import CS golang-1.22.5-2.el9
This commit is contained in:
parent
83d64ef82b
commit
78edc0efd1
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
SOURCES/go1.21.7-1-openssl-fips.tar.gz
|
SOURCES/compiler-rt-18.1.8.src.tar.xz
|
||||||
SOURCES/go1.21.7.tar.gz
|
SOURCES/go1.22.5-1-openssl-fips.tar.gz
|
||||||
|
SOURCES/go1.22.5.tar.gz
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz
|
6ecbfa5516b60adb4e4e60f991b0d8ddf5aab12a SOURCES/compiler-rt-18.1.8.src.tar.xz
|
||||||
1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz
|
aa46d1a360c3c9e85a2c5b75dfa927d3d4ccf016 SOURCES/go1.22.5-1-openssl-fips.tar.gz
|
||||||
|
38de97e677498c347fb7350e40a5d61be29973f9 SOURCES/go1.22.5.tar.gz
|
||||||
|
@ -1,288 +0,0 @@
|
|||||||
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
|
|
||||||
index 5f258a2..5dbbc42 100644
|
|
||||||
--- a/src/crypto/internal/backend/nobackend.go
|
|
||||||
+++ b/src/crypto/internal/backend/nobackend.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
|
|
||||||
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
|
||||||
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
|
|
||||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
|
|
||||||
|
|
||||||
package backend
|
|
||||||
|
|
||||||
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
|
|
||||||
index d6d99b1..f2fe332 100644
|
|
||||||
--- a/src/crypto/internal/boring/goboringcrypto.h
|
|
||||||
+++ b/src/crypto/internal/boring/goboringcrypto.h
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// Copyright 2017 The Go Authors. All rights reserved.
|
|
||||||
+// +build !static
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
|
|
||||||
index b338754..db5ea1e 100644
|
|
||||||
--- a/src/crypto/internal/boring/syso/syso.go
|
|
||||||
+++ b/src/crypto/internal/boring/syso/syso.go
|
|
||||||
@@ -2,7 +2,7 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build boringcrypto
|
|
||||||
+//go:build boringcrypto && !static
|
|
||||||
|
|
||||||
// This package only exists with GOEXPERIMENT=boringcrypto.
|
|
||||||
// It provides the actual syso file.
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
|
||||||
index 079fc3c..e826d0b 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
|
||||||
index 0b61e79..94d0c98 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
|
||||||
index afec529..d822152 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
|
||||||
index 6d6a562..17cc314 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// Copyright 2017 The Go Authors. All rights reserved.
|
|
||||||
+// +build !static
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
// +build linux
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
|
||||||
index ae40b93..17bc075 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
|
||||||
index 6f00177..f466b18 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
|
||||||
index 7c0b5d6..262af07 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
|
|
||||||
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
|
||||||
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
|
|
||||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
|
||||||
index d49194d..ff15054 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
|
||||||
index 2349db1..57fbb04 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// +build linux
|
|
||||||
+// +build !static
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
// +build !cmd_go_bootstrap
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
|
||||||
index 4379019..5034c46 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// +build linux
|
|
||||||
+// +build !static
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
// +build !cmd_go_bootstrap
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
|
||||||
index 49d40a7..3b3dbf8 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// +build linux
|
|
||||||
+// +build !static
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
// +build !cmd_go_bootstrap
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
|
||||||
index 7eb645e..1c3225a 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// This file contains a port of the BoringSSL AEAD interface.
|
|
||||||
+// +build !static
|
|
||||||
// +build linux
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
|
||||||
index df4ebe3..876393b 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// +build linux
|
|
||||||
+// +build !static
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
// +build !cmd_go_bootstrap
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
|
||||||
index 2eedd5b..04510d3 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// This file contains a backport of the EVP_md5_sha1 method.
|
|
||||||
+// +build !static
|
|
||||||
// +build linux
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
|
||||||
index 362d9e5..bebafef 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// This file contains HMAC portability wrappers.
|
|
||||||
+// +build !static
|
|
||||||
// +build linux
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
|
||||||
index 2824147..8bc1d85 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// This file contains RSA portability wrappers.
|
|
||||||
+// +build !static
|
|
||||||
// +build linux
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
|
||||||
index 22bd865..b7aa26b 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
// +build linux
|
|
||||||
+// +build !static
|
|
||||||
// +build !android
|
|
||||||
// +build !no_openssl
|
|
||||||
// +build !cmd_go_bootstrap
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
|
||||||
index b3668b8..dcdae70 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
|
||||||
index 915c840..8623d9d 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
||||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
|
||||||
index 0b55ced..57309c0 100644
|
|
||||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
|
||||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
|
||||||
@@ -2,8 +2,8 @@
|
|
||||||
// Use of this source code is governed by a BSD-style
|
|
||||||
// license that can be found in the LICENSE file.
|
|
||||||
|
|
||||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
|
||||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
|
||||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
|
||||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
|
||||||
|
|
||||||
package openssl
|
|
||||||
|
|
@ -1,13 +0,0 @@
|
|||||||
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
|
|
||||||
index 36a20e8b2a..8c2dd1b44b 100644
|
|
||||||
--- a/src/cmd/dist/test.go
|
|
||||||
+++ b/src/cmd/dist/test.go
|
|
||||||
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
|
|
||||||
} else {
|
|
||||||
panic("unknown linkmode with static build: " + linkmode)
|
|
||||||
}
|
|
||||||
- gt.tags = append(gt.tags, "static")
|
|
||||||
+ gt.tags = append(gt.tags, "static", "no_openssl")
|
|
||||||
}
|
|
||||||
gt.ldflags = strings.Join(ldflags, " ")
|
|
||||||
|
|
44
SOURCES/fix-standard-crypto-panic.patch
Normal file
44
SOURCES/fix-standard-crypto-panic.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
|
||||||
|
index 3d3a9a36ee..8dc2d46b52 100644
|
||||||
|
--- a/src/crypto/internal/backend/openssl.go
|
||||||
|
+++ b/src/crypto/internal/backend/openssl.go
|
||||||
|
@@ -25,6 +25,22 @@ var enabled bool
|
||||||
|
var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
+ // 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
|
||||||
|
+ // 1: FIPS required: abort the process if it is not enabled and can't be enabled.
|
||||||
|
+ // other values: do not override OpenSSL configured FIPS mode.
|
||||||
|
+ var fips string
|
||||||
|
+ if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
|
||||||
|
+ fips = v
|
||||||
|
+ } else if hostFIPSModeEnabled() {
|
||||||
|
+ // System configuration can only force FIPS mode.
|
||||||
|
+ fips = "1"
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Use Go standard crypto, do not load openssl
|
||||||
|
+ if (fips != "1") {
|
||||||
|
+ return
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
|
||||||
|
if version == "" {
|
||||||
|
var fallbackVersion string
|
||||||
|
@@ -49,16 +65,6 @@ func init() {
|
||||||
|
if err := openssl.Init(version); err != nil {
|
||||||
|
panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
|
||||||
|
}
|
||||||
|
- // 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
|
||||||
|
- // 1: FIPS required: abort the process if it is not enabled and can't be enabled.
|
||||||
|
- // other values: do not override OpenSSL configured FIPS mode.
|
||||||
|
- var fips string
|
||||||
|
- if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
|
||||||
|
- fips = v
|
||||||
|
- } else if hostFIPSModeEnabled() {
|
||||||
|
- // System configuration can only force FIPS mode.
|
||||||
|
- fips = "1"
|
||||||
|
- }
|
||||||
|
switch fips {
|
||||||
|
case "0":
|
||||||
|
if openssl.FIPS() {
|
@ -1,22 +1,27 @@
|
|||||||
From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
|
From d6e201910aa29262851c9274a4cd3645022d3539 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
||||||
Date: Fri, 9 Feb 2024 20:06:16 +0100
|
Date: Tue, 9 Apr 2024 10:05:46 +0200
|
||||||
Subject: [PATCH] Set GOTOOLCHAIN to local
|
Subject: [PATCH] Modify environment variables defaults
|
||||||
|
|
||||||
|
- Set GOTOOLCHAIN to local
|
||||||
|
- Set GOAMD64 to v2
|
||||||
---
|
---
|
||||||
go.env | 2 +-
|
go.env | 5 ++++-
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/go.env b/go.env
|
diff --git a/go.env b/go.env
|
||||||
index 6ff2b921d4..e87f6e7b6d 100644
|
index 6ff2b921d4..aadcda023b 100644
|
||||||
--- a/go.env
|
--- a/go.env
|
||||||
+++ b/go.env
|
+++ b/go.env
|
||||||
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
|
@@ -9,4 +9,7 @@ GOSUMDB=sum.golang.org
|
||||||
|
|
||||||
# Automatically download newer toolchains as directed by go.mod files.
|
# Automatically download newer toolchains as directed by go.mod files.
|
||||||
# See https://go.dev/doc/toolchain for details.
|
# See https://go.dev/doc/toolchain for details.
|
||||||
-GOTOOLCHAIN=auto
|
-GOTOOLCHAIN=auto
|
||||||
+GOTOOLCHAIN=local
|
+GOTOOLCHAIN=local
|
||||||
|
+
|
||||||
|
+# The AMD64 baseline for RHEL9 is v2.
|
||||||
|
+GOAMD64=v2
|
||||||
--
|
--
|
||||||
2.43.0
|
2.44.0
|
||||||
|
|
||||||
|
27
SOURCES/skip_TestCrashDumpsAllThreads.patch
Normal file
27
SOURCES/skip_TestCrashDumpsAllThreads.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
||||||
|
Date: Wed, 27 Mar 2024 17:15:48 +0100
|
||||||
|
Subject: [PATCH] Skip TestCrashDumpsAllThreads
|
||||||
|
|
||||||
|
---
|
||||||
|
src/runtime/crash_unix_test.go | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
|
||||||
|
index 123a462423..a0034d6455 100644
|
||||||
|
--- a/src/runtime/crash_unix_test.go
|
||||||
|
+++ b/src/runtime/crash_unix_test.go
|
||||||
|
@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
|
||||||
|
t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
|
||||||
|
+ t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
testenv.MustHaveGoBuild(t)
|
||||||
|
|
||||||
|
if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
@ -92,14 +92,17 @@
|
|||||||
%global gohostarch s390x
|
%global gohostarch s390x
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%global go_api 1.21
|
%global go_api 1.22
|
||||||
%global go_version 1.21.7
|
%global go_version 1.22.5
|
||||||
%global version %{go_version}
|
%global version %{go_version}
|
||||||
%global pkg_release 1
|
%global pkg_release 1
|
||||||
|
|
||||||
|
# LLVM compiler-rt version for race detector
|
||||||
|
%global llvm_compiler_rt_version 18.1.8
|
||||||
|
|
||||||
Name: golang
|
Name: golang
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: The Go Programming Language
|
Summary: The Go Programming Language
|
||||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||||
License: BSD and Public Domain
|
License: BSD and Public Domain
|
||||||
@ -114,6 +117,7 @@ Source0: https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
|
|||||||
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
|
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
|
||||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||||
Source2: fedora.go
|
Source2: fedora.go
|
||||||
|
Source3: https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz
|
||||||
|
|
||||||
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
||||||
# Actual Go based bootstrap compiler provided by above source.
|
# Actual Go based bootstrap compiler provided by above source.
|
||||||
@ -132,9 +136,14 @@ BuildRequires: openssl-devel
|
|||||||
# for tests
|
# for tests
|
||||||
BuildRequires: pcre-devel, glibc-static, perl
|
BuildRequires: pcre-devel, glibc-static, perl
|
||||||
|
|
||||||
|
# Necessary for building llvm address sanitizer for Go race detector
|
||||||
|
BuildRequires: libstdc++-devel
|
||||||
|
BuildRequires: clang
|
||||||
|
|
||||||
Provides: go = %{version}-%{release}
|
Provides: go = %{version}-%{release}
|
||||||
Requires: %{name}-bin = %{version}-%{release}
|
Requires: %{name}-bin = %{version}-%{release}
|
||||||
Requires: %{name}-src = %{version}-%{release}
|
Requires: %{name}-src = %{version}-%{release}
|
||||||
|
Requires: %{name}-race = %{version}-%{release}
|
||||||
Requires: openssl-devel
|
Requires: openssl-devel
|
||||||
Requires: diffutils
|
Requires: diffutils
|
||||||
|
|
||||||
@ -143,11 +152,9 @@ Patch221: fix_TestScript_list_std.patch
|
|||||||
|
|
||||||
Patch1939923: skip_test_rhbz1939923.patch
|
Patch1939923: skip_test_rhbz1939923.patch
|
||||||
|
|
||||||
# Disables libc static linking tests which
|
|
||||||
# are incompatible with dlopen in golang-fips
|
|
||||||
Patch2: disable_static_tests_part1.patch
|
|
||||||
Patch3: disable_static_tests_part2.patch
|
|
||||||
Patch4: modify_go.env.patch
|
Patch4: modify_go.env.patch
|
||||||
|
Patch6: skip_TestCrashDumpsAllThreads.patch
|
||||||
|
Patch7: fix-standard-crypto-panic.patch
|
||||||
|
|
||||||
# Having documentation separate was broken
|
# Having documentation separate was broken
|
||||||
Obsoletes: %{name}-docs < 1.1-4
|
Obsoletes: %{name}-docs < 1.1-4
|
||||||
@ -155,9 +162,6 @@ Obsoletes: %{name}-docs < 1.1-4
|
|||||||
# RPM can't handle symlink -> dir with subpackages, so merge back
|
# RPM can't handle symlink -> dir with subpackages, so merge back
|
||||||
Obsoletes: %{name}-data < 1.1.1-4
|
Obsoletes: %{name}-data < 1.1.1-4
|
||||||
|
|
||||||
# We don't build golang-race anymore, rhbz#2230705
|
|
||||||
Obsoletes: golang-race < 1.20.0
|
|
||||||
|
|
||||||
# These are the only RHEL/Fedora architectures that we compile this package for
|
# These are the only RHEL/Fedora architectures that we compile this package for
|
||||||
ExclusiveArch: %{golang_arches}
|
ExclusiveArch: %{golang_arches}
|
||||||
|
|
||||||
@ -228,16 +232,6 @@ Summary: Golang shared object libraries
|
|||||||
%{summary}.
|
%{summary}.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{race}
|
|
||||||
%package race
|
|
||||||
Summary: Golang std library with -race enabled
|
|
||||||
|
|
||||||
Requires: %{name} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description race
|
|
||||||
%{summary}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%package -n go-toolset
|
%package -n go-toolset
|
||||||
Summary: Package that installs go-toolset
|
Summary: Package that installs go-toolset
|
||||||
Requires: %{name} = %{version}-%{release}
|
Requires: %{name} = %{version}-%{release}
|
||||||
@ -248,15 +242,26 @@ Requires: delve
|
|||||||
%description -n go-toolset
|
%description -n go-toolset
|
||||||
This is the main package for go-toolset.
|
This is the main package for go-toolset.
|
||||||
|
|
||||||
|
|
||||||
|
%package race
|
||||||
|
Summary: Race detetector library object files.
|
||||||
|
Requires: %{name} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description race
|
||||||
|
Binary library objects for Go's race detector.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n go-go%{version}
|
%setup -q -n go-go%{version}
|
||||||
|
|
||||||
pushd ..
|
pushd ..
|
||||||
tar -xf %{SOURCE1}
|
tar -xf %{SOURCE1}
|
||||||
popd
|
popd
|
||||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
|
patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
|
||||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
|
# Add --no-backup-if-mismatch option to avoid creating .orig temp files
|
||||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
|
for p in "$patch_dir"/*.patch; do
|
||||||
|
echo "Applying $p"
|
||||||
|
patch --no-backup-if-mismatch -p1 < $p
|
||||||
|
done
|
||||||
|
|
||||||
# Configure crypto tests
|
# Configure crypto tests
|
||||||
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
|
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
|
||||||
@ -269,6 +274,11 @@ popd
|
|||||||
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
|
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
|
||||||
|
|
||||||
cp %{SOURCE2} ./src/runtime/
|
cp %{SOURCE2} ./src/runtime/
|
||||||
|
# Delete the bundled race detector objects.
|
||||||
|
find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
|
||||||
|
|
||||||
|
# Delete the boring binary blob. We use the system OpenSSL instead.
|
||||||
|
rm -rf src/crypto/internal/boring/syso
|
||||||
|
|
||||||
%build
|
%build
|
||||||
set -xe
|
set -xe
|
||||||
@ -277,6 +287,38 @@ uname -a
|
|||||||
cat /proc/cpuinfo
|
cat /proc/cpuinfo
|
||||||
cat /proc/meminfo
|
cat /proc/meminfo
|
||||||
|
|
||||||
|
# Build race detector .syso's from llvm sources
|
||||||
|
%global tsan_buildflags %(echo %{build_cflags} | sed 's/-mtls-dialect=gnu2//')
|
||||||
|
mkdir ../llvm
|
||||||
|
|
||||||
|
tar -xf %{SOURCE3} -C ../llvm
|
||||||
|
tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
|
||||||
|
|
||||||
|
# The script uses uname -a and grep to set the GOARCH. This
|
||||||
|
# is unreliable and can get the wrong architecture in
|
||||||
|
# circumstances like cross-architecture emulation. We fix it
|
||||||
|
# by just reading GOARCH directly from Go.
|
||||||
|
export GOARCH=$(go env GOARCH)
|
||||||
|
|
||||||
|
%ifarch x86_64
|
||||||
|
pushd "${tsan_go_dir}"
|
||||||
|
CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v3 ./buildgo.sh
|
||||||
|
popd
|
||||||
|
cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
|
||||||
|
|
||||||
|
pushd "${tsan_go_dir}"
|
||||||
|
CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v1 ./buildgo.sh
|
||||||
|
popd
|
||||||
|
cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
|
||||||
|
|
||||||
|
%else
|
||||||
|
pushd "${tsan_go_dir}"
|
||||||
|
CFLAGS="${tsan_buildflags}" CC=clang ./buildgo.sh
|
||||||
|
popd
|
||||||
|
cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
# bootstrap compiler GOROOT
|
# bootstrap compiler GOROOT
|
||||||
%if !%{golang_bootstrap}
|
%if !%{golang_bootstrap}
|
||||||
export GOROOT_BOOTSTRAP=/
|
export GOROOT_BOOTSTRAP=/
|
||||||
@ -508,8 +550,13 @@ cd ..
|
|||||||
# prelink blacklist
|
# prelink blacklist
|
||||||
%{_sysconfdir}/prelink.conf.d
|
%{_sysconfdir}/prelink.conf.d
|
||||||
|
|
||||||
|
|
||||||
%files -f go-src.list src
|
%files -f go-src.list src
|
||||||
|
%ifarch x86_64
|
||||||
|
%exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
|
||||||
|
%exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
|
||||||
|
%else
|
||||||
|
%exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
|
||||||
|
%endif
|
||||||
|
|
||||||
%files -f go-docs.list docs
|
%files -f go-docs.list docs
|
||||||
|
|
||||||
@ -528,7 +575,63 @@ cd ..
|
|||||||
|
|
||||||
%files -n go-toolset
|
%files -n go-toolset
|
||||||
|
|
||||||
|
%files race
|
||||||
|
%ifarch x86_64
|
||||||
|
%{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
|
||||||
|
%{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
|
||||||
|
%else
|
||||||
|
%{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
|
||||||
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
|
||||||
|
- Rebuild race detector archives from LLVM sources
|
||||||
|
- Add golang-race subpackage
|
||||||
|
- Resolves: RHEL-33421
|
||||||
|
- Remove unused crypto/internal/boring/syso package
|
||||||
|
- Resolves: RHEL-54335
|
||||||
|
|
||||||
|
* Thu Jul 11 2024 Archana <aravinda@redhat.com> - 1.22.5-1
|
||||||
|
- Rebase to Go1.22.5 to address CVE-2024-24791
|
||||||
|
- Resolves: RHEL-46973
|
||||||
|
|
||||||
|
* Thu Jun 27 2024 David Benoit <dbenoit@redhat.com> - 1.22.4-2
|
||||||
|
- Fix panic in standard crypto mode without openssl
|
||||||
|
- Resolves: RHEL-45359
|
||||||
|
|
||||||
|
* Thu Jun 6 2024 Archana Ravindar <aravinda@redhat.com> - 1.22.4-1
|
||||||
|
- Rebase to Go1.22.4 that includes fixes for CVE-2024-24789 and CVE-2024-24790
|
||||||
|
- Resolves: RHEL-40156
|
||||||
|
|
||||||
|
* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
|
||||||
|
- Update openssl backend
|
||||||
|
- Resolves: RHEL-36101
|
||||||
|
|
||||||
|
* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
|
||||||
|
- Restore HashSign / HashVerify API
|
||||||
|
- Resolves: RHEL-35883
|
||||||
|
|
||||||
|
* Wed May 22 2024 Alejandro Sáez <asm@redhat.com> - 1.22.3-1
|
||||||
|
- Rebase to 1.22.3
|
||||||
|
- Removes re-enable-cgo.patch
|
||||||
|
- Resolves: RHEL-35634
|
||||||
|
- Resolves: RHEL-35883
|
||||||
|
- Resolves: RHEL-10068
|
||||||
|
- Resolves: RHEL-34924
|
||||||
|
|
||||||
|
* Thu Apr 18 2024 Derek Parker <deparker@redhat.com> - 1.22.2-1
|
||||||
|
- Rebase to 1.22.2
|
||||||
|
- Resolves: RHEL-28941
|
||||||
|
|
||||||
|
* Tue Apr 09 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-2
|
||||||
|
- Set the AMD64 baseline to v2
|
||||||
|
|
||||||
|
* Tue Mar 19 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-1
|
||||||
|
- Rebase to Go 1.22.1
|
||||||
|
- Re-enable CGO
|
||||||
|
- Resolves: RHEL-29527
|
||||||
|
- Resolves: RHEL-28175
|
||||||
|
|
||||||
* Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
|
* Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
|
||||||
- Rebase to Go 1.21.7
|
- Rebase to Go 1.21.7
|
||||||
- Set GOTOOLCHAIN to local
|
- Set GOTOOLCHAIN to local
|
||||||
|
Loading…
Reference in New Issue
Block a user