a70dbbadb8e1bf75efebd9577e32cd331.16dimstar_suse- go1.16 (released 2021-02-16) Go 1.16 is a major release of Go.873220b9b03dca92753156ca637398276ca0e41.16RBrownSUSE- gcc6-go.patch fix typo go-7 to go-6 for bootstrap on SLE-12 gcc6 (forwarded request 874739 from jfkw)87474010ded34e9d9121e3f96f8c48854db4ec1.16.2dimstar_suse- go1.16.2 (released 2021-03-11) includes fixes to cgo, the
compiler, linker, the go command, and the syscall and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#44793 cmd/go: mod tidy should ignore missing standard library packages
* go#44746 cmd/go: improve error message when outside a module from "working directory is not part of a module"
* go#44676 cmd/go: warning message when getting a retracted module version is missing a trailing newline
* go#44659 runtime: marked free object in span
* go#44647 cmd/go: "malformed import path" in Go 1.16 for packages with path elements containing a leading dot
* go#44638 cmd/link: runtime crash, unexpected fault address 0xffffffffffffffff, h2_bundle.go, when using plugin
* go#44618 time: LoadLocationFromTZData with slim tzdata uses incorrect zone
* go#44593 syscall & x/sys/windows: buffer overflow in GetQueuedCompletionStatus
* go#44498 cmd/go: 'go mod edit -exclude' erroneously rejects '+incompatible' versions
* go#44496 cmd/go: malformed module path with retract v2+
* go#44464 cmd/compile: ICE on deferred call to syscall.LazyDLL.Call
* go#44462 x/tools/go/analysis, syscall: ptrace redeclared in this block
* go#44433 cmd/compile: Compiler regression in Go 1.16 - internal compiler error: child dcl collision on symbol
* go#44402 doc: Broken image in readme
* go#44358 cmd/compile: internal compiler error: Value live at entry. It shouldn't be.
* go#44346 runtime/cgo: cannot build with -Wsign-compare (forwarded request 878434 from jfkw)87843796b54b5165ee430ba3f7f165a818d6591.16.3RBrownSUSE- go1.16.3 (released 2021-04-01) includes fixes to the compiler,
linker, runtime, the go command, and the testing and time
packages.
Refs boo#1182345 go1.16 release tracking
* go#45303 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback
* go#45253 cmd/compile: fix long RMW bit operations on AMD64
* go#45240 all: run.{bash,bat,rc} sets GOPATH inconsistently
* go#45192 Strange behaviour with loops
* go#45030 cmd/link: go 1.16 plugin does not initialize global variables correctly when not used directly
* go#44888 testing: Helper line number has changed in 1.16
* go#44885 cmd/go: import paths ending with '+' are rejected (affects executable like g++ or clang++)
* go#44869 time, runtime: zero duration timer takes 2 minutes to fire
* go#44860 cmd/go: documentation at golang.org for cmd/go has confusing formatting
* go#44812 cmd/go: 'go get' does not add missing hash to go.sum when ziphash file missing from cache
* go#44640 cmd/link: fail to build when using time/tzdata on ARM (forwarded request 882731 from jfkw)882733a7f137f987f48ef5bbe70dc43fdbee681.16.4dimstar_suse- go1.16.4 (released 2021-05-06) includes a security fix to the
net/http package, as well as bug fixes to the runtime, the
compiler, and the archive/zip, time, and syscall packages.
CVE-2021-31525
Refs boo#1182345 go1.16 release tracking
* boo#1185790 CVE-2021-31525
* go#45712 net/http: ReadRequest can stack overflow
* go#45636 cmd/compile: internal compiler error: Invalid PPC64 rotate mask
* go#45482 runtime: "invalid pc-encoded table" throw caused by bad cgo traceback (expandFinalInlineFrames)
* go#45385 time: Europe/Dublin timezone handling broken with embedded timezone database
* go#45347 archive/zip: duplicate entries in FS interface
* go#45307 os/signal: timeout in TestAllThreadsSyscallSignals (forwarded request 891377 from jfkw)891378db8c118a6a28f0105173ae6fa823e1c31.16.5dimstar_suse- go1.16.5 (released 2021-06-03) includes security fixes to the
archive/zip, math/big, net, and net/http/httputil packages, as
well as bug fixes to the linker, the go command, and the net/http
package.
CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
Refs boo#1182345 go1.16 release tracking
* boo#1187443 go#46241 CVE-2021-33195
* go#46357 net: Lookup functions may return invalid host names
* go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
* boo#1186622 go#46242 CVE-2021-33196
* go#46397 archive/zip: malformed archive may cause panic or memory exhaustion
* boo#1187444 go#46313 CVE-2021-33197
* go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
* boo#1187445 go#45910 CVE-2021-33198
* go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
* go#46214 cmd/go: make go mod download with no arguments leave go.sum alone
* go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
* go#46128 cmd/link: internal error when externally linking very large binaries
* go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
* go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le (forwarded request 900520 from jfkw)900522120861ebd898bec716035631b434e0e31.16.5dimstar_suse- Fix extraneous trailing percent character %endif% in spec file. (forwarded request 903994 from jfkw)903997f3b4fb401dc6e00d368bc52f588d8d5b1.16.6dimstar_suse- go1.16.6 (released 2021-07-12) includes a security fix to the
crypto/tls package, as well as bug fixes to the compiler, and the
net and net/http packages.
CVE-2021-34558
Refs boo#1182345 go1.16 release tracking
* boo#1188229 go#47143 CVE-2021-34558
* go#47145 security: fix CVE-2021-34558
* go#46999 net: LookupMX behaviour broken
* go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46657 runtime: deeply nested struct initialized with non-zero values
* go#44984 net/http: server not setting Content-Length in certain cases (forwarded request 905962 from jfkw)905965212a734a7c6800ad59aee21615f9b52a1.16.6dimstar_suse- Add patch to fix crashes on PowerPC with kernel >= 5.13:
* fix-ppc64-crashes.patch (forwarded request 907144 from favogt)907807d45fca0e86b9aaecddff16bee1145a3b1.16.7RBrownSUSE- go1.16.7 (released 2021-08-05) includes a security fix to the
net/http/httputil package, as well as bug fixes to the compiler,
the linker, the runtime, the go command, and the net/http
package.
CVE-2021-36221
Refs boo#1182345 go1.16 release tracking
* boo#1189162 go#46866 CVE-2021-36221
* go#47474 net/http: panic due to racy read of persistConn after handler panic
* go#47348 cmd/go: "go list -f '{{.Stale}}'" stack overflow with cyclic imports
* go#47332 time: Timer reset broken under heavy use since go1.16 timer optimizations added
* go#47289 cmd/link: build error with cgo in Windows, redefinition of go.map.zero
* go#47015 cmd/go: go mod vendor: open C:\Users\LICENSE: Access is denied.
* go#46928 cmd/compile: register conflict between external linker and duffzero on arm64
* go#46858 runtime: ppc64x binaries randomly segfault on linux 5.13rc6
* go#46551 cmd/go: unhelpful error message when running "go install" on a replaced-but-not-required package (forwarded request 910389 from jfkw)9103912bc5eb498d39dbe683e1570ad9ca087b1.16.8dimstar_suse- go1.16.8 (released 2021-09-09) includes a security fix to the
archive/zip package, as well as bug fixes to the archive/zip,
go/internal/gccgoimporter, html/template, net/http, and
runtime/pprof packages.
Refs boo#1182345 go1.16 release tracking
CVE-2021-39293
* boo#1190589 go#47801 CVE-2021-39293
* go#47985 archive/zip: overflow in preallocation check can cause OOM panic
* go#47691 x/net/http2: server sends RST_STREAM w/ PROTOCOL_ERROR to clients it incorrectly believes have violated max advertised num streams
* go#47675 runtime/pprof: apparent deadlock in TestGoroutineSwitch on linux-armv6l
* go#47610 go/internal/gccgoimporter: TestInstallationImporter broken with tip gccgo
* go#47535 net/http: TestCancelRequestWhenSharingConnection can cause port exhaustion
* go#47042 html/template: data race with concurrent ExecuteTemplate calls
- Add bash scripts used by go tool commands to provide a more
complete cross-compiling go toolchain install.
* Fixes "go tool dist list" error "all.bash does not exist"9199040928ce9ba32481c41885224df9cf70371.16.9dimstar_suse- go1.16.9 (released 2021-10-07) includes a security fix to the
linker and misc/wasm directory, as well as bug fixes to the
runtime and to the text/template package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-38297
* boo#1191468 go#48797 CVE-2021-38297
* go#48799 security: fix CVE-2021-38297 misc/wasm, cmd/link: do not let command line args overwrite global data
* go#48443 text/template: should t.init() be executed before t.muTmpl.Lock() in AddParseTree() method?
* go#47858 time: timer reset sometimes ignored, causing delayed ticks (forwarded request 924123 from jfkw)9241255d88cbc6032057605cfa6d981c457e711.16.10dimstar_suse- go1.16.10 (released 2021-11-04) includes security fixes to the
archive/zip and debug/macho packages, as well as bug fixes to the
compiler, linker, runtime, the misc/wasm directory, and to the
net/http package.
Refs boo#1182345 go1.16 release tracking
CVE-2021-41771 CVE-2021-41772
* boo#1192377 go#48990 CVE-2021-41771
* go#48991 debug/macho: invalid dynamic symbol table command can cause panic
* boo#1192378 go#48085 CVE-2021-41772
* go#48251 archive/zip: Reader.Open panics on empty string
* go#49153 misc/wasm, cmd/link: Go 1.17.2 causes WASM builds to throw command line too long with many environment variables
* go#49076 x/net/http2: backport critical fixes
* go#49009 net,runtime: apparent deadlock in (*net.conn).Close and runtime.netpollblock on arm64 platforms
* go#48822 x/net/http2: client can hang forever if headers' size exceeds connection's buffer size and server hangs past request time
* go#48649 x/net/http2: pool deadlock
* go#48478 cmd/compile: 64 bits shifts on arm get wrong results
* go#48474 cmd/compile: incorrect arm/arm64 simplification rules (forwarded request 929547 from jfkw)929549e912dfe90c2862d35f1d50710413b6841.16.11dimstar_suse- go1.16.11 (released 2021-12-02) includes fixes to the compiler,
runtime, and the net/http, net/http/httptest, and time packages.
Refs boo#1182345 go1.16 release tracking
* go#49910 x/net/http2: frequent failures in TestClientConnCloseAtBody
* go#49908 x/net/ipv6: TestPacketConnReadWriteMulticast{UDP,ICMP} failing with "i/o timeout" on OpenBSD 6.8 and 7.0
* go#49904 x/net/http2: Client doesn't send body until ExpectContinueTimeout expires
* go#49867 syscall: ntdll.dll errors in rtlGetNtVersionNumbers via os.StartProcess
* go#49851 net/http/httptest: Close does not wait for the underlying Server's ConnState callbacks to complete
* go#49728 runtime: "fatal error: unexpected signal during runtime execution" in cmd/go tests on darwin-amd64-race running macOS 12.0
* go#49661 x/net/http2: TestUnreadFlowControlReturned_Server failures with stream error "NO_ERROR" since 2021-10-05
* go#49623 net/http: Possible HTTP/2 busy loop regression in Go 1.17.3
* go#49567 net/http: server responds with Transfer-Encoding: identity
* go#49560 x/net/http2: setting Request.Close doesn't close TCP connections
* go#49558 net/http: HTTP/2 response body Close method sometimes returns spurious context cancelation error (1.17.3 regression)
* go#49406 time: ParseInLocation error
* go#49391 cmd/compile: internal compiler error: Expand calls interface data problem (forwarded request 935319 from jfkw)935321be0ab3530f5ef8c5c78285651ad4a17f1.16.12dimstar_suse- go1.16.12 (released 2021-12-09) includes security fixes to the
syscall and net/http packages.
Refs boo#1182345 go1.16 release tracking
CVE-2021-44716 CVE-2021-44717
* boo#1193598 go#50057 CVE-2021-44717
* go#50066 syscall: don’t close fd 0 on ForkExec error
* boo#1193597 go#50058 CVE-2021-44716
* go#50064 net/http: limit growth of header canonicalization cache (forwarded request 938740 from jfkw)938752be318759c5e554e1c545f8c36dcc04121.16.13dimstar_suse- go1.16.13 (released 2022-01-06) includes fixes to the compiler,
linker, runtime, and the net/http package.
Refs boo#1182345 go1.16 release tracking
* go#50449 x/net/http2: http.Server.WriteTimeout does not fire if the http2 stream's window is out of space.
* go#50296 cmd/link: does not set section type of .init_array correctly
* go#50194 runtime/race: building for iOS, but linking in object file built for macOS
* go#50072 runtime: race detector SIGABRT or SIGSEGV on macOS Monterey
* go#49923 cmd/link: support more load commands on Mach-O
* go#49412 cmd/compile: internal compiler error: Op...LECall and OpDereference have mismatched mem
* go#48115 runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 (forwarded request 944559 from jfkw)944561a7e41f8642053d1f4c87775abfda3ab01.16.14dimstar_suse- go1.16.14 (released 2022-02-10) includes security fixes to the
crypto/elliptic, math/big packages and to the go command, as well
as bug fixes to the compiler, linker, runtime, the go command,
and the debug/macho, debug/pe, net/http/httptest, and testing
packages.
Refs boo#1182345 go1.16 release tracking
CVE-2022-23806 CVE-2022-23772 CVE-2022-23773
* boo#1195838 go#50974 CVE-2022-23806
* go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements
* boo#1195835 go#50699 CVE-2022-23772
* go#50700 math/big: Rat.SetString may consume large amount of RAM and crash
* boo#1195834 go#35671 CVE-2022-23773
* go#50686 cmd/go: do not treat branches with semantic-version names as releases
* go#50866 cmd/compile: incorrect use of CMN on arm64
* go#50832 runtime/race: NoRaceMutexPureHappensBefore failures
* go#50811 cmd/go: remove bitbucket VCS probing
* go#50780 runtime: incorrect frame information in traceback traversal may hang the process.
* go#50721 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error
* go#50682 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg
* go#50645 testing: surprising interaction of subtests with TempDir
* go#50585 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch
* go#50245 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package (forwarded request 953822 from jfkw)953824