import golang-1.18.4-3.el9

2022-11-15 01:41:59 -05:00 · 2022-11-15 01:41:59 -05:00 · 3c9f46127b
parent 7c2f01c33c
commit 3c9f46127b
7 changed files with 60 additions and 1205 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go1.17.12-1-openssl-fips.tar.gz
+SOURCES/go1.18.4-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-ba529d47d6ee80a2ddca1a20dd5a5aa72ab9bdbd SOURCES/go1.17.12-1-openssl-fips.tar.gz
+3798a6b5b37624922f5da08860f39da457caa856 SOURCES/go1.18.4-1-openssl-fips.tar.gz
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
@ -1,5 +1,5 @@
 diff --git a/src/cmd/go/testdata/script/list_std.txt b/src/cmd/go/testdata/script/list_std.txt
-index 6ab1bd1674..4a00e436fd 100644
+index 6ab1bd1..4a00e43 100644
 --- a/src/cmd/go/testdata/script/list_std.txt
 +++ b/src/cmd/go/testdata/script/list_std.txt
@@ -6,7 +6,7 @@ env GO111MODULE=off
--- a/SOURCES/go1.5-zoneinfo_testing_only.patch
+++ b/SOURCES/go1.5-zoneinfo_testing_only.patch
@ -1,6 +1,7 @@
-diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time	2017-12-05 01:10:10.000000000 +0100
-+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go	2017-12-05 14:55:10.574637475 +0100
+diff --git a/src/time/internal_test.go b/src/time/internal_test.go
+index f0dddb7..415949a 100644
+--- a/src/time/internal_test.go
+++ b/src/time/internal_test.go
@@ -4,13 +4,15 @@
 
 package time
@ -16,7 +17,7 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.t
 -	z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
 +	z, err := loadLocation("America/Los_Angeles", zoneSources)
 	if err != nil {
- 		panic("cannot load America/Los_Angeles for testing: " + err.Error())
+ 		panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata")
 	}
@@ -21,8 +23,9 @@ func initTestingZone() {
 var OrigZoneSources = zoneSources
@ -29,10 +30,11 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.t
 	if zipOnly {
 		zoneSources = zoneSources[len(zoneSources)-1:]
 	}
-diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time	2017-12-05 01:10:10.000000000 +0100
-+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go	2017-12-05 14:58:09.823109248 +0100
-@@ -8,6 +8,7 @@ import (
+diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
+index f032aa7..e3e5547 100644
+--- a/src/time/zoneinfo_test.go
+++ b/src/time/zoneinfo_test.go
+@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"os"
 	"reflect"
@ -40,7 +42,7 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.t
 	"testing"
 	"time"
 )
-@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testi
+@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
 		t.Fatal(err)
 	}
 
@ -49,9 +51,10 @@ diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.t
 	if err != nil {
 		t.Fatal(err)
 	}
-diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time	2017-12-05 01:10:10.000000000 +0100
-+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go	2017-12-05 14:55:10.574637475 +0100
+diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
+index 23f8b3c..228db1b 100644
+--- a/src/time/zoneinfo_unix.go
+++ b/src/time/zoneinfo_unix.go
@@ -12,7 +12,6 @@
 package time
 
--- a/SOURCES/openssl_deprecated_algorithm_tests.patch
+++ b/SOURCES/openssl_deprecated_algorithm_tests.patch
@ -1,5 +1,5 @@
 diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
-index 60c769c..b8aae23 100644
+index a4f2e2dbbe..76701d2e2b 100644
 --- a/src/crypto/rsa/pkcs1v15_test.go
 +++ b/src/crypto/rsa/pkcs1v15_test.go
@@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{
@ -41,9 +41,9 @@ index 60c769c..b8aae23 100644
 +	t.Skip("not supported in FIPS mode")
 	// This tests that attempting to decrypt a session key where the
 	// ciphertext is too small doesn't run outside the array bounds.
- 	var keys []*PrivateKey
+ 	ciphertext, err := EncryptPKCS1v15(rand.Reader, &testRSA2048PrivateKey.PublicKey, []byte{1})
 diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
-index 2032b4b..fdddfab 100644
+index b547a87c71..99e7882866 100644
 --- a/src/crypto/rsa/pss_test.go
 +++ b/src/crypto/rsa/pss_test.go
@@ -77,6 +77,7 @@ func TestEMSAPSS(t *testing.T) {
@ -55,17 +55,16 @@ index 2032b4b..fdddfab 100644
 	if err != nil {
 		t.Fatalf("Failed to open input file: %s", err)
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
-index cfe020e..d918841 100644
+index 9aa67655ab..2f4e666abb 100644
 --- a/src/crypto/rsa/rsa_test.go
 +++ b/src/crypto/rsa/rsa_test.go
-@@ -123,38 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
+@@ -123,28 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) {
 		t.Errorf("private exponent too large")
 	}
 
 -	if boring.Enabled() {
 -		// Cannot call encrypt/decrypt directly. Test via PKCS1v15.
 -		msg := []byte("hi!")
-		// Should not accept keys smaller than 2048 bits (256 bytes)
 -		if priv.Size() >= 256 {
 -			enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
 -			if err != nil {
@ -81,22 +80,13 @@ index cfe020e..d918841 100644
 -				t.Errorf("got:%x want:%x (%+v)", dec, msg, priv)
 -			}
 -		} else {
-			enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg)
-			if err == nil {
-				t.Errorf("EncryptPKCS1v15: Should not accept key of size %v", priv.Size() * 8)
-				return
-			}
-			_ , err = DecryptPKCS1v15(rand.Reader, priv, enc)
-			if err == nil {
-				t.Errorf("DecryptPKCS1v15: Should not accept key of size %v", priv.Size() * 8)
-				return
-			}
+-			t.Logf("skipping check for unsupported key less than 2048 bits")
 -		}
 -		return
 -	}
 +        if boring.Enabled() {
 +                // Cannot call encrypt/decrypt directly. Test via EncryptOAEP.
-+               sha256 := sha256.New()
+		sha256 := sha256.New()
 +                msg := []byte("hi!")
 +                if priv.Size() >= 256 {
 +                        enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil)
@ -120,13 +110,13 @@ index cfe020e..d918841 100644
 
 	pub := &priv.PublicKey
 	m := big.NewInt(42)
-@@ -323,6 +314,11 @@ func TestDecryptOAEP(t *testing.T) {
+@@ -312,6 +312,11 @@ func TestDecryptOAEP(t *testing.T) {
 		private.PublicKey = PublicKey{N: n, E: test.e}
 		private.D = d
 
 +		if boring.Enabled() && private.PublicKey.Size() < 256 {
 +			t.Logf("skipping check for unsupported key less than 2048 bits")
-+			continue;
+			continue
 +		}
 +		t.Logf("running check for supported key size")
 		for j, message := range test.msgs {
--- a/SOURCES/rhbz1952381.patch
+++ b/SOURCES/rhbz1952381.patch
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -95,19 +95,18 @@
 %global gohostarch  s390x
 %endif

-%global go_api 1.17
-%global go_version 1.17.12
+%global go_api 1.18
+%global go_version 1.18.4
 %global pkg_release 1

 Name:           golang
 Version:        %{go_version}
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
 URL:            http://golang.org/
 Source0:        https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz
-
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
 Source1:        fedora.go

@ -145,9 +144,6 @@ Patch215:       go1.5-zoneinfo_testing_only.patch
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch

-# Port to openssl 3.0
-Patch1952381:   rhbz1952381.patch
-
 Patch223: remove_ed25519vectors_test.patch

 Patch224: openssl_deprecated_algorithm_tests.patch
@ -241,15 +237,9 @@ Requires:       %{name} = %{version}-%{release}
 %prep
 %setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips

-
 %patch215 -p1
-
 %patch221 -p1
-
-%patch1952381 -p1
-
 %patch223 -p1
-
 %patch224 -p1

 cp %{SOURCE1} ./src/runtime/
@ -434,12 +424,6 @@ export GO_LDFLAGS="-extldflags '$RPM_LD_FLAGS'"
 export CGO_ENABLED=0
 %endif

-# work around aarch64 issue
-# https://src.fedoraproject.org/rpms/golang/c/ea99ebaff6b9561243bb43039458771edb691eaf?branch=f32
-%ifarch aarch64
-export CGO_CFLAGS="-mno-outline-atomics"
-%endif
-
 # make sure to not timeout
 export GO_TEST_TIMEOUT_SCALE=2

@ -452,6 +436,9 @@ export GO_TEST_RUN=""

 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN

+# tests timeout on ppc64le due to
+# https://bugzilla.redhat.com/show_bug.cgi?id=2118776
+%ifnarch ppc64le
 export OPENSSL_FORCE_FIPS_MODE=1
 # Run tests with FIPS enabled.
 pushd crypto
@ -464,6 +451,8 @@ popd
 pushd crypto/tls
  GOLANG_FIPS=1 go test -v -run "Boring"
 popd
+%endif
+
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
 %endif
@ -525,19 +514,34 @@ cd ..
 %endif

 %changelog
-* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.17.12-1
- Update Go to version 1.17.12
- Resolves: rhbz#2109183
+* Tue Aug 16 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-3
+- Temporarily disable crypto tests on ppc64le
+- Related: rhbz#2109180

-* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-2
- Clean up dist-git patches
- Resolves: rhbz#2109174
+* Wed Aug 10 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+- Update to Go 1.18.4
+- Resolves: rhbz#2109180
+- Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode

-* Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
- Rebase to Go 1.17.7
- Update ecdsa tests to reject SHA1 signatures in boring mode
+* Fri Aug 05 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-1
+- Update to Go 1.18.4
+- Resolves: rhbz#2109180
+
+* Fri Jun 10 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-2
+- Update deprecated openssl algorithms patch
+- Rebuild against openssl-3.0.1-33
+- Resolves: rhbz#2092136
+- Related: rhbz#2092016
+
+* Mon May 02 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
+- Rebase to Go 1.18.2
+- Move to github.com/golang-fips/go
+- Resolves: rhbz#2075169
+- Resolves: rhbz#2060769
+- Resolves: rhbz#2067531
+- Resolves: rhbz#2067536
+- Resolves: rhbz#2067552
 - Resolves: rhbz#2025637
- Resolves: rhbz#1975396

 * Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5