import golang-1.16.4-3.module+el8.5.0+11462+061f83ad

2021-06-24 04:59:45 +00:00 · 2021-06-24 04:59:45 +00:00 · 9511ca7f42
commit 9511ca7f42
13 changed files with 1670 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/go-go-1.16.4-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -0,0 +1 @@
+1edcf3e54204d79803b3ca8eb84fe6ef2941dad0 SOURCES/go-go-1.16.4-1-openssl-fips.tar.gz
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
@ -0,0 +1,7 @@
+// +build rpm_crashtraceback
+
+package runtime
+
+func init() {
+	setTraceback("crash")
+}
--- a/SOURCES/fix-crypto-memory-leaks.patch
+++ b/SOURCES/fix-crypto-memory-leaks.patch
@ -0,0 +1,235 @@
+diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
+index 3585458..ae1607b 100644
+--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
+@@ -667,6 +667,7 @@ typedef EVP_PKEY GO_EVP_PKEY;
+ DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
+ DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
+ DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
+DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
+ DEFINEFUNC(int, EVP_PKEY_verify,
+ 	(EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen),
+ 	(ctx, sig, siglen, tbs, tbslen))
+diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+index 4c14cc9..daa1252 100644
+--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
+@@ -9,19 +9,32 @@
+ int
+ _goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, GO_EC_KEY *eckey)
+ {
+    int result;
+     EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+-    if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
+-        return 0;
+-    return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+    if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
+        result = 0;
+        goto err;
+    }
+    result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+err:
+    _goboringcrypto_EVP_PKEY_free(key);
+    return result;
+ }
+ 
+ int
+ _goboringcrypto_ECDSA_verify(EVP_MD* md, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, GO_EC_KEY *eckey)
+ {
+ 
+    int result;
+     EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+-    if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
+-        return 0;
+    if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
+        result = 0;
+        goto err;
+    }
+ 
+-    return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+    result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+
+err:
+    _goboringcrypto_EVP_PKEY_free(key);
+    return result;
+ }
+diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
+index a8d047d..2e56499 100644
+--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
+@@ -25,14 +25,13 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
+ 	EVP_PKEY_CTX *ctx;
+ 	unsigned int siglen;
+ 
+	int ret = 0;
+ 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+-	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
+-		return 0;
+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa))
+		goto err;
+ 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(key, NULL /* no engine */);
+ 	if (!ctx)
+-		return 0;
+-
+-	int ret = 0;
+		goto err;
+ 
+ 	EVP_MD_CTX *mdctx = NULL;
+ 	if (!(mdctx = _goboringcrypto_EVP_MD_CTX_create()))
+@@ -67,6 +66,10 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
+ err:
+ 	if (mdctx)
+ 		_goboringcrypto_EVP_MD_CTX_free(mdctx);
+	if (ctx)
+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+	if (key)
+		_goboringcrypto_EVP_PKEY_free(key);
+ 
+ 	return ret;
+ }
+@@ -78,18 +81,17 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
+ 	EVP_PKEY *pkey;
+ 	size_t siglen;
+ 
+	int ret = 0;
+ 	pkey = _goboringcrypto_EVP_PKEY_new();
+ 	if (!pkey)
+-		return 0;
+		goto err;
+ 
+ 	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
+-		return 0;
+-	
+		goto err;
+
+ 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
+ 	if (!ctx)
+-		return 0;
+-
+-	int ret = 0;
+		goto err;
+ 
+ 	if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0)
+ 		goto err;
+@@ -101,7 +103,7 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
+ 		goto err;
+ 	if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0)
+ 		goto err;
+-	
+
+ 	/* Determine buffer length */
+ 	if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0)
+ 		goto err;
+@@ -116,7 +118,10 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
+ 	ret = 1;
+ 
+ err:
+-	_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+	if (ctx)
+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+	if (pkey)
+		_goboringcrypto_EVP_PKEY_free(pkey);
+ 
+ 	return ret;
+ }
+@@ -130,14 +135,14 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
+ 
+ 	pkey = _goboringcrypto_EVP_PKEY_new();
+ 	if (!pkey)
+-		return 0;
+		goto err;
+ 
+ 	if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
+-		return 0;
+-	
+		goto err;
+
+ 	ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
+ 	if (!ctx)
+-		return 0;
+		goto err;
+ 
+ 	if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0)
+ 		goto err;
+@@ -155,25 +160,40 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
+ 	ret = 1;
+ 
+ err:
+-	_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+	if (ctx)
+		_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+	if (pkey)
+		_goboringcrypto_EVP_PKEY_free(pkey);
+
+ 
+ 	return ret;
+ }
+ 
+ int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
+ {
+	int result;
+ 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+-	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
+-		return 0;
+-	return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
+		result = 0;
+		goto err;
+	}
+	result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+err:
+	_goboringcrypto_EVP_PKEY_free(key);
+	return result;
+ }
+ 
+ int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa)
+ {
+	int result;
+ 	EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
+-	if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
+-	{
+-		return 0;
+	if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
+		result = 0;
+		goto err;
+ 	}
+-	 return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+	result =  _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+err:
+	_goboringcrypto_EVP_PKEY_free(key);
+	return result;
+
+ }
+diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
+index 2eefc27..698c08e 100644
+--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
+@@ -162,12 +162,23 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
+ 			return nil, nil, NewOpenSSLError("EVP_PKEY_set_rsa_oaep_md failed")
+ 		}
+ 		// ctx takes ownership of label, so malloc a copy for BoringCrypto to free.
+-		clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label))))
+-		if clabel == nil {
+-			return nil, nil, fail("OPENSSL_malloc")
+		var clabel *C.uint8_t
+		clabel = nil
+		// OpenSSL 1.1.1 does not take ownership of the label if the length is zero.
+		// Depending on the malloc implementation, if clabel is allocated with malloc(0),
+		// metadata for the size-zero allocation is never cleaned up, which is a memory leak.
+		// As such, we must only allocate clabel if the label is of non zero length.
+		if len(label) > 0 {
+			clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label))))
+			if clabel == nil {
+				return nil, nil, fail("OPENSSL_malloc")
+			}
+			copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
+ 		}
+-		copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
+-		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 {
+		if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) != 1 {
+			if clabel != nil {
+				C.free(unsafe.Pointer(clabel))
+			}
+ 			return nil, nil, NewOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed")
+ 		}
+ 	}
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
@ -0,0 +1,13 @@
+diff --git a/src/cmd/go/testdata/script/list_std.txt b/src/cmd/go/testdata/script/list_std.txt
+index 6ab1bd1674..4a00e436fd 100644
+--- a/src/cmd/go/testdata/script/list_std.txt
+++ b/src/cmd/go/testdata/script/list_std.txt
+@@ -6,7 +6,7 @@ env GO111MODULE=off
+ # Listing GOROOT should only find standard packages.
+ cd $GOROOT/src
+ go list -f '{{if not .Standard}}{{.ImportPath}}{{end}}' ./...
+-! stdout .
+stdout _$GOROOT
+ 
+ # Standard packages should include cmd, but not cmd/vendor.
+ go list ./...
--- a/SOURCES/go1.5-zoneinfo_testing_only.patch
+++ b/SOURCES/go1.5-zoneinfo_testing_only.patch
@ -0,0 +1,70 @@
+diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go
+--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time	2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go	2017-12-05 14:55:10.574637475 +0100
+@@ -4,13 +4,15 @@
+ 
+ package time
+ 
+import "runtime"
+
+ func init() {
+ 	// force US/Pacific for time zone tests
+ 	ForceUSPacificForTesting()
+ }
+ 
+ func initTestingZone() {
+-	z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
+	z, err := loadLocation("America/Los_Angeles", zoneSources)
+ 	if err != nil {
+ 		panic("cannot load America/Los_Angeles for testing: " + err.Error())
+ 	}
+@@ -21,8 +23,9 @@ func initTestingZone() {
+ var OrigZoneSources = zoneSources
+ 
+ func forceZipFileForTesting(zipOnly bool) {
+-	zoneSources = make([]string, len(OrigZoneSources))
+	zoneSources = make([]string, len(OrigZoneSources)+1)
+ 	copy(zoneSources, OrigZoneSources)
+	zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
+ 	if zipOnly {
+ 		zoneSources = zoneSources[len(zoneSources)-1:]
+ 	}
+diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go
+--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time	2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go	2017-12-05 14:58:09.823109248 +0100
+@@ -8,6 +8,7 @@ import (
+ 	"fmt"
+ 	"os"
+ 	"reflect"
+	"runtime"
+ 	"testing"
+ 	"time"
+ )
+@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testi
+ 		t.Fatal(err)
+ 	}
+ 
+-	tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
+	tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
+ 	if err != nil {
+ 		t.Fatal(err)
+ 	}
+diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go
+--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time	2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go	2017-12-05 14:55:10.574637475 +0100
+@@ -12,7 +12,6 @@
+ package time
+ 
+ import (
+-	"runtime"
+ 	"syscall"
+ )
+ 
+@@ -22,7 +21,6 @@ var zoneSources = []string{
+ 	"/usr/share/zoneinfo/",
+ 	"/usr/share/lib/zoneinfo/",
+ 	"/usr/lib/locale/TZ/",
+-	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
+ }
+ 
+ func initLocal() {
--- a/SOURCES/golang-1.15-warnCN.patch
+++ b/SOURCES/golang-1.15-warnCN.patch
@ -0,0 +1,25 @@
+diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
+index 50f4d4a..121fd1b 100644
+--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
+@@ -20,6 +20,9 @@ import (
+ 
+ // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
+ var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
+ 
+ type InvalidReason int
+ 
+@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
+ 	names := c.DNSNames
+ 	if c.commonNameAsHostname() {
+ 		names = []string{c.Subject.CommonName}
+		if warnCN {
+			fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
+				"Using CN without SAN is deprecated and will not work in future versions.\n")
+		}
+ 	}
+ 
+ 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
@ -0,0 +1 @@
+add-auto-load-safe-path /usr/lib/golang/src/pkg/runtime/runtime-gdb.py
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
@ -0,0 +1,3 @@
+# there are ELF files in src which are testdata and shouldn't be modified
+-b /usr/lib/golang/src
+-b /usr/lib64/golang/src
--- a/SOURCES/rhbz1955032.patch
+++ b/SOURCES/rhbz1955032.patch
@ -0,0 +1,37 @@
+From 983dea90c169930e35721232afe39fd4e3fbe4a6 Mon Sep 17 00:00:00 2001
+From: Paul E. Murphy <murp@ibm.com>
+Date: Tue, 27 Apr 2021 15:05:51 -0500
+Subject: [PATCH] cmd/link: disable plugin support if cgo is disabled
+
+Functional plugin support requires cgo to be enabled. Disable
+it if the environment has disabled cgo.
+
+This prevents unexpected linker failures when linking large
+binaries with cgo disabled which use the plugin package.
+
+Fixes #45564
+
+Change-Id: Ib71f0e089f7373b7b3e3cd53da3612291e7bc473
+Reviewed-on: https://go-review.googlesource.com/c/go/+/314449
+Run-TryBot: Paul Murphy <murp@ibm.com>
+Reviewed-by: Cherry Zhang <cherryyz@google.com>
+TryBot-Result: Go Bot <gobot@golang.org>
+Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
+---
+
+diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
+index adf1669..043bf5a 100644
+--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
+@@ -539,7 +539,10 @@
+ 	// up symbol by name may not get expected result.
+ 
+ 	iscgo = ctxt.LibraryByPkg["runtime/cgo"] != nil
+-	ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil
+
+	// Plugins a require cgo support to function. Similarly, plugins may require additional
+	// internal linker support on some platforms which may not be implemented.
+	ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil && iscgo
+ 
+ 	// We now have enough information to determine the link mode.
+ 	determineLinkMode(ctxt)
--- a/SOURCES/rhbz1956891.patch
+++ b/SOURCES/rhbz1956891.patch
@ -0,0 +1,69 @@
+From 9ed736ac2a99aa2e7ef7d8bed3b01ca8b20a6f80 Mon Sep 17 00:00:00 2001
+From: Lynn Boger <laboger@linux.vnet.ibm.com>
+Date: Thu, 29 Apr 2021 16:07:25 -0500
+Subject: [PATCH] cmd/link/internal: fix use of DynlinkingGo with ppc64le trampolines
+
+When creating programs with large text sections on ppc64le,
+trampolines are needed for calls that are too far; however
+they are not created if the code is generated such that the TOC
+register r2 is initialized and maintained in the code because
+then the external linker can create the trampolines. Previously
+the function DynlinkingGo was used to determine this but in the
+case where plugins are used, this could return true even though
+r2 is not valid.
+
+To fix this problem I've added a new function r2Valid which returns
+true when the build options indicate that the r2 is
+initialized and maintained. Because of the ways that
+DynlinkingGo is used I wanted to maintain its previous
+behavior.
+
+Fixes #45850
+
+Change-Id: I6d902eba6ad41757aa6474948b79acdbd479cb38
+Reviewed-on: https://go-review.googlesource.com/c/go/+/315289
+Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
+Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
+Reviewed-by: Cherry Zhang <cherryyz@google.com>
+TryBot-Result: Go Bot <gobot@golang.org>
+---
+
+diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
+index 0638502..b877864 100644
+--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
+@@ -651,6 +651,16 @@
+ 	return int64(o2)<<32 | int64(o1)
+ }
+ 
+// Determine if the code was compiled so that the TOC register R2 is initialized and maintained
+func r2Valid(ctxt *ld.Link) bool {
+	switch ctxt.BuildMode {
+	case ld.BuildModeCArchive, ld.BuildModeCShared, ld.BuildModePIE, ld.BuildModeShared, ld.BuildModePlugin:
+		return true
+	}
+	// -linkshared option
+	return ctxt.IsSharedGoLink()
+}
+
+ // resolve direct jump relocation r in s, and add trampoline if necessary
+ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
+ 
+@@ -658,7 +668,7 @@
+ 	// For internal linking, trampolines are always created for long calls.
+ 	// For external linking, the linker can insert a call stub to handle a long call, but depends on having the TOC address in
+ 	// r2.  For those build modes with external linking where the TOC address is not maintained in r2, trampolines must be created.
+-	if ctxt.IsExternal() && (ctxt.DynlinkingGo() || ctxt.BuildMode == ld.BuildModeCArchive || ctxt.BuildMode == ld.BuildModeCShared || ctxt.BuildMode == ld.BuildModePIE) {
+	if ctxt.IsExternal() && r2Valid(ctxt) {
+ 		// No trampolines needed since r2 contains the TOC
+ 		return
+ 	}
+@@ -712,7 +722,7 @@
+ 				}
+ 			}
+ 			if ldr.SymType(tramp) == 0 {
+-				if ctxt.DynlinkingGo() || ctxt.BuildMode == ld.BuildModeCArchive || ctxt.BuildMode == ld.BuildModeCShared || ctxt.BuildMode == ld.BuildModePIE {
+				if r2Valid(ctxt) {
+ 					// Should have returned for above cases
+ 					ctxt.Errorf(s, "unexpected trampoline for shared or dynamic linking")
+ 				} else {
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
@ -0,0 +1,12 @@
+diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
+index 51dda16815..2d1e1b1e6e 100644
+--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
+@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
+ }
+ 
+ func TestCreateCertificateBrokenSigner(t *testing.T) {
+	t.Skip("TODO Fix me: rhbz#1939923")
+ 	template := &Certificate{
+ 		SerialNumber: big.NewInt(10),
+ 		DNSNames:     []string{"example.com"},
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
				`@ -0,0 +1 @@`
				`1edcf3e54204d79803b3ca8eb84fe6ef2941dad0 SOURCES/go-go-1.16.4-1-openssl-fips.tar.gz`
				`@ -0,0 +1 @@`
				`add-auto-load-safe-path /usr/lib/golang/src/pkg/runtime/runtime-gdb.py`