diff --git a/.gitignore b/.gitignore
index 12fb8a4..bc1ed3a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go-go-1.12.8-2-openssl-fips.tar.gz
+SOURCES/go-go-1.12.12-4-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index 22c9e59..d5842a0 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-5681fc419b8dc6970efae39728893fe77359cde1 SOURCES/go-go-1.12.8-2-openssl-fips.tar.gz
+317c273d2effe6c56ce3730267cb4dfff5c146e0 SOURCES/go-go-1.12.12-4-openssl-fips.tar.gz
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index cae21ba..e8e7879 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -1,5 +1,7 @@
 %undefine _missing_build_ids_terminate_build
 
+%global bcond_with strict_fips
+
 # build ids are not currently generated:
 # https://code.google.com/p/go/issues/detail?id=5238
 #
@@ -27,7 +29,7 @@
 # Define GOROOT macros
 %global goroot          %{_prefix}/lib/%{name}
 %global gopath          %{_datadir}/gocode
-%global golang_arches   %{ix86} x86_64 aarch64 ppc64le s390x %{arm}
+%global golang_arches   %{ix86} x86_64 aarch64 ppc64le s390x
 %global golibdir        %{_libdir}/%{name}
 
 # Golang build options.
@@ -54,7 +56,7 @@
 %endif
 
 # Controls what ever we fail on failed tests
-%ifarch %{ix86} x86_64 aarch64 ppc64le
+%ifarch %{ix86} x86_64 %{arm} aarch64 ppc64le
 %global fail_on_tests 1
 %else
 %global fail_on_tests 0
@@ -97,8 +99,8 @@
 %endif
 
 %global go_api 1.12
-%global go_version 1.12.8
-%global pkg_release 2
+%global go_version 1.12.12
+%global pkg_release 4
 
 Name:           golang
 Version:        %{go_version}
@@ -423,15 +425,20 @@ export GO_TEST_RUN=""
 %endif
 
 %if %{fail_on_tests}
+
+# Limit number of test threads on i686 to avoid OOM failures.
+%ifarch %{ix86}
+export GOMAXPROCS=8
+%endif
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
 
 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
 pushd crypto
   # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list | grep -v tls) -v
+  go test $(go list ./... | grep -v tls) -v
   # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test ./ecdsa
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@@ -498,6 +505,27 @@ cd ..
 %endif
 
 %changelog
+* Tue Oct 29 2019 Derek Parker <deparker@redhat.com> - 1.12.12-4
+- Fix boring/aes_test.go tags
+
+* Tue Oct 29 2019 Tom Stellard <tstellar@redhat.com> - 1.12.12-3
+- Fix tarball
+
+* Tue Oct 29 2019 Derek Parker <deparker@redhat.com> - 1.12.12-2
+- Fix stub boring.(Sign/Verify)RSAPKCS1v15 functions
+
+* Mon Oct 28 2019 Derek Parker <deparker@redhat.com> - 1.12.12-1
+- Rebase to 1.12.12
+- Revert to Sign/Verify operations not expected unhashed inputs
+- Remove previously added verbose output
+- Better expose openssl errors
+
+* Tue Sep 17 2019 Tom Stellard <tstellar@redhat.com> - 1.12.8-4
+- Reduce number of threads when testing on i686
+
+* Wed Sep 11 2019 Tom Stellard <tstellar@redhat.com> - 1.12.8-3
+- Relax FIPS requirements to unblock OpenShift testing
+
 * Wed Aug 28 2019 Tom Stellard <tstellar@redhat.com> - 1.12.8-2
 - Rebase to 1.12.8
 - Resolves: rhbz#1745706