From 0d43e1bff1ada5280e157f1693f3228498be2669 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 28 2021 04:51:33 +0000 Subject: import golang-1.17.2-1.module+el8.6.0+12972+ebab5911 --- diff --git a/.gitignore b/.gitignore index ceb3ab9..4217694 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz +SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 413c971..922df85 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -e693273f254789980a55720bd48ac8741d446f21 SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz +583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch deleted file mode 100644 index 5d9cf82..0000000 --- a/SOURCES/golang-1.15-warnCN.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 50f4d4a..121fd1b 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -20,6 +20,9 @@ import ( - - // ignoreCN disables interpreting Common Name as a hostname. See issue 24151. - var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0") -+// if using Common Name as a hostname is enabled via x509ignoreCN=0, -+// warnCN enables a warning whenever Common Name is interpreted as a hostname. -+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1") - - type InvalidReason int - -@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error { - names := c.DNSNames - if c.commonNameAsHostname() { - names = []string{c.Subject.CommonName} -+ if warnCN { -+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " + -+ "Using CN without SAN is deprecated and will not work in future versions.\n") -+ } - } - - candidateName := toLowerCaseASCII(h) // Save allocations inside the loop. diff --git a/SOURCES/reject-leading-zeros.patch b/SOURCES/reject-leading-zeros.patch deleted file mode 100644 index 24fa6c8..0000000 --- a/SOURCES/reject-leading-zeros.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff --git a/doc/go1.16.html b/doc/go1.16.html -index 0beb62d..fc6b668 100644 ---- a/doc/go1.16.html -+++ b/doc/go1.16.html -@@ -891,6 +891,14 @@ func TestFoo(t *testing.T) { - is missing; this is common on musl-based systems and makes - Go programs match the behavior of C programs on those systems. -

-+

-+ The ParseIP and ParseCIDR -+ functions now reject IPv4 addresses which contain decimal components with leading zeros. -+ These components were always interpreted as decimal, but some operating systems treat them as octal. -+ This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses -+ which were then used in their original form with non-Go applications which interpreted components as octal. Generally, -+ it is advisable to always re-encoded values after validation, which avoids this class of parser misalignment issues. -+

- - - -diff --git a/src/net/hosts_test.go b/src/net/hosts_test.go -index f850e2f..19c4399 100644 ---- a/src/net/hosts_test.go -+++ b/src/net/hosts_test.go -@@ -36,7 +36,7 @@ var lookupStaticHostTests = []struct { - }, - }, - { -- "testdata/ipv4-hosts", // see golang.org/issue/8996 -+ "testdata/ipv4-hosts", - []staticHostEntry{ - {"localhost", []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"}}, - {"localhost.localdomain", []string{"127.0.0.3"}}, -@@ -102,7 +102,7 @@ var lookupStaticAddrTests = []struct { - }, - }, - { -- "testdata/ipv4-hosts", // see golang.org/issue/8996 -+ "testdata/ipv4-hosts", - []staticHostEntry{ - {"127.0.0.1", []string{"localhost"}}, - {"127.0.0.2", []string{"localhost"}}, -diff --git a/src/net/ip.go b/src/net/ip.go -index c00fe8e..007f3f7 100644 ---- a/src/net/ip.go -+++ b/src/net/ip.go -@@ -552,6 +552,10 @@ func parseIPv4(s string) IP { - if !ok || n > 0xFF { - return nil - } -+ if c > 1 && s[0] == '0' { -+ // Reject non-zero components with leading zeroes. -+ return nil -+ } - s = s[c:] - p[i] = byte(n) - } -diff --git a/src/net/ip_test.go b/src/net/ip_test.go -index a5fc5e6..585381d 100644 ---- a/src/net/ip_test.go -+++ b/src/net/ip_test.go -@@ -20,9 +20,7 @@ var parseIPTests = []struct { - }{ - {"127.0.1.2", IPv4(127, 0, 1, 2)}, - {"127.0.0.1", IPv4(127, 0, 0, 1)}, -- {"127.001.002.003", IPv4(127, 1, 2, 3)}, - {"::ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, -- {"::ffff:127.001.002.003", IPv4(127, 1, 2, 3)}, - {"::ffff:7f01:0203", IPv4(127, 1, 2, 3)}, - {"0:0:0:0:0000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, - {"0:0:0:0:000000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, -@@ -42,6 +40,11 @@ var parseIPTests = []struct { - {"fe80::1%911", nil}, - {"", nil}, - {"a1:a2:a3:a4::b1:b2:b3:b4", nil}, // Issue 6628 -+ {"127.001.002.003", nil}, -+ {"::ffff:127.001.002.003", nil}, -+ {"123.000.000.000", nil}, -+ {"1.2..4", nil}, -+ {"0123.0.0.1", nil}, - } - - func TestParseIP(t *testing.T) { -@@ -357,6 +360,7 @@ var parseCIDRTests = []struct { - {"0.0.-2.0/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.-2.0/32"}}, - {"0.0.0.-3/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.-3/32"}}, - {"0.0.0.0/-0", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.0/-0"}}, -+ {"127.000.000.001/32", nil, nil, &ParseError{Type: "CIDR address", Text: "127.000.000.001/32"}}, - {"", nil, nil, &ParseError{Type: "CIDR address", Text: ""}}, - } - -diff --git a/src/net/testdata/ipv4-hosts b/src/net/testdata/ipv4-hosts -index 5208bb4..6b99675 100644 ---- a/src/net/testdata/ipv4-hosts -+++ b/src/net/testdata/ipv4-hosts -@@ -1,12 +1,8 @@ - # See https://tools.ietf.org/html/rfc1123. --# --# The literal IPv4 address parser in the net package is a relaxed --# one. It may accept a literal IPv4 address in dotted-decimal notation --# with leading zeros such as "001.2.003.4". - - # internet address and host name - 127.0.0.1 localhost # inline comment separated by tab --127.000.000.002 localhost # inline comment separated by space -+127.0.0.2 localhost # inline comment separated by space - - # internet address, host name and aliases --127.000.000.003 localhost localhost.localdomain -+127.0.0.3 localhost localhost.localdomain diff --git a/SPECS/golang.spec b/SPECS/golang.spec index d266a66..40f2063 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -95,8 +95,8 @@ %global gohostarch s390x %endif -%global go_api 1.16 -%global go_version 1.16.7 +%global go_api 1.17 +%global go_version 1.17.2 %global pkg_release 1 Name: golang @@ -140,16 +140,6 @@ Patch215: go1.5-zoneinfo_testing_only.patch # Proposed patch by jcajka https://golang.org/cl/86541 Patch221: fix_TestScript_list_std.patch -# Add an env var to optionally trigger a warning in x509 when -# Common Name is used as hostname -# rhbz#1889437 -Patch223: golang-1.15-warnCN.patch - -# Fix incorrect parsing of extraneous zeros in net/ip -# https://bugzilla.redhat.com/show_bug.cgi?id=1993316 -# https://go-review.googlesource.com/c/go/+/325829 -Patch1993316: reject-leading-zeros.patch - Patch1939923: skip_test_rhbz1939923.patch # Fix FIPS mode memory leaks @@ -248,12 +238,8 @@ Requires: %{name} = %{version}-%{release} %patch221 -p1 -%patch223 -p1 - %patch1939923 -p1 -%patch1993316 -p1 - %patch1951877 -p1 @@ -326,7 +312,7 @@ rm -rf pkg/bootstrap/bin # install everything into libdir (until symlink problems are fixed) # https://code.google.com/p/go/issues/detail?id=5830 -cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \ +cp -apv api bin doc lib pkg src misc test VERSION \ $RPM_BUILD_ROOT%{goroot} # bz1099206 @@ -448,19 +434,23 @@ export GO_TEST_RUN="" %if %{fail_on_tests} -./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN +# TestEd25519Vectors needs network connectivity but it should be cover by +# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127 +export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$" + +./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST # Run tests with FIPS enabled. export GOLANG_FIPS=1 pushd crypto # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later - go test $(go list ./... | grep -v tls) -v + go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST # Check that signature functions have parity between boring and notboring - CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v + CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST popd # Run all FIPS specific TLS tests pushd crypto/tls - go test -v -run "Boring" + go test -v -run "Boring" $DISABLE_Ed25519_TEST popd %else ./run.bash --no-rebuild -v -v -v -k || : @@ -523,6 +513,14 @@ cd .. %endif %changelog +* Tue Oct 12 2021 Alejandro Sáez - 1.17.2-1 +- Rebase to Go 1.17.2 +- Related: rhbz#2014088 +- Remove golang-1.15-warnCN.patch +- Remove reject-leading-zeros.patch +- Remove favicon.ico and robots.txt references +- Exclude TestEd25519Vectors test + * Tue Aug 17 2021 David Benoit - 1.16.7-1 - Rebase to Go 1.16.7 - Resolves: rhbz#1994079