diff --git a/.gitignore b/.gitignore index ceb3ab9..4f71bcf 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz +SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 413c971..fde6008 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -e693273f254789980a55720bd48ac8741d446f21 SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz +139fe29f985b3feda50c407d194f1a102352388a SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz diff --git a/SOURCES/fix-crypto-memory-leaks.patch b/SOURCES/fix-crypto-memory-leaks.patch deleted file mode 100644 index daab969..0000000 --- a/SOURCES/fix-crypto-memory-leaks.patch +++ /dev/null @@ -1,235 +0,0 @@ -diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h -index 3585458..ae1607b 100644 ---- a/src/crypto/internal/boring/goopenssl.h -+++ b/src/crypto/internal/boring/goopenssl.h -@@ -667,6 +667,7 @@ typedef EVP_PKEY GO_EVP_PKEY; - DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ()) - DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0)) - DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1)) -+DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1)) - DEFINEFUNC(int, EVP_PKEY_verify, - (EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen), - (ctx, sig, siglen, tbs, tbslen)) -diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c -index 4c14cc9..daa1252 100644 ---- a/src/crypto/internal/boring/openssl_ecdsa_signature.c -+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c -@@ -9,19 +9,32 @@ - int - _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, GO_EC_KEY *eckey) - { -+ int result; - EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); -- if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey)) -- return 0; -- return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key); -+ if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) { -+ result = 0; -+ goto err; -+ } -+ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key); -+err: -+ _goboringcrypto_EVP_PKEY_free(key); -+ return result; - } - - int - _goboringcrypto_ECDSA_verify(EVP_MD* md, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, GO_EC_KEY *eckey) - { - -+ int result; - EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); -- if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey)) -- return 0; -+ if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) { -+ result = 0; -+ goto err; -+ } - -- return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key); -+ result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key); -+ -+err: -+ _goboringcrypto_EVP_PKEY_free(key); -+ return result; - } -diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c -index a8d047d..2e56499 100644 ---- a/src/crypto/internal/boring/openssl_port_rsa.c -+++ b/src/crypto/internal/boring/openssl_port_rsa.c -@@ -25,14 +25,13 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_ - EVP_PKEY_CTX *ctx; - unsigned int siglen; - -+ int ret = 0; - EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); -- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa)) -- return 0; -+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) -+ goto err; - ctx = _goboringcrypto_EVP_PKEY_CTX_new(key, NULL /* no engine */); - if (!ctx) -- return 0; -- -- int ret = 0; -+ goto err; - - EVP_MD_CTX *mdctx = NULL; - if (!(mdctx = _goboringcrypto_EVP_MD_CTX_create())) -@@ -67,6 +66,10 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_ - err: - if (mdctx) - _goboringcrypto_EVP_MD_CTX_free(mdctx); -+ if (ctx) -+ _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (key) -+ _goboringcrypto_EVP_PKEY_free(key); - - return ret; - } -@@ -78,18 +81,17 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_ - EVP_PKEY *pkey; - size_t siglen; - -+ int ret = 0; - pkey = _goboringcrypto_EVP_PKEY_new(); - if (!pkey) -- return 0; -+ goto err; - - if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0) -- return 0; -- -+ goto err; -+ - ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */); - if (!ctx) -- return 0; -- -- int ret = 0; -+ goto err; - - if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0) - goto err; -@@ -101,7 +103,7 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_ - goto err; - if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0) - goto err; -- -+ - /* Determine buffer length */ - if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0) - goto err; -@@ -116,7 +118,10 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_ - ret = 1; - - err: -- _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (ctx) -+ _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pkey) -+ _goboringcrypto_EVP_PKEY_free(pkey); - - return ret; - } -@@ -130,14 +135,14 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i - - pkey = _goboringcrypto_EVP_PKEY_new(); - if (!pkey) -- return 0; -+ goto err; - - if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0) -- return 0; -- -+ goto err; -+ - ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */); - if (!ctx) -- return 0; -+ goto err; - - if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0) - goto err; -@@ -155,25 +160,40 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i - ret = 1; - - err: -- _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (ctx) -+ _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pkey) -+ _goboringcrypto_EVP_PKEY_free(pkey); -+ - - return ret; - } - - int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa) - { -+ int result; - EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); -- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa)) -- return 0; -- return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key); -+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) { -+ result = 0; -+ goto err; -+ } -+ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key); -+err: -+ _goboringcrypto_EVP_PKEY_free(key); -+ return result; - } - - int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa) - { -+ int result; - EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new(); -- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa)) -- { -- return 0; -+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) { -+ result = 0; -+ goto err; - } -- return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key); -+ result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key); -+err: -+ _goboringcrypto_EVP_PKEY_free(key); -+ return result; -+ - } -diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go -index 2eefc27..698c08e 100644 ---- a/src/crypto/internal/boring/rsa.go -+++ b/src/crypto/internal/boring/rsa.go -@@ -162,12 +162,23 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int, - return nil, nil, NewOpenSSLError("EVP_PKEY_set_rsa_oaep_md failed") - } - // ctx takes ownership of label, so malloc a copy for BoringCrypto to free. -- clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label)))) -- if clabel == nil { -- return nil, nil, fail("OPENSSL_malloc") -+ var clabel *C.uint8_t -+ clabel = nil -+ // OpenSSL 1.1.1 does not take ownership of the label if the length is zero. -+ // Depending on the malloc implementation, if clabel is allocated with malloc(0), -+ // metadata for the size-zero allocation is never cleaned up, which is a memory leak. -+ // As such, we must only allocate clabel if the label is of non zero length. -+ if len(label) > 0 { -+ clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label)))) -+ if clabel == nil { -+ return nil, nil, fail("OPENSSL_malloc") -+ } -+ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) - } -- copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label) -- if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 { -+ if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) != 1 { -+ if clabel != nil { -+ C.free(unsafe.Pointer(clabel)) -+ } - return nil, nil, NewOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed") - } - } diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch deleted file mode 100644 index 5d9cf82..0000000 --- a/SOURCES/golang-1.15-warnCN.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go -index 50f4d4a..121fd1b 100644 ---- a/src/crypto/x509/verify.go -+++ b/src/crypto/x509/verify.go -@@ -20,6 +20,9 @@ import ( - - // ignoreCN disables interpreting Common Name as a hostname. See issue 24151. - var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0") -+// if using Common Name as a hostname is enabled via x509ignoreCN=0, -+// warnCN enables a warning whenever Common Name is interpreted as a hostname. -+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1") - - type InvalidReason int - -@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error { - names := c.DNSNames - if c.commonNameAsHostname() { - names = []string{c.Subject.CommonName} -+ if warnCN { -+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " + -+ "Using CN without SAN is deprecated and will not work in future versions.\n") -+ } - } - - candidateName := toLowerCaseASCII(h) // Save allocations inside the loop. diff --git a/SOURCES/reject-leading-zeros.patch b/SOURCES/reject-leading-zeros.patch deleted file mode 100644 index 24fa6c8..0000000 --- a/SOURCES/reject-leading-zeros.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff --git a/doc/go1.16.html b/doc/go1.16.html -index 0beb62d..fc6b668 100644 ---- a/doc/go1.16.html -+++ b/doc/go1.16.html -@@ -891,6 +891,14 @@ func TestFoo(t *testing.T) { - is missing; this is common on musl-based systems and makes - Go programs match the behavior of C programs on those systems. -

-+

-+ The ParseIP and ParseCIDR -+ functions now reject IPv4 addresses which contain decimal components with leading zeros. -+ These components were always interpreted as decimal, but some operating systems treat them as octal. -+ This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses -+ which were then used in their original form with non-Go applications which interpreted components as octal. Generally, -+ it is advisable to always re-encoded values after validation, which avoids this class of parser misalignment issues. -+

- - - -diff --git a/src/net/hosts_test.go b/src/net/hosts_test.go -index f850e2f..19c4399 100644 ---- a/src/net/hosts_test.go -+++ b/src/net/hosts_test.go -@@ -36,7 +36,7 @@ var lookupStaticHostTests = []struct { - }, - }, - { -- "testdata/ipv4-hosts", // see golang.org/issue/8996 -+ "testdata/ipv4-hosts", - []staticHostEntry{ - {"localhost", []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"}}, - {"localhost.localdomain", []string{"127.0.0.3"}}, -@@ -102,7 +102,7 @@ var lookupStaticAddrTests = []struct { - }, - }, - { -- "testdata/ipv4-hosts", // see golang.org/issue/8996 -+ "testdata/ipv4-hosts", - []staticHostEntry{ - {"127.0.0.1", []string{"localhost"}}, - {"127.0.0.2", []string{"localhost"}}, -diff --git a/src/net/ip.go b/src/net/ip.go -index c00fe8e..007f3f7 100644 ---- a/src/net/ip.go -+++ b/src/net/ip.go -@@ -552,6 +552,10 @@ func parseIPv4(s string) IP { - if !ok || n > 0xFF { - return nil - } -+ if c > 1 && s[0] == '0' { -+ // Reject non-zero components with leading zeroes. -+ return nil -+ } - s = s[c:] - p[i] = byte(n) - } -diff --git a/src/net/ip_test.go b/src/net/ip_test.go -index a5fc5e6..585381d 100644 ---- a/src/net/ip_test.go -+++ b/src/net/ip_test.go -@@ -20,9 +20,7 @@ var parseIPTests = []struct { - }{ - {"127.0.1.2", IPv4(127, 0, 1, 2)}, - {"127.0.0.1", IPv4(127, 0, 0, 1)}, -- {"127.001.002.003", IPv4(127, 1, 2, 3)}, - {"::ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, -- {"::ffff:127.001.002.003", IPv4(127, 1, 2, 3)}, - {"::ffff:7f01:0203", IPv4(127, 1, 2, 3)}, - {"0:0:0:0:0000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, - {"0:0:0:0:000000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)}, -@@ -42,6 +40,11 @@ var parseIPTests = []struct { - {"fe80::1%911", nil}, - {"", nil}, - {"a1:a2:a3:a4::b1:b2:b3:b4", nil}, // Issue 6628 -+ {"127.001.002.003", nil}, -+ {"::ffff:127.001.002.003", nil}, -+ {"123.000.000.000", nil}, -+ {"1.2..4", nil}, -+ {"0123.0.0.1", nil}, - } - - func TestParseIP(t *testing.T) { -@@ -357,6 +360,7 @@ var parseCIDRTests = []struct { - {"0.0.-2.0/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.-2.0/32"}}, - {"0.0.0.-3/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.-3/32"}}, - {"0.0.0.0/-0", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.0/-0"}}, -+ {"127.000.000.001/32", nil, nil, &ParseError{Type: "CIDR address", Text: "127.000.000.001/32"}}, - {"", nil, nil, &ParseError{Type: "CIDR address", Text: ""}}, - } - -diff --git a/src/net/testdata/ipv4-hosts b/src/net/testdata/ipv4-hosts -index 5208bb4..6b99675 100644 ---- a/src/net/testdata/ipv4-hosts -+++ b/src/net/testdata/ipv4-hosts -@@ -1,12 +1,8 @@ - # See https://tools.ietf.org/html/rfc1123. --# --# The literal IPv4 address parser in the net package is a relaxed --# one. It may accept a literal IPv4 address in dotted-decimal notation --# with leading zeros such as "001.2.003.4". - - # internet address and host name - 127.0.0.1 localhost # inline comment separated by tab --127.000.000.002 localhost # inline comment separated by space -+127.0.0.2 localhost # inline comment separated by space - - # internet address, host name and aliases --127.000.000.003 localhost localhost.localdomain -+127.0.0.3 localhost localhost.localdomain diff --git a/SOURCES/remove_waitgroup_misuse_tests.patch b/SOURCES/remove_waitgroup_misuse_tests.patch new file mode 100644 index 0000000..b643563 --- /dev/null +++ b/SOURCES/remove_waitgroup_misuse_tests.patch @@ -0,0 +1,151 @@ +diff --git a/src/sync/waitgroup_test.go b/src/sync/waitgroup_test.go +index c569e0faa2eb..4ded218d2d8d 100644 +--- a/src/sync/waitgroup_test.go ++++ b/src/sync/waitgroup_test.go +@@ -5,8 +5,6 @@ + package sync_test + + import ( +- "internal/race" +- "runtime" + . "sync" + "sync/atomic" + "testing" +@@ -48,12 +46,6 @@ func TestWaitGroup(t *testing.T) { + } + } + +-func knownRacy(t *testing.T) { +- if race.Enabled { +- t.Skip("skipping known-racy test under the race detector") +- } +-} +- + func TestWaitGroupMisuse(t *testing.T) { + defer func() { + err := recover() +@@ -68,124 +60,6 @@ func TestWaitGroupMisuse(t *testing.T) { + t.Fatal("Should panic") + } + +-// pollUntilEqual blocks until v, loaded atomically, is +-// equal to the target. +-func pollUntilEqual(v *uint32, target uint32) { +- for { +- for i := 0; i < 1e3; i++ { +- if atomic.LoadUint32(v) == target { +- return +- } +- } +- // yield to avoid deadlock with the garbage collector +- // see issue #20072 +- runtime.Gosched() +- } +-} +- +-func TestWaitGroupMisuse2(t *testing.T) { +- knownRacy(t) +- if runtime.NumCPU() <= 4 { +- t.Skip("NumCPU<=4, skipping: this test requires parallelism") +- } +- defer func() { +- err := recover() +- if err != "sync: negative WaitGroup counter" && +- err != "sync: WaitGroup misuse: Add called concurrently with Wait" && +- err != "sync: WaitGroup is reused before previous Wait has returned" { +- t.Fatalf("Unexpected panic: %#v", err) +- } +- }() +- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4)) +- done := make(chan interface{}, 2) +- // The detection is opportunistic, so we want it to panic +- // at least in one run out of a million. +- for i := 0; i < 1e6; i++ { +- var wg WaitGroup +- var here uint32 +- wg.Add(1) +- go func() { +- defer func() { +- done <- recover() +- }() +- atomic.AddUint32(&here, 1) +- pollUntilEqual(&here, 3) +- wg.Wait() +- }() +- go func() { +- defer func() { +- done <- recover() +- }() +- atomic.AddUint32(&here, 1) +- pollUntilEqual(&here, 3) +- wg.Add(1) // This is the bad guy. +- wg.Done() +- }() +- atomic.AddUint32(&here, 1) +- pollUntilEqual(&here, 3) +- wg.Done() +- for j := 0; j < 2; j++ { +- if err := <-done; err != nil { +- panic(err) +- } +- } +- } +- t.Fatal("Should panic") +-} +- +-func TestWaitGroupMisuse3(t *testing.T) { +- knownRacy(t) +- if runtime.NumCPU() <= 1 { +- t.Skip("NumCPU==1, skipping: this test requires parallelism") +- } +- defer func() { +- err := recover() +- if err != "sync: negative WaitGroup counter" && +- err != "sync: WaitGroup misuse: Add called concurrently with Wait" && +- err != "sync: WaitGroup is reused before previous Wait has returned" { +- t.Fatalf("Unexpected panic: %#v", err) +- } +- }() +- defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4)) +- done := make(chan interface{}, 3) +- // The detection is opportunistically, so we want it to panic +- // at least in one run out of a million. +- for i := 0; i < 1e6; i++ { +- var wg WaitGroup +- wg.Add(1) +- go func() { +- defer func() { +- done <- recover() +- }() +- wg.Done() +- }() +- go func() { +- defer func() { +- done <- recover() +- }() +- wg.Wait() +- // Start reusing the wg before waiting for the Wait below to return. +- wg.Add(1) +- go func() { +- wg.Done() +- }() +- wg.Wait() +- }() +- go func() { +- defer func() { +- done <- recover() +- }() +- wg.Wait() +- }() +- for j := 0; j < 3; j++ { +- if err := <-done; err != nil { +- panic(err) +- } +- } +- } +- t.Fatal("Should panic") +-} +- + func TestWaitGroupRace(t *testing.T) { + // Run this test for about 1ms. + for i := 0; i < 1000; i++ { diff --git a/SPECS/golang.spec b/SPECS/golang.spec index d266a66..06c5d7b 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -95,8 +95,8 @@ %global gohostarch s390x %endif -%global go_api 1.16 -%global go_version 1.16.7 +%global go_api 1.17 +%global go_version 1.17.7 %global pkg_release 1 Name: golang @@ -140,20 +140,12 @@ Patch215: go1.5-zoneinfo_testing_only.patch # Proposed patch by jcajka https://golang.org/cl/86541 Patch221: fix_TestScript_list_std.patch -# Add an env var to optionally trigger a warning in x509 when -# Common Name is used as hostname -# rhbz#1889437 -Patch223: golang-1.15-warnCN.patch - -# Fix incorrect parsing of extraneous zeros in net/ip -# https://bugzilla.redhat.com/show_bug.cgi?id=1993316 -# https://go-review.googlesource.com/c/go/+/325829 -Patch1993316: reject-leading-zeros.patch - Patch1939923: skip_test_rhbz1939923.patch -# Fix FIPS mode memory leaks -Patch1951877: fix-crypto-memory-leaks.patch +# These tests has been removed upstream due to +# nondeterministic flakiness +# https://bugzilla.redhat.com/show_bug.cgi?id=2028662 +Patch2028662: remove_waitgroup_misuse_tests.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -248,14 +240,9 @@ Requires: %{name} = %{version}-%{release} %patch221 -p1 -%patch223 -p1 - %patch1939923 -p1 -%patch1993316 -p1 - -%patch1951877 -p1 - +%patch2028662 -p1 cp %{SOURCE1} ./src/runtime/ @@ -326,7 +313,7 @@ rm -rf pkg/bootstrap/bin # install everything into libdir (until symlink problems are fixed) # https://code.google.com/p/go/issues/detail?id=5830 -cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \ +cp -apv api bin doc lib pkg src misc test VERSION \ $RPM_BUILD_ROOT%{goroot} # bz1099206 @@ -414,6 +401,9 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf +# Quick fix for the rhbz#2014704 +sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go + %check export GOROOT=$(pwd -P) export PATH="$GOROOT"/bin:"$PATH" @@ -448,19 +438,23 @@ export GO_TEST_RUN="" %if %{fail_on_tests} -./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN +# TestEd25519Vectors needs network connectivity but it should be cover by +# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127 +export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$" + +./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST # Run tests with FIPS enabled. export GOLANG_FIPS=1 pushd crypto # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later - go test $(go list ./... | grep -v tls) -v + go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST # Check that signature functions have parity between boring and notboring - CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v + CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST popd # Run all FIPS specific TLS tests pushd crypto/tls - go test -v -run "Boring" + go test -v -run "Boring" $DISABLE_Ed25519_TEST popd %else ./run.bash --no-rebuild -v -v -v -k || : @@ -523,6 +517,37 @@ cd .. %endif %changelog +* Thu Feb 17 2022 David Benoit - 1.17.7-1 +- Rebase to Go 1.17.7 +- Remove fips memory leak patch (fixed in tree) +- Resolves: rhbz#2015930 + +* Fri Dec 10 2021 David Benoit - 1.17.5-1 +- Rebase to Go 1.17.5 +- Remove vdso_s390x_gettime patch +- Resolves: rhbz#2031112 +- Related: rhbz#2028570 + +* Fri Dec 03 2021 David Benoit - 1.17.4-1 +- Rebase Go to 1.17.4 +- Add remove_waitgroup_misuse_tests patch +- Related: rhbz#2014088 +- Resolves: rhbz#2028570 +- Resolves: rhbz#2022828 +- Resolves: rhbz#2024686 +- Resolves: rhbz#2028662 + +* Wed Oct 27 2021 Alejandro Sáez - 1.17.2-2 +- Resolves: rhbz#2014704 + +* Tue Oct 12 2021 Alejandro Sáez - 1.17.2-1 +- Rebase to Go 1.17.2 +- Related: rhbz#2014088 +- Remove golang-1.15-warnCN.patch +- Remove reject-leading-zeros.patch +- Remove favicon.ico and robots.txt references +- Exclude TestEd25519Vectors test + * Tue Aug 17 2021 David Benoit - 1.16.7-1 - Rebase to Go 1.16.7 - Resolves: rhbz#1994079