diff --git a/.gitignore b/.gitignore index d08b212..e0c070b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/go1.20.6-1-openssl-fips.tar.gz -SOURCES/go1.20.6.tar.gz +SOURCES/go1.21.7-1-openssl-fips.tar.gz +SOURCES/go1.21.7.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 68aa57f..a2b3f8c 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1,2 +1,2 @@ -f6dd720106f39e9398c0ca2a327f1705704778b4 SOURCES/go1.20.6-1-openssl-fips.tar.gz -ea70e31718a67c736667f7f6dbe2c23d7708255d SOURCES/go1.20.6.tar.gz +95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz +1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz diff --git a/SOURCES/disable_static_tests_part2.patch b/SOURCES/disable_static_tests_part2.patch index aa2d91c..494de22 100644 --- a/SOURCES/disable_static_tests_part2.patch +++ b/SOURCES/disable_static_tests_part2.patch @@ -1,13 +1,13 @@ diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 9f26606..2408505 100644 +index 36a20e8b2a..8c2dd1b44b 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1259,7 +1259,7 @@ func (t *tester) registerCgoTests() { +@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) { } else { panic("unknown linkmode with static build: " + linkmode) } - gt.tags = append(gt.tags, "static") + gt.tags = append(gt.tags, "static", "no_openssl") } + gt.ldflags = strings.Join(ldflags, " ") - t.registerTest("cgo:"+name, "../misc/cgo/test", gt, opts...) diff --git a/SOURCES/fix-memory-leak-evp-sign-verify.patch b/SOURCES/fix-memory-leak-evp-sign-verify.patch deleted file mode 100644 index f2eae14..0000000 --- a/SOURCES/fix-memory-leak-evp-sign-verify.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -index 76bac5b..24a9615 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -@@ -43,7 +43,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m - GO_RSA *rsa_key) { - int ret = 0; - GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); -- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); -+ if (!pk) -+ return 0; -+ -+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) -+ goto err; - - if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) - goto err; -@@ -63,6 +67,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m - err: - if (ctx) - _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pk) -+ _goboringcrypto_EVP_PKEY_free(pk); - - return ret; - } -@@ -103,7 +109,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, - int ret = 0; - EVP_PKEY_CTX *ctx; - GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); -- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); -+ if (!pk) -+ return 0; -+ -+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) -+ goto err; - - if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) - goto err; -@@ -123,6 +133,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, - err: - if (ctx) - _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pk) -+ _goboringcrypto_EVP_PKEY_free(pk); - - return ret; - } diff --git a/SOURCES/modify_go.env.patch b/SOURCES/modify_go.env.patch new file mode 100644 index 0000000..398f5c0 --- /dev/null +++ b/SOURCES/modify_go.env.patch @@ -0,0 +1,22 @@ +From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Fri, 9 Feb 2024 20:06:16 +0100 +Subject: [PATCH] Set GOTOOLCHAIN to local + +--- + go.env | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/go.env b/go.env +index 6ff2b921d4..e87f6e7b6d 100644 +--- a/go.env ++++ b/go.env +@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org + + # Automatically download newer toolchains as directed by go.mod files. + # See https://go.dev/doc/toolchain for details. +-GOTOOLCHAIN=auto ++GOTOOLCHAIN=local +-- +2.43.0 + diff --git a/SPECS/golang.spec b/SPECS/golang.spec index eca52d1..c91325e 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -56,7 +56,7 @@ %endif # Controls what ever we fail on failed tests -%ifarch x86_64 %{arm} aarch64 ppc64le s390x +%ifarch x86_64 %{arm} ppc64le s390x %global fail_on_tests 1 %else %global fail_on_tests 0 @@ -92,14 +92,14 @@ %global gohostarch s390x %endif -%global go_api 1.20 -%global go_version 1.20.6 +%global go_api 1.21 +%global go_version 1.21.7 %global version %{go_version} %global pkg_release 1 Name: golang Version: %{version} -Release: 5%{?dist} +Release: 1%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -138,7 +138,6 @@ Requires: %{name}-src = %{version}-%{release} Requires: openssl-devel Requires: diffutils - # Proposed patch by jcajka https://golang.org/cl/86541 Patch221: fix_TestScript_list_std.patch @@ -148,8 +147,7 @@ Patch1939923: skip_test_rhbz1939923.patch # are incompatible with dlopen in golang-fips Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch - -Patch4: fix-memory-leak-evp-sign-verify.patch +Patch4: modify_go.env.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -243,7 +241,7 @@ Requires: %{name} = %{version}-%{release} %package -n go-toolset Summary: Package that installs go-toolset Requires: %{name} = %{version}-%{release} -%ifarch x86_64 +%ifarch x86_64 aarch64 ppc64le Requires: delve %endif @@ -258,6 +256,7 @@ tar -xf %{SOURCE1} popd patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch +patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch # Configure crypto tests pushd ../go-go%{version}-%{pkg_release}-openssl-fips @@ -267,6 +266,8 @@ popd %autopatch -p1 +sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION + cp %{SOURCE2} ./src/runtime/ %build @@ -336,7 +337,7 @@ rm -rf pkg/bootstrap/bin # install everything into libdir (until symlink problems are fixed) # https://code.google.com/p/go/issues/detail?id=5830 -cp -apv api bin doc lib pkg src misc test VERSION \ +cp -apv api bin doc lib pkg src misc test go.env VERSION \ $RPM_BUILD_ROOT%{goroot} # bz1099206 @@ -519,6 +520,7 @@ cd .. %files -f go-pkg.list bin %{_bindir}/go %{_bindir}/gofmt +%{goroot}/go.env %if %{shared} %files -f go-shared.list shared @@ -527,6 +529,46 @@ cd .. %files -n go-toolset %changelog +* Fri Feb 09 2024 Alejandro Sáez - 1.21.7-1 +- Rebase to Go 1.21.7 +- Set GOTOOLCHAIN to local +- Resolves: RHEL-24334 +- Resolves: RHEL-18364 +- Resolves: RHEL-18365 + +* Thu Nov 30 2023 Alejandro Sáez - 1.21.4-2 +- Add release information + +* Tue Nov 14 2023 Alejandro Sáez - 1.21.4-1 +- Rebase to Go 1.21.4 +- Resolves: RHEL-11871 + +* Wed Nov 08 2023 David Benoit - 1.21.3-5 +- Don't change GOPROXY/GOSUMDB +- Related: RHEL-12624 + +* Thu Nov 02 2023 David Benoit - 1.21.3-4 +- Fix missing go.env in Go 1.21 +- Related: RHEL-12624 + +* Tue Oct 31 2023 Archana Ravindar - 1.21.3-3 +- Add missing strict fips runtime detection patch +- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs +- Related: RHEL-12624 + +* Wed Oct 25 2023 Archana Ravindar - 1.21.3-2 +- Rebase disable_static_tests_part2.patch to Go 1.21.3 +- Related: RHEL-12624 + +* Fri Oct 20 2023 Archana Ravindar - 1.21.3-1 +- Rebase to Go 1.21.3 +- Resolves: RHEL-12624 + +* Wed Sep 27 2023 Alejandro Sáez - 1.20.8-1 +- Rebase to Go 1.20.8 +- Remove fix-memory-leak-evp-sign-verify.patch as it is already included in the source +- Resolves: RHEL-2775 + * Mon Aug 14 2023 Alejandro Sáez - 1.20.6-5 - Retire golang-race package - Resolves: rhbz#2230705