import UBI golang-1.19.13-1.el9_2

This commit is contained in:
eabdullin 2023-10-16 14:38:12 +00:00
parent f19760b307
commit 02cd992a60
4 changed files with 21 additions and 58 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/go1.19.10-1-openssl-fips.tar.gz
SOURCES/go1.19.10.tar.gz
SOURCES/go1.19.13-2-openssl-fips.tar.gz
SOURCES/go1.19.13.tar.gz

View File

@ -1,2 +1,2 @@
b282758e02d28b0c946f3d42a3a2a2df83995733 SOURCES/go1.19.10-1-openssl-fips.tar.gz
d894732eb0aebd89eeb404e3e8e51af47a581e71 SOURCES/go1.19.10.tar.gz
3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz
5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz

View File

@ -1,48 +0,0 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}

View File

@ -96,9 +96,9 @@
%endif
%global go_api 1.19
%global go_version 1.19.10
%global go_version 1.19.13
%global version %{go_version}
%global pkg_release 1
%global pkg_release 2
Name: golang
Version: %{version}
@ -152,8 +152,6 @@ Patch1939923: skip_test_rhbz1939923.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch4: fix-memory-leak-evp-sign-verify.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -248,6 +246,8 @@ tar -xf %{SOURCE1}
popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch
# Configure crypto tests
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -257,7 +257,6 @@ popd
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch221 -p1
@ -448,7 +447,7 @@ export CGO_ENABLED=0
%endif
# make sure to not timeout
export GO_TEST_TIMEOUT_SCALE=2
export GO_TEST_TIMEOUT_SCALE=20
export GO_TEST_RUN=""
%ifarch aarch64
@ -533,6 +532,18 @@ cd ..
%endif
%changelog
* Thu Oct 12 2023 Derek Parker <deparker@redhat.com> - 1.19.13-1
- Fix CVE-2023-39325
- Resolves: RHEL-12622
* Wed Sep 13 2023 Archana Ravindar <aravinda@redhat.com> - 1.19.12-2
- Add strict fips runtime detection patch
- Related: rhbz#2223637
* Fri Sep 1 2023 Archana Ravindar <aravinda@redhat.com> - 1.19.12-1
- Update to Go 1.19.12
- Resolves: rhbz#2223637
* Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
- Update to Go 1.19.10
- Resolves: rhbz#2217626