import UBI golang-1.19.13-1.el9_2

2023-10-16 14:38:12 +00:00 · 2023-10-16 14:38:12 +00:00 · 02cd992a60
commit 02cd992a60
parent f19760b307
4 changed files with 21 additions and 58 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/go1.19.10-1-openssl-fips.tar.gz
+SOURCES/go1.19.13-2-openssl-fips.tar.gz
-SOURCES/go1.19.10.tar.gz
+SOURCES/go1.19.13.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,2 +1,2 @@
-b282758e02d28b0c946f3d42a3a2a2df83995733 SOURCES/go1.19.10-1-openssl-fips.tar.gz
+3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz
-d894732eb0aebd89eeb404e3e8e51af47a581e71 SOURCES/go1.19.10.tar.gz
+5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz
--- a/SOURCES/fix-memory-leak-evp-sign-verify.patch
+++ b/SOURCES/fix-memory-leak-evp-sign-verify.patch
@ -1,48 +0,0 @@
 diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
 index 2124978..1f853b4 100644
 --- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
 +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
                              GO_RSA *rsa_key) {
   int ret = 0;
   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
 -  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
 +  if (!pk)
 +    return 0;
 +
 +  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
 +    goto err;
   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
     goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
 err:
   if (ctx)
     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
 +  if (pk)
 +    _goboringcrypto_EVP_PKEY_free(pk);
   return ret;
 }
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
   int ret = 0;
   EVP_PKEY_CTX *ctx;
   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
 -  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
 +  if (!pk)
 +    return 0;
 +
 +  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
 +    goto err;
   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
     goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
 err:
   if (ctx)
     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
 +  if (pk)
 +    _goboringcrypto_EVP_PKEY_free(pk);
   return ret;
 }
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -96,9 +96,9 @@
 %endif
 %global go_api 1.19
-%global go_version 1.19.10
+%global go_version 1.19.13
 %global version %{go_version}
-%global pkg_release 1
+%global pkg_release 2
 Name:           golang
 Version:        %{version}
@ -152,8 +152,6 @@ Patch1939923:   skip_test_rhbz1939923.patch
 Patch2: 	disable_static_tests_part1.patch
 Patch3: 	disable_static_tests_part2.patch
 Patch4:		fix-memory-leak-evp-sign-verify.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -248,6 +246,8 @@ tar -xf %{SOURCE1}
 popd
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch
 # Configure crypto tests
 pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -257,7 +257,6 @@ popd
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch221 -p1
@ -448,7 +447,7 @@ export CGO_ENABLED=0
 %endif
 # make sure to not timeout
-export GO_TEST_TIMEOUT_SCALE=2
+export GO_TEST_TIMEOUT_SCALE=20
 export GO_TEST_RUN=""
 %ifarch aarch64
@ -533,6 +532,18 @@ cd ..
 %endif
 %changelog
 * Thu Oct 12 2023 Derek Parker <deparker@redhat.com> - 1.19.13-1
 - Fix CVE-2023-39325
 - Resolves: RHEL-12622
 * Wed Sep 13 2023 Archana Ravindar <aravinda@redhat.com> - 1.19.12-2
 - Add strict fips runtime detection patch
 - Related: rhbz#2223637
 * Fri Sep 1 2023 Archana Ravindar <aravinda@redhat.com> - 1.19.12-1
 - Update to Go 1.19.12
 - Resolves: rhbz#2223637
 * Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
 - Update to Go 1.19.10
 - Resolves: rhbz#2217626
`@ -1,2 +1,2 @@`
	`SOURCES/go1.19.10-1-openssl-fips.tar.gz`	`SOURCES/go1.19.13-2-openssl-fips.tar.gz`
	`SOURCES/go1.19.10.tar.gz`	`SOURCES/go1.19.13.tar.gz`
`@ -1,2 +1,2 @@`
	`b282758e02d28b0c946f3d42a3a2a2df83995733 SOURCES/go1.19.10-1-openssl-fips.tar.gz`	`3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz`
	`d894732eb0aebd89eeb404e3e8e51af47a581e71 SOURCES/go1.19.10.tar.gz`	`5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz`