Rebase to go1.14.6

Security fix for CVE-2020-14040 and CVE-2020-15586
Resolves: BZ#1842708, BZ#1856957, BZ#1853653

.gitignore

@@ -85,3 +85,4 @@
 /go1.14.2.src.tar.gz
 /go1.14.3.src.tar.gz
 /go1.14.4.src.tar.gz
+/go1.14.6.src.tar.gz

0004-ppc64le-fix-missing-deferreturn.patch

@@ -1,178 +0,0 @@
-From 457c3cea934db4b8883c9b932912367e02170a61 Mon Sep 17 00:00:00 2001
-From: Cherry Zhang <cherryyz@google.com>
-Date: Fri, 03 Jul 2020 14:28:15 -0400
-Subject: [PATCH] [release-branch.go1.14] cmd/link: detect trampoline of deferreturn call
-
-This is a backport of CL 234105. This is not a clean cherry-pick,
-as CL 234105 is for the new linker, whereas we still use the old
-linker here. This CL backports the logic.
-
-The runtime needs to find the PC of the deferreturn call in a few
-places. So for functions that have defer, we record the PC of
-deferreturn call in its funcdata.
-
-For very large binaries, the deferreturn call could be made
-through a trampoline. The current code of finding deferreturn PC
-fails in this case. This CL handles the trampoline as well.
-
-Fixes #39991.
-Updates #39049.
-
-Change-Id: I929be54d6ae436f5294013793217dc2a35f080d4
-Reviewed-on: https://go-review.googlesource.com/c/go/+/234105
-Run-TryBot: Cherry Zhang <cherryyz@google.com>
-TryBot-Result: Gobot Gobot <gobot@golang.org>
-Reviewed-by: Jeremy Faller <jeremy@golang.org>
-Reviewed-by: Than McIntosh <thanm@google.com>
----
-
-diff --git a/src/cmd/link/internal/arm/asm.go b/src/cmd/link/internal/arm/asm.go
-index f2fb654..c4f529a 100644
---- a/src/cmd/link/internal/arm/asm.go
-+++ b/src/cmd/link/internal/arm/asm.go
-@@ -470,8 +470,12 @@
- 			offset := (signext24(r.Add&0xffffff) + 2) * 4
- 			var tramp *sym.Symbol
- 			for i := 0; ; i++ {
--				name := r.Sym.Name + fmt.Sprintf("%+d-tramp%d", offset, i)
-+				oName := r.Sym.Name
-+				name := oName + fmt.Sprintf("%+d-tramp%d", offset, i)
- 				tramp = ctxt.Syms.Lookup(name, int(r.Sym.Version))
-+				if oName == "runtime.deferreturn" {
-+					tramp.Attr.Set(sym.AttrDeferReturnTramp, true)
-+				}
- 				if tramp.Type == sym.SDYNIMPORT {
- 					// don't reuse trampoline defined in other module
- 					continue
-diff --git a/src/cmd/link/internal/ld/pcln.go b/src/cmd/link/internal/ld/pcln.go
-index 3e8135c..43e1661 100644
---- a/src/cmd/link/internal/ld/pcln.go
-+++ b/src/cmd/link/internal/ld/pcln.go
-@@ -276,7 +276,7 @@
- 				// set the resumption point to PC_B.
- 				lastWasmAddr = uint32(r.Add)
- 			}
--			if r.Type.IsDirectCall() && r.Sym != nil && r.Sym.Name == "runtime.deferreturn" {
-+			if r.Type.IsDirectCall() && r.Sym != nil && (r.Sym.Name == "runtime.deferreturn" || r.Sym.Attr.DeferReturnTramp()) {
- 				if ctxt.Arch.Family == sys.Wasm {
- 					deferreturn = lastWasmAddr - 1
- 				} else {
-diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
-index 9fbcff5..e84689d 100644
---- a/src/cmd/link/internal/ppc64/asm.go
-+++ b/src/cmd/link/internal/ppc64/asm.go
-@@ -667,7 +667,8 @@
- 				// target is at some offset within the function.  Calls to duff+8 and duff+256 must appear as
- 				// distinct trampolines.
- 
--				name := r.Sym.Name
-+				oName := r.Sym.Name
-+				name := oName
- 				if r.Add == 0 {
- 					name = name + fmt.Sprintf("-tramp%d", i)
- 				} else {
-@@ -677,6 +678,9 @@
- 				// Look up the trampoline in case it already exists
- 
- 				tramp = ctxt.Syms.Lookup(name, int(r.Sym.Version))
-+				if oName == "runtime.deferreturn" {
-+					tramp.Attr.Set(sym.AttrDeferReturnTramp, true)
-+				}
- 				if tramp.Value == 0 {
- 					break
- 				}
-diff --git a/src/cmd/link/internal/sym/attribute.go b/src/cmd/link/internal/sym/attribute.go
-index 4b69bf3..773b6a4 100644
---- a/src/cmd/link/internal/sym/attribute.go
-+++ b/src/cmd/link/internal/sym/attribute.go
-@@ -81,7 +81,10 @@
- 	// AttrReadOnly indicates whether the symbol's content (Symbol.P) is backed by
- 	// read-only memory.
- 	AttrReadOnly
--	// 19 attributes defined so far.
-+	// AttrDeferReturnTramp indicates the symbol is a trampoline of a deferreturn
-+	// call.
-+	AttrDeferReturnTramp
-+	// 20 attributes defined so far.
- )
- 
- func (a Attribute) DuplicateOK() bool      { return a&AttrDuplicateOK != 0 }
-@@ -103,6 +106,7 @@
- func (a Attribute) Container() bool        { return a&AttrContainer != 0 }
- func (a Attribute) TopFrame() bool         { return a&AttrTopFrame != 0 }
- func (a Attribute) ReadOnly() bool         { return a&AttrReadOnly != 0 }
-+func (a Attribute) DeferReturnTramp() bool { return a&AttrDeferReturnTramp != 0 }
- 
- func (a Attribute) CgoExport() bool {
- 	return a.CgoExportDynamic() || a.CgoExportStatic()
-diff --git a/src/cmd/link/link_test.go b/src/cmd/link/link_test.go
-index 4f792bd..f5efb51 100644
---- a/src/cmd/link/link_test.go
-+++ b/src/cmd/link/link_test.go
-@@ -447,3 +447,66 @@
- 		t.Errorf("unexpected output:\n%s", out)
- 	}
- }
-+
-+const testTrampSrc = `
-+package main
-+import "fmt"
-+func main() {
-+	fmt.Println("hello")
-+
-+	defer func(){
-+		if e := recover(); e == nil {
-+			panic("did not panic")
-+		}
-+	}()
-+	f1()
-+}
-+
-+// Test deferreturn trampolines. See issue #39049.
-+func f1() { defer f2() }
-+func f2() { panic("XXX") }
-+`
-+
-+func TestTrampoline(t *testing.T) {
-+	// Test that trampoline insertion works as expected.
-+	// For stress test, we set -debugtramp=2 flag, which sets a very low
-+	// threshold for trampoline generation, and essentially all cross-package
-+	// calls will use trampolines.
-+	switch runtime.GOARCH {
-+	case "arm", "ppc64", "ppc64le":
-+	default:
-+		t.Skipf("trampoline insertion is not implemented on %s", runtime.GOARCH)
-+	}
-+	if runtime.GOOS == "aix" {
-+		t.Skip("trampolines on AIX doesn't work in Go 1.14") // fixed in Go 1.15
-+	}
-+
-+	testenv.MustHaveGoBuild(t)
-+
-+	tmpdir, err := ioutil.TempDir("", "TestTrampoline")
-+	if err != nil {
-+		t.Fatal(err)
-+	}
-+	defer os.RemoveAll(tmpdir)
-+
-+	src := filepath.Join(tmpdir, "hello.go")
-+	err = ioutil.WriteFile(src, []byte(testTrampSrc), 0666)
-+	if err != nil {
-+		t.Fatal(err)
-+	}
-+	exe := filepath.Join(tmpdir, "hello.exe")
-+
-+	cmd := exec.Command(testenv.GoToolPath(t), "build", "-ldflags=-debugtramp=2", "-o", exe, src)
-+	out, err := cmd.CombinedOutput()
-+	if err != nil {
-+		t.Fatalf("build failed: %v\n%s", err, out)
-+	}
-+	cmd = exec.Command(exe)
-+	out, err = cmd.CombinedOutput()
-+	if err != nil {
-+		t.Errorf("executable failed to run: %v\n%s", err, out)
-+	}
-+	if string(out) != "hello\n" {
-+		t.Errorf("unexpected output:\n%s", out)
-+	}
-+}

golang.spec

@@ -105,10 +105,10 @@
 %endif
 
 %global go_api 1.14
-%global go_version 1.14.4
+%global go_version 1.14.6
 
 Name:           golang
-Version:        1.14.4
+Version:        1.14.6
 Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
@@ -220,7 +220,6 @@ Requires:       go-srpm-macros
 Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
 Patch3:       0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
-Patch4:       0004-ppc64le-fix-missing-deferreturn.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -592,6 +591,11 @@ fi
 %endif
 
 %changelog
+* Mon Jul 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14.6-1
+- Rebase to go1.14.6
+- Security fix for CVE-2020-14040 and CVE-2020-15586
+- Resolves: BZ#1842708, BZ#1856957, BZ#1853653
+
 * Tue Jun 30 2020 Alejandro Sáez <asm@redhat.com> - 1.14.4-1
 - Rebase to go1.14.4
 - Add patch that fixes: https://golang.org/issue/39991

sources

@@ -1 +1 @@
-SHA512 (go1.14.4.src.tar.gz) = b0d657ea33331062db5a4da0aff14798f292ca967a53665af1a93e04eba7a03e49a3dbc4768c4f099ec5ff25a31885750f7658f819057057093e2d7bfb085575
+SHA512 (go1.14.6.src.tar.gz) = 5c865c8272fb0dc8eab1514732b0200dbc867276512714dd30afc658a0d2afac6bd758e00c6f576d8d254e411418a52a564c895399b56cfe06c2b1785271a8fd