Bugzilla – Bug 1212667
go1.21 packages are missing go.env file to set toolchain defaults
Last modified: 2024-03-27 14:50:07 UTC
The go1.x upstream source file go.env is missing from go1.x packages. go.env sets defaults including: GOPROXY GOSUMDB GOTOOLCHAIN. The user can override the defaults in ~/.config/go/env. go1.x packages <= go1.20 with missing go.env somehow still had the expected default: GOPROXY="https://proxy.golang.org,direct" and thus worked normally. Starting in go1.21+ a missing go.env defaults to GOPROXY='' resulting in errors with online go tool commands such as "go install" and "go mod download": "GOPROXY list is not the empty string, but contains no entries" It is not yet clear why GOPROXY='' is not evaluated as "the empty string". The fix for the above is simply to ensure go.env is included in packaging.
Correction: go.env is a new file in go1.21 introduced to reduce certain common cases where packagers need to patch Go source files. https://github.com/golang/go/commit/7aa85e01376d840acc8bb931156d607a00b64a60
This is an autogenerated message for OBS integration: This bug (1212667) was mentioned in https://build.opensuse.org/request/show/1095300 Factory / go1.21
SUSE-RU-2023:3323-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1212475, 1212667, 1212669 Sources used: Development Tools Module 15-SP4 (src): go1.21-1.21.0-150000.1.3.1 Development Tools Module 15-SP5 (src): go1.21-1.21.0-150000.1.3.1 openSUSE Leap 15.4 (src): go1.21-1.21.0-150000.1.3.1 openSUSE Leap 15.5 (src): go1.21-1.21.0-150000.1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1212667) was mentioned in https://build.opensuse.org/request/show/1121461 Backports:SLE-12 / go1.21
openSUSE-SU-2023:0360-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1212475,1212667,1212669,1215084,1215085,1215086,1215087,1215090,1215985,1216109 CVE References: CVE-2023-39318,CVE-2023-39319,CVE-2023-39320,CVE-2023-39321,CVE-2023-39322,CVE-2023-39323,CVE-2023-39325,CVE-2023-44487 JIRA References: Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): go-1.21-41.1, go1.21-1.21.3-2.1
SUSE-SU-2023:4469-1: An update that solves 10 vulnerabilities, contains one feature and has two security fixes can now be installed. Category: security (moderate) Bug References: 1212475, 1212667, 1212669, 1215084, 1215085, 1215086, 1215087, 1215090, 1215985, 1216109, 1216943, 1216944 CVE References: CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322, CVE-2023-39323, CVE-2023-39325, CVE-2023-44487, CVE-2023-45283, CVE-2023-45284 Jira References: SLE-18320 Sources used: openSUSE Leap 15.4 (src): go1.21-openssl-1.21.4.1-150000.1.5.1 openSUSE Leap 15.5 (src): go1.21-openssl-1.21.4.1-150000.1.5.1 Development Tools Module 15-SP4 (src): go1.21-openssl-1.21.4.1-150000.1.5.1 Development Tools Module 15-SP5 (src): go1.21-openssl-1.21.4.1-150000.1.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.