diff --git a/.gitignore b/.gitignore
index 3334520..4217694 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
+SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index 771796a..922df85 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-97a713b08ed6438c1b488c29fb4c1b2d654831c8 SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
+583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
diff --git a/SOURCES/cgo-lto-fix.patch b/SOURCES/cgo-lto-fix.patch
deleted file mode 100644
index 2aca0e3..0000000
--- a/SOURCES/cgo-lto-fix.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001
-From: Ian Lance Taylor <iant@golang.org>
-Date: Tue, 25 May 2021 16:31:41 -0700
-Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS
-
-The linker now accepts unrecognized object files in external linking mode.
-These objects will simply be passed to the external linker.
-This permits using -flto which can generate pure byte code objects,
-whose symbol table the linker does not know how to read.
-
-The cgo tool now passes -fno-lto when generating objects whose symbols
-it needs to read. The cgo tool now emits matching types in different
-objects, so that the lto linker does not report a mismatch.
-
-This is based on https://golang.org/cl/293290 by Derek Parker.
-
-For #43505
-Fixes #43830
-Fixes #46295
-
-Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad
-Reviewed-on: https://go-review.googlesource.com/c/go/+/322614
-Trust: Ian Lance Taylor <iant@golang.org>
-Run-TryBot: Ian Lance Taylor <iant@golang.org>
-TryBot-Result: Go Bot <gobot@golang.org>
-Reviewed-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
----
-
-diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go
-index ae61725..a73e998 100644
---- a/src/cmd/cgo/gcc.go
-+++ b/src/cmd/cgo/gcc.go
-@@ -1638,6 +1638,8 @@
- c = append(c, "-maix64")
- c = append(c, "-mcmodel=large")
- }
-+ // disable LTO so we get an object whose symbols we can read
-+ c = append(c, "-fno-lto")
- c = append(c, "-") //read input from standard input
- return c
- }
-diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
-index 8c31d5b..94152f4 100644
---- a/src/cmd/cgo/out.go
-+++ b/src/cmd/cgo/out.go
-@@ -168,8 +168,18 @@
- if *gccgo {
- fmt.Fprintf(fc, "extern byte *%s;\n", n.C)
- } else {
-- fmt.Fprintf(fm, "extern char %s[];\n", n.C)
-- fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
-+ // Force a reference to all symbols so that
-+ // the external linker will add DT_NEEDED
-+ // entries as needed on ELF systems.
-+ // Treat function variables differently
-+ // to avoid type confict errors from LTO
-+ // (Link Time Optimization).
-+ if n.Kind == "fpvar" {
-+ fmt.Fprintf(fm, "extern void %s();\n", n.C)
-+ } else {
-+ fmt.Fprintf(fm, "extern char %s[];\n", n.C)
-+ fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
-+ }
- fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C)
- fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C)
- fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C)
-@@ -1042,7 +1052,7 @@
- fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName)
- fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype)
-
-- fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName)
-+ fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName)
-
- if gccResult != "void" {
- // Write results back to frame.
-diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
-index 50bf80b..bc49c6d 100644
---- a/src/cmd/dist/test.go
-+++ b/src/cmd/dist/test.go
-@@ -722,14 +722,29 @@
- },
- })
- if t.hasCxx() {
-- t.tests = append(t.tests, distTest{
-- name: "swig_callback",
-- heading: "../misc/swig/callback",
-- fn: func(dt *distTest) error {
-- t.addCmd(dt, "misc/swig/callback", t.goTest())
-- return nil
-+ t.tests = append(t.tests,
-+ distTest{
-+ name: "swig_callback",
-+ heading: "../misc/swig/callback",
-+ fn: func(dt *distTest) error {
-+ t.addCmd(dt, "misc/swig/callback", t.goTest())
-+ return nil
-+ },
- },
-- })
-+ distTest{
-+ name: "swig_callback_lto",
-+ heading: "../misc/swig/callback",
-+ fn: func(dt *distTest) error {
-+ cmd := t.addCmd(dt, "misc/swig/callback", t.goTest())
-+ cmd.Env = append(os.Environ(),
-+ "CGO_CFLAGS=-flto",
-+ "CGO_CXXFLAGS=-flto",
-+ "CGO_LDFLAGS=-flto",
-+ )
-+ return nil
-+ },
-+ },
-+ )
- }
- }
- }
-diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
-new file mode 100644
-index 0000000..e2483ba
---- /dev/null
-+++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
-@@ -0,0 +1,33 @@
-+# tests golang.org/issue/43830
-+
-+[!cgo] skip 'skipping test without cgo'
-+[openbsd] env CC='clang'
-+[openbsd] [!exec:clang] skip 'skipping test without clang present'
-+[!openbsd] env CC='gcc'
-+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
-+
-+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
-+
-+go build main.go
-+
-+-- main.go --
-+
-+package main
-+
-+import "fmt"
-+
-+// #include "hello.h"
-+import "C"
-+
-+func main() {
-+ hello := C.hello
-+ fmt.Printf("%v\n", hello)
-+}
-+
-+-- hello.h --
-+
-+#include <stdio.h>
-+
-+void hello(void) {
-+ printf("hello\n");
-+}
-diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
-new file mode 100644
-index 0000000..06ab2f3
---- /dev/null
-+++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
-@@ -0,0 +1,39 @@
-+# tests golang.org/issue/43830
-+
-+[!cgo] skip 'skipping test without cgo'
-+[openbsd] env CC='clang'
-+[openbsd] [!exec:clang] skip 'skipping test without clang present'
-+[!openbsd] env CC='gcc'
-+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
-+
-+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
-+
-+go build main.go add.go
-+
-+-- main.go --
-+
-+package main
-+
-+/*
-+int c_add(int a, int b) {
-+ return myadd(a, b);
-+}
-+*/
-+import "C"
-+
-+func main() {
-+ println(C.c_add(1, 2))
-+}
-+
-+-- add.go --
-+
-+package main
-+
-+import "C"
-+
-+/* test */
-+
-+//export myadd
-+func myadd(a C.int, b C.int) C.int {
-+ return a + b
-+}
-diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go
-index 22f53a4..23915f9 100644
---- a/src/cmd/link/internal/ld/ar.go
-+++ b/src/cmd/link/internal/ld/ar.go
-@@ -124,6 +124,10 @@
-
- libgcc := sym.Library{Pkg: "libgcc"}
- h := ldobj(ctxt, f, &libgcc, l, pname, name)
-+ if h.ld == nil {
-+ Errorf(nil, "%s unrecognized object file at offset %d", name, off)
-+ continue
-+ }
- f.MustSeek(h.off, 0)
- h.ld(ctxt, f, h.pkg, h.length, h.pn)
- }
-diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go
-index ae0d752..20f1d0b 100644
---- a/src/cmd/link/internal/ld/config.go
-+++ b/src/cmd/link/internal/ld/config.go
-@@ -241,6 +241,10 @@
- return true, "dynamically linking with a shared library"
- }
-
-+ if unknownObjFormat {
-+ return true, "some input objects have an unrecognized file format"
-+ }
-+
- return false, ""
- }
-
-@@ -248,7 +252,7 @@
- //
- // It is called after flags are processed and inputs are processed,
- // so the ctxt.LinkMode variable has an initial value from the -linkmode
--// flag and the iscgo externalobj variables are set.
-+// flag and the iscgo, externalobj, and unknownObjFormat variables are set.
- func determineLinkMode(ctxt *Link) {
- extNeeded, extReason := mustLinkExternal(ctxt)
- via := ""
-diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
-index e8f001b..644faeb 100644
---- a/src/cmd/link/internal/ld/lib.go
-+++ b/src/cmd/link/internal/ld/lib.go
-@@ -343,10 +343,16 @@
- const pkgdef = "__.PKGDEF"
-
- var (
-- // Set if we see an object compiled by the host compiler that is not
-- // from a package that is known to support internal linking mode.
-+ // externalobj is set to true if we see an object compiled by
-+ // the host compiler that is not from a package that is known
-+ // to support internal linking mode.
- externalobj = false
-- theline string
-+
-+ // unknownObjFormat is set to true if we see an object whose
-+ // format we don't recognize.
-+ unknownObjFormat = false
-+
-+ theline string
- )
-
- func Lflag(ctxt *Link, arg string) {
-@@ -1065,6 +1071,10 @@
- }
-
- f.MustSeek(h.off, 0)
-+ if h.ld == nil {
-+ Errorf(nil, "%s: unrecognized object file format", h.pn)
-+ continue
-+ }
- h.ld(ctxt, f, h.pkg, h.length, h.pn)
- f.Close()
- }
-@@ -1855,6 +1865,14 @@
- return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file)
- }
-
-+ if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' {
-+ // An unrecognized object is just passed to the external linker.
-+ // If we try to read symbols from this object, we will
-+ // report an error at that time.
-+ unknownObjFormat = true
-+ return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file)
-+ }
-+
- /* check the header */
- line, err := f.ReadString('\n')
- if err != nil {
diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch
deleted file mode 100644
index 5d9cf82..0000000
--- a/SOURCES/golang-1.15-warnCN.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
-index 50f4d4a..121fd1b 100644
---- a/src/crypto/x509/verify.go
-+++ b/src/crypto/x509/verify.go
-@@ -20,6 +20,9 @@ import (
-
- // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
- var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
-+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
-+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
-+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
-
- type InvalidReason int
-
-@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
- names := c.DNSNames
- if c.commonNameAsHostname() {
- names = []string{c.Subject.CommonName}
-+ if warnCN {
-+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
-+ "Using CN without SAN is deprecated and will not work in future versions.\n")
-+ }
- }
-
- candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
diff --git a/SOURCES/ppc64le-vdso-segfault-fix.patch b/SOURCES/ppc64le-vdso-segfault-fix.patch
deleted file mode 100644
index 09dd101..0000000
--- a/SOURCES/ppc64le-vdso-segfault-fix.patch
+++ /dev/null
@@ -1,229 +0,0 @@
-From 16ab7e49d4070c4f68e88836b123dbe6da8bb015 Mon Sep 17 00:00:00 2001
-From: Derek Parker <parkerderek86@gmail.com>
-Date: Thu, 17 Jun 2021 20:22:40 +0000
-Subject: [PATCH] [release-branch.go1.16] runtime: fix crash during VDSO calls on PowerPC
-
-This patch reinstates a fix for PowerPC with regard to making VDSO calls
-while receiving a signal, and subsequently crashing. The crash happens
-because certain VDSO calls can modify the r30 register, which is where g
-is stored. This change was reverted for PowerPC because r30 is supposed
-to be a non-volatile register. This is true, but that only makes a
-guarantee across function calls, but not "within" a function call. This
-patch was seemingly fine before because the Linux kernel still had hand
-rolled assembly VDSO function calls, however with a recent change to C
-function calls it seems the compiler used can generate instructions
-which temporarily clobber r30. This means that when we receive a signal
-during one of these calls the value of r30 will not be the g as the
-runtime expects, causing a segfault.
-
-You can see from this assembly dump how the register is clobbered during
-the call:
-
-(the following is from a 5.13rc2 kernel)
-
-```
-Dump of assembler code for function __cvdso_clock_gettime_data:
- 0x00007ffff7ff0700 <+0>: cmplwi r4,15
- 0x00007ffff7ff0704 <+4>: bgt 0x7ffff7ff07f0 <__cvdso_clock_gettime_data+240>
- 0x00007ffff7ff0708 <+8>: li r9,1
- 0x00007ffff7ff070c <+12>: slw r9,r9,r4
- 0x00007ffff7ff0710 <+16>: andi. r10,r9,2179
- 0x00007ffff7ff0714 <+20>: beq 0x7ffff7ff0810 <__cvdso_clock_gettime_data+272>
- 0x00007ffff7ff0718 <+24>: rldicr r10,r4,4,59
- 0x00007ffff7ff071c <+28>: lis r9,32767
- 0x00007ffff7ff0720 <+32>: std r30,-16(r1)
- 0x00007ffff7ff0724 <+36>: std r31,-8(r1)
- 0x00007ffff7ff0728 <+40>: add r6,r3,r10
- 0x00007ffff7ff072c <+44>: ori r4,r9,65535
- 0x00007ffff7ff0730 <+48>: lwz r8,0(r3)
- 0x00007ffff7ff0734 <+52>: andi. r9,r8,1
- 0x00007ffff7ff0738 <+56>: bne 0x7ffff7ff07d0 <__cvdso_clock_gettime_data+208>
- 0x00007ffff7ff073c <+60>: lwsync
- 0x00007ffff7ff0740 <+64>: mftb r30 <---- RIGHT HERE
-=> 0x00007ffff7ff0744 <+68>: ld r12,40(r6)
-```
-
-What I believe is happening is that the kernel changed the PowerPC VDSO
-calls to use standard C calls instead of using hand rolled assembly. The
-hand rolled assembly calls never touched r30, so this change was safe to
-roll back. That does not seem to be the case anymore as on the 5.13rc2
-kernel the compiler *is* generating assembly which modifies r30, making
-this change again unsafe and causing a crash when the program receives a
-signal during these calls (which will happen often due to async
-preempt). This change happened here:
-https://lwn.net/ml/linux-kernel/235e5571959cfa89ced081d7e838ed5ff38447d2.1601365870.git.christophe.leroy@csgroup.eu/.
-
-I realize this was reverted due to unexplained hangs in PowerPC
-builders, but I think we should reinstate this change and investigate
-those issues separately:
-https://github.com/golang/go/commit/f4ca3c1e0a2066ca4f7bd6203866d282ed34acf2
-
-Fixes #46858
-
-Change-Id: Ib18d7bbfc80a1a9cb558f0098878d41081324b52
-GitHub-Last-Rev: c3002bcfca3ef58b27485e31328e6297b7a9dfe7
-GitHub-Pull-Request: golang/go#46767
-Reviewed-on: https://go-review.googlesource.com/c/go/+/328110
-Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
-TryBot-Result: Go Bot <gobot@golang.org>
-Reviewed-by: Cherry Mui <cherryyz@google.com>
-Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
-(cherry picked from commit 16e82be454cbf41299e6a055d54d489ca4612ee0)
-Reviewed-on: https://go-review.googlesource.com/c/go/+/334410
-Run-TryBot: Cherry Mui <cherryyz@google.com>
----
-
-diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
-index 3f70707..89f936e 100644
---- a/src/runtime/signal_unix.go
-+++ b/src/runtime/signal_unix.go
-@@ -381,7 +381,7 @@
- //go:nosplit
- func sigFetchG(c *sigctxt) *g {
- switch GOARCH {
-- case "arm", "arm64":
-+ case "arm", "arm64", "ppc64", "ppc64le":
- if !iscgo && inVDSOPage(c.sigpc()) {
- // When using cgo, we save the g on TLS and load it from there
- // in sigtramp. Just use that.
-diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
-index fd69ee7..7be8c4c 100644
---- a/src/runtime/sys_linux_ppc64x.s
-+++ b/src/runtime/sys_linux_ppc64x.s
-@@ -215,15 +215,45 @@
- MOVD (g_sched+gobuf_sp)(R7), R1 // Set SP to g0 stack
-
- noswitch:
-- SUB $16, R1 // Space for results
-- RLDICR $0, R1, $59, R1 // Align for C code
-+ SUB $16, R1 // Space for results
-+ RLDICR $0, R1, $59, R1 // Align for C code
- MOVD R12, CTR
- MOVD R1, R4
-- BL (CTR) // Call from VDSO
-- MOVD $0, R0 // Restore R0
-- MOVD 0(R1), R3 // sec
-- MOVD 8(R1), R5 // nsec
-- MOVD R15, R1 // Restore SP
-+
-+ // Store g on gsignal's stack, so if we receive a signal
-+ // during VDSO code we can find the g.
-+ // If we don't have a signal stack, we won't receive signal,
-+ // so don't bother saving g.
-+ // When using cgo, we already saved g on TLS, also don't save
-+ // g here.
-+ // Also don't save g if we are already on the signal stack.
-+ // We won't get a nested signal.
-+ MOVBZ runtime·iscgo(SB), R22
-+ CMP R22, $0
-+ BNE nosaveg
-+ MOVD m_gsignal(R21), R22 // g.m.gsignal
-+ CMP R22, $0
-+ BEQ nosaveg
-+
-+ CMP g, R22
-+ BEQ nosaveg
-+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
-+ MOVD g, (R22)
-+
-+ BL (CTR) // Call from VDSO
-+
-+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code
-+
-+ JMP finish
-+
-+nosaveg:
-+ BL (CTR) // Call from VDSO
-+
-+finish:
-+ MOVD $0, R0 // Restore R0
-+ MOVD 0(R1), R3 // sec
-+ MOVD 8(R1), R5 // nsec
-+ MOVD R15, R1 // Restore SP
-
- // Restore vdsoPC, vdsoSP
- // We don't worry about being signaled between the two stores.
-@@ -235,7 +265,7 @@
- MOVD 32(R1), R6
- MOVD R6, m_vdsoPC(R21)
-
--finish:
-+return:
- MOVD R3, sec+0(FP)
- MOVW R5, nsec+8(FP)
- RET
-@@ -246,7 +276,7 @@
- SYSCALL $SYS_clock_gettime
- MOVD 32(R1), R3
- MOVD 40(R1), R5
-- JMP finish
-+ JMP return
-
- TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
- MOVD $1, R3 // CLOCK_MONOTONIC
-@@ -282,7 +312,37 @@
- RLDICR $0, R1, $59, R1 // Align for C code
- MOVD R12, CTR
- MOVD R1, R4
-- BL (CTR) // Call from VDSO
-+
-+ // Store g on gsignal's stack, so if we receive a signal
-+ // during VDSO code we can find the g.
-+ // If we don't have a signal stack, we won't receive signal,
-+ // so don't bother saving g.
-+ // When using cgo, we already saved g on TLS, also don't save
-+ // g here.
-+ // Also don't save g if we are already on the signal stack.
-+ // We won't get a nested signal.
-+ MOVBZ runtime·iscgo(SB), R22
-+ CMP R22, $0
-+ BNE nosaveg
-+ MOVD m_gsignal(R21), R22 // g.m.gsignal
-+ CMP R22, $0
-+ BEQ nosaveg
-+
-+ CMP g, R22
-+ BEQ nosaveg
-+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
-+ MOVD g, (R22)
-+
-+ BL (CTR) // Call from VDSO
-+
-+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code
-+
-+ JMP finish
-+
-+nosaveg:
-+ BL (CTR) // Call from VDSO
-+
-+finish:
- MOVD $0, R0 // Restore R0
- MOVD 0(R1), R3 // sec
- MOVD 8(R1), R5 // nsec
-@@ -298,7 +358,7 @@
- MOVD 32(R1), R6
- MOVD R6, m_vdsoPC(R21)
-
--finish:
-+return:
- // sec is in R3, nsec in R5
- // return nsec in R3
- MOVD $1000000000, R4
-@@ -313,7 +373,7 @@
- SYSCALL $SYS_clock_gettime
- MOVD 32(R1), R3
- MOVD 40(R1), R5
-- JMP finish
-+ JMP return
-
- TEXT runtime·rtsigprocmask(SB),NOSPLIT|NOFRAME,$0-28
- MOVW how+0(FP), R3
-@@ -366,7 +426,7 @@
- // this might be called in external code context,
- // where g is not set.
- MOVBZ runtime·iscgo(SB), R6
-- CMP R6, $0
-+ CMP R6, $0
- BEQ 2(PC)
- BL runtime·load_g(SB)
-
diff --git a/SOURCES/rhbz1952381.patch b/SOURCES/rhbz1952381.patch
index 1e70af8..8aa92cc 100644
--- a/SOURCES/rhbz1952381.patch
+++ b/SOURCES/rhbz1952381.patch
@@ -1,5 +1,5 @@
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
-index 2ca64bf..8111b6d 100644
+index 457decf..961795a 100644
--- a/src/crypto/internal/boring/aes.go
+++ b/src/crypto/internal/boring/aes.go
@@ -130,7 +130,11 @@ func (c *aesCipher) Decrypt(dst, src []byte) {
@@ -15,7 +15,7 @@ index 2ca64bf..8111b6d 100644
outlen := C.int(0)
C._goboringcrypto_EVP_CipherUpdate(c.dec_ctx, (*C.uchar)(unsafe.Pointer(&dst[0])), &outlen, (*C.uchar)(unsafe.Pointer(&src[0])), C.int(aesBlockSize))
runtime.KeepAlive(c)
-@@ -165,6 +169,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
+@@ -157,6 +161,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
}
if len(src) > 0 {
outlen := C.int(0)
@@ -108,7 +108,7 @@ index e7ae80c..45c856b 100644
type fail string
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
-index 3585458..0762c95 100644
+index 745e8a4..284e845 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -14,6 +14,15 @@
@@ -202,7 +202,7 @@ index 3585458..0762c95 100644
#include <openssl/rand.h>
-@@ -716,6 +741,7 @@ static inline int
+@@ -735,6 +759,7 @@ static inline int
_goboringcrypto_EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0, (void *)md);
}
@@ -346,7 +346,7 @@ index ff5c439..6047d65 100644
return len(b), nil
}
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
-index 2eefc27..668c12f 100644
+index 0223243..b72af0d 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -141,7 +141,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
@@ -677,18 +677,10 @@ index 3dd1ec9..60c769c 100644
pub := &PublicKey{
E: 65537,
diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
-index 497dd62..d83e7e0 100644
+index 6a5a93f..2032b4b 100644
--- a/src/crypto/rsa/pss_test.go
+++ b/src/crypto/rsa/pss_test.go
-@@ -10,6 +10,7 @@ import (
- "compress/bzip2"
- "crypto"
- "crypto/rand"
-+ "crypto/boring"
- "crypto/sha1"
- _ "crypto/sha256"
- "encoding/hex"
-@@ -131,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
+@@ -132,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
opts := &PSSOptions{
SaltLength: PSSSaltLengthEqualsHash,
}
@@ -696,7 +688,7 @@ index 497dd62..d83e7e0 100644
for marker := range values {
switch marker {
case newKeyMarker:
-@@ -173,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
+@@ -174,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
h.Write(hashed)
hashed = h.Sum(nil)
@@ -718,7 +710,7 @@ index 497dd62..d83e7e0 100644
t.Error(err)
}
}
-@@ -211,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
+@@ -212,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
{8, 8, true},
}
@@ -934,7 +926,7 @@ index d9693a7..cfe020e 100644
label := []byte(fmt.Sprintf("hi#%d", j))
enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
-index 5485080..575b99f 100644
+index 94a24ff..577bc73 100644
--- a/src/crypto/tls/boring_test.go
+++ b/src/crypto/tls/boring_test.go
@@ -26,7 +26,7 @@ import (
@@ -964,7 +956,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = make([]Certificate, 1)
serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
-@@ -203,7 +203,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
+@@ -204,7 +204,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
for _, sigHash := range defaultSupportedSignatureAlgorithms {
t.Run(fmt.Sprintf("%#x", sigHash), func(t *testing.T) {
@@ -973,7 +965,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = make([]Certificate, 1)
testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
-@@ -262,7 +262,7 @@ func TestBoringClientHello(t *testing.T) {
+@@ -263,7 +263,7 @@ func TestBoringClientHello(t *testing.T) {
defer c.Close()
defer s.Close()
@@ -982,7 +974,7 @@ index 5485080..575b99f 100644
// All sorts of traps for the client to avoid.
clientConfig.MinVersion = VersionSSL30
clientConfig.MaxVersion = VersionTLS13
-@@ -336,12 +336,12 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -337,12 +337,12 @@ func TestBoringCertAlgs(t *testing.T) {
// client verifying server cert
testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@@ -997,7 +989,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
serverConfig.BuildNameToCertificate()
-@@ -364,11 +364,11 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -365,11 +365,11 @@ func TestBoringCertAlgs(t *testing.T) {
// server verifying client cert
testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@@ -1011,7 +1003,7 @@ index 5485080..575b99f 100644
serverConfig.ClientCAs = pool
serverConfig.ClientAuth = RequireAndVerifyClientCert
-@@ -393,8 +393,13 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -394,8 +394,13 @@ func TestBoringCertAlgs(t *testing.T) {
// exhaustive test with computed answers.
r1pool := x509.NewCertPool()
r1pool.AddCert(R1.cert)
@@ -1027,7 +1019,7 @@ index 5485080..575b99f 100644
fipstls.Force()
testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
-@@ -457,6 +462,10 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -458,6 +463,10 @@ func TestBoringCertAlgs(t *testing.T) {
addRoot(r&1, R1)
addRoot(r&2, R2)
rootName = rootName[1:] // strip leading comma
@@ -1038,7 +1030,7 @@ index 5485080..575b99f 100644
testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify)
testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify)
fipstls.Force()
-@@ -576,6 +585,16 @@ var (
+@@ -577,6 +586,16 @@ var (
testRSA2048PrivateKey *rsa.PrivateKey
)
@@ -1056,7 +1048,7 @@ index 5485080..575b99f 100644
block, _ := pem.Decode([]byte(`
-----BEGIN CERTIFICATE-----
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
-index 51dda16..31723b6 100644
+index a4053ab..aff4ff2 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -151,6 +151,7 @@ func TestPKIXMismatchPublicKeyFormat(t *testing.T) {
diff --git a/SOURCES/skip_test_rhbz1939923.patch b/SOURCES/skip_test_rhbz1939923.patch
deleted file mode 100644
index 80302d0..0000000
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
-index 51dda16815..2d1e1b1e6e 100644
---- a/src/crypto/x509/x509_test.go
-+++ b/src/crypto/x509/x509_test.go
-@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
- }
-
- func TestCreateCertificateBrokenSigner(t *testing.T) {
-+ t.Skip("TODO Fix me: rhbz#1939923")
- template := &Certificate{
- SerialNumber: big.NewInt(10),
- DNSNames: []string{"example.com"},
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index 7e9152a..bcc88b4 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -95,13 +95,13 @@
%global gohostarch s390x
%endif
-%global go_api 1.16
-%global go_version 1.16.6
-%global pkg_release 3
+%global go_api 1.17
+%global go_version 1.17.2
+%global pkg_release 1
Name: golang
Version: %{go_version}
-Release: 4%{?dist}
+Release: 1%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
@@ -144,19 +144,9 @@ Patch215: go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
-# Add an env var to optionally trigger a warning in x509 when
-# Common Name is used as hostname
-# rhbz#1889437
-Patch223: golang-1.15-warnCN.patch
-
-Patch1939923: skip_test_rhbz1939923.patch
-
# Port to openssl 3.0
Patch1952381: rhbz1952381.patch
-Patch1904567: cgo-lto-fix.patch
-Patch334410: ppc64le-vdso-segfault-fix.patch
-
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@@ -250,15 +240,8 @@ Requires: %{name} = %{version}-%{release}
%patch221 -p1
-%patch223 -p1
-
%patch1952381 -p1
-%patch1939923 -p1
-
-%patch1904567 -p1
-%patch334410 -p1
-
cp %{SOURCE1} ./src/runtime/
%build
@@ -328,7 +311,7 @@ rm -rf pkg/bootstrap/bin
# install everything into libdir (until symlink problems are fixed)
# https://code.google.com/p/go/issues/detail?id=5830
-cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \
+cp -apv api bin doc lib pkg src misc test VERSION \
$RPM_BUILD_ROOT%{goroot}
# bz1099206
@@ -415,6 +398,7 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
# prelink blacklist
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d
cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf
+sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go
%check
export GOROOT=$(pwd -P)
@@ -501,15 +485,16 @@ EOM
export OPENSSL_CONF=$TEST_BORING_CNF
# Run tests with FIPS enabled.
+export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
- GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
+ GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
# Check that signature functions have parity between boring and notboring
- CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+ CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
popd
# Run all FIPS specific TLS tests
pushd crypto/tls
- GOLANG_FIPS=1 go test -v -run "Boring"
+ GOLANG_FIPS=1 go test -v -run "Boring" $DISABLE_Ed25519_TEST
popd
%else
./run.bash --no-rebuild -v -v -v -k || :
@@ -572,6 +557,15 @@ cd ..
%endif
%changelog
+* Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+- Rebase to Go 1.17.2
+- Related: rhbz#2014087
+- Remove favicon.ico and robots.txt references
+- Exclude TestEd25519Vectors test
+- Update patch rhbz1952381
+- Remove rhbz1904567 patch
+- Remove rhbz1939923 patch
+
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688