SUSE-RU-2022:2749-1: moderate: Recommended update for go1.19
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Aug 10 16:19:11 UTC 2022
SUSE Recommended Update: Recommended update for go1.19
Announcement ID: SUSE-RU-2022:2749-1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
An update that has one recommended fix can now be installed.
This update for go1.19 fixes the following issues:
go1.19 (released 2022-08-02) is a major release of Go.
go1.19.x minor releases will be provided through August 2023.
go1.19 arrives five months after go1.18. Most of its changes are in the
implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of compatibility. We
expect almost all Go programs to continue to compile and run as before.
(Refs bsc#1200441 go1.19 release tracking)
* See release notes https://golang.org/doc/go1.19. Excerpts relevant to
OBS environment and for SUSE/openSUSE follow:
* There is only one small change to the language, a very small correction
to the scope of type parameters in method declarations. Existing
programs are unaffected.
* The Go memory model has been revised to align Go with the memory model
sequentially consistent atomics, not any of the more relaxed forms found
in other languages. Along with the memory model update, Go 1.19
introduces new types in the sync/atomic package that make it easier to
use atomic values, such as atomic.Int64 and atomic.Pointer[T].
* go1.19 adds support for the Loongson 64-bit architecture LoongArch on
Linux (GOOS=linux, GOARCH=loong64). The ABI implemented is LP64D.
Minimum kernel version supported is 5.19.
* The riscv64 port now supports passing function arguments and result
using registers. Benchmarking shows typical performance improvements of
10% or more on riscv64.
* Go 1.19 adds support for links, lists, and clearer headings in doc
comments. As part of this change, gofmt now reformats doc comments to
make their rendered meaning clearer. See "Go Doc Comments" for syntax
details and descriptions of common mistakes now highlighted by gofmt. As
another part of this change, the new package go/doc/comment provides
parsing and reformatting of doc comments as well as support for
rendering them to HTML, Markdown, and text.
* The new build constraint "unix" is now recognized in //go:build lines.
The constraint is satisfied if the target operating system, also known
as GOOS, is a Unix or Unix-like system. For the 1.19 release it is
satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd,
hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future
releases the unix constraint may match additional newly supported
* The -trimpath flag, if set, is now included in the build settings
stamped into Go binaries by go build, and can be examined using go
version -m or debug.ReadBuildInfo.
* go generate now sets the GOROOT environment variable explicitly in the
generator's environment, so that generators can locate the correct
GOROOT even if built with -trimpath.
* go test and go generate now place GOROOT/bin at the beginning
of the PATH used for the subprocess, so tests and generators that
execute the go command will resolve it to same GOROOT.
* go env now quotes entries that contain spaces in the CGO_CFLAGS,
CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, CGO_LDFLAGS, and GOGCCFLAGS
variables it reports.
* go list -json now accepts a comma-separated list of JSON fields to
populate. If a list is specified, the JSON output will include only
those fields, and go list may avoid work to compute fields that are not
included. In some cases, this may suppress errors that would otherwise
* The go command now caches information necessary to load some modules,
which should result in a speed-up of some go list invocations.
* The vet checker "errorsas" now reports when errors.As is called with a
second argument of type *error, a common mistake.
* The runtime now includes support for a soft memory limit. This memory
limit includes the Go heap and all other memory managed by the runtime,
and excludes external memory sources such as mappings of the binary
itself, memory managed in other languages, and memory held by the
operating system on behalf of the Go program. This limit may be managed
via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT
environment variable. The limit works in conjunction with
runtime/debug.SetGCPercent / GOGC, and will be respected even if
GOGC=off, allowing Go programs to always make maximal use of their
memory limit, improving resource efficiency in some cases.
* In order to limit the effects of GC thrashing when the program's live
heap size approaches the soft memory limit, the Go runtime also attempts
to limit total GC CPU utilization to 50%, excluding idle time, choosing
to use more memory over preventing application progress. In practice, we
expect this limit to only play a role in exceptional cases, and the new
runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last
* The runtime now schedules many fewer GC worker goroutines on idle
operating system threads when the application is idle enough to force a
periodic GC cycle.
* The runtime will now allocate initial goroutine stacks based on the
historic average stack usage of goroutines. This avoids some of the
early stack growth and copying needed in the average case in exchange
for at most 2x wasted space on below-average goroutines.
* On Unix operating systems, Go programs that import package os now
automatically increase the open file limit (RLIMIT_NOFILE) to the
maximum allowed value; that is, they change the soft limit to match the
hard limit. This corrects artificially low limits set on some systems
for compatibility with very old C programs using the select system call.
Go programs are not helped by that limit, and instead even simple
programs like gofmt often ran out of file descriptors on such systems
when processing many files in parallel. One impact of this change is
that Go programs that in turn execute very old C programs in child
processes may run those programs with too high a limit. This can be
corrected by setting the hard limit before invoking the Go program.
* Unrecoverable fatal errors (such as concurrent map writes, or unlock of
unlocked mutexes) now print a simpler traceback excluding runtime
metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or
crash. Runtime-internal fatal error tracebacks always include full
metadata regardless of the value
* Support for debugger-injected function calls has been added on ARM64,
enabling users to call functions from their binary in an interactive
debugging session when using a debugger that is updated to make use of
* The address sanitizer support added in Go 1.18 now handles function
arguments and global variables more precisely.
* The compiler now uses a jump table to implement large integer and string
switch statements. Performance improvements for the switch statement
vary but can be on the order of 20% faster. (GOARCH=amd64 and
* The Go compiler now requires the -p=importpath flag to build a linkable
object file. This is already supplied by the go command and by Bazel.
Any other build systems that invoke the Go compiler directly will need
to make sure they pass this flag as well.
* The Go compiler no longer accepts the -importmap flag. Build systems
that invoke the Go compiler directly must use the
-importcfg flag instead.
* Like the compiler, the assembler now requires the -p=importpath flag to
build a linkable object file. This is already supplied by the go
command. Any other build systems that invoke the Go assembler directly
will need to make sure they pass this flag as well.
* Command and LookPath no longer allow results from a PATH search to be
found relative to the current directory. This removes a common source of
security problems but may also break existing programs that depend on
using, say, exec.Command("prog") to run a binary named prog (or, on
Windows, prog.exe) in the current directory. See the os/exec package
documentation for information about how best to update such programs.
* On Windows, Command and LookPath now respect the
NoDefaultCurrentDirectoryInExePath environment variable, making it
possible to disable the default implicit search of â.â in PATH
lookups on Windows systems.
* crypto/elliptic: Operating on invalid curve points (those for which the
IsOnCurve method returns false, and which are never returned by
Unmarshal or by a Curve method operating on a valid point) has always
been undefined behavior and can lead to key recovery attacks. If an
invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or
ScalarMult, they will now panic. ScalarBaseMult operations on the P224,
P384, and P521 curves are now up to three times faster, leading to
similar speedups in some ECDSA operations. The generic (not platform
optimized) P256 implementation was replaced with one derived from a
formally verified model; this might lead to significant slowdowns on
* crypto/rand: Read no longer buffers random data obtained from the
operating system between calls. Applications that perform many small
reads at high frequency might choose to wrap Reader in a bufio.Reader
for performance reasons, taking care to use io.ReadFull to ensure no
partial reads occur. The Prime implementation was changed to use only
rejection sampling, which removes a bias when generating small primes in
non-cryptographic contexts, removes one possible minor timing leak, and
better aligns the behavior with BoringSSL, all while simplifying the
implementation. The change does produce different outputs for a given
random source stream compared to the previous implementation, which can
break tests written expecting specific results from specific
deterministic random sources. To help prevent such problems in the
future, the implementation is now intentionally non-deterministic with
respect to the input stream.
* crypto/tls: The GODEBUG option tls10default=1 has been removed. It is
still possible to enable TLS 1.0 client-side by setting
Config.MinVersion. The TLS server and client now reject duplicate
extensions in TLS handshakes, as required by RFC 5246, Section 126.96.36.199
and RFC 8446, Section 4.2.
* crypto/x509: CreateCertificate no longer supports creating certificates
with SignatureAlgorithm set to MD5WithRSA. CreateCertificate no longer
accepts negative serial numbers. CreateCertificate will not emit an
empty SEQUENCE anymore when the produced certificate has no extensions.
ParseCertificate and ParseCertificateRequest now reject certificates and
CSRs which contain duplicate extensions. The new CertPool.Clone and
CertPool.Equal methods allow cloning a CertPool and checking the
equivalence of two CertPools respectively. The new function
ParseRevocationList provides a faster, safer to use CRL parser which
returns a RevocationList. Parsing a CRL also populates the new
RevocationList fields RawIssuer, Signature, AuthorityKeyId, and
Extensions, which are ignored by CreateRevocationList. The new method
RevocationList.CheckSignatureFrom checks that the signature on a CRL is
a valid signature from a Certificate. The ParseCRL and ParseDERCRL
functions are now deprecated in favor
of ParseRevocationList. The Certificate.CheckCRLSignature method is
deprecated in favor of RevocationList.CheckSignatureFrom. The path
builder of Certificate.Verify was overhauled and should now produce
better chains and/or be more efficient in complicated scenarios. Name
constraints are now also enforced on non-leaf certificates.
* crypto/x509/pkix: The types CertificateList and TBSCertificateList have
been deprecated. The new crypto/x509 CRL functionality should be used
* debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support the
* debug/pe: The new File.COFFSymbolReadSectionDefAux method, which returns
a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file
sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_*
* runtime: The GOROOT function now returns the empty string (instead of
"go") when the binary was built with the -trimpath flag set and the
GOROOT variable is not set in the process environment.
* runtime/metrics: The new /sched/gomaxprocs:threads metric reports the
current runtime.GOMAXPROCS value. The new /cgo/go-to-c-calls:calls
metric reports the total number of calls made from Go to C. This metric
is identical to the runtime.NumCgoCall function. The new
/gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when
the GC CPU limiter was enabled. See the runtime notes for details about
the GC CPU limiter.
* runtime/pprof: Stop-the-world pause times have been significantly
reduced when collecting goroutine profiles, reducing the overall latency
impact to the application. MaxRSS is now reported in heap profiles for
all Unix operating systems (it was previously only reported for
GOOS=android, darwin, ios, and linux).
* runtime/race: The race detector has been upgraded to use thread
sanitizer version v3 on all supported platforms except windows/amd64 and
openbsd/amd64, which remain on v2. Compared to v2, it is now typically
1.5x to 2x faster, uses half as much memory, and it supports an
unlimited number of goroutines. On Linux, the race detector now requires
at least glibc version 2.17 and GNU binutils 2.26. The race detector is
on GOARCH=s390x. Race detector support for openbsd/amd64 has been
removed from thread sanitizer upstream, so it is unlikely to ever be
updated from v2.
* runtime/trace: When tracing and the CPU profiler are enabled
simultaneously, the execution trace includes CPU profile samples as
* syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6,
RawSyscall, and RawSyscall6 now always return 0 for return value r2
instead of an undefined value. On AIX and Solaris, Getrusage is now
versions to src/cmd/trace/static in go1.19.
* Added files with mode 0644: /usr/share/go/1.19/src/cmd/trace/static
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2749=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2749=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2749=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2749=1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
- openSUSE Leap 15.4 (aarch64 x86_64):
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
- openSUSE Leap 15.3 (aarch64 x86_64):
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
More information about the sle-updates