| Age | Commit message (Collapse) | Author | Files | Lines |
|
Replacements: the versioned lang/go19, lang/go110 and lang/go111.
Nothing in pkgsrc directly depends on this anymore. There are a few
stragglers in wip, which will be fixed.
|
|
go1.10.4 (released 2018/08/24) includes fixes to the go command, linker, and
the net/http, mime/multipart, ld/macho, bytes, and strings packages. See the
Go 1.10.4 milestone on our issue tracker for details.
pkgsrc note: After the import of Go 1.11, this package will be renamed to
lang/go110.
|
|
BREAKING CHANGE: If you do not have pkg_alternatives installed, then you
will not get a "go" tool in the PATH, and builds of packages using Go may
fail. (This will be fixed in the next commit.)
|
|
go1.10.3 (released 2018/06/05) includes fixes to the go command, and the
crypto/tls, crypto/x509, and strings packages. In particular, it adds minimal
support to the go command for the vgo transition. See the Go 1.10.3 milestone
on our issue tracker for details.
|
|
As far as I can see, only non-security-relevant bugfixes.
go1.10.2 (released 2018/05/01) includes fixes to the compiler, linker, and go
command. See the Go 1.10.2 milestone on our issue tracker for details.
|
|
This fixes a security issue (https://github.com/golang/go/issues/23867).
Also:
These releases include fixes to the compiler, runtime, go command, and the
archive/zip, crypto/tls, crypto/x509, encoding/json, net, net/http, and
net/http/pprof packages.
ok wiz@ for committing during freeze
|
|
Full release notes at https://golang.org/doc/go1.10.
The latest Go release, version 1.10, arrives six months after Go 1.9. Most of
its changes are in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of compatibility. We expect
almost all Go programs to continue to compile and run as before.
This release improves caching of built packages, adds caching of successful
test results, runs vet automatically during tests, and permits passing string
values directly between Go and C using cgo. A new compiler option whitelist may
cause unexpected invalid flag errors in code that built successfully with older
releases.
As announced in the Go 1.9 release notes, Go 1.10 now requires FreeBSD 10.3 or
later; support for FreeBSD 9.3 has been removed.
Go now runs on NetBSD again but requires the unreleased NetBSD 8. Only GOARCH
amd64 and 386 have been fixed. The arm port is still broken.
On 32-bit MIPS systems, the new environment variable settings GOMIPS=hardfloat
(the default) and GOMIPS=softfloat select whether to use hardware instructions
or software emulation for floating-point computations.
Go 1.10 is the last release that will run on OpenBSD 6.0. Go 1.11 will require
OpenBSD 6.2.
Go 1.10 is the last release that will run on OS X 10.8 Mountain Lion or OS X
10.9 Mavericks. Go 1.11 will require OS X 10.10 Yosemite or later.
Go 1.10 is the last release that will run on Windows XP or Windows Vista. Go
1.11 will require Windows 7 or later.
|
|
By using the clang or gcc plugin mechanism, it was possible for an attacker to
trick the “go get” command into executing arbitrary code. The go command now
restricts the set of allowed host compiler and linker arguments in cgo source
files to a list of allowed flags, in particular disallowing -fplugin= and
-plugin=.
The issue is CVE-2018-6574 and Go issue golang.org/issue/23672. See the Go
issue for details.
Thanks to Christopher Brown of Mattermost for reporting this problem.
|
|
This release includes fixes to the compiler, runtime, and the database/sql,
math/big, net/http, and net/url packages.
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.9.minor
|
|
|
|
https://github.com/oshimaya/pkgsrc/tree/master/lang/go
|
|
This release includes fixes to the compiler, linker, runtime, documentation,
go command, and the crypto/x509, database/sql, log, and net/smtp packages. It
includes a fix to a bug introduced in Go 1.9.1 that broke "go get"
of non-Git repositories under certain conditions.
|
|
The latest Go release, version 1.9, arrives six months after Go 1.8 and
is the tenth release in the Go 1.x series. There are two changes to the
language: adding support for type aliases and defining when
implementations may fuse floating point operations. Most of the changes
are in the implementation of the toolchain, runtime, and libraries. As
always, the release maintains the Go 1 promise of compatibility. We
expect almost all Go programs to continue to compile and run as before.
The release adds transparent monotonic time support, parallelizes
compilation of functions within a package, better supports test helper
functions, includes a new bit manipulation package, and has a new
concurrent map type.
There are some instabilities on FreeBSD that are known but not
understood. These can lead to program crashes in rare cases. See issue
15658. Any help in solving this FreeBSD-specific issue would be
appreciated.
Go stopped running NetBSD builders during the Go 1.9 development cycle
due to NetBSD kernel crashes, up to and including NetBSD 7.1. As Go 1.9
is being released, NetBSD 7.1.1 is being released with a fix. However,
at this time we have no NetBSD builders passing our test suite. Any help
investigating the various NetBSD issues would be appreciated.
|
|
This release includes fixes to the compiler, runtime, documentation, and the
database/sql package.
https://golang.org/doc/devel/release.html#go1.8.minor
It also includes the security fix to the crypto/elliptic package from Go 1.8.2.
|
|
Upstream changes:
go1.8.1 (released 2017/04/07) includes fixes to the compiler, linker, runtime, documentation, go command and the crypto/tls, encoding/xml, image/png, net, net/http, reflect, text/template, and time packages. See the Go 1.8.1 milestone on our issue tracker for details.
|
|
The compiler back end introduced in Go 1.7 for 64-bit x86 is now used on all
architectures, and those architectures should see significant performance
improvements. For instance, the CPU time required by our benchmark programs was
reduced by 20-30% on 32-bit ARM systems. There are also some modest performance
improvements in this release for 64-bit x86 systems. The compiler and linker
have been made faster. Compile times should be improved by about 15% over Go
1.7. There is still more work to be done in this area: expect faster
compilation speeds in future releases.
Garbage collection pauses should be significantly shorter, usually under 100
microseconds and often as low as 10 microseconds.
The HTTP server adds support for HTTP/2 Push, allowing servers to preemptively
send responses to a client. This is useful for minimizing network latency by
eliminating roundtrips. The HTTP server also adds support for graceful
shutdown, allowing servers to minimize downtime by shutting down only after
serving all requests that are in flight.
Contexts (added to the standard library in Go 1.7) provide a cancelation and
timeout mechanism. Go 1.8 adds support for contexts in more parts of the
standard library, including the database/sql and net packages and
Server.Shutdown in the net/http package.
Go 1.8 includes many more additions, improvements, and fixes. Find the complete
set of changes, and more information about the improvements listed above, in
the Go 1.8 release notes: https://golang.org/doc/go1.8
|
|
Upstream changes:
go1.7.5 (released 2017/01/26) includes fixes to the compiler, runtime, and the crypto/x509 and time packages. See the Go 1.7.5 milestone on our issue tracker for details.
|
|
go1.7.2 should not be used. It was tagged but not fully released. The release
was deferred due to a last minute bug report. Use go1.7.3 instead, and refer to
the summary of changes below.
go1.7.3 (released 2016/10/19) includes fixes to the compiler, runtime, and the
crypto/cipher, crypto/tls, net/http, and strings packages. See the Go 1.7.3
milestone on our issue tracker for details.
|
|
go1.7.1 (released 2016/09/07) includes fixes to the compiler, runtime,
documentation, and the compress/flate, hash/crc32, io, net, net/http,
path/filepath, reflect, and syscall packages. See the Go 1.7.1 milestone on our
issue tracker for details.
|
|
|
|
The latest Go release, version 1.7, arrives six months after 1.6. Most of its
changes are in the implementation of the toolchain, runtime, and libraries.
There is one minor change to the language specification. As always, the release
maintains the Go 1 promise of compatibility. We expect almost all Go programs
to continue to compile and run as before.
There is one tiny language change in this release. The section on terminating
statements clarifies that to determine whether a statement list ends in a
terminating statement, the “final non-empty statement” is considered the end,
matching the existing behavior of the gc and gccgo compiler toolchains. In
earlier releases the definition referred only to the “final statement,” leaving
the effect of trailing empty statements at the least unclear. The go/types
package has been updated to match the gc and gccgo compiler toolchains in this
respect. This change has no effect on the correctness of existing programs.
Go 1.7 adds support for macOS 10.12 Sierra. This support was backported to Go
1.6.3. Binaries built with versions of Go before 1.6.3 will not work correctly
on Sierra.
|
|
This release includes fixes to the compiler, runtime, tools, documentation, and
the mime/multipart, net/http, and sort packages.
https://golang.org/doc/devel/release.html#go1.6.minor
|
|
Two security-related issues were recently reported, and to address these issues
we have just released Go 1.6.1 and Go 1.5.4.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.6.1).
The issues addressed by these releases are:
On Windows, Go loads system DLLs by name with LoadLibrary, making it vulnerable
to DLL preloading attacks. For instance, if a user runs a Go executable from a
Downloads folder, malicious DLL files also downloaded to that folder could be
loaded into that executable.
This is CVE-2016-3958 and was addressed by this change: https://golang.org/cl/21428
Thanks to Taru Karttunen for identifying this issue.
Go's crypto libraries passed certain parameters unchecked to the underlying big
integer library, possibly leading to extremely long-running computations, which
in turn makes Go programs vulnerable to remote denial of service attacks.
Programs using HTTPS client certificates or the Go SSH server libraries are
both exposed to this vulnerability.
This is CVE-2016-3959 and was addressed by this change: https://golang.org/cl/21533
Thanks to David Wong for identifying this issue.
|
|
The latest Go release, version 1.6, arrives six months after 1.5. Most of its
changes are in the implementation of the language, runtime, and libraries.
There are no changes to the language specification. As always, the release
maintains the Go 1 promise of compatibility. We expect almost all Go programs
to continue to compile and run as before.
The release adds new ports to Linux on 64-bit MIPS and Android on 32-bit x86;
defined and enforced rules for sharing Go pointers with C; transparent,
automatic support for HTTP/2; and a new mechanism for template reuse.
Full changelog at https://golang.org/doc/go1.6.
|
|
go1.5.2 (released 2015/12/02) includes bug fixes to the compiler,
linker, and the mime/multipart, net, and runtime packages. See the Go
1.5.2 milestone on our issue tracker for details.
https://github.com/golang/go/issues?q=milestone%3AGo1.5.2
|
|
go1.5.1 (released 2015/09/08) includes bug fixes to the compiler, assembler,
and the fmt, net/textproto, net/http, and runtime packages. See the Go 1.5.1
milestone on our issue tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.5.1
|
|
This release now needs the previous one (lang/go14) to build.
The biggest developments in the implementation are:
* The compiler and runtime are now written entirely in Go (with a little
assembler). C is no longer involved in the implementation, and so the
C compiler that was once necessary for building the distribution is
gone.
* The garbage collector is now concurrent and provides dramatically
lower pause times by running, when possible, in parallel with other
goroutines.
* By default, Go programs run with GOMAXPROCS set to the number of cores
available; in prior releases it defaulted to 1.
* Support for internal packages is now provided for all repositories,
not just the Go core.
* The go command now provides experimental support for "vendoring"
external dependencies.
* A new go tool trace command supports fine-grained tracing of program
execution.
* A new go doc command (distinct from godoc) is customized for
command-line use.
Full release notes are at https://golang.org/doc/go1.5.
|
|
Bump PKGREVISION.
|
|
compiler and linker, and the runtime, syscall, reflect, and math/big packages.
|
|
We've just released Go version 1.4.1, a minor point release. This
release fixes bugs in linker and the log, runtime, and syscall
packages.
|
|
We handle it differently in the go-tools package. While here, rename
GO_COMPILER to GOCHAR, which is the name upstream uses.
Bump PKGREVISION.
|
|
|
|
Today we announce Go 1.4, the fifth major stable release of Go,
arriving six months after our previous major release Go 1.3. It
contains a small language change, support for more operating systems
and processor architectures, and improvements to the tool chain
and libraries. As always, Go 1.4 keeps the promise of compatibility,
and almost everything will continue to compile and run without
change when moved to 1.4. For the full details, see the Go 1.4
release notes.
The most notable new feature in this release is official support
for Android. Using the support in the core and the libraries in
the golang.org/x/mobile repository, it is now possible to write
simple Android apps using only Go code. At this stage, the support
libraries are still nascent and under heavy development. Early
adopters should expect a bumpy ride, but we welcome the community
to get involved.
The language change is a tweak to the syntax of for-range loops.
You may now write "for range s {" to loop over each item from s,
without having to assign the value, loop index, or map key. See
the release notes for details.
The go command has a new subcommand, go generate, to automate the
running of tools to generate source code before compilation. For
example, it can be used to automate the generation of String methods
for typed constants using the new stringer tool. For more information,
see the design document.
Most programs will run about the same speed or slightly faster in
1.4 than in 1.3; some will be slightly slower. There are many
changes, making it hard to be precise about what to expect. See
the release notes for more discussion.
And, of course, there are many more improvements and bug fixes.
In case you missed it, a few weeks ago the sub-repositories were
moved to new locations. For example, the go.tools packages are now
imported from "golang.org/x/tools". See the announcement post for
details.
This release also coincides with the project's move from Mercurial
to Git (for source control), Rietveld to Gerrit (for code review),
and Google Code to Github (for issue tracking and wiki). The move
affects the core Go repository and its sub-repositories. You can
find the canonical Git repositories at go.googlesource.com, and
the issue tracker and wiki at the golang/go GitHub repo.
|
|
We've just released Go version 1.3.2, a minor point release.
This release includes bug fixes to cgo and the crypto/tls package.
https://golang.org/doc/devel/release.html#go1.3.minor
The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.
|
|
This release includes bug fixes to the compiler and the runtime,
net, and crypto/rsa packages.
Ok bsiegert@
|
|
|
|
Note that this is a leaf package. schmonz says it is ok to update this
now.
|
|
in do-install. The obj files are build artifacts.
Fixes breakage reported by wiz in private mail (I hope).
|
|
go1.2.2 (released 2014/05/05) includes a security fix that affects the tour
binary included in the binary distributions (thanks to Guillaume T).
|
|
contains the "arch character" (5, 6 or 8) and substitute it in PLIST.
Fixes installation on i386 and possibly evbarm.
|
|
It contains the following fixes:
* runtime: fix crash in runtime.GoroutineProfile
* runtime: if traceback sees a breakpoint, don't change the PC
* runtime: fix data race in GC
* net: ignore some errors in windows Accept
* database/sql: Use all connections in pool
|
|
on NetBSD/current. Bump PKGREVISION.
|
|
Follow the example of OpenBSD ports and do not run the tests while building.
They are flaky under the Makefile harness for some reason.
|
|
go1.1.2 (released 2013/08/13) includes fixes to the gc compiler and cgo,
and the bufio, runtime, syscall, and time packages. See the change
history for details. If you use package syscall's Getrlimit and
Setrlimit functions under Linux on the ARM or 386 architectures, please
note change 55ac276af5a7 that fixes issue 5949.
This is a leaf package, so it should be ok during the freeze.
|
|
The Go programming language is an open source project to make
programmers more productive.
Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.
|