import golang-1.19.4-2.module+el8.8.0+17709+252fe516

.gitignore

@@ -1 +1,2 @@
-SOURCES/go1.18.4-1-openssl-fips.tar.gz
+SOURCES/go1.19.4-1-openssl-fips.tar.gz
+SOURCES/go1.19.4.tar.gz

.golang.metadata

@@ -1 +1,2 @@
-3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
+9463e718b1a8daa61009caa6c113197cbefbe9eb SOURCES/go1.19.4-1-openssl-fips.tar.gz
+6debf76aa6fb97daff4d49502153a47093883c28 SOURCES/go1.19.4.tar.gz

SOURCES/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch

@@ -0,0 +1,53 @@
+From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
+From: Lynn Boger <laboger@linux.vnet.ibm.com>
+Date: Thu, 14 Jul 2022 10:47:28 -0500
+Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
+
+The setting of the path for the dynamic loader when building for
+linux/ppc64le ELF v2 was incorrectly set to the path for
+PPC64 ELF v1. This has not caused issues in the common cases
+because this string can be set based on the default GO_LDSO setting.
+It does result in an incorrect value when cross compiling binaries
+with -buildmode=pie.
+
+Updates #53813
+
+Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
+---
+ src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
+index b6d5ad92af..bca8fa9212 100644
+--- a/src/cmd/link/internal/ppc64/obj.go
++++ b/src/cmd/link/internal/ppc64/obj.go
+@@ -38,9 +38,12 @@ import (
+ )
+ 
+ func Init() (*sys.Arch, ld.Arch) {
+-	arch := sys.ArchPPC64
+-	if buildcfg.GOARCH == "ppc64le" {
+-		arch = sys.ArchPPC64LE
++	arch := sys.ArchPPC64LE
++	dynld := "/lib64/ld64.so.2"
++
++	if buildcfg.GOARCH == "ppc64" {
++		arch = sys.ArchPPC64
++		dynld = "/lib64/ld64.so.1"
+ 	}
+ 
+ 	theArch := ld.Arch{
+@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Machoreloc1:      machoreloc1,
+ 		Xcoffreloc1:      xcoffreloc1,
+ 
+-		// TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
+-		Linuxdynld: "/lib64/ld64.so.1",
+-
++		Linuxdynld:     dynld,
+ 		Freebsddynld:   "XXX",
+ 		Openbsddynld:   "XXX",
+ 		Netbsddynld:    "XXX",
+-- 
+2.35.3
+

SOURCES/disable_static_external_tests.patch

@@ -1,310 +0,0 @@
-diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
-index d9eb9c3..506f979 100644
---- a/src/cmd/dist/test.go
-+++ b/src/cmd/dist/test.go
-@@ -1180,18 +1180,20 @@ func (t *tester) cgoTest(dt *distTest) error {
- 				fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
- 			} else {
- 				if goos != "android" {
--					t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
-+					t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
- 				}
- 				t.addCmd(dt, "misc/cgo/nocgo", t.goTest())
- 				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`)
- 				if goos != "android" {
--					t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
-+					t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
-+					/*
- 					t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`)
- 					// -static in CGO_LDFLAGS triggers a different code path
- 					// than -static in -extldflags, so test both.
- 					// See issue #16651.
- 					cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static")
- 					setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
-+					*/
- 				}
- 			}
- 
-@@ -1201,7 +1203,7 @@ func (t *tester) cgoTest(dt *distTest) error {
- 					t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie")
- 				}
- 				t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie")
--				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie")
-+				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
- 			}
- 		}
- 	}
-diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
-index a495bd7..2c6107b 100644
---- a/src/crypto/internal/boring/aes.go
-+++ b/src/crypto/internal/boring/aes.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/aes_test.go b/src/crypto/internal/boring/aes_test.go
-index 3b4c364..371bc20 100644
---- a/src/crypto/internal/boring/aes_test.go
-+++ b/src/crypto/internal/boring/aes_test.go
-@@ -1,9 +1,5 @@
--// +build linux
--// +build !android
--// +build !no_openssl
--// +build !cmd_go_bootstrap
--// +build !msan
--// +build cgo
-+//go:build linux && !android && !no_openssl && !cmd_go_bootstrap && !msan && cgo && !static
-+// +build linux,!android,!no_openssl,!cmd_go_bootstrap,!msan,cgo,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go
-index ec6e80c..05431b1 100644
---- a/src/crypto/internal/boring/boring.go
-+++ b/src/crypto/internal/boring/boring.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go
-index f72da41..33ee442 100644
---- a/src/crypto/internal/boring/ecdsa.go
-+++ b/src/crypto/internal/boring/ecdsa.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
-index 4547ade..b8aaae4 100644
---- a/src/crypto/internal/boring/goboringcrypto.h
-+++ b/src/crypto/internal/boring/goboringcrypto.h
-@@ -1,6 +1,12 @@
- // Copyright 2017 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
-+// +build linux
-+// +build !android
-+// +build !no_openssl
-+// +build !cmd_go_bootstrap
-+// +build !msan
-+// +build !static
- 
- // This header file describes the BoringCrypto ABI as built for use in Go.
- // The BoringCrypto build for Go (which generates goboringcrypto_*.syso)
-diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
-index 4820385..ac41482 100644
---- a/src/crypto/internal/boring/goopenssl.h
-+++ b/src/crypto/internal/boring/goopenssl.h
-@@ -6,6 +6,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- // This header file describes the OpenSSL ABI as built for use in Go.
- 
-diff --git a/src/crypto/internal/boring/hmac.go b/src/crypto/internal/boring/hmac.go
-index 4e913c3..10cfbb3 100644
---- a/src/crypto/internal/boring/hmac.go
-+++ b/src/crypto/internal/boring/hmac.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go
-index e513834..08c5245 100644
---- a/src/crypto/internal/boring/notboring.go
-+++ b/src/crypto/internal/boring/notboring.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
--// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
-+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
-+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
-index 710d074..853be3d 100644
---- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
-+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
-@@ -3,6 +3,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- 
-diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c
-index 36be702..331dfd3 100644
---- a/src/crypto/internal/boring/openssl_evp.c
-+++ b/src/crypto/internal/boring/openssl_evp.c
-@@ -3,6 +3,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- 
-diff --git a/src/crypto/internal/boring/openssl_lock_setup.c b/src/crypto/internal/boring/openssl_lock_setup.c
-index 955924e..c0f3435 100644
---- a/src/crypto/internal/boring/openssl_lock_setup.c
-+++ b/src/crypto/internal/boring/openssl_lock_setup.c
-@@ -3,6 +3,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- #include <stdio.h>
-diff --git a/src/crypto/internal/boring/openssl_port_aead_gcm.c b/src/crypto/internal/boring/openssl_port_aead_gcm.c
-index b39bf54..80c933a 100644
---- a/src/crypto/internal/boring/openssl_port_aead_gcm.c
-+++ b/src/crypto/internal/boring/openssl_port_aead_gcm.c
-@@ -4,6 +4,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- #include <openssl/err.h>
-diff --git a/src/crypto/internal/boring/openssl_port_ctr128.c b/src/crypto/internal/boring/openssl_port_ctr128.c
-index abaff5c..e2263a5 100644
---- a/src/crypto/internal/boring/openssl_port_ctr128.c
-+++ b/src/crypto/internal/boring/openssl_port_ctr128.c
-@@ -3,6 +3,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- 
-diff --git a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
-index 8418c38..39bf3ae 100644
---- a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
-+++ b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c
-@@ -4,6 +4,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- // The following is a partial backport of crypto/evp/m_md5_sha1.c,
- // commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the
-diff --git a/src/crypto/internal/boring/openssl_port_hmac.c b/src/crypto/internal/boring/openssl_port_hmac.c
-index be7c71a..35e1860 100644
---- a/src/crypto/internal/boring/openssl_port_hmac.c
-+++ b/src/crypto/internal/boring/openssl_port_hmac.c
-@@ -4,6 +4,8 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
-+
- 
- #include "goboringcrypto.h"
- 
-diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
-index 5174f66..a8008e9 100644
---- a/src/crypto/internal/boring/openssl_port_rsa.c
-+++ b/src/crypto/internal/boring/openssl_port_rsa.c
-@@ -4,6 +4,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- 
-diff --git a/src/crypto/internal/boring/openssl_stub_rand.c b/src/crypto/internal/boring/openssl_stub_rand.c
-index 18d6777..e8ac53b 100644
---- a/src/crypto/internal/boring/openssl_stub_rand.c
-+++ b/src/crypto/internal/boring/openssl_stub_rand.c
-@@ -3,6 +3,7 @@
- // +build !no_openssl
- // +build !cmd_go_bootstrap
- // +build !msan
-+// +build !static
- 
- #include "goboringcrypto.h"
- #include <openssl/rand.h>
-diff --git a/src/crypto/internal/boring/rand.go b/src/crypto/internal/boring/rand.go
-index e9c334f..3adbd4d 100644
---- a/src/crypto/internal/boring/rand.go
-+++ b/src/crypto/internal/boring/rand.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
-index b1a2f57..0cabadb 100644
---- a/src/crypto/internal/boring/rsa.go
-+++ b/src/crypto/internal/boring/rsa.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 
-diff --git a/src/crypto/internal/boring/sha.go b/src/crypto/internal/boring/sha.go
-index bdcc782..6184d6c 100644
---- a/src/crypto/internal/boring/sha.go
-+++ b/src/crypto/internal/boring/sha.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package boring
- 

SOURCES/disable_static_tests_part1.patch

@@ -0,0 +1,288 @@
+diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
+index 5f258a2..5dbbc42 100644
+--- a/src/crypto/internal/backend/nobackend.go
++++ b/src/crypto/internal/backend/nobackend.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
++//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package backend
+ 
+diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
+index d6d99b1..f2fe332 100644
+--- a/src/crypto/internal/boring/goboringcrypto.h
++++ b/src/crypto/internal/boring/goboringcrypto.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
++// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
+index b338754..db5ea1e 100644
+--- a/src/crypto/internal/boring/syso/syso.go
++++ b/src/crypto/internal/boring/syso/syso.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
++//go:build boringcrypto && !static
+ 
+ // This package only exists with GOEXPERIMENT=boringcrypto.
+ // It provides the actual syso file.
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+index 079fc3c..e826d0b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+index 0b61e79..94d0c98 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+index afec529..d822152 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+index 6d6a562..17cc314 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
++// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ // +build linux
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+index ae40b93..17bc075 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+index 6f00177..f466b18 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+index 7c0b5d6..262af07 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
++//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+index d49194d..ff15054 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+index 2349db1..57fbb04 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+index 4379019..5034c46 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+index 49d40a7..3b3dbf8 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+index 7eb645e..1c3225a 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+@@ -1,4 +1,5 @@
+ // This file contains a port of the BoringSSL AEAD interface.
++// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+index df4ebe3..876393b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+index 2eedd5b..04510d3 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+@@ -1,4 +1,5 @@
+ // This file contains a backport of the EVP_md5_sha1 method.
++// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+index 362d9e5..bebafef 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+@@ -1,4 +1,5 @@
+ // This file contains HMAC portability wrappers.
++// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+index 2824147..8bc1d85 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+@@ -1,4 +1,5 @@
+ // This file contains RSA portability wrappers.
++// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+index 22bd865..b7aa26b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+@@ -1,4 +1,5 @@
+ // +build linux
++// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+index b3668b8..dcdae70 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+index 915c840..8623d9d 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+index 0b55ced..57309c0 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 

SOURCES/disable_static_tests_part2.patch

@@ -0,0 +1,36 @@
+diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
+index da5b179..6a772df 100644
+--- a/src/cmd/dist/test.go
++++ b/src/cmd/dist/test.go
+@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
+ 				fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
+ 			} else {
+ 				if goos != "android" {
+-					t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
++					t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ 				}
+ 				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
+ 				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
+ 				if goos != "android" {
+-					t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
++					t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
++					/*
+ 					t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ 					// -static in CGO_LDFLAGS triggers a different code path
+ 					// than -static in -extldflags, so test both.
+ 					// See issue #16651.
+ 					cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
+ 					setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
++					*/
+ 				}
+ 			}
+ 
+@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
+ 					t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
+ 				}
+ 				t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
+-				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
++				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
+ 			}
+ 		}
+ 	}

SOURCES/fix-memory-leak-evp-sign-verify.patch

@@ -0,0 +1,48 @@
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+index 2124978..1f853b4 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
++++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+                              GO_RSA *rsa_key) {
+   int ret = 0;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
+ 
+   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }
+@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+   int ret = 0;
+   EVP_PKEY_CTX *ctx;
+   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
+-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
++  if (!pk)
++    return 0;
++
++  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
++    goto err;
+ 
+   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
+     goto err;
+@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
+ err:
+   if (ctx)
+     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
++  if (pk)
++    _goboringcrypto_EVP_PKEY_free(pk);
+ 
+   return ret;
+ }

SOURCES/fix-test-1024-leaf-certs.patch

@@ -0,0 +1,13 @@
+diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
+index 10d1cf0..51feb3b 100644
+--- a/src/crypto/tls/boring_test.go
++++ b/src/crypto/tls/boring_test.go
+@@ -326,7 +326,7 @@ func TestBoringCertAlgs(t *testing.T) {
+ 	I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
+ 
+ 	L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
+-	L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring)
++	L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
+ 
+ 	// client verifying server cert
+ 	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {

SOURCES/go1.5-zoneinfo_testing_only.patch

@@ -1,73 +0,0 @@
-diff --git a/src/time/internal_test.go b/src/time/internal_test.go
-index f0dddb7..415949a 100644
---- a/src/time/internal_test.go
-+++ b/src/time/internal_test.go
-@@ -4,13 +4,15 @@
- 
- package time
- 
-+import "runtime"
-+
- func init() {
- 	// force US/Pacific for time zone tests
- 	ForceUSPacificForTesting()
- }
- 
- func initTestingZone() {
--	z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
-+	z, err := loadLocation("America/Los_Angeles", zoneSources)
- 	if err != nil {
- 		panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata")
- 	}
-@@ -21,8 +23,9 @@ func initTestingZone() {
- var OrigZoneSources = zoneSources
- 
- func forceZipFileForTesting(zipOnly bool) {
--	zoneSources = make([]string, len(OrigZoneSources))
-+	zoneSources = make([]string, len(OrigZoneSources)+1)
- 	copy(zoneSources, OrigZoneSources)
-+	zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if zipOnly {
- 		zoneSources = zoneSources[len(zoneSources)-1:]
- 	}
-diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
-index f032aa7..e3e5547 100644
---- a/src/time/zoneinfo_test.go
-+++ b/src/time/zoneinfo_test.go
-@@ -9,6 +9,7 @@ import (
- 	"fmt"
- 	"os"
- 	"reflect"
-+	"runtime"
- 	"testing"
- 	"time"
- )
-@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
- 		t.Fatal(err)
- 	}
- 
--	tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
-+	tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if err != nil {
- 		t.Fatal(err)
- 	}
-diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
-index 23f8b3c..228db1b 100644
---- a/src/time/zoneinfo_unix.go
-+++ b/src/time/zoneinfo_unix.go
-@@ -12,7 +12,6 @@
- package time
- 
- import (
--	"runtime"
- 	"syscall"
- )
- 
-@@ -22,7 +21,6 @@ var zoneSources = []string{
- 	"/usr/share/zoneinfo/",
- 	"/usr/share/lib/zoneinfo/",
- 	"/usr/lib/locale/TZ/",
--	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
- }
- 
- func initLocal() {

SOURCES/ppc64le-internal-linker-fix.patch

@@ -0,0 +1,122 @@
+diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+new file mode 100644
+index 0000000000000..bca897c16d054
+--- /dev/null
++++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
+@@ -0,0 +1,100 @@
++# Verify PPC64 does not reuse a trampoline which is too far away.
++# This tests an edge case where the direct call relocation addend should
++# be ignored when computing the distance from the direct call to the
++# already placed trampoline
++[short] skip
++[!ppc64] [!ppc64le] skip
++[aix] skip
++
++# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
++# assembly 2^26 or so times.
++#
++# We build something which should be laid out as such:
++#
++# bar.Bar
++# main.Func1
++# bar.Bar+400-tramp0
++# main.BigAsm
++# main.Func2
++# bar.Bar+400-tramp1
++#
++# bar.Bar needs to be placed far enough away to generate relocations
++# from main package calls. and main.Func1 and main.Func2 are placed
++# a bit more than the direct call limit apart, but not more than 0x400
++# bytes beyond it (to verify the reloc calc).
++
++go build
++
++-- go.mod --
++
++module foo
++
++go 1.19
++
++-- main.go --
++
++package main
++
++import "foo/bar"
++
++func Func1()
++
++func main() {
++        Func1()
++        bar.Bar2()
++}
++
++-- foo.s --
++
++TEXT main·Func1(SB),0,$0-0
++        CALL bar·Bar+0x400(SB)
++        CALL main·BigAsm(SB)
++// A trampoline will be placed here to bar.Bar
++
++// This creates a gap sufficiently large to prevent trampoline reuse
++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
++#define NOP256 NOP64 NOP64 NOP64 NOP64
++#define NOP2S10 NOP256 NOP256 NOP256 NOP256
++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
++#define BIGNOP NOP2S24 NOP2S24
++TEXT main·BigAsm(SB),0,$0-0
++        // Fill to the direct call limit so Func2 must generate a new trampoline.
++        // As the implicit trampoline above is just barely unreachable.
++        BIGNOP
++        MOVD $main·Func2(SB), R3
++
++TEXT main·Func2(SB),0,$0-0
++        CALL bar·Bar+0x400(SB)
++// Another trampoline should be placed here.
++
++-- bar/bar.s --
++
++#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
++#define NOP256 NOP64 NOP64 NOP64 NOP64
++#define NOP2S10 NOP256 NOP256 NOP256 NOP256
++#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
++#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
++#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
++#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
++#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
++#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
++#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
++#define BIGNOP NOP2S24 NOP2S24 NOP2S10
++// A very big not very interesting function.
++TEXT bar·Bar(SB),0,$0-0
++        BIGNOP
++
++-- bar/bar.go --
++
++package bar
++
++func Bar()
++
++func Bar2() {
++}
+diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
+index 5d5fbe2a97735..6313879da083c 100644
+--- a/src/cmd/link/internal/ppc64/asm.go
++++ b/src/cmd/link/internal/ppc64/asm.go
+@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
+ 				if ldr.SymValue(tramp) == 0 {
+ 					break
+ 				}
+-
+-				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
++				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
++				// trampoline itself.
++				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
+ 
+ 				// With internal linking, the trampoline can be used if it is not too far.
+ 				// With external linking, the trampoline must be in this section for it to be reused.

SOURCES/remove_ed25519vectors_test.patch

@@ -1,128 +0,0 @@
-From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
-Date: Wed, 15 Dec 2021 16:02:15 +0100
-Subject: [PATCH] Remove ed25519vectors_test.go
-
----
- src/crypto/ed25519/ed25519vectors_test.go | 109 ----------------------
- 1 file changed, 109 deletions(-)
- delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go
-
-diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go
-deleted file mode 100644
-index 74fcdcdf4e..0000000000
---- a/src/crypto/ed25519/ed25519vectors_test.go
-+++ /dev/null
-@@ -1,109 +0,0 @@
--// Copyright 2021 The Go Authors. All rights reserved.
--// Use of this source code is governed by a BSD-style
--// license that can be found in the LICENSE file.
--
--package ed25519_test
--
--import (
--	"crypto/ed25519"
--	"encoding/hex"
--	"encoding/json"
--	"internal/testenv"
--	"os"
--	"os/exec"
--	"path/filepath"
--	"testing"
--)
--
--// TestEd25519Vectors runs a very large set of test vectors that exercise all
--// combinations of low-order points, low-order components, and non-canonical
--// encodings. These vectors lock in unspecified and spec-divergent behaviors in
--// edge cases that are not security relevant in most contexts, but that can
--// cause issues in consensus applications if changed.
--//
--// Our behavior matches the "classic" unwritten verification rules of the
--// "ref10" reference implementation.
--//
--// Note that although we test for these edge cases, they are not covered by the
--// Go 1 Compatibility Promise. Applications that need stable verification rules
--// should use github.com/hdevalence/ed25519consensus.
--//
--// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details.
--func TestEd25519Vectors(t *testing.T) {
--	jsonVectors := downloadEd25519Vectors(t)
--	var vectors []struct {
--		A, R, S, M string
--		Flags      []string
--	}
--	if err := json.Unmarshal(jsonVectors, &vectors); err != nil {
--		t.Fatal(err)
--	}
--	for i, v := range vectors {
--		expectedToVerify := true
--		for _, f := range v.Flags {
--			switch f {
--			// We use the simplified verification formula that doesn't multiply
--			// by the cofactor, so any low order residue will cause the
--			// signature not to verify.
--			//
--			// This is allowed, but not required, by RFC 8032.
--			case "LowOrderResidue":
--				expectedToVerify = false
--			// Our point decoding allows non-canonical encodings (in violation
--			// of RFC 8032) but R is not decoded: instead, R is recomputed and
--			// compared bytewise against the canonical encoding.
--			case "NonCanonicalR":
--				expectedToVerify = false
--			}
--		}
--
--		publicKey := decodeHex(t, v.A)
--		signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...)
--		message := []byte(v.M)
--
--		didVerify := ed25519.Verify(publicKey, message, signature)
--		if didVerify && !expectedToVerify {
--			t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags)
--		}
--		if !didVerify && expectedToVerify {
--			t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags)
--		}
--	}
--}
--
--func downloadEd25519Vectors(t *testing.T) []byte {
--	testenv.MustHaveExternalNetwork(t)
--
--	// Download the JSON test file from the GOPROXY with `go mod download`,
--	// pinning the version so test and module caching works as expected.
--	goTool := testenv.GoToolPath(t)
--	path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94"
--	cmd := exec.Command(goTool, "mod", "download", "-json", path)
--	// TODO: enable the sumdb once the TryBots proxy supports it.
--	cmd.Env = append(os.Environ(), "GONOSUMDB=*")
--	output, err := cmd.Output()
--	if err != nil {
--		t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output)
--	}
--	var dm struct {
--		Dir string // absolute path to cached source root directory
--	}
--	if err := json.Unmarshal(output, &dm); err != nil {
--		t.Fatal(err)
--	}
--
--	jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json"))
--	if err != nil {
--		t.Fatalf("failed to read ed25519vectors.json: %v", err)
--	}
--	return jsonVectors
--}
--
--func decodeHex(t *testing.T, s string) []byte {
--	t.Helper()
--	b, err := hex.DecodeString(s)
--	if err != nil {
--		t.Errorf("invalid hex: %v", err)
--	}
--	return b
--}
--- 
-2.33.1
-

SOURCES/skip_test_rhbz1939923.patch

@@ -0,0 +1,12 @@
+diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
+index b1cdabb..09eaace 100644
+--- a/src/crypto/x509/x509_test.go
++++ b/src/crypto/x509/x509_test.go
+@@ -2993,6 +2993,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
+ }
+ 
+ func TestCreateCertificateBrokenSigner(t *testing.T) {
++	t.Skip("TODO Fix me: rhbz#1939923")
+ 	template := &Certificate{
+ 		SerialNumber: big.NewInt(10),
+ 		DNSNames:     []string{"example.com"},

SPECS/golang.spec

@@ -56,7 +56,7 @@
 %endif
 
 # Controls what ever we fail on failed tests
-%ifarch x86_64 %{arm} aarch64 ppc64le
+%ifarch x86_64 %{arm} aarch64 ppc64le s390x
 %global fail_on_tests 1
 %else
 %global fail_on_tests 0
@@ -95,20 +95,27 @@
 %global gohostarch  s390x
 %endif
 
-%global go_api 1.18
-%global go_version 1.18.4
+%global go_api 1.19
+%global version 1.19.4
 %global pkg_release 1
 
 Name:           golang
-Version:        %{go_version}
-Release:        1%{?dist}
+Version:        %{version}
+Release:        2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
 URL:            http://golang.org/
-Source0:	https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
+Source0:        https://github.com/golang/go/archive/refs/tags/go%{version}.tar.gz
+# Go's FIPS mode bindings are now provided as a standalone
+# module instead of in tree.  This makes it easier to see
+# the actual changes vs upstream Go.  The module source is
+# located at https://github.com/golang-fips/openssl-fips,
+# And pre-genetated patches to set up the module for a given
+# Go release are located at https://github.com/golang-fips/go.
+Source1:       https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
-Source1:        fedora.go
+Source2:        fedora.go
 
 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 # Actual Go based bootstrap compiler provided by above source.
@@ -133,17 +140,19 @@ Requires:       %{name}-src = %{version}-%{release}
 Requires:       openssl-devel
 Requires:       diffutils
 
-# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that 
-# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
-Patch215:       go1.5-zoneinfo_testing_only.patch
 
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch
 
-# static linking of dlopen is unsupported
-Patch226:	disable_static_external_tests.patch
+Patch1939923:   skip_test_rhbz1939923.patch
 
-Patch223: remove_ed25519vectors_test.patch
+Patch2: 	disable_static_tests_part1.patch
+Patch3: 	disable_static_tests_part2.patch
+Patch4:		ppc64le-internal-linker-fix.patch
+Patch5:		fix-test-1024-leaf-certs.patch
+Patch6:		fix-memory-leak-evp-sign-verify.patch
+
+Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -232,14 +241,26 @@ Requires:       %{name} = %{version}-%{release}
 %endif
 
 %prep
-%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips
+%setup -q -n go-go%{version}
+
+pushd ..
+tar -xf %{SOURCE1}
+popd
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
+
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
-%patch215 -p1
 %patch221 -p1
-%patch223 -p1
-%patch226 -p1
 
-cp %{SOURCE1} ./src/runtime/
+%patch1939923 -p1
+%patch227 -p1
+
+cp %{SOURCE2} ./src/runtime/
 
 %build
 set -xe
@@ -435,21 +456,20 @@ export GO_TEST_RUN=""
 
 # TestEd25519Vectors needs network connectivity but it should be cover by
 # this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
-export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
 
-./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST
+./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
 
 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
 pushd crypto
   # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
+  go test $(go list ./... | grep -v tls) -v
   # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  go test -v -run "Boring" $DISABLE_Ed25519_TEST
+  go test -v -run "Boring"
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@@ -458,7 +478,7 @@ cd ..
 
 %files
 
-%doc AUTHORS CONTRIBUTORS LICENSE PATENTS
+%doc LICENSE PATENTS
 # VERSION has to be present in the GOROOT, for `go install std` to work
 %doc %{goroot}/VERSION
 %dir %{goroot}/doc
@@ -512,6 +532,42 @@ cd ..
 %endif
 
 %changelog
+* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
+- Fix memory leaks in EVP_{sign,verify}_raw
+- Resolves: rhbz#2132767
+
+* Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
+- Rebase to Go 1.19.4
+- Fix ppc64le linker issue
+- Remove defunct patches
+- Remove downstream generated FIPS mode patches
+- Add golang-fips/go as the source for FIPS mode patches
+- Resolves: rhbz#2144542
+
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
+- Enable big endian support in FIPS mode
+- Resolves: rhbz#1969844
+
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
+- Restore old HashSign/HashVerify API
+- Resolves: rhbz#2132730
+
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
+- Add support for 4096 bit keys in x509
+- Resolves: rhbz#2132694
+
+* Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
+- Rebase to Go 1.19.2
+- Resolves: rhbz#2132730
+
+* Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
+- Rebase to Go 1.19.1
+- Resolves: rhbz#2131026
+
+* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+- Adds patch for PIE mode issues on PPC64LE
+- Resolves: rhbz#2111593
+
 * Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
 - Update Go to version 1.18.4
 - Resolves: rhbz#2109179