diff --git a/.gitignore b/.gitignore
index 64af3be..570c2b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go-go-1.14.12-1-openssl-fips.tar.gz
+SOURCES/go-go-1.15.7-1-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index cd050e1..a431e7e 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-92e0ddaaba022868005061bccaa42290daf354e1 SOURCES/go-go-1.14.12-1-openssl-fips.tar.gz
+501d01d764310874ec20f3d7555c70948ef15fb2 SOURCES/go-go-1.15.7-1-openssl-fips.tar.gz
diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch
new file mode 100644
index 0000000..5d9cf82
--- /dev/null
+++ b/SOURCES/golang-1.15-warnCN.patch
@@ -0,0 +1,25 @@
+diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
+index 50f4d4a..121fd1b 100644
+--- a/src/crypto/x509/verify.go
++++ b/src/crypto/x509/verify.go
+@@ -20,6 +20,9 @@ import (
+
+ // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
+ var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
++// if using Common Name as a hostname is enabled via x509ignoreCN=0,
++// warnCN enables a warning whenever Common Name is interpreted as a hostname.
++var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
+
+ type InvalidReason int
+
+@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
+ names := c.DNSNames
+ if c.commonNameAsHostname() {
+ names = []string{c.Subject.CommonName}
++ if warnCN {
++ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
++ "Using CN without SAN is deprecated and will not work in future versions.\n")
++ }
+ }
+
+ candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
diff --git a/SOURCES/net-http-graceful-shutdown.patch b/SOURCES/net-http-graceful-shutdown.patch
new file mode 100644
index 0000000..90dd711
--- /dev/null
+++ b/SOURCES/net-http-graceful-shutdown.patch
@@ -0,0 +1,157 @@
+diff --git a/src/net/http/export_test.go b/src/net/http/export_test.go
+index 657ff9d..67a74ae 100644
+--- a/src/net/http/export_test.go
++++ b/src/net/http/export_test.go
+@@ -274,6 +274,17 @@ func (s *Server) ExportAllConnsIdle() bool {
+ return true
+ }
+
++func (s *Server) ExportAllConnsByState() map[ConnState]int {
++ states := map[ConnState]int{}
++ s.mu.Lock()
++ defer s.mu.Unlock()
++ for c := range s.activeConn {
++ st, _ := c.getState()
++ states[st] += 1
++ }
++ return states
++}
++
+ func (r *Request) WithT(t *testing.T) *Request {
+ return r.WithContext(context.WithValue(r.Context(), tLogKey{}, t.Logf))
+ }
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 5f56932..806272b 100644
+--- a/src/net/http/serve_test.go
++++ b/src/net/http/serve_test.go
+@@ -5519,16 +5519,23 @@ func TestServerSetKeepAlivesEnabledClosesConns(t *testing.T) {
+ }
+ }
+
+-func TestServerShutdown_h1(t *testing.T) { testServerShutdown(t, h1Mode) }
+-func TestServerShutdown_h2(t *testing.T) { testServerShutdown(t, h2Mode) }
++func TestServerShutdown_h1(t *testing.T) {
++ testServerShutdown(t, h1Mode)
++}
++func TestServerShutdown_h2(t *testing.T) {
++ testServerShutdown(t, h2Mode)
++}
+
+ func testServerShutdown(t *testing.T, h2 bool) {
+ setParallel(t)
+ defer afterTest(t)
+ var doShutdown func() // set later
++ var doStateCount func()
+ var shutdownRes = make(chan error, 1)
++ var statesRes = make(chan map[ConnState]int, 1)
+ var gotOnShutdown = make(chan struct{}, 1)
+ handler := HandlerFunc(func(w ResponseWriter, r *Request) {
++ doStateCount()
+ go doShutdown()
+ // Shutdown is graceful, so it should not interrupt
+ // this in-flight response. Add a tiny sleep here to
+@@ -5545,6 +5552,9 @@ func testServerShutdown(t *testing.T, h2 bool) {
+ doShutdown = func() {
+ shutdownRes <- cst.ts.Config.Shutdown(context.Background())
+ }
++ doStateCount = func() {
++ statesRes <- cst.ts.Config.ExportAllConnsByState()
++ }
+ get(t, cst.c, cst.ts.URL) // calls t.Fail on failure
+
+ if err := <-shutdownRes; err != nil {
+@@ -5556,6 +5566,10 @@ func testServerShutdown(t *testing.T, h2 bool) {
+ t.Errorf("onShutdown callback not called, RegisterOnShutdown broken?")
+ }
+
++ if states := <-statesRes; states[StateActive] != 1 {
++ t.Errorf("connection in wrong state, %v", states)
++ }
++
+ res, err := cst.c.Get(cst.ts.URL)
+ if err == nil {
+ res.Body.Close()
+diff --git a/src/net/http/server.go b/src/net/http/server.go
+index d41b5f6..14a6336 100644
+--- a/src/net/http/server.go
++++ b/src/net/http/server.go
+@@ -324,7 +324,7 @@ func (c *conn) hijackLocked() (rwc net.Conn, buf *bufio.ReadWriter, err error) {
+ return nil, nil, fmt.Errorf("unexpected Peek failure reading buffered byte: %v", err)
+ }
+ }
+- c.setState(rwc, StateHijacked)
++ c.setState(rwc, StateHijacked, runHooks)
+ return
+ }
+
+@@ -1737,7 +1737,12 @@ func validNextProto(proto string) bool {
+ return true
+ }
+
+-func (c *conn) setState(nc net.Conn, state ConnState) {
++const (
++ runHooks = true
++ skipHooks = false
++)
++
++func (c *conn) setState(nc net.Conn, state ConnState, runHook bool) {
+ srv := c.server
+ switch state {
+ case StateNew:
+@@ -1750,6 +1755,9 @@ func (c *conn) setState(nc net.Conn, state ConnState) {
+ }
+ packedState := uint64(time.Now().Unix()<<8) | uint64(state)
+ atomic.StoreUint64(&c.curState.atomic, packedState)
++ if !runHook {
++ return
++ }
+ if hook := srv.ConnState; hook != nil {
+ hook(nc, state)
+ }
+@@ -1803,7 +1811,7 @@ func (c *conn) serve(ctx context.Context) {
+ }
+ if !c.hijacked() {
+ c.close()
+- c.setState(c.rwc, StateClosed)
++ c.setState(c.rwc, StateClosed, runHooks)
+ }
+ }()
+
+@@ -1831,6 +1839,10 @@ func (c *conn) serve(ctx context.Context) {
+ if proto := c.tlsState.NegotiatedProtocol; validNextProto(proto) {
+ if fn := c.server.TLSNextProto[proto]; fn != nil {
+ h := initALPNRequest{ctx, tlsConn, serverHandler{c.server}}
++ // Mark freshly created HTTP/2 as active and prevent any server state hooks
++ // from being run on these connections. This prevents closeIdleConns from
++ // closing such connections. See issue https://golang.org/issue/39776.
++ c.setState(c.rwc, StateActive, skipHooks)
+ fn(c.server, tlsConn, h)
+ }
+ return
+@@ -1851,7 +1863,7 @@ func (c *conn) serve(ctx context.Context) {
+ w, err := c.readRequest(ctx)
+ if c.r.remain != c.server.initialReadLimitSize() {
+ // If we read any bytes off the wire, we're active.
+- c.setState(c.rwc, StateActive)
++ c.setState(c.rwc, StateActive, runHooks)
+ }
+ if err != nil {
+ const errorHeaders = "\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n"
+@@ -1934,7 +1946,7 @@ func (c *conn) serve(ctx context.Context) {
+ }
+ return
+ }
+- c.setState(c.rwc, StateIdle)
++ c.setState(c.rwc, StateIdle, runHooks)
+ c.curReq.Store((*response)(nil))
+
+ if !w.conn.server.doKeepAlives() {
+@@ -2965,7 +2977,7 @@ func (srv *Server) Serve(l net.Listener) error {
+ }
+ tempDelay = 0
+ c := srv.newConn(rw)
+- c.setState(c.rwc, StateNew) // before Serve can return
++ c.setState(c.rwc, StateNew, runHooks) // before Serve can return
+ go c.serve(connCtx)
+ }
+ }
diff --git a/SOURCES/x-text-infinite-loop.patch b/SOURCES/x-text-infinite-loop.patch
new file mode 100644
index 0000000..ee4fb0f
--- /dev/null
+++ b/SOURCES/x-text-infinite-loop.patch
@@ -0,0 +1,24 @@
+diff --git a/src/vendor/golang.org/x/text/transform/transform.go b/src/vendor/golang.org/x/text/transform/transform.go
+index 520b9ad..48ec64b 100644
+--- a/src/vendor/golang.org/x/text/transform/transform.go
++++ b/src/vendor/golang.org/x/text/transform/transform.go
+@@ -648,7 +648,8 @@ func String(t Transformer, s string) (result string, n int, err error) {
+ // Transform the remaining input, growing dst and src buffers as necessary.
+ for {
+ n := copy(src, s[pSrc:])
+- nDst, nSrc, err := t.Transform(dst[pDst:], src[:n], pSrc+n == len(s))
++ atEOF := pSrc+n == len(s)
++ nDst, nSrc, err := t.Transform(dst[pDst:], src[:n], atEOF)
+ pDst += nDst
+ pSrc += nSrc
+
+@@ -659,6 +660,9 @@ func String(t Transformer, s string) (result string, n int, err error) {
+ dst = grow(dst, pDst)
+ }
+ } else if err == ErrShortSrc {
++ if atEOF {
++ return string(dst[:pDst]), pSrc, err
++ }
+ if nSrc == 0 {
+ src = grow(src, 0)
+ }
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index fb4b45e..57c6aa1 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -95,8 +95,8 @@
%global gohostarch s390x
%endif
-%global go_api 1.14
-%global go_version 1.14.12
+%global go_api 1.15
+%global go_version 1.15.7
%global pkg_release 1
Name: golang
@@ -131,6 +131,7 @@ Provides: go = %{version}-%{release}
Requires: %{name}-bin = %{version}-%{release}
Requires: %{name}-src = %{version}-%{release}
Requires: openssl-devel
+Requires: diffutils
# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that
# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
@@ -139,6 +140,28 @@ Patch215: ./go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
+# It seems this patch will be included in Go 1.14.5
+# https://github.com/golang/go/issues/39991
+# https://go-review.googlesource.com/c/go/+/240917
+#Patch240917: ppc64le_fix_missing_deferreturn.patch
+
+# Add an env var to optionally trigger a warning in x509 when
+# Common Name is used as hostname
+# rhbz#1889437
+Patch223: golang-1.15-warnCN.patch
+
+# Gracefully shut down http2 connections
+# https://go-review.googlesource.com/c/go/+/240278
+# rhbz#1888673
+Patch224: net-http-graceful-shutdown.patch
+
+# Prevent transform from entering infinite loop.
+# We're just picking the change from transform.go
+# because the encoding module is not included
+# as a vendor dependency.
+# https://go-review.googlesource.com/c/text/+/238238
+Patch225: x-text-infinite-loop.patch
+
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@@ -232,6 +255,14 @@ Requires: %{name} = %{version}-%{release}
%patch221 -p1
+#%patch240917 -p1
+
+%patch223 -p1
+
+%patch224 -p1
+
+%patch225 -p1
+
cp %{SOURCE1} ./src/runtime/
%build
@@ -498,21 +529,44 @@ cd ..
%endif
%changelog
-* Tue Nov 17 2020 David Benoit <dbenoit@redhat.com> - 1.14.12-1
-- Rebase to 1.14.12
-- Resolves: rhbz#1898829
-- Resolves: rhbz#1898832
-- Resolves: rhbz#1898834
-
-* Thu Nov 12 2020 Alejandro Sáez <asm@redhat.com> - 1.14.10-1
-- Rebase to 1.14.10
-- Remove patch to fix missing deferreturn on linux/ppc64le rhbz#1854836
-- Resolves: rhbz#1897181
-- Resolves: rhbz#1897182
-- Resolves: rhbz#1897185
+* Fri Jan 22 2021 David Benoit <dbenoit@redhat.com> - 1.15.7-1
+- Rebase to 1.15.7
+- Resolves: rhbz#1870531
+- Resolves: rhbz#1919261
+
+* Tue Nov 24 2020 David Benoit <dbenoit@redhat.com> - 1.15.5-1
+- Rebase to 1.15.5
+- Resolves: rhbz#1898652
+- Resolves: rhbz#1898660
+- Resolves: rhbz#1898649
+
+* Mon Nov 16 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
+- fix typo in patch file name
+- Related: rhbz#1881539
+
+* Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-1
+- Rebase to 1.15.3
+- fix x/text infinite loop
+- Resolves: rhbz#1881539
+
+* Tue Nov 03 2020 Alejandro Sáez <asm@redhat.com> - 1.15.2-2
+- Resolves: rhbz#1850045
+
+* Mon Oct 19 2020 David Benoit <dbenoit@redhat.com> - 1.15.2-1
+- Rebase to 1.15.2
+- fix rhbz#1872622 in commit af9a1b1f6567a1c5273a134d395bfe7bb840b7f8
+- Resolves: rhbz#1872622
+- add net/http graceful shutdown patch
+- Resolves: rhbz#1888673
+- add x509warnCN patch
+- Resolves: rhbz#1889437
+
+* Wed Sep 09 2020 Alejandro Sáez <asm@redhat.com> - 1.15.0-1
+- Rebase to 1.15.0
+- Related: rhbz#1870531
* Thu Aug 27 2020 Alejandro Sáez <asm@redhat.com> - 1.14.7-2
-- Improve test suit
+- Improve test suite
- Resolves: rhbz#1854693
* Tue Aug 18 2020 Alejandro Sáez <asm@redhat.com> - 1.14.7-1