diff --git a/.gitignore b/.gitignore index a4a244e..d08b212 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/go1.19.4-1-openssl-fips.tar.gz -SOURCES/go1.19.4.tar.gz +SOURCES/go1.20.6-1-openssl-fips.tar.gz +SOURCES/go1.20.6.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 2d6b49a..68aa57f 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1,2 +1,2 @@ -9463e718b1a8daa61009caa6c113197cbefbe9eb SOURCES/go1.19.4-1-openssl-fips.tar.gz -6debf76aa6fb97daff4d49502153a47093883c28 SOURCES/go1.19.4.tar.gz +f6dd720106f39e9398c0ca2a327f1705704778b4 SOURCES/go1.20.6-1-openssl-fips.tar.gz +ea70e31718a67c736667f7f6dbe2c23d7708255d SOURCES/go1.20.6.tar.gz diff --git a/SOURCES/disable_static_tests_part2.patch b/SOURCES/disable_static_tests_part2.patch index 6ad4e62..aa2d91c 100644 --- a/SOURCES/disable_static_tests_part2.patch +++ b/SOURCES/disable_static_tests_part2.patch @@ -1,36 +1,13 @@ diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index da5b179..6a772df 100644 +index 9f26606..2408505 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error { - fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.") +@@ -1259,7 +1259,7 @@ func (t *tester) registerCgoTests() { } else { - if goos != "android" { -- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") -+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") - } - t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".") - t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".") - if goos != "android" { -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") -+ /* - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") - // -static in CGO_LDFLAGS triggers a different code path - // than -static in -extldflags, so test both. - // See issue #16651. - cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".") - setEnv(cmd, "CGO_LDFLAGS", "-static -pthread") -+ */ - } - } - -@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error { - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".") - } - t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".") -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".") -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl") + panic("unknown linkmode with static build: " + linkmode) } +- gt.tags = append(gt.tags, "static") ++ gt.tags = append(gt.tags, "static", "no_openssl") } - } + + t.registerTest("cgo:"+name, "../misc/cgo/test", gt, opts...) diff --git a/SOURCES/fix-memory-leak-evp-sign-verify.patch b/SOURCES/fix-memory-leak-evp-sign-verify.patch new file mode 100644 index 0000000..f2eae14 --- /dev/null +++ b/SOURCES/fix-memory-leak-evp-sign-verify.patch @@ -0,0 +1,48 @@ +diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c +index 76bac5b..24a9615 100644 +--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c ++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c +@@ -43,7 +43,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m + GO_RSA *rsa_key) { + int ret = 0; + GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); +- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); ++ if (!pk) ++ return 0; ++ ++ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) ++ goto err; + + if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) + goto err; +@@ -63,6 +67,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m + err: + if (ctx) + _goboringcrypto_EVP_PKEY_CTX_free(ctx); ++ if (pk) ++ _goboringcrypto_EVP_PKEY_free(pk); + + return ret; + } +@@ -103,7 +109,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, + int ret = 0; + EVP_PKEY_CTX *ctx; + GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); +- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); ++ if (!pk) ++ return 0; ++ ++ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) ++ goto err; + + if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) + goto err; +@@ -123,6 +133,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, + err: + if (ctx) + _goboringcrypto_EVP_PKEY_CTX_free(ctx); ++ if (pk) ++ _goboringcrypto_EVP_PKEY_free(pk); + + return ret; + } diff --git a/SOURCES/ppc64le-internal-linker-fix.patch b/SOURCES/ppc64le-internal-linker-fix.patch deleted file mode 100644 index f54a83b..0000000 --- a/SOURCES/ppc64le-internal-linker-fix.patch +++ /dev/null @@ -1,122 +0,0 @@ -diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt -new file mode 100644 -index 0000000000000..bca897c16d054 ---- /dev/null -+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt -@@ -0,0 +1,100 @@ -+# Verify PPC64 does not reuse a trampoline which is too far away. -+# This tests an edge case where the direct call relocation addend should -+# be ignored when computing the distance from the direct call to the -+# already placed trampoline -+[short] skip -+[!ppc64] [!ppc64le] skip -+[aix] skip -+ -+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to -+# assembly 2^26 or so times. -+# -+# We build something which should be laid out as such: -+# -+# bar.Bar -+# main.Func1 -+# bar.Bar+400-tramp0 -+# main.BigAsm -+# main.Func2 -+# bar.Bar+400-tramp1 -+# -+# bar.Bar needs to be placed far enough away to generate relocations -+# from main package calls. and main.Func1 and main.Func2 are placed -+# a bit more than the direct call limit apart, but not more than 0x400 -+# bytes beyond it (to verify the reloc calc). -+ -+go build -+ -+-- go.mod -- -+ -+module foo -+ -+go 1.19 -+ -+-- main.go -- -+ -+package main -+ -+import "foo/bar" -+ -+func Func1() -+ -+func main() { -+ Func1() -+ bar.Bar2() -+} -+ -+-- foo.s -- -+ -+TEXT main·Func1(SB),0,$0-0 -+ CALL bar·Bar+0x400(SB) -+ CALL main·BigAsm(SB) -+// A trampoline will be placed here to bar.Bar -+ -+// This creates a gap sufficiently large to prevent trampoline reuse -+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; -+#define NOP256 NOP64 NOP64 NOP64 NOP64 -+#define NOP2S10 NOP256 NOP256 NOP256 NOP256 -+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 -+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 -+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 -+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 -+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 -+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 -+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 -+#define BIGNOP NOP2S24 NOP2S24 -+TEXT main·BigAsm(SB),0,$0-0 -+ // Fill to the direct call limit so Func2 must generate a new trampoline. -+ // As the implicit trampoline above is just barely unreachable. -+ BIGNOP -+ MOVD $main·Func2(SB), R3 -+ -+TEXT main·Func2(SB),0,$0-0 -+ CALL bar·Bar+0x400(SB) -+// Another trampoline should be placed here. -+ -+-- bar/bar.s -- -+ -+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; -+#define NOP256 NOP64 NOP64 NOP64 NOP64 -+#define NOP2S10 NOP256 NOP256 NOP256 NOP256 -+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 -+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 -+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 -+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 -+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 -+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 -+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 -+#define BIGNOP NOP2S24 NOP2S24 NOP2S10 -+// A very big not very interesting function. -+TEXT bar·Bar(SB),0,$0-0 -+ BIGNOP -+ -+-- bar/bar.go -- -+ -+package bar -+ -+func Bar() -+ -+func Bar2() { -+} -diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go -index 5d5fbe2a97735..6313879da083c 100644 ---- a/src/cmd/link/internal/ppc64/asm.go -+++ b/src/cmd/link/internal/ppc64/asm.go -@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) { - if ldr.SymValue(tramp) == 0 { - break - } -- -- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off())) -+ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the -+ // trampoline itself. -+ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off())) - - // With internal linking, the trampoline can be used if it is not too far. - // With external linking, the trampoline must be in this section for it to be reused. diff --git a/SPECS/golang.spec b/SPECS/golang.spec index acc4947..eca52d1 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -70,11 +70,8 @@ %endif # Pre build std lib with -race enabled -%ifarch x86_64 -%global race 1 -%else +# Disabled due to 1.20 new cache usage, see 1.20 upstream release notes %global race 0 -%endif %ifarch x86_64 %global gohostarch amd64 @@ -95,14 +92,14 @@ %global gohostarch s390x %endif -%global go_api 1.19 -%global go_version 1.19.4 +%global go_api 1.20 +%global go_version 1.20.6 %global version %{go_version} %global pkg_release 1 Name: golang Version: %{version} -Release: 1%{?dist} +Release: 5%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -147,15 +144,12 @@ Patch221: fix_TestScript_list_std.patch Patch1939923: skip_test_rhbz1939923.patch - # Disables libc static linking tests which # are incompatible with dlopen in golang-fips Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch -# https://github.com/golang/go/issues/56834 -# https://github.com/golang/go/commit/1b4db7e46365bbbba479d0689c5699e6c0ba1142 -Patch4: ppc64le-internal-linker-fix.patch +Patch4: fix-memory-leak-evp-sign-verify.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -163,6 +157,9 @@ Obsoletes: %{name}-docs < 1.1-4 # RPM can't handle symlink -> dir with subpackages, so merge back Obsoletes: %{name}-data < 1.1.1-4 +# We don't build golang-race anymore, rhbz#2230705 +Obsoletes: golang-race < 1.20.0 + # These are the only RHEL/Fedora architectures that we compile this package for ExclusiveArch: %{golang_arches} @@ -243,6 +240,16 @@ Requires: %{name} = %{version}-%{release} %{summary} %endif +%package -n go-toolset +Summary: Package that installs go-toolset +Requires: %{name} = %{version}-%{release} +%ifarch x86_64 +Requires: delve +%endif + +%description -n go-toolset +This is the main package for go-toolset. + %prep %setup -q -n go-go%{version} @@ -252,13 +259,13 @@ popd patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 +# Configure crypto tests +pushd ../go-go%{version}-%{pkg_release}-openssl-fips +ln -s ../go-go%{version} go +./scripts/configure-crypto-tests.sh +popd -%patch221 -p1 - -%patch1939923 -p1 +%autopatch -p1 cp %{SOURCE2} ./src/runtime/ @@ -342,12 +349,11 @@ cwd=$(pwd) src_list=$cwd/go-src.list pkg_list=$cwd/go-pkg.list shared_list=$cwd/go-shared.list -race_list=$cwd/go-race.list misc_list=$cwd/go-misc.list docs_list=$cwd/go-docs.list tests_list=$cwd/go-tests.list -rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list -touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list +touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list pushd $RPM_BUILD_ROOT%{goroot} find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list @@ -378,13 +384,6 @@ pushd $RPM_BUILD_ROOT%{goroot} find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list %endif -%if %{race} - - find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list - find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list - -%endif - find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list @@ -458,18 +457,19 @@ export GO_TEST_RUN="" # Run tests with FIPS enabled. export GOLANG_FIPS=1 -#pushd crypto -# # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later -# go test $(go list ./... | grep -v tls) -v -# # Check that signature functions have parity between boring and notboring -# CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v -#popd -## Run all FIPS specific TLS tests -#pushd crypto/tls -# go test -v -run "Boring" -#popd +export OPENSSL_FORCE_FIPS_MODE=1 +pushd crypto + # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later + go test -timeout 50m $(go list ./... | grep -v tls) -v + # Check that signature functions have parity between boring and notboring + CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v +popd +# Run all FIPS specific TLS tests +pushd crypto/tls + go test -v -run "Boring" +popd %else -#./run.bash --no-rebuild -v -v -v -k || : +./run.bash --no-rebuild -v -v -v -k || : %endif cd .. @@ -524,11 +524,43 @@ cd .. %files -f go-shared.list shared %endif -%if %{race} -%files -f go-race.list race -%endif +%files -n go-toolset %changelog +* Mon Aug 14 2023 Alejandro Sáez - 1.20.6-5 +- Retire golang-race package +- Resolves: rhbz#2230705 + +* Tue Jul 18 2023 Alejandro Sáez - 1.20.6-1 +- Rebase to Go 1.20.6 +- Change to autopatch +- Resolves: rhbz#2222313 + +* Fri Jun 23 2023 Alejandro Sáez - 1.20.4-3 +- Increase the timeout in the tests +- Related: rhbz#2204477 + +* Fri Jun 09 2023 Carl George - 1.20.4-2 +- Add go-toolset subpackage to ensure golang and go-toolset are published together +- Resolves: rhbz#2117248 + +* Mon May 29 2023 Alejandro Sáez - 1.20.4-1 +- Rebase to Go 1.20.4 +- Resolves: rhbz#2204477 + +* Tue Apr 11 2023 David Benoit - 1.20.3-1 +- Rebase to Go 1.20.3 +- Remove race archives +- Update static test patches +- Resolves: rhbz#2185259 + +* Wed Mar 01 2023 David Benoit - 1.19.6-1 +- Rebase to Go 1.19.6 +- Resolves: rhbz#2174429 +- Fix memory leak +- Resolves: rhbz#2157602 +- Enable tests in check phase + * Wed Dec 21 2022 David Benoit - 1.19.4-1 - Rebase to Go 1.19.4 - Fix ppc64le linker issue