Container summary for bci/golang

SUSE-CU-2024:5274-1

This update for glibc fixes the following issue:

• Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

SUSE-CU-2024:5175-1

This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories.
To use gcc14 compilers use:

• install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
• override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

• Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend

• Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
• Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
• Revert libgccjit dependency change. [bsc#1220724]
• Fix libgccjit-devel dependency, a newer shared library is OK.
• Fix libgccjit dependency, the corresponding compiler isn't required.
• Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031]
• Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031]
• Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
• Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6.

SUSE-CU-2024:5026-1

This update for go1.22 fixes the following issues:

• Version update 1.22.8 includes fixes to cgo, and the maps and syscall packages (bsc#1229122)

This update for cyrus-sasl fixes the following issues:

• Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.

This update for bash fixes the following issues:

• Load completion file eveh if a brace expansion is in the command line included (bsc#1227807).

SUSE-CU-2024:4866-1

This update for e2fsprogs fixes the following issue:

• resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145).

SUSE-CU-2024:4766-1

This update for openssl-3 fixes the following issues:

• CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)

This update for glibc fixes the following issue:

• Use nss-systemd by default also in SLE (bsc#1230638).

This update for systemd fixes the following issues:

• Determine the effective user limits in a systemd setup (jsc#PED-5659)
• Don't try to restart the udev socket units anymore. (bsc#1228809).
• Add systemd.rules rework (bsc#1229518).
• Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
• upstream commit (bsc#1226414).
• Make the 32bit version of libudev.so available again (bsc#1228223).
• policykit-1 renamed to polkitd

SUSE-CU-2024:4720-1

SUSE-CU-2024:4712-1

SUSE-CU-2024:4661-1

This update for curl fixes the following issue:

• Make special characters in URL work with aws-sigv4 (bsc#1230516).

SUSE-CU-2024:4554-1

This update for ncurses fixes the following issues:

• Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

SUSE-CU-2024:4388-1

This update for curl fixes the following issues:

• CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

This update for go1.22 fixes the following issues:

• Update go v1.22.7
• CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252)
• CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
• CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)

This update for expat fixes the following issues:

• CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
• CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
• CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)

SUSE-CU-2024:4139-1

This update for glibc fixes the following issue:

• s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).

This update for binutils fixes the following issues:
Update to current 2.43.1 branch [jsc#PED-10474]:
Update to version 2.43:

• new .base64 pseudo-op, allowing base64 encoded data as strings
• Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported)
• x86 Intel syntax now warns about more mnemonic suffixes
• macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed
• aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2
• s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
• riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains)
• arm: remove support for some old co-processors: Maverick and FPA
• mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that
• LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR
• readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type
• objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame
• gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv
• linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently

• Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt'
• Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64.
• Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
• Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0.
• BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this).
• x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags.
• risc-v ld: Add '--[no-]check-uleb128'.
• New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order.
• New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors.
• objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying.
• readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index).
• objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE.
• s390 disassembly: add target-specific disasm option 'insndesc', as in 'objdump -M insndesc' to display an instruction description as comment along with the disassembly.

• Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908]
• Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)

SUSE-CU-2024:4088-1

This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries.

This update for jitterentropy fixes the following issues:

• Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870)

This update for jitterentropy fixes the following issues:

• build jitterentropy library with debuginfo (bsc#1207789)

This update for jitterentropy fixes the following issues:

• Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command.

• add FIPS 140 hints to man page
• simplify the test tool to search for optimal configurations
• fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
• enhancement: add ARM64 assembler code to read high-res timer

This update for openssl-3 fixes the following issues:

• CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

• FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
• FIPS: RSA keygen PCT requirements.
• FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523).
• FIPS: Port openssl to use jitterentropy (bsc#1220523).
• FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
• FIPS: Service Level Indicator (bsc#1221365).
• FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751).
• FIPS: Add required selftests: (bsc#1221760).
• FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
• FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
• FIPS: Zero initialization required (bsc#1221752).
• FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
• FIPS: NIST SP 800-56Brev2 (bsc#1221824).
• FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
• FIPS: Port openssl to use jitterentropy (bsc#1220523).
• FIPS: NIST SP 800-56Arev3 (bsc#1221822).
• FIPS: Error state has to be enforced (bsc#1221753).

SUSE-CU-2024:3905-1

This update for go1.22 fixes the following issue:

• go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages (bsc#1218424).

SUSE-CU-2024:3852-1

This update for go1.22 fixes the following issues:
This is go1.22 (released 2024-02-06), a major release of Go. (bsc#1218424 go1.22 release tracking)
go1.22.x minor releases will be provided through February 2024.
See https://github.com/golang/go/wiki/Go-Release-Cycle
go1.22 arrives six months after go1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

• Language change: go1.22 makes two changes to for loops. Previously, the variables declared by a for loop were created once and updated by each iteration. In go1.22, each iteration of the loop creates new variables, to avoid accidental sharing bugs. The transition support tooling described in the proposal continues to work in the same way it did in Go 1.21.
• Language change: For loops may now range over integers
• Language change: go1.22 includes a preview of a language change we are considering for a future version of Go: range-over-function iterators. Building with GOEXPERIMENT=rangefunc enables this feature.
• go command: Commands in workspaces can now use a vendor directory containing the dependencies of the workspace. The directory is created by go work vendor, and used by build commands when the -mod flag is set to vendor, which is the default when a workspace vendor directory is present. Note that the vendor directory's contents for a workspace are different from those of a single module: if the directory at the root of a workspace also contains one of the modules in the workspace, its vendor directory can contain the dependencies of either the workspace or of the module, but not both.
• go get is no longer supported outside of a module in the legacy GOPATH mode (that is, with GO111MODULE=off). Other build commands, such as go build and go test, will continue to work indefinitely for legacy GOPATH programs.
• go mod init no longer attempts to import module requirements from configuration files for other vendoring tools (such as Gopkg.lock).
• go test -cover now prints coverage summaries for covered packages that do not have their own test files. Prior to Go 1.22 a go test -cover run for such a package would report: ? mymod/mypack [no test files] and now with go1.22, functions in the package are treated as uncovered: mymod/mypack coverage: 0.0% of statements Note that if a package contains no executable code at all, we can't report a meaningful coverage percentage; for such packages the go tool will continue to report that there are no test files.
• trace: The trace tool's web UI has been gently refreshed as part of the work to support the new tracer, resolving several issues and improving the readability of various sub-pages. The web UI now supports exploring traces in a thread-oriented view. The trace viewer also now displays the full duration of all system calls. These improvements only apply for viewing traces produced by programs built with go1.22 or newer. A future release will bring some of these improvements to traces produced by older version of Go.
• vet: References to loop variables The behavior of the vet tool has changed to match the new semantics (see above) of loop variables in go1.22. When analyzing a file that requires go1.22 or newer (due to its go.mod file or a per-file build constraint), vetcode> no longer reports references to loop variables from within a function literal that might outlive the iteration of the loop. In Go 1.22, loop variables are created anew for each iteration, so such references are no longer at risk of using a variable after it has been updated by the loop.
• vet: New warnings for missing values after append The vet tool now reports calls to append that pass no values to be appended to the slice, such as slice = append(slice). Such a statement has no effect, and experience has shown that is nearly always a mistake.
• vet: New warnings for deferring time.Since The vet tool now reports a non-deferred call to time.Since(t) within a defer statement. This is equivalent to calling time.Now().Sub(t) before the defer statement, not when the deferred function is called. In nearly all cases, the correct code requires deferring the time.Since call.
• vet: New warnings for mismatched key-value pairs in log/slog calls The vet tool now reports invalid arguments in calls to functions and methods in the structured logging package, log/slog, that accept alternating key/value pairs. It reports calls where an argument in a key position is neither a string nor a slog.Attr, and where a final key is missing its value.
• runtime: The runtime now keeps type-based garbage collection metadata nearer to each heap object, improving the CPU performance (latency or throughput) of Go programs by 1-3%. This change also reduces the memory overhead of the majority Go programs by approximately 1% by deduplicating redundant metadata. Some programs may see a smaller improvement because this change adjusts the size class boundaries of the memory allocator, so some objects may be moved up a size class. A consequence of this change is that some objects' addresses that were previously always aligned to a 16 byte (or higher) boundary will now only be aligned to an 8 byte boundary. Some programs that use assembly instructions that require memory addresses to be more than 8-byte aligned and rely on the memory allocator's previous alignment behavior may break, but we expect such programs to be rare. Such programs may be built with GOEXPERIMENT=noallocheaders to revert to the old metadata layout and restore the previous alignment behavior, but package owners should update their assembly code to avoid the alignment assumption, as this workaround will be removed in a future release.
• runtime: On the windows/amd64 port, programs linking or loading Go libraries built with -buildmode=c-archive or -buildmode=c-shared can now use the SetUnhandledExceptionFilter Win32 function to catch exceptions not handled by the Go runtime. Note that this was already supported on the windows/386 port.
• compiler: Profile-guided Optimization (PGO) builds can now devirtualize a higher proportion of calls than previously possible. Most programs from a representative set of Go programs now see between 2 and 14% improvement from enabling PGO.
• compiler: The compiler now interleaves devirtualization and inlining, so interface method calls are better optimized.
• compiler: go1.22 also includes a preview of an enhanced implementation of the compiler's inlining phase that uses heuristics to boost inlinability at call sites deemed 'important' (for example, in loops) and discourage inlining at call sites deemed 'unimportant' (for example, on panic paths). Building with GOEXPERIMENT=newinliner enables the new call-site heuristics; see issue #61502 for more info and to provide feedback.
• linker: The linker's -s and -w flags are now behave more consistently across all platforms. The -w flag suppresses DWARF debug information generation. The -s flag suppresses symbol table generation. The -s flag also implies the -w flag, which can be negated with -w=0. That is, -s -w=0 will generate a binary with DWARF debug information generation but without the symbol table.
• linker: On ELF platforms, the -B linker flag now accepts a special form: with -B gobuildid, the linker will generate a GNU build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go build ID.
• linker: On Windows, when building with -linkmode=internal, the linker now preserves SEH information from C object files by copying the .pdata and .xdata sections into the final binary. This helps with debugging and profiling binaries using native tools, such as WinDbg. Note that until now, C functions' SEH exception handlers were not being honored, so this change may cause some programs to behave differently. -linkmode=external is not affected by this change, as external linkers already preserve SEH information.
• bootstrap: As mentioned in the Go 1.20 release notes, go1.22 now requires the final point release of Go 1.20 or later for bootstrap. We expect that Go 1.24 will require the final point release of go1.22 or later for bootstrap.
• core library: New math/rand/v2 package: go1.22 includes the first “v2” package in the standard library, math/rand/v2. The changes compared to math/rand are detailed in proposal go#61716. The most important changes are:

• core library: New go/version package: The new go/version package implements functions for validating and comparing Go version strings.
• core library: Enhanced routing patterns: HTTP routing in the standard library is now more expressive. The patterns used by net/http.ServeMux have been enhanced to accept methods and wildcards. This change breaks backwards compatibility in small ways, some obvious—patterns with '{' and '}' behave differently— and some less so—treatment of escaped paths has been improved. The change is controlled by a GODEBUG field named httpmuxgo121. Set httpmuxgo121=1 to restore the old behavior.
• Minor changes to the library As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here.
• archive/tar: The new method Writer.AddFS adds all of the files from an fs.FS to the archive.
• archive/zip: The new method Writer.AddFS adds all of the files from an fs.FS to the archive.
• bufio: When a SplitFunc returns ErrFinalToken with a nil token, Scanner will now stop immediately. Previously, it would report a final empty token before stopping, which was usually not desired. Callers that do want to report a final empty token can do so by returning []byte{} rather than nil.
• cmp: The new function Or returns the first in a sequence of values that is not the zero value.
• crypto/tls: ConnectionState.ExportKeyingMaterial will now return an error unless TLS 1.3 is in use, or the extended_master_secret extension is supported by both the server and client. crypto/tls has supported this extension since Go 1.20. This can be disabled with the tlsunsafeekm=1 GODEBUG setting.
• crypto/tls: By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting.
• crypto/tls: By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting.
• crypto/x509: The new CertPool.AddCertWithConstraint method can be used to add customized constraints to root certificates to be applied during chain building.
• crypto/x509: On Android, root certificates will now be loaded from /data/misc/keychain/certs-added as well as /system/etc/security/cacerts.
• crypto/x509: A new type, OID, supports ASN.1 Object Identifiers with individual components larger than 31 bits. A new field which uses this type, Policies, is added to the Certificate struct, and is now populated during parsing. Any OIDs which cannot be represented using a asn1.ObjectIdentifier will appear in Policies, but not in the old PolicyIdentifiers field. When calling CreateCertificate, the Policies field is ignored, and policies are taken from the PolicyIdentifiers field. Using the x509usepolicies=1 GODEBUG setting inverts this, populating certificate policies from the Policies field, and ignoring the PolicyIdentifiers field. We may change the default value of x509usepolicies in Go 1.23, making Policies the default field for marshaling.
• database/sql: The new Null[T] type provide a way to scan nullable columns for any column types.
• debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 systems. Additional R_LARCH_* constants are defined for use with LoongArch systems.
• encoding: The new methods AppendEncode and AppendDecode added to each of the Encoding types in the packages encoding/base32, encoding/base64, and encoding/hex simplify encoding and decoding from and to byte slices by taking care of byte slice buffer management.
• encoding: The methods base32.Encoding.WithPadding and base64.Encoding.WithPadding now panic if the padding argument is a negative value other than NoPadding.
• encoding/json: Marshaling and encoding functionality now escapes '\b' and '\f' characters as \b and \f instead of \u0008 and \u000c.
• go/ast: The following declarations related to syntactic identifier resolution are now deprecated: Ident.Obj, Object, Scope, File.Scope, File.Unresolved, Importer, Package, NewPackage. In general, identifiers cannot be accurately resolved without type information. Consider, for example, the identifier K in T{K: ''}: it could be the name of a local variable if T is a map type, or the name of a field if T is a struct type. New programs should use the go/types package to resolve identifiers; see Object, Info.Uses, and Info.Defs for details.
• go/ast: The new ast.Unparen function removes any enclosing parentheses from an expression.
• go/types: The new Alias type represents type aliases. Previously, type aliases were not represented explicitly, so a reference to a type alias was equivalent to spelling out the aliased type, and the name of the alias was lost. The new representation retains the intermediate Alias. This enables improved error reporting (the name of a type alias can be reported), and allows for better handling of cyclic type declarations involving type aliases. In a future release, Alias types will also carry type parameter information. The new function Unalias returns the actual type denoted by an Alias type (or any other Type for that matter).
• go/types: Because Alias types may break existing type switches that do not know to check for them, this functionality is controlled by a GODEBUG field named gotypesalias. With gotypesalias=0, everything behaves as before, and Alias types are never created. With gotypesalias=1, Alias types are created and clients must expect them. The default is gotypesalias=0. In a future release, the default will be changed to gotypesalias=1. Clients of go/types are urged to adjust their code as soon as possible to work with gotypesalias=1 to eliminate problems early.
• go/types: The Info struct now exports the FileVersions map which provides per-file Go version information.
• go/types: The new helper method PkgNameOf returns the local package name for the given import declaration.
• go/types: The implementation of SizesFor has been adjusted to compute the same type sizes as the compiler when the compiler argument for SizesFor is 'gc'. The default Sizes implementation used by the type checker is now types.SizesFor('gc', 'amd64').
• go/types: The start position (Pos) of the lexical environment block (Scope) that represents a function body has changed: it used to start at the opening curly brace of the function body, but now starts at the function's func token.
• html/template: Javascript template literals may now contain Go template actions, and parsing a template containing one will no longer return ErrJSTemplate. Similarly the GODEBUG setting jstmpllitinterp no longer has any effect.
• io: The new SectionReader.Outer method returns the ReaderAt, offset, and size passed to NewSectionReader.
• log/slog: The new SetLogLoggerLevel function controls the level for the bridge between the `slog` and `log` packages. It sets the minimum level for calls to the top-level `slog` logging functions, and it sets the level for calls to `log.Logger` that go through `slog`.
• math/big: The new method Rat.FloatPrec computes the number of fractional decimal digits required to represent a rational number accurately as a floating-point number, and whether accurate decimal representation is possible in the first place.
• net: When io.Copy copies from a TCPConn to a UnixConn, it will now use Linux's splice(2) system call if possible, using the new method TCPConn.WriteTo.
• net: The Go DNS Resolver, used when building with '-tags=netgo', now searches for a matching name in the Windows hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, before making a DNS query.
• net/http: The new functions ServeFileFS, FileServerFS, and NewFileTransportFS are versions of the existing ServeFile, FileServer, and NewFileTransport, operating on an fs.FS.
• net/http: The HTTP server and client now reject requests and responses containing an invalid empty Content-Length header. The previous behavior may be restored by setting GODEBUG field httplaxcontentlength=1.
• net/http: The new method Request.PathValue returns path wildcard values from a request and the new method Request.SetPathValue sets path wildcard values on a request.
• net/http/cgi: When executing a CGI process, the PATH_INFO variable is now always set to the empty string or a value starting with a / character, as required by RFC 3875. It was previously possible for some combinations of Handler.Root and request URL to violate this requirement.
• net/netip: The new AddrPort.Compare method compares two AddrPorts.
• os: On Windows, the Stat function now follows all reparse points that link to another named entity in the system. It was previously only following IO_REPARSE_TAG_SYMLINK and IO_REPARSE_TAG_MOUNT_POINT reparse points.
• os: On Windows, passing O_SYNC to OpenFile now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms.
• os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and File.Readdirnames functions now read directory entries in batches to reduce the number of system calls, improving performance up to 30%.
• os: When io.Copy copies from a File to a net.UnixConn, it will now use Linux's sendfile(2) system call if possible, using the new method File.WriteTo.
• os/exec: On Windows, LookPath now ignores empty entries in %PATH%, and returns ErrNotFound (instead of ErrNotExist) if no executable file extension is found to resolve an otherwise-unambiguous name.
• os/exec: On Windows, Command and Cmd.Start no longer call LookPath if the path to the executable is already absolute and has an executable file extension. In addition, Cmd.Start no longer writes the resolved extension back to the Path field, so it is now safe to call the String method concurrently with a call to Start.
• reflect: The Value.IsZero method will now return true for a floating-point or complex negative zero, and will return true for a struct value if a blank field (a field named _) somehow has a non-zero value. These changes make IsZero consistent with comparing a value to zero using the language == operator.
• reflect: The PtrTo function is deprecated, in favor of PointerTo.
• reflect: The new function TypeFor returns the Type that represents the type argument T. Previously, to get the reflect.Type value for a type, one had to use reflect.TypeOf((*T)(nil)).Elem(). This may now be written as reflect.TypeFor[T]().
• runtime/metrics: Four new histogram metrics /sched/pauses/stopping/gc:seconds, /sched/pauses/stopping/other:seconds, /sched/pauses/total/gc:seconds, and /sched/pauses/total/other:seconds provide additional details about stop-the-world pauses. The 'stopping' metrics report the time taken from deciding to stop the world until all goroutines are stopped. The 'total' metrics report the time taken from deciding to stop the world until it is started again.
• runtime/metrics: The /gc/pauses:seconds metric is deprecated, as it is equivalent to the new /sched/pauses/total/gc:seconds metric.
• runtime/metrics: /sync/mutex/wait/total:seconds now includes contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex.
• runtime/pprof: Mutex profiles now scale contention by the number of goroutines blocked on the mutex. This provides a more accurate representation of the degree to which a mutex is a bottleneck in a Go program. For instance, if 100 goroutines are blocked on a mutex for 10 milliseconds, a mutex profile will now record 1 second of delay instead of 10 milliseconds of delay.
• runtime/pprof: Mutex profiles also now include contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. Contention on runtime-internal locks is always reported at runtime._LostContendedRuntimeLock. A future release will add complete stack traces in these cases.
• runtime/pprof: CPU profiles on Darwin platforms now contain the process's memory map, enabling the disassembly view in the pprof tool.
• runtime/trace: The execution tracer has been completely overhauled in this release, resolving several long-standing issues and paving the way for new use-cases for execution traces.
• runtime/trace: Execution traces now use the operating system's clock on most platforms (Windows excluded) so it is possible to correlate them with traces produced by lower-level components. Execution traces no longer depend on the reliability of the platform's clock to produce a correct trace. Execution traces are now partitioned regularly on-the-fly and as a result may be processed in a streamable way. Execution traces now contain complete durations for all system calls. Execution traces now contain information about the operating system threads that goroutines executed on. The latency impact of starting and stopping execution traces has been dramatically reduced. Execution traces may now begin or end during the garbage collection mark phase.
• runtime/trace: To allow Go developers to take advantage of these improvements, an experimental trace reading package is available at golang.org/x/exp/trace. Note that this package only works on traces produced by programs built with go1.22 at the moment. Please try out the package and provide feedback on the corresponding proposal issue.
• runtime/trace: If you experience any issues with the new execution tracer implementation, you may switch back to the old implementation by building your Go program with GOEXPERIMENT=noexectracer2. If you do, please file an issue, otherwise this option will be removed in a future release.
• slices: The new function Concat concatenates multiple slices.
• slices: Functions that shrink the size of a slice (Delete, DeleteFunc, Compact, CompactFunc, and Replace) now zero the elements between the new length and the old length.
• slices: Insert now always panics if the argument i is out of range. Previously it did not panic in this situation if there were no elements to be inserted.
• syscall: The syscall package has been frozen since Go 1.4 and was marked as deprecated in Go 1.11, causing many editors to warn about any use of the package. However, some non-deprecated functionality requires use of the syscall package, such as the os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints on such code, the syscall package is no longer marked as deprecated. The package remains frozen to most new functionality, and new code remains encouraged to use golang.org/x/sys/unix or golang.org/x/sys/windows where possible.
• syscall: On Linux, the new SysProcAttr.PidFD field allows obtaining a PID FD when starting a child process via StartProcess or os/exec.
• syscall: On Windows, passing O_SYNC to Open now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms.
• testing/slogtest: The new Run function uses sub-tests to run test cases, providing finer-grained control.
• Ports: Darwin: On macOS on 64-bit x86 architecture (the darwin/amd64 port), the Go toolchain now generates position-independent executables (PIE) by default. Non-PIE binaries can be generated by specifying the -buildmode=exe build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), the Go toolchain already generates PIE by default. go1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later.
• Ports: Arm: The GOARM environment variable now allows you to select whether to use software or hardware floating point. Previously, valid GOARM values were 5, 6, or 7. Now those same values can be optionally followed by ,softfloat or ,hardfloat to select the floating-point implementation. This new option defaults to softfloat for version 5 and hardfloat for versions 6 and 7.
• Ports: Loong64: The loong64 port now supports passing function arguments and results using registers. The linux/loong64 port now supports the address sanitizer, memory sanitizer, new-style linker relocations, and the plugin build mode.
• OpenBSD go1.22 adds an experimental port to OpenBSD on big-endian 64-bit PowerPC (openbsd/ppc64).

This update for go1.22 fixes the following issues:

• Upgrade go to version 1.22.1
• CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000)
• CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001)
• CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999)
• CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002)
• CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003)

This update for go1.22 fixes the following issues:

• CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400)

This update for go1.22 fixes the following issues:
Update to go1.22.3:

• CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017)
• CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018)
• cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
• cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
• runtime: deterministic fallback hashes across process boundary
• net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0

This update for go1.22 fixes the following issues:
go1.21.11 release (bsc#1212475).

• CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973).
• CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974).

This update for go1.22 fixes the following issues:
Updated to version 1.22.5 (bsc#1218424):

• CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314).

SUSE-CU-2024:3761-1

SUSE-CU-2024:3669-1

SUSE-CU-2024:3602-1

SUSE-CU-2024:3518-1

SUSE-CU-2024:3517-1

This update for curl fixes the following issues:

• CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
• CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)

SUSE-CU-2024:3453-1

SUSE-CU-2024:3382-1

SUSE-CU-2024:3291-1

This update for openssl-3 fixes the following issues:
Security fixes:

• CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)

• Build with no-afalgeng (bsc#1226463)
• Build with enabled sm2 and sm4 support (bsc#1222899)
• Fix non-reproducibility issue (bsc#1223336)

This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:

• Changes in version 254.15:

• Changes in version 254.14:

SUSE-CU-2024:3237-1

This update for git fixes the following issues:

• CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)

SUSE-CU-2024:3124-1

SUSE-CU-2024:3065-1

This update for krb5 fixes the following issues:

• CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
• CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

This update for go1.21 fixes the following issues:
Updated to version 1.21.12 (bsc#1212475):

• CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314).

SUSE-CU-2024:3019-1

The GNU Compiler GCC 8 is being added to the Development Tools Module by this update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html

This update for make fixes the following issues:

• Use a non-blocking read with pselect to avoid hangs (bsc#1100504)

This update for ncurses fixes the following issues:
Security issue fixed:

• CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

• Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).

GCC 7 was updated to the GCC 7.4 release.

• Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory.
• Includes fix for build with ISL 0.20.
• Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119]
• Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192]
• Fixes support for 32bit ASAN with glibc 2.27+

This update for acl fixes the following issues:

• test: Add helper library to fake passwd/group files.
• quote: Escape literal backslashes. (bsc#953659)

This update for file fixes the following issues:
The following security vulnerabilities were addressed:

• CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
• CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
• CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
• CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)

This update for gcc fixes the following issues:

• Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008)

This update for gcc7 fixes the following issues:
Update to gcc-7-branch head (r270528).

• Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738)
• Fix ICE compiling tensorflow on aarch64. (bsc#1129389)
• Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794)
• Fix for s390x FP load-and-test issue. (bsc#1124644)
• Improve build reproducability by disabling address-space randomization during build.
• Adjust gnat manual entries in the info directory. (bsc#1114592)
• Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

• CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

This update for gcc7 to r275405 fixes the following issues:
Security issues fixed:

• CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649).
• CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145).

• Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487).

This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:

• CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).
• CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).
• CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).
• CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
• CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

• Fix CPU summary showing old data. (bsc#1121753)

• library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures
• library: Just check for SIGLOST and don't delete it
• library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
• library: Use size_t for alloc functions CVE-2018-1126
• library: Increase comm size to 64
• pgrep: Fix stack-based buffer overflow CVE-2018-1125
• pgrep: Remove >15 warning as comm can be longer
• ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
• ps: Increase command name selection field to 64
• top: Don't use cwd for location of config CVE-2018-1122
• update translations
• library: build on non-glibc systems
• free: fix scaling on 32-bit systems
• Revert 'Support running with child namespaces'
• library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
• doc: Document I idle state in ps.1 and top.1
• free: fix some of the SI multiples
• kill: -l space between name parses correctly
• library: dont use vm_min_free on non Linux
• library: don't strip off wchan prefixes (ps & top)
• pgrep: warn about 15+ char name only if -f not used
• pgrep/pkill: only match in same namespace by default
• pidof: specify separator between pids
• pkill: Return 0 only if we can kill process
• pmap: fix duplicate output line under '-x' option
• ps: avoid eip/esp address truncations
• ps: recognizes SCHED_DEADLINE as valid CPU scheduler
• ps: display NUMA node under which a thread ran
• ps: Add seconds display for cputime and time
• ps: Add LUID field
• sysctl: Permit empty string for value
• sysctl: Don't segv when file not available
• sysctl: Read and write large buffers
• top: add config file support for XDG specification
• top: eliminated minor libnuma memory leak
• top: show fewer memory decimal places (configurable)
• top: provide command line switch for memory scaling
• top: provide command line switch for CPU States
• top: provides more accurate cpu usage at startup
• top: display NUMA node under which a thread ran
• top: fix argument parsing quirk resulting in SEGV
• top: delay interval accepts non-locale radix point
• top: address a wishlist man page NLS suggestion
• top: fix potential distortion in 'Mem' graph display
• top: provide proper multi-byte string handling
• top: startup defaults are fully customizable
• watch: define HOST_NAME_MAX where not defined
• vmstat: Fix alignment for disk partition format
• watch: Support ANSI 39,49 reset sequences

This update for binutils fixes the following issues:
binutils was updated to current 2.32 branch [jsc#ECO-368].
Includes following security fixes:

• CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)
• CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)
• CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)
• CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)
• CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)
• CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)
• CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)
• CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)
• CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)
• CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)
• CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)
• CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)
• CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)
• CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)
• CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056)
• CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640)
• CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)

• enable xtensa architecture (Tensilica lc6 and related)
• Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913).
• Fixed some LTO build issues (bsc#1133131 bsc#1133232).
• riscv: Don't check ABI flags if no code section
• Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016).
• Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590).

• The binutils now support for the C-SKY processor series.
• The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes.
• The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE.
• The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary.
• Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function.
• The BFD linker will now report property change in linker map file when merging GNU properties.
• The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report.
• The GOLD linker has improved warning messages for relocations that refer to discarded sections.

• Improve relro support on s390 [fate#326356]
• Fix broken debug symbols (bsc#1118644)
• Handle ELF compressed header alignment correctly.

This update for ncurses fixes the following issues:
Security issues fixed:

• CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
• CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).

• Removed screen.xterm from terminfo database (bsc#1103320).

This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

• CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
• CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

• Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
• Fixed miscompilation for vector shift on s390. (bsc#1141897)

This update for libidn2 to version 2.2.0 fixes the following issues:

• CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
• CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

This update for gcc7 fixes the following issues:

• Fix miscompilation with thread-safe localstatic initialization (gcc#85887).
• Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475).

This update for procps fixes the following issues:

• Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

This update for gcc7 fixes the following issue:

• Fixed a miscompilation in zSeries code (bsc#1160086)

This update for binutils fixes the following issues:

• Recognize the official name of s390 arch13: 'z15'. (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464)

This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:

• CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

• FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
• FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
• FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)

This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.

• Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
• Includes fix for binutils version parsing
• Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10.
• Add gcc9 autodetect -g at lto link (bsc#1149995)
• Install go tool buildid for bootstrapping go

This update for file fixes the following issues:
Security issues fixed:

• CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).

• Fixed broken '--help' output (bsc#1169512).

This update for lifecycle-data-sle-module-development-tools fixes the following issue:

• Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)

This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them via:
CC=gcc-10 CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:

• Enable build on aarch64

This update for procps fixes the following issues:

• Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)

This update for file fixes the following issues:

• Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)

This update for binutils fixes the following issues:
binutils was updated to version 2.35. (jsc#ECO-2373)
Update to binutils 2.35:

• The assembler can now produce DWARF-5 format line number tables.
• Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
• Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option.
• The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler.

• fix DT_NEEDED order with -flto [bsc#1163744]

• The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions.
• The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing.
• The assembler and linker now support the generation of ELF format files for the Z80 architecture.

• Add new subpackages for libctf and libctf-nobfd.
• Disable LTO due to bsc#1163333.
• Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078

• fix various build fails on aarch64 (PR25210, bsc#1157755).

• Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions.
• Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors.
• Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals.
• For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'.
• The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details.
• Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker.
• Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI.
• Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
• Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly.
• Add --set-section-alignment = option to objcopy to allow the changing of section alignments.
• Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format.
• The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file.
• Add support for dumping types encoded in the Compact Type Format to objdump and readelf.
• Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924

• Add xBPF target
• Fix various problems with DWARF 5 support in gas
• fix nm -B for objects compiled with -flto and -fcommon.

This update for lifecycle-data-sle-module-development-tools fixes the following issues:

• Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules. (jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951)

This update for binutils fixes the following issues:
Update binutils 2.35 branch to commit 1c5243df:

• Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions.
• Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711
• The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader.

• This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341]

This update for gcc7 fixes the following issues:

• CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798)
• Enable fortran for the nvptx offload compiler.
• Update README.First-for.SuSE.packagers
• avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
• Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939]
• Fixed 32bit libgnat.so link. [bsc#1178675]
• Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]
• Fixed debug line info for try/catch. [bsc#1178614]
• Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled)
• Fixed corruption of pass private ->aux via DF. [gcc#94148]
• Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
• Fixed binutils release date detection issue.
• Fixed register allocation issue with exception handling code on s390x. [bsc#1161913]
• Fixed miscompilation of some atomic code on aarch64. [bsc#1150164]

This update for libidn2 fixes the following issues:

• The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138)

This update for gcc7 fixes the following issues:

• Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939]

This update for keyutils fixes the following issues:

• Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

This update for gmp fixes the following issues:

• correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

This update for gcc7 fixes the following issues:

• Fixed webkit2gtk3 build (bsc#1181618)
• Change GCC exception licenses to SPDX format
• Remove include-fixed/pthread.h

This update for filesystem the following issues:

• Remove duplicate line due to merge error
• Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
• Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
• Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
• Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

• Fix for a possible memory leak. (bsc#1180020)
• Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
• Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
• Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
• Don't use shell redirections when calling a rpm macro. (bsc#1183094)
• 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

This update for procps fixes the following issues:

• Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

This update for mpfr fixes the following issues:

• Fixed an issue when building for ppc64le (bsc#1141190)

• A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines).
• The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow.
• The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision.
• The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2).
• The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator.
• The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions.

This update for procps fixes the following issues:

• Support up to 2048 CPU as well. (bsc#1185417)

This update for gcc10 fixes the following issues:

• Disable nvptx offloading for aarch64 again since it doesn't work
• Fixed a build failure issue. (bsc#1182016)
• Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
• Fix 32bit 'libgnat.so' link. (bsc#1178675)
• prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
• Build complete set of multilibs for arm-none target. (bsc#1106014)

This update for gcc fixes the following issues:

• Added gccgo symlink and go and gofmt as alternatives to support parallel installation of golang (bsc#1096677)

This update for lifecycle-data-sle-module-development-tools fixes the following issues:

• mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484)

This update for gcc fixes the following issues:

• With gcc-PIE add -pie even when -fPIC is specified but we are not linking a shared library. [bsc#1185348]
• Fix postun of gcc-go alternative.

This update for file fixes the following issues:

• Fixes exception thrown by memory allocation problem (bsc#1189996)

This update for ncurses fixes the following issues:

• CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

This update for binutils fixes the following issues:
Update to binutils 2.37:

• The GNU Binutils sources now requires a C99 compiler and library to build.
• Support for Realm Management Extension (RME) for AArch64 has been added.
• A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations.
• A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections.
• A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
• The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16.
• A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else.
• A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools.
• The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols.
• Readelf and objdump can now display and use the contents of .debug_sup sections.
• Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option.

• Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic.

• General:

• X86/x86_64:

• ARM/AArch64: