diff --git a/.gitignore b/.gitignore index 14bfefd..f7645d8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go1.8.3.src.tar.gz +SOURCES/go1.9.4.src.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 8d807c9..d53aad3 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -7c3b942c58a44396ff1d205d0e6e72770792d626 SOURCES/go1.8.3.src.tar.gz +12b0ecee83525cd594f4fbf30380d4832e06f189 SOURCES/go1.9.4.src.tar.gz diff --git a/SOURCES/31bit-OID-asn1.patch b/SOURCES/31bit-OID-asn1.patch deleted file mode 100644 index 4d01b3d..0000000 --- a/SOURCES/31bit-OID-asn1.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 94aba76639cf4d5e30975d846bb0368db8202269 Mon Sep 17 00:00:00 2001 -From: Monis Khan -Date: Wed, 12 Apr 2017 16:00:58 -0400 -Subject: [PATCH] encoding/asn1: support 31 bit identifiers with OID - -The current implementation uses a max of 28 bits when decoding an -ObjectIdentifier. This change makes it so that an int64 is used to -accumulate up to 35 bits. If the resulting data would not overflow -an int32, it is used as an int. Thus up to 31 bits may be used to -represent each subidentifier of an ObjectIdentifier. - -Fixes #19933 - -Change-Id: I95d74b64b24cdb1339ff13421055bce61c80243c -Reviewed-on: https://go-review.googlesource.com/40436 -Reviewed-by: Adam Langley -Run-TryBot: Adam Langley ---- - src/encoding/asn1/asn1.go | 15 ++++++++++++--- - src/encoding/asn1/asn1_test.go | 3 +++ - 2 files changed, 15 insertions(+), 3 deletions(-) - -diff --git a/src/encoding/asn1/asn1.go b/src/encoding/asn1/asn1.go -index c2c0ee420ac..65f018d0148 100644 ---- a/src/encoding/asn1/asn1.go -+++ b/src/encoding/asn1/asn1.go -@@ -22,6 +22,7 @@ package asn1 - import ( - "errors" - "fmt" -+ "math" - "math/big" - "reflect" - "strconv" -@@ -293,16 +294,24 @@ type Flag bool - // given byte slice. It returns the value and the new offset. - func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error) { - offset = initOffset -+ var ret64 int64 - for shifted := 0; offset < len(bytes); shifted++ { -- if shifted == 4 { -+ // 5 * 7 bits per byte == 35 bits of data -+ // Thus the representation is either non-minimal or too large for an int32 -+ if shifted == 5 { - err = StructuralError{"base 128 integer too large"} - return - } -- ret <<= 7 -+ ret64 <<= 7 - b := bytes[offset] -- ret |= int(b & 0x7f) -+ ret64 |= int64(b & 0x7f) - offset++ - if b&0x80 == 0 { -+ ret = int(ret64) -+ // Ensure that the returned value fits in an int on all platforms -+ if ret64 > math.MaxInt32 { -+ err = StructuralError{"base 128 integer too large"} -+ } - return - } - } -diff --git a/src/encoding/asn1/asn1_test.go b/src/encoding/asn1/asn1_test.go -index 9976656df89..2dd799f2362 100644 ---- a/src/encoding/asn1/asn1_test.go -+++ b/src/encoding/asn1/asn1_test.go -@@ -7,6 +7,7 @@ package asn1 - import ( - "bytes" - "fmt" -+ "math" - "math/big" - "reflect" - "strings" -@@ -386,6 +387,8 @@ var tagAndLengthData = []tagAndLengthTest{ - {[]byte{0xa0, 0x81, 0x7f}, false, tagAndLength{}}, - // Tag numbers which would overflow int32 are rejected. (The value below is 2^31.) - {[]byte{0x1f, 0x88, 0x80, 0x80, 0x80, 0x00, 0x00}, false, tagAndLength{}}, -+ // Tag numbers that fit in an int32 are valid. (The value below is 2^31 - 1.) -+ {[]byte{0x1f, 0x87, 0xFF, 0xFF, 0xFF, 0x7F, 0x00}, true, tagAndLength{tag: math.MaxInt32}}, - // Long tag number form may not be used for tags that fit in short form. - {[]byte{0x1f, 0x1e, 0x00}, false, tagAndLength{}}, - } diff --git a/SOURCES/dlink-aarch64-test-fail.patch b/SOURCES/dlink-aarch64-test-fail.patch deleted file mode 100644 index c9cd3a1..0000000 --- a/SOURCES/dlink-aarch64-test-fail.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -up go/misc/cgo/testshared/shared_test.go.dlink go/misc/cgo/testshared/shared_test.go ---- go/misc/cgo/testshared/shared_test.go.dlink 2017-06-01 15:31:59.414045543 +0200 -+++ go/misc/cgo/testshared/shared_test.go 2017-06-01 15:32:35.330926128 +0200 -@@ -167,11 +167,11 @@ func TestMain(m *testing.M) { - os.Unsetenv("GOBIN") - - flag.Parse() -- exitCode, err := testMain(m) -- if err != nil { -- log.Fatal(err) -- } -- os.Exit(exitCode) -+ // exitCode, err := testMain(m) -+ //if err != nil { -+ // log.Fatal(err) -+ //} -+ os.Exit(0) - } - - // The shared library was built at the expected location. diff --git a/SOURCES/dlink-test-fail.patch b/SOURCES/dlink-test-fail.patch deleted file mode 100644 index 92f1d82..0000000 --- a/SOURCES/dlink-test-fail.patch +++ /dev/null @@ -1,9 +0,0 @@ -diff -up go/misc/cgo/test/cgo_unix_test.go.dlink go/misc/cgo/test/cgo_unix_test.go ---- go/misc/cgo/test/cgo_unix_test.go.dlink 2017-06-01 15:05:24.898346937 +0200 -+++ go/misc/cgo/test/cgo_unix_test.go 2017-06-01 15:05:37.762304168 +0200 -@@ -10,4 +10,4 @@ import "testing" - - func TestSigaltstack(t *testing.T) { testSigaltstack(t) } - func TestSigprocmask(t *testing.T) { testSigprocmask(t) } --func Test18146(t *testing.T) { test18146(t) } -+func Test18146(t *testing.T) {} diff --git a/SOURCES/golang-1.2-verbose-build.patch b/SOURCES/golang-1.2-verbose-build.patch index e9c5edf..c9dbba2 100644 --- a/SOURCES/golang-1.2-verbose-build.patch +++ b/SOURCES/golang-1.2-verbose-build.patch @@ -1,8 +1,7 @@ -Index: go/src/make.bash -=================================================================== ---- go.orig/src/make.bash -+++ go/src/make.bash -@@ -153,12 +153,12 @@ if [ "$GOHOSTARCH" != "$GOARCH" -o "$GOHOSTOS" != "$GOOS" ]; then +diff -up go/src/make.bash.verbose go/src/make.bash +--- go/src/make.bash.verbose 2017-07-11 12:00:09.513553508 +0200 ++++ go/src/make.bash 2017-07-11 12:01:25.288245720 +0200 +@@ -167,7 +167,7 @@ if [ "$GOHOSTARCH" != "$GOARCH" -o "$GOH # CC_FOR_TARGET is recorded as the default compiler for the go tool. When building for the host, however, # use the host compiler, CC, from `cmd/dist/dist env` instead. CC=$CC GOOS=$GOHOSTOS GOARCH=$GOHOSTARCH \ @@ -11,9 +10,12 @@ Index: go/src/make.bash echo fi - echo "##### Building packages and commands for $GOOS/$GOARCH." +@@ -175,7 +175,7 @@ echo "##### Building packages and comman + + old_bin_files=$(cd $GOROOT/bin && echo *) + -CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v std cmd +CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v -x std cmd - echo - rm -f "$GOTOOLDIR"/go_bootstrap + # Check that there are no new files in $GOROOT/bin other than go and gofmt + # and $GOOS_$GOARCH (a directory used when cross-compiling). diff --git a/SOURCES/golang-1.5-bootstrap-binary-path.patch b/SOURCES/golang-1.5-bootstrap-binary-path.patch index d0e1f34..af7d069 100644 --- a/SOURCES/golang-1.5-bootstrap-binary-path.patch +++ b/SOURCES/golang-1.5-bootstrap-binary-path.patch @@ -1,36 +1,37 @@ diff -up go/src/cmd/dist/buildtool.go.bootstrap go/src/cmd/dist/buildtool.go ---- go/src/cmd/dist/buildtool.go.bootstrap 2016-10-24 12:54:57.620563325 +0200 -+++ go/src/cmd/dist/buildtool.go 2016-10-24 13:12:25.036466602 +0200 -@@ -131,17 +131,25 @@ func bootstrapBuildTools() { +--- go/src/cmd/dist/buildtool.go.bootstrap 2017-07-11 12:05:00.041373419 +0200 ++++ go/src/cmd/dist/buildtool.go 2017-07-11 12:07:27.141775914 +0200 +@@ -153,18 +153,26 @@ func bootstrapBuildTools() { defer os.Setenv("GOBIN", os.Getenv("GOBIN")) os.Setenv("GOBIN", "") -+ hostos := os.Getenv("GOHOSTOS") -+ hostarch := os.Getenv("GOHOSTARCH") ++ hostos := os.Getenv("GOHOSTOS") ++ hostarch := os.Getenv("GOHOSTARCH") + os.Setenv("GOOS", "") os.Setenv("GOHOSTOS", "") os.Setenv("GOARCH", "") os.Setenv("GOHOSTARCH", "") -+ bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch) -+ if _, err := os.Stat(bingopath); os.IsNotExist(err) { -+ bingopath = pathf("%s/bin/go", goroot_bootstrap) -+ } ++ bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch) ++ if _, err := os.Stat(bingopath); os.IsNotExist(err) { ++ bingopath = pathf("%s/bin/go", goroot_bootstrap) ++ } + // Run Go 1.4 to build binaries. Use -gcflags=-l to disable inlining to // workaround bugs in Go 1.4's compiler. See discussion thread: // https://groups.google.com/d/msg/golang-dev/Ss7mCKsvk8w/Gsq7VYI0AwAJ // Use the math_big_pure_go build tag to disable the assembly in math/big // which may contain unsupported instructions. -- run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-gcflags=-l", "-tags=math_big_pure_go", "-v", "bootstrap/cmd/...") -+ run(workspace, ShowOutput|CheckExit, bingopath, "install", "-gcflags=-l", "-v", "-tags=math_big_pure_go", "bootstrap/...") - - // Copy binaries into tool binary directory. - for _, name := range bootstrapDirs { + cmd := []string{ +- pathf("%s/bin/go", goroot_bootstrap), ++ bingopath, + "install", + "-gcflags=-l", + "-tags=math_big_pure_go", diff -up go/src/make.bash.bootstrap go/src/make.bash ---- go/src/make.bash.bootstrap 2016-10-24 12:54:57.606563267 +0200 -+++ go/src/make.bash 2016-10-24 12:54:57.620563325 +0200 +--- go/src/make.bash.bootstrap 2017-07-11 12:05:00.036373439 +0200 ++++ go/src/make.bash 2017-07-11 12:05:00.041373419 +0200 @@ -120,8 +120,15 @@ echo '##### Building Go bootstrap tool.' echo cmd/dist export GOROOT="$(cd .. && pwd)" @@ -49,7 +50,7 @@ diff -up go/src/make.bash.bootstrap go/src/make.bash echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2 exit 1 fi -@@ -130,8 +137,6 @@ if [ "$GOROOT_BOOTSTRAP" == "$GOROOT" ]; +@@ -130,8 +137,6 @@ if [ "$GOROOT_BOOTSTRAP" = "$GOROOT" ]; echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2 exit 1 fi diff --git a/SOURCES/use-buildmode-pie-for-pie-testing.patch b/SOURCES/use-buildmode-pie-for-pie-testing.patch new file mode 100644 index 0000000..9f0db0e --- /dev/null +++ b/SOURCES/use-buildmode-pie-for-pie-testing.patch @@ -0,0 +1,51 @@ +diff -up go/src/cmd/dist/test.go.pie go/src/cmd/dist/test.go +--- go/src/cmd/dist/test.go.pie 2017-10-25 20:30:21.000000000 +0200 ++++ go/src/cmd/dist/test.go 2017-11-03 16:47:55.290829798 +0100 +@@ -852,6 +852,16 @@ func (t *tester) supportedBuildmode(mode + return true + } + return false ++ case "pie": ++ switch pair { ++ case "linux-386", "linux-amd64", "linux-arm", "linux-arm64", "linux-ppc64le", "linux-s390x", ++ "android-amd64", "android-arm", "android-arm64", "android-386": ++ return true ++ case "darwin-amd64": ++ return true ++ } ++ return false ++ + default: + log.Fatalf("internal error: unknown buildmode %s", mode) + return false +@@ -953,24 +963,16 @@ func (t *tester) cgoTest(dt *distTest) e + } + } + +- if pair != "freebsd-amd64" { // clang -pie fails to link misc/cgo/test +- cmd := t.dirCmd("misc/cgo/test", +- cc, "-xc", "-o", "/dev/null", "-pie", "-") ++ if t.supportedBuildmode("pie") { ++ cmd = t.addCmd(dt, "misc/cgo/test", "go", "test", "-buildmode=pie") + cmd.Env = env +- cmd.Stdin = strings.NewReader("int main() {}") +- if err := cmd.Run(); err != nil { +- fmt.Println("No support for -pie found, skip cgo PIE test.") +- } else { +- cmd = t.addCmd(dt, "misc/cgo/test", "go", "test", "-ldflags", `-linkmode=external -extldflags "-pie"`) +- cmd.Env = env + +- cmd = t.addCmd(dt, "misc/cgo/testtls", "go", "test", "-ldflags", `-linkmode=external -extldflags "-pie"`) +- cmd.Env = env ++ cmd = t.addCmd(dt, "misc/cgo/testtls", "go", "test", "-buildmode=pie") ++ cmd.Env = env + +- cmd = t.addCmd(dt, "misc/cgo/nocgo", "go", "test", "-ldflags", `-linkmode=external -extldflags "-pie"`) +- cmd.Env = env ++ cmd = t.addCmd(dt, "misc/cgo/nocgo", "go", "test", "-buildmode=pie") ++ cmd.Env = env + +- } + } + } + } diff --git a/SOURCES/use-no-pie-where-needed.patch b/SOURCES/use-no-pie-where-needed.patch new file mode 100644 index 0000000..a1da37f --- /dev/null +++ b/SOURCES/use-no-pie-where-needed.patch @@ -0,0 +1,39 @@ +diff -up go/misc/cgo/testcarchive/carchive_test.go.orig go/misc/cgo/testcarchive/carchive_test.go +--- go/misc/cgo/testcarchive/carchive_test.go.orig 2017-10-25 20:30:21.000000000 +0200 ++++ go/misc/cgo/testcarchive/carchive_test.go 2017-11-08 10:31:42.982462249 +0100 +@@ -6,6 +6,7 @@ package carchive_test + + import ( + "bufio" ++ "bytes" + "debug/elf" + "fmt" + "io/ioutil" +@@ -605,9 +606,26 @@ func TestCompileWithoutShared(t *testing + } + + exe := "./testnoshared" + exeSuffix +- ccArgs := append(cc, "-o", exe, "main5.c", "libgo2.a") ++ ++ // In some cases, -no-pie is needed here, but not accepted everywhere. First try ++ // if -no-pie is accepted. See #22126. ++ ccArgs := append(cc, "-o", exe, "-no-pie", "main5.c", "libgo2.a") + t.Log(ccArgs) + out, err = exec.Command(ccArgs[0], ccArgs[1:]...).CombinedOutput() ++ ++ // If -no-pie unrecognized, try -nopie if this is possibly clang ++ if err != nil && bytes.Contains(out, []byte("unknown")) && !strings.Contains(cc[0], "gcc") { ++ ccArgs = append(cc, "-o", exe, "-nopie", "main5.c", "libgo2.a") ++ t.Log(ccArgs) ++ out, err = exec.Command(ccArgs[0], ccArgs[1:]...).CombinedOutput() ++ } ++ ++ // Don't use either -no-pie or -nopie ++ if err != nil && bytes.Contains(out, []byte("unrecognized")) { ++ ccArgs := append(cc, "-o", exe, "main5.c", "libgo2.a") ++ t.Log(ccArgs) ++ out, err = exec.Command(ccArgs[0], ccArgs[1:]...).CombinedOutput() ++ } + t.Logf("%s", out) + if err != nil { + t.Fatal(err) diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 0cb6635..d02c0f7 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -80,11 +80,11 @@ %global gohostarch s390x %endif -%global go_api 1.8 -%global go_version 1.8.3 +%global go_api 1.9 +%global go_version 1.9.4 Name: golang -Version: 1.8.3 +Version: 1.9.4 Release: 1%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain @@ -120,10 +120,10 @@ Patch212: golang-1.5-bootstrap-binary-path.patch # later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests. Patch215: ./go1.5-zoneinfo_testing_only.patch -# https://github.com/golang/go/commit/94aba76639cf4d5e30975d846bb0368db8202269 -Patch216: ./31bit-OID-asn1.patch -Patch217: ./dlink-test-fail.patch -Patch218: ./dlink-aarch64-test-fail.patch +# https://github.com/golang/go/commit/ca8c361d867d62bd46013c5abbaaad0b2ca6077f +Patch216: use-buildmode-pie-for-pie-testing.patch +# https://github.com/hyangah/go/commit/3502496d03bcd842fd7aac95ec0d7096d581cd26 +Patch217: use-no-pie-where-needed.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -244,15 +244,7 @@ Summary: Golang shared object libraries %patch215 -p1 %patch216 -p1 -%ifarch ppc64le %patch217 -p1 -%endif -%ifarch aarch64 -%patch218 -p1 -%endif - -# don't include chacha test vectors in buildID -mv ./src/vendor/golang_org/x/crypto/chacha20poly1305/chacha20poly1305_test_vectors.go ./src/vendor/golang_org/x/crypto/chacha20poly1305/chacha20poly1305_vectors_test.go %build @@ -434,6 +426,7 @@ fi %exclude %{goroot}/src/ %exclude %{goroot}/doc/ %exclude %{goroot}/misc/ +%exclude %{goroot}/test/ %{goroot}/* # ensure directory ownership, so they are cleaned up if empty @@ -474,6 +467,33 @@ fi %endif %changelog +* Thu Feb 08 2018 Jakub Čajka - 1.9.4-1 +- Rebase to 1.9.4 +- Fix CVE-2018-6574 +- Resolves: rhbz#1545300 + +* Wed Nov 08 2017 Jakub Čajka - 1.9.2-4 +- Related: rhbz#1505967 + +* Tue Nov 07 2017 Jakub Čajka - 1.9.2-3 +- Resolve: rhbz#1505967 + +* Tue Oct 31 2017 Jakub Čajka - 1.9.2-2 +- fix up file lists +- Related: rhbz#1499827 + +* Thu Oct 26 2017 Jakub Čajka - 1.9.2-1 +- Rebase to 1.9.2 +- Related: rhbz#1499827 + +* Fri Oct 13 2017 Jakub Čajka - 1.9.1-1 +- Rebase to 1.9.1 +- fix CVE-2017-15041 and CVE-2017-15042 +- Resolves: rhbz#1500591, rhbz#1499827, rhbz#1500587, rhbz#1448494 + +* Tue Jun 20 2017 Jakub Čajka - 1.8.3-2 +- Resolves: rhbz#1447109 + * Wed May 31 2017 Jakub Čajka - 1.8.3-1 - bump to 1.8.3 - fix CVE-2017-8932