From 75bd780f7eb9d43e15f8d55b220d9c595216d8b8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 10 May 2022 03:03:06 -0400
Subject: [PATCH] import golang-1.17.7-1.module+el8.6.0+14297+32a15e19

---
 .gitignore                                  |   2 +-
 .golang.metadata                            |   2 +-
 SOURCES/fix-crypto-memory-leaks.patch       | 235 --------------------
 SOURCES/golang-1.15-warnCN.patch            |  25 ---
 SOURCES/reject-leading-zeros.patch          | 109 ---------
 SOURCES/remove_waitgroup_misuse_tests.patch | 151 +++++++++++++
 SPECS/golang.spec                           |  77 ++++---
 7 files changed, 202 insertions(+), 399 deletions(-)
 delete mode 100644 SOURCES/fix-crypto-memory-leaks.patch
 delete mode 100644 SOURCES/golang-1.15-warnCN.patch
 delete mode 100644 SOURCES/reject-leading-zeros.patch
 create mode 100644 SOURCES/remove_waitgroup_misuse_tests.patch

diff --git a/.gitignore b/.gitignore
index e55e871..4f71bcf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/go-go-1.16.12-1-openssl-fips.tar.gz
+SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
diff --git a/.golang.metadata b/.golang.metadata
index 02910e5..fde6008 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1 +1 @@
-be6ebf92ddf1788cf30ecfd6c85fdf0245935aeb SOURCES/go-go-1.16.12-1-openssl-fips.tar.gz
+139fe29f985b3feda50c407d194f1a102352388a SOURCES/go-go-1.17.7-1-openssl-fips.tar.gz
diff --git a/SOURCES/fix-crypto-memory-leaks.patch b/SOURCES/fix-crypto-memory-leaks.patch
deleted file mode 100644
index daab969..0000000
--- a/SOURCES/fix-crypto-memory-leaks.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
-index 3585458..ae1607b 100644
---- a/src/crypto/internal/boring/goopenssl.h
-+++ b/src/crypto/internal/boring/goopenssl.h
-@@ -667,6 +667,7 @@ typedef EVP_PKEY GO_EVP_PKEY;
- DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
- DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
- DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
-+DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
- DEFINEFUNC(int, EVP_PKEY_verify,
- 	(EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen),
- 	(ctx, sig, siglen, tbs, tbslen))
-diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
-index 4c14cc9..daa1252 100644
---- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
-+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
-@@ -9,19 +9,32 @@
- int
- _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, GO_EC_KEY *eckey)
- {
-+    int result;
-     EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
--    if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
--        return 0;
--    return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
-+    if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
-+        result = 0;
-+        goto err;
-+    }
-+    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
-+err:
-+    _goboringcrypto_EVP_PKEY_free(key);
-+    return result;
- }
- 
- int
- _goboringcrypto_ECDSA_verify(EVP_MD* md, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, GO_EC_KEY *eckey)
- {
- 
-+    int result;
-     EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
--    if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
--        return 0;
-+    if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
-+        result = 0;
-+        goto err;
-+    }
- 
--    return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
-+    result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
-+
-+err:
-+    _goboringcrypto_EVP_PKEY_free(key);
-+    return result;
- }
-diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
-index a8d047d..2e56499 100644
---- a/src/crypto/internal/boring/openssl_port_rsa.c
-+++ b/src/crypto/internal/boring/openssl_port_rsa.c
-@@ -25,14 +25,13 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
- 	EVP_PKEY_CTX *ctx;
- 	unsigned int siglen;
- 
-+	int ret = 0;
- 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
--	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
--		return 0;
-+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa))
-+		goto err;
- 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(key, NULL /* no engine */);
- 	if (!ctx)
--		return 0;
--
--	int ret = 0;
-+		goto err;
- 
- 	EVP_MD_CTX *mdctx = NULL;
- 	if (!(mdctx = _goboringcrypto_EVP_MD_CTX_create()))
-@@ -67,6 +66,10 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
- err:
- 	if (mdctx)
- 		_goboringcrypto_EVP_MD_CTX_free(mdctx);
-+	if (ctx)
-+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+	if (key)
-+		_goboringcrypto_EVP_PKEY_free(key);
- 
- 	return ret;
- }
-@@ -78,18 +81,17 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
- 	EVP_PKEY *pkey;
- 	size_t siglen;
- 
-+	int ret = 0;
- 	pkey = _goboringcrypto_EVP_PKEY_new();
- 	if (!pkey)
--		return 0;
-+		goto err;
- 
- 	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
--		return 0;
--	
-+		goto err;
-+
- 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
- 	if (!ctx)
--		return 0;
--
--	int ret = 0;
-+		goto err;
- 
- 	if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0)
- 		goto err;
-@@ -101,7 +103,7 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
- 		goto err;
- 	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0)
- 		goto err;
--	
-+
- 	/* Determine buffer length */
- 	if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0)
- 		goto err;
-@@ -116,7 +118,10 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
- 	ret = 1;
- 
- err:
--	_goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+	if (ctx)
-+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+	if (pkey)
-+		_goboringcrypto_EVP_PKEY_free(pkey);
- 
- 	return ret;
- }
-@@ -130,14 +135,14 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
- 
- 	pkey = _goboringcrypto_EVP_PKEY_new();
- 	if (!pkey)
--		return 0;
-+		goto err;
- 
- 	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
--		return 0;
--	
-+		goto err;
-+
- 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
- 	if (!ctx)
--		return 0;
-+		goto err;
- 
- 	if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0)
- 		goto err;
-@@ -155,25 +160,40 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
- 	ret = 1;
- 
- err:
--	_goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+	if (ctx)
-+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+	if (pkey)
-+		_goboringcrypto_EVP_PKEY_free(pkey);
-+
- 
- 	return ret;
- }
- 
- int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
- {
-+	int result;
- 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
--	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
--		return 0;
--	return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
-+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
-+		result = 0;
-+		goto err;
-+	}
-+	result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
-+err:
-+	_goboringcrypto_EVP_PKEY_free(key);
-+	return result;
- }
- 
- int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa)
- {
-+	int result;
- 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
--	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
--	{
--		return 0;
-+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
-+		result = 0;
-+		goto err;
- 	}
--	 return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
-+	result =  _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
-+err:
-+	_goboringcrypto_EVP_PKEY_free(key);
-+	return result;
-+
- }
-diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
-index 2eefc27..698c08e 100644
---- a/src/crypto/internal/boring/rsa.go
-+++ b/src/crypto/internal/boring/rsa.go
-@@ -162,12 +162,23 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
- 			return nil, nil, NewOpenSSLError("EVP_PKEY_set_rsa_oaep_md failed")
- 		}
- 		// ctx takes ownership of label, so malloc a copy for BoringCrypto to free.
--		clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label))))
--		if clabel == nil {
--			return nil, nil, fail("OPENSSL_malloc")
-+		var clabel *C.uint8_t
-+		clabel = nil
-+		// OpenSSL 1.1.1 does not take ownership of the label if the length is zero.
-+		// Depending on the malloc implementation, if clabel is allocated with malloc(0),
-+		// metadata for the size-zero allocation is never cleaned up, which is a memory leak.
-+		// As such, we must only allocate clabel if the label is of non zero length.
-+		if len(label) > 0 {
-+			clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label))))
-+			if clabel == nil {
-+				return nil, nil, fail("OPENSSL_malloc")
-+			}
-+			copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
- 		}
--		copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
--		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 {
-+		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) != 1 {
-+			if clabel != nil {
-+				C.free(unsafe.Pointer(clabel))
-+			}
- 			return nil, nil, NewOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed")
- 		}
- 	}
diff --git a/SOURCES/golang-1.15-warnCN.patch b/SOURCES/golang-1.15-warnCN.patch
deleted file mode 100644
index 5d9cf82..0000000
--- a/SOURCES/golang-1.15-warnCN.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
-index 50f4d4a..121fd1b 100644
---- a/src/crypto/x509/verify.go
-+++ b/src/crypto/x509/verify.go
-@@ -20,6 +20,9 @@ import (
- 
- // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
- var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
-+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
-+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
-+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
- 
- type InvalidReason int
- 
-@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
- 	names := c.DNSNames
- 	if c.commonNameAsHostname() {
- 		names = []string{c.Subject.CommonName}
-+		if warnCN {
-+			fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
-+				"Using CN without SAN is deprecated and will not work in future versions.\n")
-+		}
- 	}
- 
- 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
diff --git a/SOURCES/reject-leading-zeros.patch b/SOURCES/reject-leading-zeros.patch
deleted file mode 100644
index 24fa6c8..0000000
--- a/SOURCES/reject-leading-zeros.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-diff --git a/doc/go1.16.html b/doc/go1.16.html
-index 0beb62d..fc6b668 100644
---- a/doc/go1.16.html
-+++ b/doc/go1.16.html
-@@ -891,6 +891,14 @@ func TestFoo(t *testing.T) {
-       is missing; this is common on musl-based systems and makes
-       Go programs match the behavior of C programs on those systems.
-     </p>
-+    <p><!-- CL325829 -->
-+      The <a href="/pkg/net/#ParseIP"><code>ParseIP</code></a> and <a href="/pkg/net/#ParseCIDR"><code>ParseCIDR</code></a>
-+      functions now reject IPv4 addresses which contain decimal components with leading zeros.
-+      These components were always interpreted as decimal, but some operating systems treat them as octal.
-+      This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses
-+      which were then used in their original form with non-Go applications which interpreted components as octal. Generally,
-+      it is advisable to always re-encoded values after validation, which avoids this class of parser misalignment issues.
-+    </p>
-   </dd>
- </dl><!-- net -->
- 
-diff --git a/src/net/hosts_test.go b/src/net/hosts_test.go
-index f850e2f..19c4399 100644
---- a/src/net/hosts_test.go
-+++ b/src/net/hosts_test.go
-@@ -36,7 +36,7 @@ var lookupStaticHostTests = []struct {
- 		},
- 	},
- 	{
--		"testdata/ipv4-hosts", // see golang.org/issue/8996
-+		"testdata/ipv4-hosts",
- 		[]staticHostEntry{
- 			{"localhost", []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"}},
- 			{"localhost.localdomain", []string{"127.0.0.3"}},
-@@ -102,7 +102,7 @@ var lookupStaticAddrTests = []struct {
- 		},
- 	},
- 	{
--		"testdata/ipv4-hosts", // see golang.org/issue/8996
-+		"testdata/ipv4-hosts",
- 		[]staticHostEntry{
- 			{"127.0.0.1", []string{"localhost"}},
- 			{"127.0.0.2", []string{"localhost"}},
-diff --git a/src/net/ip.go b/src/net/ip.go
-index c00fe8e..007f3f7 100644
---- a/src/net/ip.go
-+++ b/src/net/ip.go
-@@ -552,6 +552,10 @@ func parseIPv4(s string) IP {
- 		if !ok || n > 0xFF {
- 			return nil
- 		}
-+		if c > 1 && s[0] == '0' {
-+			// Reject non-zero components with leading zeroes.
-+			return nil
-+		}
- 		s = s[c:]
- 		p[i] = byte(n)
- 	}
-diff --git a/src/net/ip_test.go b/src/net/ip_test.go
-index a5fc5e6..585381d 100644
---- a/src/net/ip_test.go
-+++ b/src/net/ip_test.go
-@@ -20,9 +20,7 @@ var parseIPTests = []struct {
- }{
- 	{"127.0.1.2", IPv4(127, 0, 1, 2)},
- 	{"127.0.0.1", IPv4(127, 0, 0, 1)},
--	{"127.001.002.003", IPv4(127, 1, 2, 3)},
- 	{"::ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
--	{"::ffff:127.001.002.003", IPv4(127, 1, 2, 3)},
- 	{"::ffff:7f01:0203", IPv4(127, 1, 2, 3)},
- 	{"0:0:0:0:0000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
- 	{"0:0:0:0:000000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
-@@ -42,6 +40,11 @@ var parseIPTests = []struct {
- 	{"fe80::1%911", nil},
- 	{"", nil},
- 	{"a1:a2:a3:a4::b1:b2:b3:b4", nil}, // Issue 6628
-+	{"127.001.002.003", nil},
-+	{"::ffff:127.001.002.003", nil},
-+	{"123.000.000.000", nil},
-+	{"1.2..4", nil},
-+	{"0123.0.0.1", nil},
- }
- 
- func TestParseIP(t *testing.T) {
-@@ -357,6 +360,7 @@ var parseCIDRTests = []struct {
- 	{"0.0.-2.0/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.-2.0/32"}},
- 	{"0.0.0.-3/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.-3/32"}},
- 	{"0.0.0.0/-0", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.0/-0"}},
-+	{"127.000.000.001/32", nil, nil, &ParseError{Type: "CIDR address", Text: "127.000.000.001/32"}},
- 	{"", nil, nil, &ParseError{Type: "CIDR address", Text: ""}},
- }
- 
-diff --git a/src/net/testdata/ipv4-hosts b/src/net/testdata/ipv4-hosts
-index 5208bb4..6b99675 100644
---- a/src/net/testdata/ipv4-hosts
-+++ b/src/net/testdata/ipv4-hosts
-@@ -1,12 +1,8 @@
- # See https://tools.ietf.org/html/rfc1123.
--#
--# The literal IPv4 address parser in the net package is a relaxed
--# one. It may accept a literal IPv4 address in dotted-decimal notation
--# with leading zeros such as "001.2.003.4".
- 
- # internet address and host name
- 127.0.0.1	localhost	# inline comment separated by tab
--127.000.000.002	localhost       # inline comment separated by space
-+127.0.0.2	localhost   # inline comment separated by space
- 
- # internet address, host name and aliases
--127.000.000.003	localhost	localhost.localdomain
-+127.0.0.3	localhost	localhost.localdomain
diff --git a/SOURCES/remove_waitgroup_misuse_tests.patch b/SOURCES/remove_waitgroup_misuse_tests.patch
new file mode 100644
index 0000000..b643563
--- /dev/null
+++ b/SOURCES/remove_waitgroup_misuse_tests.patch
@@ -0,0 +1,151 @@
+diff --git a/src/sync/waitgroup_test.go b/src/sync/waitgroup_test.go
+index c569e0faa2eb..4ded218d2d8d 100644
+--- a/src/sync/waitgroup_test.go
++++ b/src/sync/waitgroup_test.go
+@@ -5,8 +5,6 @@
+ package sync_test
+ 
+ import (
+-	"internal/race"
+-	"runtime"
+ 	. "sync"
+ 	"sync/atomic"
+ 	"testing"
+@@ -48,12 +46,6 @@ func TestWaitGroup(t *testing.T) {
+ 	}
+ }
+ 
+-func knownRacy(t *testing.T) {
+-	if race.Enabled {
+-		t.Skip("skipping known-racy test under the race detector")
+-	}
+-}
+-
+ func TestWaitGroupMisuse(t *testing.T) {
+ 	defer func() {
+ 		err := recover()
+@@ -68,124 +60,6 @@ func TestWaitGroupMisuse(t *testing.T) {
+ 	t.Fatal("Should panic")
+ }
+ 
+-// pollUntilEqual blocks until v, loaded atomically, is
+-// equal to the target.
+-func pollUntilEqual(v *uint32, target uint32) {
+-	for {
+-		for i := 0; i < 1e3; i++ {
+-			if atomic.LoadUint32(v) == target {
+-				return
+-			}
+-		}
+-		// yield to avoid deadlock with the garbage collector
+-		// see issue #20072
+-		runtime.Gosched()
+-	}
+-}
+-
+-func TestWaitGroupMisuse2(t *testing.T) {
+-	knownRacy(t)
+-	if runtime.NumCPU() <= 4 {
+-		t.Skip("NumCPU<=4, skipping: this test requires parallelism")
+-	}
+-	defer func() {
+-		err := recover()
+-		if err != "sync: negative WaitGroup counter" &&
+-			err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
+-			err != "sync: WaitGroup is reused before previous Wait has returned" {
+-			t.Fatalf("Unexpected panic: %#v", err)
+-		}
+-	}()
+-	defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
+-	done := make(chan interface{}, 2)
+-	// The detection is opportunistic, so we want it to panic
+-	// at least in one run out of a million.
+-	for i := 0; i < 1e6; i++ {
+-		var wg WaitGroup
+-		var here uint32
+-		wg.Add(1)
+-		go func() {
+-			defer func() {
+-				done <- recover()
+-			}()
+-			atomic.AddUint32(&here, 1)
+-			pollUntilEqual(&here, 3)
+-			wg.Wait()
+-		}()
+-		go func() {
+-			defer func() {
+-				done <- recover()
+-			}()
+-			atomic.AddUint32(&here, 1)
+-			pollUntilEqual(&here, 3)
+-			wg.Add(1) // This is the bad guy.
+-			wg.Done()
+-		}()
+-		atomic.AddUint32(&here, 1)
+-		pollUntilEqual(&here, 3)
+-		wg.Done()
+-		for j := 0; j < 2; j++ {
+-			if err := <-done; err != nil {
+-				panic(err)
+-			}
+-		}
+-	}
+-	t.Fatal("Should panic")
+-}
+-
+-func TestWaitGroupMisuse3(t *testing.T) {
+-	knownRacy(t)
+-	if runtime.NumCPU() <= 1 {
+-		t.Skip("NumCPU==1, skipping: this test requires parallelism")
+-	}
+-	defer func() {
+-		err := recover()
+-		if err != "sync: negative WaitGroup counter" &&
+-			err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
+-			err != "sync: WaitGroup is reused before previous Wait has returned" {
+-			t.Fatalf("Unexpected panic: %#v", err)
+-		}
+-	}()
+-	defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
+-	done := make(chan interface{}, 3)
+-	// The detection is opportunistically, so we want it to panic
+-	// at least in one run out of a million.
+-	for i := 0; i < 1e6; i++ {
+-		var wg WaitGroup
+-		wg.Add(1)
+-		go func() {
+-			defer func() {
+-				done <- recover()
+-			}()
+-			wg.Done()
+-		}()
+-		go func() {
+-			defer func() {
+-				done <- recover()
+-			}()
+-			wg.Wait()
+-			// Start reusing the wg before waiting for the Wait below to return.
+-			wg.Add(1)
+-			go func() {
+-				wg.Done()
+-			}()
+-			wg.Wait()
+-		}()
+-		go func() {
+-			defer func() {
+-				done <- recover()
+-			}()
+-			wg.Wait()
+-		}()
+-		for j := 0; j < 3; j++ {
+-			if err := <-done; err != nil {
+-				panic(err)
+-			}
+-		}
+-	}
+-	t.Fatal("Should panic")
+-}
+-
+ func TestWaitGroupRace(t *testing.T) {
+ 	// Run this test for about 1ms.
+ 	for i := 0; i < 1000; i++ {
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index 8d271f7..06c5d7b 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -95,8 +95,8 @@
 %global gohostarch  s390x
 %endif
 
-%global go_api 1.16
-%global go_version 1.16.12
+%global go_api 1.17
+%global go_version 1.17.7
 %global pkg_release 1
 
 Name:           golang
@@ -140,20 +140,12 @@ Patch215:       go1.5-zoneinfo_testing_only.patch
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch
 
-# Add an env var to optionally trigger a warning in x509 when
-# Common Name is used as hostname
-# rhbz#1889437
-Patch223:       golang-1.15-warnCN.patch
-
-# Fix incorrect parsing of extraneous zeros in net/ip
-# https://bugzilla.redhat.com/show_bug.cgi?id=1993316
-# https://go-review.googlesource.com/c/go/+/325829
-Patch1993316: reject-leading-zeros.patch
-
 Patch1939923:   skip_test_rhbz1939923.patch
 
-# Fix FIPS mode memory leaks
-Patch1951877: fix-crypto-memory-leaks.patch
+# These tests has been removed upstream due to
+# nondeterministic flakiness
+# https://bugzilla.redhat.com/show_bug.cgi?id=2028662
+Patch2028662: 	remove_waitgroup_misuse_tests.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -248,14 +240,9 @@ Requires:       %{name} = %{version}-%{release}
 
 %patch221 -p1
 
-%patch223 -p1
-
 %patch1939923 -p1
 
-%patch1993316 -p1
-
-%patch1951877 -p1
-
+%patch2028662 -p1
 
 cp %{SOURCE1} ./src/runtime/
 
@@ -326,7 +313,7 @@ rm -rf pkg/bootstrap/bin
 
 # install everything into libdir (until symlink problems are fixed)
 # https://code.google.com/p/go/issues/detail?id=5830
-cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \
+cp -apv api bin doc lib pkg src misc test VERSION \
    $RPM_BUILD_ROOT%{goroot}
 
 # bz1099206
@@ -414,6 +401,9 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d
 cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf
 
+# Quick fix for the rhbz#2014704
+sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go
+
 %check
 export GOROOT=$(pwd -P)
 export PATH="$GOROOT"/bin:"$PATH"
@@ -448,19 +438,23 @@ export GO_TEST_RUN=""
 
 %if %{fail_on_tests}
 
-./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
+# TestEd25519Vectors needs network connectivity but it should be cover by
+# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
+export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
+
+./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST
 
 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
 pushd crypto
   # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list ./... | grep -v tls) -v
+  go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
   # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  go test -v -run "Boring"
+  go test -v -run "Boring" $DISABLE_Ed25519_TEST
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@@ -523,9 +517,36 @@ cd ..
 %endif
 
 %changelog
-* Fri Dec 10 2021 David Benoit <dbenoit@redhat.com> - 1.16.12-1
-- Rebase to Go 1.16.12
-- Resolves: rhbz#2031125
+* Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
+- Rebase to Go 1.17.7
+- Remove fips memory leak patch (fixed in tree)
+- Resolves: rhbz#2015930
+
+* Fri Dec 10 2021 David Benoit <dbenoit@redhat.com> - 1.17.5-1
+- Rebase to Go 1.17.5
+- Remove vdso_s390x_gettime patch
+- Resolves: rhbz#2031112
+- Related: rhbz#2028570
+
+* Fri Dec 03 2021 David Benoit <dbenoit@redhat.com> - 1.17.4-1
+- Rebase Go to 1.17.4
+- Add remove_waitgroup_misuse_tests patch
+- Related: rhbz#2014088
+- Resolves: rhbz#2028570
+- Resolves: rhbz#2022828
+- Resolves: rhbz#2024686
+- Resolves: rhbz#2028662
+
+* Wed Oct 27 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-2
+- Resolves: rhbz#2014704
+
+* Tue Oct 12 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+- Rebase to Go 1.17.2
+- Related: rhbz#2014088
+- Remove golang-1.15-warnCN.patch
+- Remove reject-leading-zeros.patch
+- Remove favicon.ico and robots.txt references
+- Exclude TestEd25519Vectors test 
 
 * Tue Aug 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.7-1
 - Rebase to Go 1.16.7