Bug 1215090

Summary: go1.20,go1.21: Go toolchain packages missing src/cmd/vendor/github.com/google/pprof/internal/driver/html/
Product: [openSUSE] openSUSE Tumbleweed Reporter: Jeff Kowalczyk <jkowalczyk>
Component: DevelopmentAssignee: Jeff Kowalczyk <jkowalczyk>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jeff Kowalczyk 2023-09-07 05:00:34 UTC 
Include the missing directory src/cmd/vendor/github.com/google/pprof/internal/driver/html/ in our go1.1x toolchain packages. This will fix failing builds with applications that directly import runtime/pprof e.g. kubeconform which failed to build with the following error:

/usr/lib64/go/1.21/src/cmd/vendor/github.com/google/pprof/internal/driv
er/webhtml.go:26:12: pattern html: no matching files found


Upstream Go sources vendor certain tools including the pprof profiler [1]. pprof has an asset directory pprof/internal/driver/html containing only html templates used by the pprof viewer and no Go source code. Our go packaging tries to be conservative in what we include in the RPM, and with our find/glob patterns this directory has never been included in the packaging.

The issue was first reported with go1.21. However, the last vendoring update was for go1.20, so we will include the fix in go1.20 packaging as well:

bb917bd 2022-11-22 09:39 cmd/vendor: update vendored github.com/google/pprof for Go 1.20 release

[1] https://github.com/google/pprof
Comment 1 OBSbugzilla Bot 2023-09-07 22:05:14 UTC 
This is an autogenerated message for OBS integration:
This bug (1215090) was mentioned in
https://build.opensuse.org/request/show/1109620 Factory / go1.19
https://build.opensuse.org/request/show/1109621 Factory / go1.20
https://build.opensuse.org/request/show/1109622 Factory / go1.21
Comment 3 Jeff Kowalczyk 2023-09-16 04:34:27 UTC 
The missing files are now present in currently supported go1.x toolchain packages.
Comment 4 Maintenance Automation 2023-09-20 12:30:44 UTC 
SUSE-SU-2023:3701-1: An update that solves five vulnerabilities and has one security fix can now be installed.

Category: security (important)
Bug References: 1212475, 1215084, 1215085, 1215086, 1215087, 1215090
CVE References: CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322
Sources used:
Development Tools Module 15-SP5 (src): go1.21-1.21.1-150000.1.6.1
openSUSE Leap 15.4 (src): go1.21-1.21.1-150000.1.6.1
openSUSE Leap 15.5 (src): go1.21-1.21.1-150000.1.6.1
Development Tools Module 15-SP4 (src): go1.21-1.21.1-150000.1.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2023-09-20 12:30:47 UTC 
SUSE-SU-2023:3700-1: An update that solves two vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1206346, 1215084, 1215085, 1215090
CVE References: CVE-2023-39318, CVE-2023-39319
Sources used:
openSUSE Leap 15.4 (src): go1.20-1.20.8-150000.1.23.1
openSUSE Leap 15.5 (src): go1.20-1.20.8-150000.1.23.1
Development Tools Module 15-SP4 (src): go1.20-1.20.8-150000.1.23.1
Development Tools Module 15-SP5 (src): go1.20-1.20.8-150000.1.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Maintenance Automation 2023-09-21 08:30:10 UTC 
SUSE-RU-2023:3719-1: An update that has two fixes can now be installed.

Category: recommended (moderate)
Bug References: 1200441, 1215090
Sources used:
openSUSE Leap 15.4 (src): go1.19-1.19.13-150000.1.43.1
openSUSE Leap 15.5 (src): go1.19-1.19.13-150000.1.43.1
Development Tools Module 15-SP4 (src): go1.19-1.19.13-150000.1.43.1
Development Tools Module 15-SP5 (src): go1.19-1.19.13-150000.1.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2023-09-27 20:30:13 UTC 
SUSE-SU-2023:3841-1: An update that solves two vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1200441, 1213229, 1213880, 1215090
CVE References: CVE-2023-29406, CVE-2023-29409
Sources used:
openSUSE Leap 15.4 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
openSUSE Leap 15.5 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
Development Tools Module 15-SP4 (src): go1.19-openssl-1.19.13.1-150000.1.8.1
Development Tools Module 15-SP5 (src): go1.19-openssl-1.19.13.1-150000.1.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2023-09-27 20:30:16 UTC 
SUSE-SU-2023:3840-1: An update that solves three vulnerabilities and has two security fixes can now be installed.

Category: security (important)
Bug References: 1206346, 1213880, 1215084, 1215085, 1215090
CVE References: CVE-2023-29409, CVE-2023-39318, CVE-2023-39319
Sources used:
openSUSE Leap 15.4 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
openSUSE Leap 15.5 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
Development Tools Module 15-SP4 (src): go1.20-openssl-1.20.8.1-150000.1.11.1
Development Tools Module 15-SP5 (src): go1.20-openssl-1.20.8.1-150000.1.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 OBSbugzilla Bot 2023-10-31 15:35:22 UTC 
This is an autogenerated message for OBS integration:
This bug (1215090) was mentioned in
https://build.opensuse.org/request/show/1121461 Backports:SLE-12 / go1.21
Comment 13 Marcus Meissner 2023-11-09 14:05:20 UTC 
openSUSE-SU-2023:0360-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1212475,1212667,1212669,1215084,1215085,1215086,1215087,1215090,1215985,1216109
CVE References: CVE-2023-39318,CVE-2023-39319,CVE-2023-39320,CVE-2023-39321,CVE-2023-39322,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487
JIRA References: 
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    go-1.21-41.1, go1.21-1.21.3-2.1
Comment 15 Maintenance Automation 2023-11-16 20:30:11 UTC 
SUSE-SU-2023:4469-1: An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed.

Category: security (moderate)
Bug References: 1212475, 1212667, 1212669, 1215084, 1215085, 1215086, 1215087, 1215090, 1215985, 1216109, 1216943, 1216944
CVE References: CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322, CVE-2023-39323, CVE-2023-39325, CVE-2023-44487, CVE-2023-45283, CVE-2023-45284
Jira References: SLE-18320
Sources used:
openSUSE Leap 15.4 (src): go1.21-openssl-1.21.4.1-150000.1.5.1
openSUSE Leap 15.5 (src): go1.21-openssl-1.21.4.1-150000.1.5.1
Development Tools Module 15-SP4 (src): go1.21-openssl-1.21.4.1-150000.1.5.1
Development Tools Module 15-SP5 (src): go1.21-openssl-1.21.4.1-150000.1.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.