deal with it in # the meantime. %undefine _build_create_debug -%define __arch_install_post export NO_BRP_STRIP_DEBUG=true +%define __arch_install_post export NO_BRP_STRIP_DEBUG=true NO_BRP_AR=true # By default use go and not gccgo %define with_gccgo 0 @@ -63,8 +63,7 @@ %define go_api 1.11 # shared library support -%define shared_supported %(echo "%{go_api} >= 1.5" | bc -l) -%if %{shared_supported} +%if "%{rpm_vercmp %{go_api} 1.5}" > "0" %if %{with_gccgo} %define with_shared 1 %else @@ -82,12 +81,12 @@ %endif Name: go1.11 -Version: 1.11.5 +Version: 1.11.13 Release: 0 Summary: A compiled, garbage-collected, concurrent programming language License: BSD-3-Clause Group: Development/Languages/Other -Url: http://golang.org +URL: http://golang.org Source: http://golang.org/dl/go%{version}.src.tar.gz Source1: go-rpmlintrc Source4: README.SUSE @@ -102,7 +101,8 @@ # PATCH-FIX-UPSTREAM [email protected] - find /usr/bin/go-5 when bootstrapping with gcc5-go Patch8: gcc6-go.patch Patch9: gcc7-go.patch -Patch10: gcc8-go.patch +Patch10: gcc9-go.patch +Patch101: gcc9-rsp-clobber.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # boostrap %if %{with_gccgo} @@ -117,25 +117,25 @@ # SLE15 or Leap 15.x BuildRequires: gcc7-go %else -BuildRequires: gcc8-go +BuildRequires: gcc9-go %endif %endif %else # no gcc-go BuildRequires: go1.4 +%ifarch %arm +BuildRequires: binutils-gold +%endif %endif BuildRequires: fdupes -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) Recommends: %{name}-doc = %{version} %ifarch %{tsan_arch} # Needed to compile compiler-rt/TSAN. BuildRequires: gcc-c++ %endif #BNC#818502 debug edit tool of rpm fails on i586 builds -BuildRequires: bc BuildRequires: rpm >= 4.11.1 -# for go.gdbinit, directory ownership -BuildRequires: gdb Requires(post): update-alternatives Requires(postun): update-alternatives Requires: gcc @@ -170,7 +170,7 @@ %package race Summary: Go runtime race detector Group: Development/Languages/Other -Url: https://compiler-rt.llvm.org/ +URL: https://compiler-rt.llvm.org/ Requires: %{name} = %{version} Supplements: %{name} = %{version} ExclusiveArch: %{tsan_arch} @@ -184,6 +184,7 @@ %ifarch %{tsan_arch} # compiler-rt %setup -q -T -b 100 -n compiler-rt-g%{tsan_commit} +%patch101 -p1 %endif # go %setup -q -n go @@ -355,6 +356,7 @@ %{_libdir}/go/%{go_api} %dir %{_datadir}/go %{_datadir}/go/%{go_api} +%dir %{_sysconfdir}/gdbinit.d/ %config %{_sysconfdir}/gdbinit.d/go.gdb %ghost %{_sysconfdir}/alternatives/go %ghost %{_sysconfdir}/alternatives/gofmt ++++++ gcc8-go.patch -> gcc9-go.patch ++++++ --- /work/SRC/openSUSE:Leap:15.2/go1.11/gcc8-go.patch 2020-01-15 15:05:41.141912219 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.go1.11.new.3248/gcc9-go.patch 2020-04-14 14:20:17.801243839 +0200 @@ -7,7 +7,7 @@ // or later we don't need to disable inlining to work around bugs in the Go 1.4 compiler. cmd := []string{ - pathf("%s/bin/go", goroot_bootstrap), -+ pathf("%s/bin/go-8", goroot_bootstrap), ++ pathf("%s/bin/go-9", goroot_bootstrap), "install", "-gcflags=-l", "-tags=math_big_pure_go compiler_bootstrap", @@ -20,7 +20,7 @@ # # GOROOT_BOOTSTRAP: A working Go tree >= Go 1.4 for bootstrap. -# If $GOROOT_BOOTSTRAP/bin/go is missing, $(go env GOROOT) is -+# If $GOROOT_BOOTSTRAP/bin/go-8 is missing, $(go env GOROOT) is ++# If $GOROOT_BOOTSTRAP/bin/go-9 is missing, $(go env GOROOT) is # tried for all "go" in $PATH. $HOME/go1.4 by default. set -e @@ -30,8 +30,8 @@ fi -if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then - echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2 -+if [ ! -x "$GOROOT_BOOTSTRAP/bin/go-8" ]; then -+ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go-8." >&2 ++if [ ! -x "$GOROOT_BOOTSTRAP/bin/go-9" ]; then ++ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go-9." >&2 echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2 exit 1 fi @@ -40,7 +40,7 @@ fi rm -f cmd/dist/dist -GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist -+GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go-8" build -o cmd/dist/dist ./cmd/dist ++GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go-9" build -o cmd/dist/dist ./cmd/dist # -e doesn't propagate out of eval, so check success by hand. eval $(./cmd/dist/dist env -p || echo FAIL=true) @@ -53,7 +53,7 @@ GOROOT_BOOTSTRAP = $home/go1.4 for(p in $path){ - if(! test -x $GOROOT_BOOTSTRAP/bin/go){ -+ if(! test -x $GOROOT_BOOTSTRAP/bin/go-8){ ++ if(! test -x $GOROOT_BOOTSTRAP/bin/go-9){ if(go_exe = `{path=$p whatis go}){ goroot = `{GOROOT='' $go_exe env GOROOT} if(! ~ $goroot $GOROOT){ @@ -62,7 +62,7 @@ } } -if(! test -x $GOROOT_BOOTSTRAP/bin/go){ -+if(! test -x $GOROOT_BOOTSTRAP/bin/go-8){ ++if(! test -x $GOROOT_BOOTSTRAP/bin/go-9){ echo 'ERROR: Cannot find '$GOROOT_BOOTSTRAP'/bin/go.' >[1=2] echo 'Set $GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4.' >[1=2] exit bootstrap @@ -71,7 +71,7 @@ if(~ $#vflag 1) echo cmd/dist -GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' $GOROOT_BOOTSTRAP/bin/go build -o cmd/dist/dist ./cmd/dist -+GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' $GOROOT_BOOTSTRAP/bin/go-8 build -o cmd/dist/dist ./cmd/dist ++GOROOT=$GOROOT_BOOTSTRAP GOOS='' GOARCH='' $GOROOT_BOOTSTRAP/bin/go-9 build -o cmd/dist/dist ./cmd/dist eval `{./cmd/dist/dist env -9} if(~ $#vflag 1) ++++++ gcc9-rsp-clobber.patch ++++++ --- a/lib/sanitizer_common/sanitizer_linux.cc 2018-01-11 23:53:30.000000000 +0100 +++ b/lib/sanitizer_common/sanitizer_linux.cc.new 2019-03-10 21:23:23.824919781 +0100 @@ -1243,7 +1243,7 @@ "d"(parent_tidptr), "r"(r8), "r"(r10) - : "rsp", "memory", "r11", "rcx"); + : "memory", "r11", "rcx"); return res; } #elif defined(__mips__) ++++++ go1.11.5.src.tar.gz -> go1.11.13.src.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/go1.11/go1.11.5.src.tar.gz /work/SRC/openSUSE:Leap:15.2/.go1.11.new.3248/go1.11.13.src.tar.gz differ: char 140, line 1
