diff --git a/.gitignore b/.gitignore index aadbd13..a29663e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,7 @@ SOURCES/go1.19.4-1-openssl-fips.tar.gz SOURCES/go1.19.4.tar.gz /go1.19.4-1-openssl-fips.tar.gz /go1.19.4.tar.gz +/go1.19.6-1-openssl-fips.tar.gz +/go1.19.6.tar.gz +/go1.20.3.tar.gz +/go1.20.3-1-openssl-fips.tar.gz diff --git a/disable_static_tests_part2.patch b/disable_static_tests_part2.patch index 6ad4e62..aa2d91c 100644 --- a/disable_static_tests_part2.patch +++ b/disable_static_tests_part2.patch @@ -1,36 +1,13 @@ diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index da5b179..6a772df 100644 +index 9f26606..2408505 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error { - fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.") +@@ -1259,7 +1259,7 @@ func (t *tester) registerCgoTests() { } else { - if goos != "android" { -- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") -+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") - } - t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".") - t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".") - if goos != "android" { -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") -+ /* - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".") - // -static in CGO_LDFLAGS triggers a different code path - // than -static in -extldflags, so test both. - // See issue #16651. - cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".") - setEnv(cmd, "CGO_LDFLAGS", "-static -pthread") -+ */ - } - } - -@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error { - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".") - } - t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".") -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".") -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl") + panic("unknown linkmode with static build: " + linkmode) } +- gt.tags = append(gt.tags, "static") ++ gt.tags = append(gt.tags, "static", "no_openssl") } - } + + t.registerTest("cgo:"+name, "../misc/cgo/test", gt, opts...) diff --git a/fix-memory-leak-evp-sign-verify.patch b/fix-memory-leak-evp-sign-verify.patch index ef231bf..f2eae14 100644 --- a/fix-memory-leak-evp-sign-verify.patch +++ b/fix-memory-leak-evp-sign-verify.patch @@ -1,8 +1,8 @@ diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -index 2124978..1f853b4 100644 +index 76bac5b..24a9615 100644 --- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m +@@ -43,7 +43,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m GO_RSA *rsa_key) { int ret = 0; GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); @@ -15,7 +15,7 @@ index 2124978..1f853b4 100644 if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) goto err; -@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m +@@ -63,6 +67,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m err: if (ctx) _goboringcrypto_EVP_PKEY_CTX_free(ctx); @@ -24,7 +24,7 @@ index 2124978..1f853b4 100644 return ret; } -@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, +@@ -103,7 +109,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, int ret = 0; EVP_PKEY_CTX *ctx; GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); @@ -37,7 +37,7 @@ index 2124978..1f853b4 100644 if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) goto err; -@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, +@@ -123,6 +133,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, err: if (ctx) _goboringcrypto_EVP_PKEY_CTX_free(ctx); diff --git a/fix-test-1024-leaf-certs.patch b/fix-test-1024-leaf-certs.patch deleted file mode 100644 index ee6b25a..0000000 --- a/fix-test-1024-leaf-certs.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 10d1cf0..51feb3b 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -326,7 +326,7 @@ func TestBoringCertAlgs(t *testing.T) { - I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK) - - L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK) -- L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring) -+ L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf) - - // client verifying server cert - testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) { diff --git a/golang.spec b/golang.spec index eb60a6d..52f149c 100644 --- a/golang.spec +++ b/golang.spec @@ -95,13 +95,14 @@ %global gohostarch s390x %endif -%global go_api 1.19 -%global version 1.19.4 +%global go_api 1.20 +%global version 1.20.3 %global pkg_release 1 Name: golang Version: %{version} -Release: 2%{?dist} +Release: 1%{?dist} + Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -146,14 +147,10 @@ Patch221: fix_TestScript_list_std.patch Patch1939923: skip_test_rhbz1939923.patch -Patch2: disable_static_tests_part1.patch -Patch3: disable_static_tests_part2.patch -Patch4: ppc64le-internal-linker-fix.patch -Patch5: fix-test-1024-leaf-certs.patch +Patch2: disable_static_tests_part1.patch +Patch3: disable_static_tests_part2.patch Patch6: fix-memory-leak-evp-sign-verify.patch -Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch - # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -249,16 +246,19 @@ popd patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch +# Configure crypto tests +pushd ../go-go%{version}-%{pkg_release}-openssl-fips +ln -s ../go-go%{version} go +./scripts/configure-crypto-tests.sh +popd + %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 %patch6 -p1 %patch221 -p1 %patch1939923 -p1 -%patch227 -p1 cp %{SOURCE2} ./src/runtime/ @@ -342,12 +342,11 @@ cwd=$(pwd) src_list=$cwd/go-src.list pkg_list=$cwd/go-pkg.list shared_list=$cwd/go-shared.list -race_list=$cwd/go-race.list misc_list=$cwd/go-misc.list docs_list=$cwd/go-docs.list tests_list=$cwd/go-tests.list -rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list -touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list +touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list pushd $RPM_BUILD_ROOT%{goroot} find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list @@ -378,13 +377,6 @@ pushd $RPM_BUILD_ROOT%{goroot} find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list %endif -%if %{race} - - find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list - find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list - -%endif - find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list @@ -527,11 +519,13 @@ cd .. %files -f go-shared.list shared %endif -%if %{race} -%files -f go-race.list race -%endif - %changelog +* Tue Apr 11 2023 David Benoit - 1.20.3-1 +- Rebase to Go 1.20.3 +- Remove race archives +- Update static tests patches +- Resolves: rhbz#2185260 + * Tue Jan 3 2023 David Benoit - 1.19.4-2 - Fix memory leaks in EVP_{sign,verify}_raw - Resolves: rhbz#2132767 diff --git a/ppc64le-internal-linker-fix.patch b/ppc64le-internal-linker-fix.patch deleted file mode 100644 index f54a83b..0000000 --- a/ppc64le-internal-linker-fix.patch +++ /dev/null @@ -1,122 +0,0 @@ -diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt -new file mode 100644 -index 0000000000000..bca897c16d054 ---- /dev/null -+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt -@@ -0,0 +1,100 @@ -+# Verify PPC64 does not reuse a trampoline which is too far away. -+# This tests an edge case where the direct call relocation addend should -+# be ignored when computing the distance from the direct call to the -+# already placed trampoline -+[short] skip -+[!ppc64] [!ppc64le] skip -+[aix] skip -+ -+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to -+# assembly 2^26 or so times. -+# -+# We build something which should be laid out as such: -+# -+# bar.Bar -+# main.Func1 -+# bar.Bar+400-tramp0 -+# main.BigAsm -+# main.Func2 -+# bar.Bar+400-tramp1 -+# -+# bar.Bar needs to be placed far enough away to generate relocations -+# from main package calls. and main.Func1 and main.Func2 are placed -+# a bit more than the direct call limit apart, but not more than 0x400 -+# bytes beyond it (to verify the reloc calc). -+ -+go build -+ -+-- go.mod -- -+ -+module foo -+ -+go 1.19 -+ -+-- main.go -- -+ -+package main -+ -+import "foo/bar" -+ -+func Func1() -+ -+func main() { -+ Func1() -+ bar.Bar2() -+} -+ -+-- foo.s -- -+ -+TEXT main·Func1(SB),0,$0-0 -+ CALL bar·Bar+0x400(SB) -+ CALL main·BigAsm(SB) -+// A trampoline will be placed here to bar.Bar -+ -+// This creates a gap sufficiently large to prevent trampoline reuse -+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; -+#define NOP256 NOP64 NOP64 NOP64 NOP64 -+#define NOP2S10 NOP256 NOP256 NOP256 NOP256 -+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 -+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 -+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 -+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 -+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 -+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 -+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 -+#define BIGNOP NOP2S24 NOP2S24 -+TEXT main·BigAsm(SB),0,$0-0 -+ // Fill to the direct call limit so Func2 must generate a new trampoline. -+ // As the implicit trampoline above is just barely unreachable. -+ BIGNOP -+ MOVD $main·Func2(SB), R3 -+ -+TEXT main·Func2(SB),0,$0-0 -+ CALL bar·Bar+0x400(SB) -+// Another trampoline should be placed here. -+ -+-- bar/bar.s -- -+ -+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; -+#define NOP256 NOP64 NOP64 NOP64 NOP64 -+#define NOP2S10 NOP256 NOP256 NOP256 NOP256 -+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10 -+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12 -+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14 -+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16 -+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18 -+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20 -+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22 -+#define BIGNOP NOP2S24 NOP2S24 NOP2S10 -+// A very big not very interesting function. -+TEXT bar·Bar(SB),0,$0-0 -+ BIGNOP -+ -+-- bar/bar.go -- -+ -+package bar -+ -+func Bar() -+ -+func Bar2() { -+} -diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go -index 5d5fbe2a97735..6313879da083c 100644 ---- a/src/cmd/link/internal/ppc64/asm.go -+++ b/src/cmd/link/internal/ppc64/asm.go -@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) { - if ldr.SymValue(tramp) == 0 { - break - } -- -- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off())) -+ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the -+ // trampoline itself. -+ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off())) - - // With internal linking, the trampoline can be used if it is not too far. - // With external linking, the trampoline must be in this section for it to be reused. diff --git a/sources b/sources index 98757a0..e6c0476 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (go1.19.4-1-openssl-fips.tar.gz) = 03b85de8a672205d2a48d0b316b90e72cc1200b8d307d3e5fefd3adf07033346fa7d78319ab279492a8cfa9ef058468baf1d5134f47bd79bd6c71a2ee62c6dbc -SHA512 (go1.19.4.tar.gz) = 7e60cbaa6332de2f269f28db17517b25ba954e2d8cd6b7aa9aeed8c396028d03e4b1fb1fa1d5bbbf62174e8bbbfac6f2de47e0c522d4f9c93712ec089fcdb4c7 +SHA512 (go1.20.3.tar.gz) = 2d7cd1561f6f65d189e050ad321e5e619ad4956aa3d3e8b14165c596f8596b32c5afde0d43e51c0fae9f589b460ca5f52aade1125942e799d4db37089e88ddd1 +SHA512 (go1.20.3-1-openssl-fips.tar.gz) = db7a79ddee78bf32a2a334dd31af355f5acf0b32ea26d0a8b6649d04e48911a2b2c479b38a0e6343ca9de56a7aafe1ea7f2b53e39b5f8248ea8ed822ce7a2a5e