SUSE-RU-2022:2749-1: moderate: Recommended update for go1.19

sle-updates at sle-updates at
Wed Aug 10 16:19:11 UTC 2022

   SUSE Recommended Update: Recommended update for go1.19

Announcement ID:    SUSE-RU-2022:2749-1
Rating:             moderate
References:         #1200441 
Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise Desktop 15-SP4
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP4
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP4
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server 15-SP4
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP4
                    SUSE Linux Enterprise Storage 7.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Proxy 4.3
                    SUSE Manager Retail Branch Server 4.2
                    SUSE Manager Retail Branch Server 4.3
                    SUSE Manager Server 4.2
                    SUSE Manager Server 4.3
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4

   An update that has one recommended fix can now be installed.


   This update for go1.19 fixes the following issues:

   go1.19 (released 2022-08-02) is a major release of Go.

   go1.19.x minor releases will be provided through August 2023.

   go1.19 arrives five months after go1.18. Most of its changes are in the
   implementation of the toolchain, runtime, and libraries.

   As always, the release maintains the Go 1 promise of compatibility. We
   expect almost all Go programs to continue to compile and run as before.
   (Refs bsc#1200441 go1.19 release tracking)

   * See release notes Excerpts relevant to
     OBS environment and for SUSE/openSUSE follow:
   * There is only one small change to the language, a very small correction
     to the scope of type parameters in method declarations. Existing
     programs are unaffected.
   * The Go memory model has been revised to align Go with the memory model
     used by C, C++, Java, JavaScript, Rust, and Swift. Go only provides
     sequentially consistent atomics, not any of the more relaxed forms found
     in other languages. Along with the memory model update, Go 1.19
     introduces new types in the sync/atomic package that make it easier to
     use atomic values, such as atomic.Int64 and atomic.Pointer[T].
   * go1.19 adds support for the Loongson 64-bit architecture LoongArch on
     Linux (GOOS=linux, GOARCH=loong64). The ABI implemented is LP64D.
     Minimum kernel version supported is 5.19.
   * The riscv64 port now supports passing function arguments and result
     using registers. Benchmarking shows typical performance improvements of
     10% or more on riscv64.
   * Go 1.19 adds support for links, lists, and clearer headings in doc
     comments. As part of this change, gofmt now reformats doc comments to
     make their rendered meaning clearer. See "Go Doc Comments" for syntax
     details and descriptions of common mistakes now highlighted by gofmt. As
     another part of this change, the new package go/doc/comment provides
     parsing and reformatting of doc comments as well as support for
     rendering them to HTML, Markdown, and text.
   * The new build constraint "unix" is now recognized in //go:build lines.
     The constraint is satisfied if the target operating system, also known
     as GOOS, is a Unix or Unix-like system. For the 1.19 release it is
     satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd,
     hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future
     releases the unix constraint may match additional newly supported
     operating systems.
   * The -trimpath flag, if set, is now included in the build settings
     stamped into Go binaries by go build, and can be examined using go
     version -m or debug.ReadBuildInfo.
   * go generate now sets the GOROOT environment variable explicitly in the
     generator's environment, so that generators can locate the correct
     GOROOT even if built with -trimpath.
   * go test and go generate now place GOROOT/bin at the beginning
     of the PATH used for the subprocess, so tests and generators that
      execute the go command will resolve it to same GOROOT.
   * go env now quotes entries that contain spaces in the CGO_CFLAGS,
     variables it reports.
   * go list -json now accepts a comma-separated list of JSON fields to
     populate. If a list is specified, the JSON output will include only
     those fields, and go list may avoid work to compute fields that are not
     included. In some cases, this may suppress errors that would otherwise
     be reported.
   * The go command now caches information necessary to load some modules,
     which should result in a speed-up of some go list invocations.
   * The vet checker "errorsas" now reports when errors.As is called with a
     second argument of type *error, a common mistake.
   * The runtime now includes support for a soft memory limit. This memory
     limit includes the Go heap and all other memory managed by the runtime,
     and excludes external memory sources such as mappings of the binary
     itself, memory managed in other languages, and memory held by the
     operating system on behalf of the Go program. This limit may be managed
     via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT
     environment variable. The limit works in conjunction with
     runtime/debug.SetGCPercent / GOGC, and will be respected even if
     GOGC=off, allowing Go programs to always make maximal use of their
     memory limit, improving resource efficiency in some cases.
   * In order to limit the effects of GC thrashing when the program's live
     heap size approaches the soft memory limit, the Go runtime also attempts
     to limit total GC CPU utilization to 50%, excluding idle time, choosing
     to use more memory over preventing application progress. In practice, we
     expect this limit to only play a role in exceptional cases, and the new
     runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last
   * The runtime now schedules many fewer GC worker goroutines on idle
     operating system threads when the application is idle enough to force a
     periodic GC cycle.
   * The runtime will now allocate initial goroutine stacks based on the
     historic average stack usage of goroutines. This avoids some of the
     early stack growth and copying needed in the average case in exchange
     for at most 2x wasted space on below-average goroutines.
   * On Unix operating systems, Go programs that import package os now
     automatically increase the open file limit (RLIMIT_NOFILE) to the
     maximum allowed value; that is, they change the soft limit to match the
     hard limit. This corrects artificially low limits set on some systems
     for compatibility with very old C programs using the select system call.
     Go programs are not helped by that limit, and instead even simple
     programs like gofmt often ran out of file descriptors on such systems
     when processing many files in parallel. One impact of this change is
     that Go programs that in turn execute very old C programs in child
     processes may run those programs with too high a limit. This can be
     corrected by setting the hard limit before invoking the Go program.
   * Unrecoverable fatal errors (such as concurrent map writes, or unlock of
     unlocked mutexes) now print a simpler traceback excluding runtime
     metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or
     crash. Runtime-internal fatal error tracebacks always include full
     metadata regardless of the value
   * Support for debugger-injected function calls has been added on ARM64,
     enabling users to call functions from their binary in an interactive
     debugging session when using a debugger that is updated to make use of
     this functionality.
   * The address sanitizer support added in Go 1.18 now handles function
     arguments and global variables more precisely.
   * The compiler now uses a jump table to implement large integer and string
     switch statements. Performance improvements for the switch statement
     vary but can be on the order of 20% faster. (GOARCH=amd64 and
     GOARCH=arm64 only)
   * The Go compiler now requires the -p=importpath flag to build a linkable
     object file. This is already supplied by the go command and by Bazel.
     Any other build systems that invoke the Go compiler directly will need
     to make sure they pass this flag as well.
   * The Go compiler no longer accepts the -importmap flag. Build systems
     that invoke the Go compiler directly must use the
     -importcfg flag instead.
   * Like the compiler, the assembler now requires the -p=importpath flag to
     build a linkable object file. This is already supplied by the go
     command. Any other build systems that invoke the Go assembler directly
     will need to make sure they pass this flag as well.
   * Command and LookPath no longer allow results from a PATH search to be
     found relative to the current directory. This removes a common source of
     security problems but may also break existing programs that depend on
     using, say, exec.Command("prog") to run a binary named prog (or, on
     Windows, prog.exe) in the current directory. See the os/exec package
     documentation for information about how best to update such programs.
   * On Windows, Command and LookPath now respect the
     NoDefaultCurrentDirectoryInExePath environment variable, making it
     possible to disable the default implicit search of “.” in PATH
     lookups on Windows systems.
   * crypto/elliptic: Operating on invalid curve points (those for which the
     IsOnCurve method returns false, and which are never returned by
     Unmarshal or by a Curve method operating on a valid point) has always
     been undefined behavior and can lead to key recovery attacks. If an
     invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or
     ScalarMult, they will now panic. ScalarBaseMult operations on the P224,
     P384, and P521 curves are now up to three times faster, leading to
     similar speedups in some ECDSA operations. The generic (not platform
     optimized) P256 implementation was replaced with one derived from a
      formally verified model; this might lead to significant slowdowns on
      32-bit platforms.
   * crypto/rand: Read no longer buffers random data obtained from the
     operating system between calls. Applications that perform many small
     reads at high frequency might choose to wrap Reader in a bufio.Reader
     for performance reasons, taking care to use io.ReadFull to ensure no
     partial reads occur. The Prime implementation was changed to use only
     rejection sampling, which removes a bias when generating small primes in
     non-cryptographic contexts, removes one possible minor timing leak, and
     better aligns the behavior with BoringSSL, all while simplifying the
     implementation. The change does produce different outputs for a given
     random source stream compared to the previous implementation, which can
     break tests written expecting specific results from specific
     deterministic random sources. To help prevent such problems in the
     future, the implementation is now intentionally non-deterministic with
     respect to the input stream.
   * crypto/tls: The GODEBUG option tls10default=1 has been removed. It is
     still possible to enable TLS 1.0 client-side by setting
     Config.MinVersion. The TLS server and client now reject duplicate
     extensions in TLS handshakes, as required by RFC 5246, Section
     and RFC 8446, Section 4.2.
   * crypto/x509: CreateCertificate no longer supports creating certificates
     with SignatureAlgorithm set to MD5WithRSA. CreateCertificate no longer
     accepts negative serial numbers. CreateCertificate will not emit an
     empty SEQUENCE anymore when the produced certificate has no extensions.
     ParseCertificate and ParseCertificateRequest now reject certificates and
     CSRs which contain duplicate extensions. The new CertPool.Clone and
     CertPool.Equal methods allow cloning a CertPool and checking the
     equivalence of two CertPools respectively. The new function
     ParseRevocationList provides a faster, safer to use CRL parser which
     returns a RevocationList. Parsing a CRL also populates the new
     RevocationList fields RawIssuer, Signature, AuthorityKeyId, and
     Extensions, which are ignored by CreateRevocationList. The new method
     RevocationList.CheckSignatureFrom checks that the signature on a CRL is
     a valid signature from a Certificate. The ParseCRL and ParseDERCRL
     functions are now deprecated in favor
     of ParseRevocationList. The Certificate.CheckCRLSignature method is
      deprecated in favor of RevocationList.CheckSignatureFrom. The path
      builder of Certificate.Verify was overhauled and should now produce
      better chains and/or be more efficient in complicated scenarios. Name
      constraints are now also enforced on non-leaf certificates.
   * crypto/x509/pkix: The types CertificateList and TBSCertificateList have
     been deprecated. The new crypto/x509 CRL functionality should be used
   * debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support the
     loong64 port.
   * debug/pe: The new File.COFFSymbolReadSectionDefAux method, which returns
     a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file
     sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_*
   * runtime: The GOROOT function now returns the empty string (instead of
     "go") when the binary was built with the -trimpath flag set and the
     GOROOT variable is not set in the process environment.
   * runtime/metrics: The new /sched/gomaxprocs:threads metric reports the
     current runtime.GOMAXPROCS value. The new /cgo/go-to-c-calls:calls
     metric reports the total number of calls made from Go to C. This metric
     is identical to the runtime.NumCgoCall function. The new
     /gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when
     the GC CPU limiter was enabled. See the runtime notes for details about
     the GC CPU limiter.
   * runtime/pprof: Stop-the-world pause times have been significantly
     reduced when collecting goroutine profiles, reducing the overall latency
     impact to the application. MaxRSS is now reported in heap profiles for
     all Unix operating systems (it was previously only reported for
     GOOS=android, darwin, ios, and linux).
   * runtime/race: The race detector has been upgraded to use thread
     sanitizer version v3 on all supported platforms except windows/amd64 and
     openbsd/amd64, which remain on v2. Compared to v2, it is now typically
     1.5x to 2x faster, uses half as much memory, and it supports an
     unlimited number of goroutines. On Linux, the race detector now requires
     at least glibc version 2.17 and GNU binutils 2.26. The race detector is
     now supported
     on GOARCH=s390x. Race detector support for openbsd/amd64 has been
      removed from thread sanitizer upstream, so it is unlikely to ever be
      updated from v2.
   * runtime/trace: When tracing and the CPU profiler are enabled
     simultaneously, the execution trace includes CPU profile samples as
     instantaneous events.
   * syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6,
     RawSyscall, and RawSyscall6 now always return 0 for return value r2
     instead of an undefined value. On AIX and Solaris, Getrusage is now

   - Trace viewer html and javascript files moved from misc/trace in previous
     versions to src/cmd/trace/static in go1.19.
   * Added files with mode 0644: /usr/share/go/1.19/src/cmd/trace/static

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-2749=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2749=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP4:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2749=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2749=1

Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):


   - openSUSE Leap 15.4 (aarch64 x86_64):


   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):


   - openSUSE Leap 15.3 (aarch64 x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):



More information about the sle-updates mailing list