diff --git a/.gitignore b/.gitignore index 3334520..4217694 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz +SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 771796a..922df85 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -97a713b08ed6438c1b488c29fb4c1b2d654831c8 SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz +583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz diff --git a/SOURCES/cgo-lto-fix.patch b/SOURCES/cgo-lto-fix.patch deleted file mode 100644 index 2aca0e3..0000000 --- a/SOURCES/cgo-lto-fix.patch +++ /dev/null @@ -1,289 +0,0 @@ -From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001 -From: Ian Lance Taylor -Date: Tue, 25 May 2021 16:31:41 -0700 -Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS - -The linker now accepts unrecognized object files in external linking mode. -These objects will simply be passed to the external linker. -This permits using -flto which can generate pure byte code objects, -whose symbol table the linker does not know how to read. - -The cgo tool now passes -fno-lto when generating objects whose symbols -it needs to read. The cgo tool now emits matching types in different -objects, so that the lto linker does not report a mismatch. - -This is based on https://golang.org/cl/293290 by Derek Parker. - -For #43505 -Fixes #43830 -Fixes #46295 - -Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad -Reviewed-on: https://go-review.googlesource.com/c/go/+/322614 -Trust: Ian Lance Taylor -Run-TryBot: Ian Lance Taylor -TryBot-Result: Go Bot -Reviewed-by: Michael Hudson-Doyle ---- - -diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go -index ae61725..a73e998 100644 ---- a/src/cmd/cgo/gcc.go -+++ b/src/cmd/cgo/gcc.go -@@ -1638,6 +1638,8 @@ - c = append(c, "-maix64") - c = append(c, "-mcmodel=large") - } -+ // disable LTO so we get an object whose symbols we can read -+ c = append(c, "-fno-lto") - c = append(c, "-") //read input from standard input - return c - } -diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go -index 8c31d5b..94152f4 100644 ---- a/src/cmd/cgo/out.go -+++ b/src/cmd/cgo/out.go -@@ -168,8 +168,18 @@ - if *gccgo { - fmt.Fprintf(fc, "extern byte *%s;\n", n.C) - } else { -- fmt.Fprintf(fm, "extern char %s[];\n", n.C) -- fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) -+ // Force a reference to all symbols so that -+ // the external linker will add DT_NEEDED -+ // entries as needed on ELF systems. -+ // Treat function variables differently -+ // to avoid type confict errors from LTO -+ // (Link Time Optimization). -+ if n.Kind == "fpvar" { -+ fmt.Fprintf(fm, "extern void %s();\n", n.C) -+ } else { -+ fmt.Fprintf(fm, "extern char %s[];\n", n.C) -+ fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) -+ } - fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C) - fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C) - fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C) -@@ -1042,7 +1052,7 @@ - fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName) - fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype) - -- fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName) -+ fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName) - - if gccResult != "void" { - // Write results back to frame. -diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 50bf80b..bc49c6d 100644 ---- a/src/cmd/dist/test.go -+++ b/src/cmd/dist/test.go -@@ -722,14 +722,29 @@ - }, - }) - if t.hasCxx() { -- t.tests = append(t.tests, distTest{ -- name: "swig_callback", -- heading: "../misc/swig/callback", -- fn: func(dt *distTest) error { -- t.addCmd(dt, "misc/swig/callback", t.goTest()) -- return nil -+ t.tests = append(t.tests, -+ distTest{ -+ name: "swig_callback", -+ heading: "../misc/swig/callback", -+ fn: func(dt *distTest) error { -+ t.addCmd(dt, "misc/swig/callback", t.goTest()) -+ return nil -+ }, - }, -- }) -+ distTest{ -+ name: "swig_callback_lto", -+ heading: "../misc/swig/callback", -+ fn: func(dt *distTest) error { -+ cmd := t.addCmd(dt, "misc/swig/callback", t.goTest()) -+ cmd.Env = append(os.Environ(), -+ "CGO_CFLAGS=-flto", -+ "CGO_CXXFLAGS=-flto", -+ "CGO_LDFLAGS=-flto", -+ ) -+ return nil -+ }, -+ }, -+ ) - } - } - } -diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt -new file mode 100644 -index 0000000..e2483ba ---- /dev/null -+++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt -@@ -0,0 +1,33 @@ -+# tests golang.org/issue/43830 -+ -+[!cgo] skip 'skipping test without cgo' -+[openbsd] env CC='clang' -+[openbsd] [!exec:clang] skip 'skipping test without clang present' -+[!openbsd] env CC='gcc' -+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' -+ -+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' -+ -+go build main.go -+ -+-- main.go -- -+ -+package main -+ -+import "fmt" -+ -+// #include "hello.h" -+import "C" -+ -+func main() { -+ hello := C.hello -+ fmt.Printf("%v\n", hello) -+} -+ -+-- hello.h -- -+ -+#include -+ -+void hello(void) { -+ printf("hello\n"); -+} -diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt -new file mode 100644 -index 0000000..06ab2f3 ---- /dev/null -+++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt -@@ -0,0 +1,39 @@ -+# tests golang.org/issue/43830 -+ -+[!cgo] skip 'skipping test without cgo' -+[openbsd] env CC='clang' -+[openbsd] [!exec:clang] skip 'skipping test without clang present' -+[!openbsd] env CC='gcc' -+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' -+ -+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' -+ -+go build main.go add.go -+ -+-- main.go -- -+ -+package main -+ -+/* -+int c_add(int a, int b) { -+ return myadd(a, b); -+} -+*/ -+import "C" -+ -+func main() { -+ println(C.c_add(1, 2)) -+} -+ -+-- add.go -- -+ -+package main -+ -+import "C" -+ -+/* test */ -+ -+//export myadd -+func myadd(a C.int, b C.int) C.int { -+ return a + b -+} -diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go -index 22f53a4..23915f9 100644 ---- a/src/cmd/link/internal/ld/ar.go -+++ b/src/cmd/link/internal/ld/ar.go -@@ -124,6 +124,10 @@ - - libgcc := sym.Library{Pkg: "libgcc"} - h := ldobj(ctxt, f, &libgcc, l, pname, name) -+ if h.ld == nil { -+ Errorf(nil, "%s unrecognized object file at offset %d", name, off) -+ continue -+ } - f.MustSeek(h.off, 0) - h.ld(ctxt, f, h.pkg, h.length, h.pn) - } -diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go -index ae0d752..20f1d0b 100644 ---- a/src/cmd/link/internal/ld/config.go -+++ b/src/cmd/link/internal/ld/config.go -@@ -241,6 +241,10 @@ - return true, "dynamically linking with a shared library" - } - -+ if unknownObjFormat { -+ return true, "some input objects have an unrecognized file format" -+ } -+ - return false, "" - } - -@@ -248,7 +252,7 @@ - // - // It is called after flags are processed and inputs are processed, - // so the ctxt.LinkMode variable has an initial value from the -linkmode --// flag and the iscgo externalobj variables are set. -+// flag and the iscgo, externalobj, and unknownObjFormat variables are set. - func determineLinkMode(ctxt *Link) { - extNeeded, extReason := mustLinkExternal(ctxt) - via := "" -diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index e8f001b..644faeb 100644 ---- a/src/cmd/link/internal/ld/lib.go -+++ b/src/cmd/link/internal/ld/lib.go -@@ -343,10 +343,16 @@ - const pkgdef = "__.PKGDEF" - - var ( -- // Set if we see an object compiled by the host compiler that is not -- // from a package that is known to support internal linking mode. -+ // externalobj is set to true if we see an object compiled by -+ // the host compiler that is not from a package that is known -+ // to support internal linking mode. - externalobj = false -- theline string -+ -+ // unknownObjFormat is set to true if we see an object whose -+ // format we don't recognize. -+ unknownObjFormat = false -+ -+ theline string - ) - - func Lflag(ctxt *Link, arg string) { -@@ -1065,6 +1071,10 @@ - } - - f.MustSeek(h.off, 0) -+ if h.ld == nil { -+ Errorf(nil, "%s: unrecognized object file format", h.pn) -+ continue -+ } - h.ld(ctxt, f, h.pkg, h.length, h.pn) - f.Close() - } -@@ -1855,6 +1865,14 @@ - return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file) - } - -+ if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' { -+ // An unrecognized object is just passed to the external linker. -+ // If we try to read symbols from this object, we will -+ // report an error at that time. -+ unknownObjFormat = true -+ return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file) -+ } -+ - /* check the header */ - line, err := f.ReadString('\n') - if err != nil { diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch deleted file mode 100644 index 5d9cf82..0000000 --- a/SOURCES/golang-1.15-warnCN.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 50f4d4a..121fd1b 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -20,6 +20,9 @@ import ( - - // ignoreCN disables interpreting Common Name as a hostname. See issue 24151. - var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0") -+// if using Common Name as a hostname is enabled via x509ignoreCN=0, -+// warnCN enables a warning whenever Common Name is interpreted as a hostname. -+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1") - - type InvalidReason int - -@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error { - names := c.DNSNames - if c.commonNameAsHostname() { - names = []string{c.Subject.CommonName} -+ if warnCN { -+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " + -+ "Using CN without SAN is deprecated and will not work in future versions.\n") -+ } - } - - candidateName := toLowerCaseASCII(h) // Save allocations inside the loop. diff --git a/SOURCES/ppc64le-vdso-segfault-fix.patch b/SOURCES/ppc64le-vdso-segfault-fix.patch deleted file mode 100644 index 09dd101..0000000 --- a/SOURCES/ppc64le-vdso-segfault-fix.patch +++ /dev/null @@ -1,229 +0,0 @@ -From 16ab7e49d4070c4f68e88836b123dbe6da8bb015 Mon Sep 17 00:00:00 2001 -From: Derek Parker -Date: Thu, 17 Jun 2021 20:22:40 +0000 -Subject: [PATCH] [release-branch.go1.16] runtime: fix crash during VDSO calls on PowerPC - -This patch reinstates a fix for PowerPC with regard to making VDSO calls -while receiving a signal, and subsequently crashing. The crash happens -because certain VDSO calls can modify the r30 register, which is where g -is stored. This change was reverted for PowerPC because r30 is supposed -to be a non-volatile register. This is true, but that only makes a -guarantee across function calls, but not "within" a function call. This -patch was seemingly fine before because the Linux kernel still had hand -rolled assembly VDSO function calls, however with a recent change to C -function calls it seems the compiler used can generate instructions -which temporarily clobber r30. This means that when we receive a signal -during one of these calls the value of r30 will not be the g as the -runtime expects, causing a segfault. - -You can see from this assembly dump how the register is clobbered during -the call: - -(the following is from a 5.13rc2 kernel) - -``` -Dump of assembler code for function __cvdso_clock_gettime_data: - 0x00007ffff7ff0700 <+0>: cmplwi r4,15 - 0x00007ffff7ff0704 <+4>: bgt 0x7ffff7ff07f0 <__cvdso_clock_gettime_data+240> - 0x00007ffff7ff0708 <+8>: li r9,1 - 0x00007ffff7ff070c <+12>: slw r9,r9,r4 - 0x00007ffff7ff0710 <+16>: andi. r10,r9,2179 - 0x00007ffff7ff0714 <+20>: beq 0x7ffff7ff0810 <__cvdso_clock_gettime_data+272> - 0x00007ffff7ff0718 <+24>: rldicr r10,r4,4,59 - 0x00007ffff7ff071c <+28>: lis r9,32767 - 0x00007ffff7ff0720 <+32>: std r30,-16(r1) - 0x00007ffff7ff0724 <+36>: std r31,-8(r1) - 0x00007ffff7ff0728 <+40>: add r6,r3,r10 - 0x00007ffff7ff072c <+44>: ori r4,r9,65535 - 0x00007ffff7ff0730 <+48>: lwz r8,0(r3) - 0x00007ffff7ff0734 <+52>: andi. r9,r8,1 - 0x00007ffff7ff0738 <+56>: bne 0x7ffff7ff07d0 <__cvdso_clock_gettime_data+208> - 0x00007ffff7ff073c <+60>: lwsync - 0x00007ffff7ff0740 <+64>: mftb r30 <---- RIGHT HERE -=> 0x00007ffff7ff0744 <+68>: ld r12,40(r6) -``` - -What I believe is happening is that the kernel changed the PowerPC VDSO -calls to use standard C calls instead of using hand rolled assembly. The -hand rolled assembly calls never touched r30, so this change was safe to -roll back. That does not seem to be the case anymore as on the 5.13rc2 -kernel the compiler *is* generating assembly which modifies r30, making -this change again unsafe and causing a crash when the program receives a -signal during these calls (which will happen often due to async -preempt). This change happened here: -https://lwn.net/ml/linux-kernel/235e5571959cfa89ced081d7e838ed5ff38447d2.1601365870.git.christophe.leroy@csgroup.eu/. - -I realize this was reverted due to unexplained hangs in PowerPC -builders, but I think we should reinstate this change and investigate -those issues separately: -https://github.com/golang/go/commit/f4ca3c1e0a2066ca4f7bd6203866d282ed34acf2 - -Fixes #46858 - -Change-Id: Ib18d7bbfc80a1a9cb558f0098878d41081324b52 -GitHub-Last-Rev: c3002bcfca3ef58b27485e31328e6297b7a9dfe7 -GitHub-Pull-Request: golang/go#46767 -Reviewed-on: https://go-review.googlesource.com/c/go/+/328110 -Run-TryBot: Lynn Boger -TryBot-Result: Go Bot -Reviewed-by: Cherry Mui -Trust: Lynn Boger -(cherry picked from commit 16e82be454cbf41299e6a055d54d489ca4612ee0) -Reviewed-on: https://go-review.googlesource.com/c/go/+/334410 -Run-TryBot: Cherry Mui ---- - -diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go -index 3f70707..89f936e 100644 ---- a/src/runtime/signal_unix.go -+++ b/src/runtime/signal_unix.go -@@ -381,7 +381,7 @@ - //go:nosplit - func sigFetchG(c *sigctxt) *g { - switch GOARCH { -- case "arm", "arm64": -+ case "arm", "arm64", "ppc64", "ppc64le": - if !iscgo && inVDSOPage(c.sigpc()) { - // When using cgo, we save the g on TLS and load it from there - // in sigtramp. Just use that. -diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s -index fd69ee7..7be8c4c 100644 ---- a/src/runtime/sys_linux_ppc64x.s -+++ b/src/runtime/sys_linux_ppc64x.s -@@ -215,15 +215,45 @@ - MOVD (g_sched+gobuf_sp)(R7), R1 // Set SP to g0 stack - - noswitch: -- SUB $16, R1 // Space for results -- RLDICR $0, R1, $59, R1 // Align for C code -+ SUB $16, R1 // Space for results -+ RLDICR $0, R1, $59, R1 // Align for C code - MOVD R12, CTR - MOVD R1, R4 -- BL (CTR) // Call from VDSO -- MOVD $0, R0 // Restore R0 -- MOVD 0(R1), R3 // sec -- MOVD 8(R1), R5 // nsec -- MOVD R15, R1 // Restore SP -+ -+ // Store g on gsignal's stack, so if we receive a signal -+ // during VDSO code we can find the g. -+ // If we don't have a signal stack, we won't receive signal, -+ // so don't bother saving g. -+ // When using cgo, we already saved g on TLS, also don't save -+ // g here. -+ // Also don't save g if we are already on the signal stack. -+ // We won't get a nested signal. -+ MOVBZ runtime·iscgo(SB), R22 -+ CMP R22, $0 -+ BNE nosaveg -+ MOVD m_gsignal(R21), R22 // g.m.gsignal -+ CMP R22, $0 -+ BEQ nosaveg -+ -+ CMP g, R22 -+ BEQ nosaveg -+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo -+ MOVD g, (R22) -+ -+ BL (CTR) // Call from VDSO -+ -+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code -+ -+ JMP finish -+ -+nosaveg: -+ BL (CTR) // Call from VDSO -+ -+finish: -+ MOVD $0, R0 // Restore R0 -+ MOVD 0(R1), R3 // sec -+ MOVD 8(R1), R5 // nsec -+ MOVD R15, R1 // Restore SP - - // Restore vdsoPC, vdsoSP - // We don't worry about being signaled between the two stores. -@@ -235,7 +265,7 @@ - MOVD 32(R1), R6 - MOVD R6, m_vdsoPC(R21) - --finish: -+return: - MOVD R3, sec+0(FP) - MOVW R5, nsec+8(FP) - RET -@@ -246,7 +276,7 @@ - SYSCALL $SYS_clock_gettime - MOVD 32(R1), R3 - MOVD 40(R1), R5 -- JMP finish -+ JMP return - - TEXT runtime·nanotime1(SB),NOSPLIT,$16-8 - MOVD $1, R3 // CLOCK_MONOTONIC -@@ -282,7 +312,37 @@ - RLDICR $0, R1, $59, R1 // Align for C code - MOVD R12, CTR - MOVD R1, R4 -- BL (CTR) // Call from VDSO -+ -+ // Store g on gsignal's stack, so if we receive a signal -+ // during VDSO code we can find the g. -+ // If we don't have a signal stack, we won't receive signal, -+ // so don't bother saving g. -+ // When using cgo, we already saved g on TLS, also don't save -+ // g here. -+ // Also don't save g if we are already on the signal stack. -+ // We won't get a nested signal. -+ MOVBZ runtime·iscgo(SB), R22 -+ CMP R22, $0 -+ BNE nosaveg -+ MOVD m_gsignal(R21), R22 // g.m.gsignal -+ CMP R22, $0 -+ BEQ nosaveg -+ -+ CMP g, R22 -+ BEQ nosaveg -+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo -+ MOVD g, (R22) -+ -+ BL (CTR) // Call from VDSO -+ -+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code -+ -+ JMP finish -+ -+nosaveg: -+ BL (CTR) // Call from VDSO -+ -+finish: - MOVD $0, R0 // Restore R0 - MOVD 0(R1), R3 // sec - MOVD 8(R1), R5 // nsec -@@ -298,7 +358,7 @@ - MOVD 32(R1), R6 - MOVD R6, m_vdsoPC(R21) - --finish: -+return: - // sec is in R3, nsec in R5 - // return nsec in R3 - MOVD $1000000000, R4 -@@ -313,7 +373,7 @@ - SYSCALL $SYS_clock_gettime - MOVD 32(R1), R3 - MOVD 40(R1), R5 -- JMP finish -+ JMP return - - TEXT runtime·rtsigprocmask(SB),NOSPLIT|NOFRAME,$0-28 - MOVW how+0(FP), R3 -@@ -366,7 +426,7 @@ - // this might be called in external code context, - // where g is not set. - MOVBZ runtime·iscgo(SB), R6 -- CMP R6, $0 -+ CMP R6, $0 - BEQ 2(PC) - BL runtime·load_g(SB) - diff --git a/SOURCES/rhbz1952381.patch b/SOURCES/rhbz1952381.patch index 1e70af8..8aa92cc 100644 --- a/SOURCES/rhbz1952381.patch +++ b/SOURCES/rhbz1952381.patch @@ -1,5 +1,5 @@ diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go -index 2ca64bf..8111b6d 100644 +index 457decf..961795a 100644 --- a/src/crypto/internal/boring/aes.go +++ b/src/crypto/internal/boring/aes.go @@ -130,7 +130,11 @@ func (c *aesCipher) Decrypt(dst, src []byte) { @@ -15,7 +15,7 @@ index 2ca64bf..8111b6d 100644 outlen := C.int(0) C._goboringcrypto_EVP_CipherUpdate(c.dec_ctx, (*C.uchar)(unsafe.Pointer(&dst[0])), &outlen, (*C.uchar)(unsafe.Pointer(&src[0])), C.int(aesBlockSize)) runtime.KeepAlive(c) -@@ -165,6 +169,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) { +@@ -157,6 +161,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) { } if len(src) > 0 { outlen := C.int(0) @@ -108,7 +108,7 @@ index e7ae80c..45c856b 100644 type fail string diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h -index 3585458..0762c95 100644 +index 745e8a4..284e845 100644 --- a/src/crypto/internal/boring/goopenssl.h +++ b/src/crypto/internal/boring/goopenssl.h @@ -14,6 +14,15 @@ @@ -202,7 +202,7 @@ index 3585458..0762c95 100644 #include -@@ -716,6 +741,7 @@ static inline int +@@ -735,6 +759,7 @@ static inline int _goboringcrypto_EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0, (void *)md); } @@ -346,7 +346,7 @@ index ff5c439..6047d65 100644 return len(b), nil } diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go -index 2eefc27..668c12f 100644 +index 0223243..b72af0d 100644 --- a/src/crypto/internal/boring/rsa.go +++ b/src/crypto/internal/boring/rsa.go @@ -141,7 +141,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int, @@ -677,18 +677,10 @@ index 3dd1ec9..60c769c 100644 pub := &PublicKey{ E: 65537, diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index 497dd62..d83e7e0 100644 +index 6a5a93f..2032b4b 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go -@@ -10,6 +10,7 @@ import ( - "compress/bzip2" - "crypto" - "crypto/rand" -+ "crypto/boring" - "crypto/sha1" - _ "crypto/sha256" - "encoding/hex" -@@ -131,7 +132,6 @@ func TestPSSGolden(t *testing.T) { +@@ -132,7 +132,6 @@ func TestPSSGolden(t *testing.T) { opts := &PSSOptions{ SaltLength: PSSSaltLengthEqualsHash, } @@ -696,7 +688,7 @@ index 497dd62..d83e7e0 100644 for marker := range values { switch marker { case newKeyMarker: -@@ -173,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) { +@@ -174,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) { h.Write(hashed) hashed = h.Sum(nil) @@ -718,7 +710,7 @@ index 497dd62..d83e7e0 100644 t.Error(err) } } -@@ -211,24 +206,47 @@ func TestPSSSigning(t *testing.T) { +@@ -212,24 +206,47 @@ func TestPSSSigning(t *testing.T) { {8, 8, true}, } @@ -934,7 +926,7 @@ index d9693a7..cfe020e 100644 label := []byte(fmt.Sprintf("hi#%d", j)) enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label) diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 5485080..575b99f 100644 +index 94a24ff..577bc73 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -26,7 +26,7 @@ import ( @@ -964,7 +956,7 @@ index 5485080..575b99f 100644 serverConfig.Certificates = make([]Certificate, 1) serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey -@@ -203,7 +203,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) { +@@ -204,7 +204,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) { for _, sigHash := range defaultSupportedSignatureAlgorithms { t.Run(fmt.Sprintf("%#x", sigHash), func(t *testing.T) { @@ -973,7 +965,7 @@ index 5485080..575b99f 100644 serverConfig.Certificates = make([]Certificate, 1) testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash} -@@ -262,7 +262,7 @@ func TestBoringClientHello(t *testing.T) { +@@ -263,7 +263,7 @@ func TestBoringClientHello(t *testing.T) { defer c.Close() defer s.Close() @@ -982,7 +974,7 @@ index 5485080..575b99f 100644 // All sorts of traps for the client to avoid. clientConfig.MinVersion = VersionSSL30 clientConfig.MaxVersion = VersionTLS13 -@@ -336,12 +336,12 @@ func TestBoringCertAlgs(t *testing.T) { +@@ -337,12 +337,12 @@ func TestBoringCertAlgs(t *testing.T) { // client verifying server cert testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) { @@ -997,7 +989,7 @@ index 5485080..575b99f 100644 serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}} serverConfig.BuildNameToCertificate() -@@ -364,11 +364,11 @@ func TestBoringCertAlgs(t *testing.T) { +@@ -365,11 +365,11 @@ func TestBoringCertAlgs(t *testing.T) { // server verifying client cert testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) { @@ -1011,7 +1003,7 @@ index 5485080..575b99f 100644 serverConfig.ClientCAs = pool serverConfig.ClientAuth = RequireAndVerifyClientCert -@@ -393,8 +393,13 @@ func TestBoringCertAlgs(t *testing.T) { +@@ -394,8 +394,13 @@ func TestBoringCertAlgs(t *testing.T) { // exhaustive test with computed answers. r1pool := x509.NewCertPool() r1pool.AddCert(R1.cert) @@ -1027,7 +1019,7 @@ index 5485080..575b99f 100644 fipstls.Force() testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false) testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false) -@@ -457,6 +462,10 @@ func TestBoringCertAlgs(t *testing.T) { +@@ -458,6 +463,10 @@ func TestBoringCertAlgs(t *testing.T) { addRoot(r&1, R1) addRoot(r&2, R2) rootName = rootName[1:] // strip leading comma @@ -1038,7 +1030,7 @@ index 5485080..575b99f 100644 testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify) testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify) fipstls.Force() -@@ -576,6 +585,16 @@ var ( +@@ -577,6 +586,16 @@ var ( testRSA2048PrivateKey *rsa.PrivateKey ) @@ -1056,7 +1048,7 @@ index 5485080..575b99f 100644 block, _ := pem.Decode([]byte(` -----BEGIN CERTIFICATE----- diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index 51dda16..31723b6 100644 +index a4053ab..aff4ff2 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -151,6 +151,7 @@ func TestPKIXMismatchPublicKeyFormat(t *testing.T) { diff --git a/SOURCES/skip_test_rhbz1939923.patch b/SOURCES/skip_test_rhbz1939923.patch deleted file mode 100644 index 80302d0..0000000 --- a/SOURCES/skip_test_rhbz1939923.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index 51dda16815..2d1e1b1e6e 100644 ---- a/src/crypto/x509/x509_test.go -+++ b/src/crypto/x509/x509_test.go -@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte - } - - func TestCreateCertificateBrokenSigner(t *testing.T) { -+ t.Skip("TODO Fix me: rhbz#1939923") - template := &Certificate{ - SerialNumber: big.NewInt(10), - DNSNames: []string{"example.com"}, diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 7e9152a..bcc88b4 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -95,13 +95,13 @@ %global gohostarch s390x %endif -%global go_api 1.16 -%global go_version 1.16.6 -%global pkg_release 3 +%global go_api 1.17 +%global go_version 1.17.2 +%global pkg_release 1 Name: golang Version: %{go_version} -Release: 4%{?dist} +Release: 1%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -144,19 +144,9 @@ Patch215: go1.5-zoneinfo_testing_only.patch # Proposed patch by jcajka https://golang.org/cl/86541 Patch221: fix_TestScript_list_std.patch -# Add an env var to optionally trigger a warning in x509 when -# Common Name is used as hostname -# rhbz#1889437 -Patch223: golang-1.15-warnCN.patch - -Patch1939923: skip_test_rhbz1939923.patch - # Port to openssl 3.0 Patch1952381: rhbz1952381.patch -Patch1904567: cgo-lto-fix.patch -Patch334410: ppc64le-vdso-segfault-fix.patch - # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -250,15 +240,8 @@ Requires: %{name} = %{version}-%{release} %patch221 -p1 -%patch223 -p1 - %patch1952381 -p1 -%patch1939923 -p1 - -%patch1904567 -p1 -%patch334410 -p1 - cp %{SOURCE1} ./src/runtime/ %build @@ -328,7 +311,7 @@ rm -rf pkg/bootstrap/bin # install everything into libdir (until symlink problems are fixed) # https://code.google.com/p/go/issues/detail?id=5830 -cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \ +cp -apv api bin doc lib pkg src misc test VERSION \ $RPM_BUILD_ROOT%{goroot} # bz1099206 @@ -415,6 +398,7 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb # prelink blacklist mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf +sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go %check export GOROOT=$(pwd -P) @@ -501,15 +485,16 @@ EOM export OPENSSL_CONF=$TEST_BORING_CNF # Run tests with FIPS enabled. +export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$" pushd crypto # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later - GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v + GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST # Check that signature functions have parity between boring and notboring - CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v + CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST popd # Run all FIPS specific TLS tests pushd crypto/tls - GOLANG_FIPS=1 go test -v -run "Boring" + GOLANG_FIPS=1 go test -v -run "Boring" $DISABLE_Ed25519_TEST popd %else ./run.bash --no-rebuild -v -v -v -k || : @@ -572,6 +557,15 @@ cd .. %endif %changelog +* Wed Nov 03 2021 Alejandro Sáez - 1.17.2-1 +- Rebase to Go 1.17.2 +- Related: rhbz#2014087 +- Remove favicon.ico and robots.txt references +- Exclude TestEd25519Vectors test +- Update patch rhbz1952381 +- Remove rhbz1904567 patch +- Remove rhbz1939923 patch + * Mon Aug 09 2021 Mohan Boddu - 1.16.6-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688