rpms/golang
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import golang-1.16.4-3.module+el8.5.0+11462+061f83ad

Browse Source
This commit is contained in:
CentOS Sources 2021-06-24 04:59:45 +00:00 committed by Andrew Lukoshko
commit 9511ca7f42
13 changed files with 1670 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/go-go-1.16.4-1-openssl-fips.tar.gz

1
.golang.metadata Normal file
View File

@ -0,0 +1 @@
1edcf3e54204d79803b3ca8eb84fe6ef2941dad0 SOURCES/go-go-1.16.4-1-openssl-fips.tar.gz

7
SOURCES/fedora.go Normal file
View File

@ -0,0 +1,7 @@
// +build rpm_crashtraceback
package runtime
func init() {
setTraceback("crash")
}

235
SOURCES/fix-crypto-memory-leaks.patch Normal file
View File

@ -0,0 +1,235 @@
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
index 3585458..ae1607b 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -667,6 +667,7 @@ typedef EVP_PKEY GO_EVP_PKEY;
DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
+DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
DEFINEFUNC(int, EVP_PKEY_verify,
(EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen),
(ctx, sig, siglen, tbs, tbslen))
diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c
index 4c14cc9..daa1252 100644
--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c
+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c
@@ -9,19 +9,32 @@
int
_goboringcrypto_ECDSA_sign(EVP_MD* md, const uint8_t *msg, size_t msgLen, uint8_t *sig, unsigned int *slen, GO_EC_KEY *eckey)
{
+ int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
- if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
- return 0;
- return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+ if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
+ result = 0;
+ goto err;
+ }
+ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+err:
+ _goboringcrypto_EVP_PKEY_free(key);
+ return result;
}
int
_goboringcrypto_ECDSA_verify(EVP_MD* md, const uint8_t *msg, size_t msgLen, const uint8_t *sig, unsigned int slen, GO_EC_KEY *eckey)
{
+ int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
- if (!_goboringcrypto_EVP_PKEY_assign_EC_KEY(key, eckey))
- return 0;
+ if (!_goboringcrypto_EVP_PKEY_set1_EC_KEY(key, eckey)) {
+ result = 0;
+ goto err;
+ }
- return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+ result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+
+err:
+ _goboringcrypto_EVP_PKEY_free(key);
+ return result;
}
diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c
index a8d047d..2e56499 100644
--- a/src/crypto/internal/boring/openssl_port_rsa.c
+++ b/src/crypto/internal/boring/openssl_port_rsa.c
@@ -25,14 +25,13 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
EVP_PKEY_CTX *ctx;
unsigned int siglen;
+ int ret = 0;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
- return 0;
+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa))
+ goto err;
ctx = _goboringcrypto_EVP_PKEY_CTX_new(key, NULL /* no engine */);
if (!ctx)
- return 0;
-
- int ret = 0;
+ goto err;
EVP_MD_CTX *mdctx = NULL;
if (!(mdctx = _goboringcrypto_EVP_MD_CTX_create()))
@@ -67,6 +66,10 @@ int _goboringcrypto_RSA_digest_and_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_
err:
if (mdctx)
_goboringcrypto_EVP_MD_CTX_free(mdctx);
+ if (ctx)
+ _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (key)
+ _goboringcrypto_EVP_PKEY_free(key);
return ret;
}
@@ -78,18 +81,17 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
EVP_PKEY *pkey;
size_t siglen;
+ int ret = 0;
pkey = _goboringcrypto_EVP_PKEY_new();
if (!pkey)
- return 0;
+ goto err;
if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
- return 0;
-
+ goto err;
+
ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
if (!ctx)
- return 0;
-
- int ret = 0;
+ goto err;
if (_goboringcrypto_EVP_PKEY_sign_init(ctx) <= 0)
goto err;
@@ -101,7 +103,7 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
goto err;
if (_goboringcrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, mgf1_md) <= 0)
goto err;
-
+
/* Determine buffer length */
if (_goboringcrypto_EVP_PKEY_sign(ctx, NULL, &siglen, in, in_len) <= 0)
goto err;
@@ -116,7 +118,10 @@ int _goboringcrypto_RSA_sign_pss_mgf1(GO_RSA *rsa, unsigned int *out_len, uint8_
ret = 1;
err:
- _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (ctx)
+ _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pkey)
+ _goboringcrypto_EVP_PKEY_free(pkey);
return ret;
}
@@ -130,14 +135,14 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
pkey = _goboringcrypto_EVP_PKEY_new();
if (!pkey)
- return 0;
+ goto err;
if (_goboringcrypto_EVP_PKEY_set1_RSA(pkey, rsa) <= 0)
- return 0;
-
+ goto err;
+
ctx = _goboringcrypto_EVP_PKEY_CTX_new(pkey, NULL /* no engine */);
if (!ctx)
- return 0;
+ goto err;
if (_goboringcrypto_EVP_PKEY_verify_init(ctx) <= 0)
goto err;
@@ -155,25 +160,40 @@ int _goboringcrypto_RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, unsigned i
ret = 1;
err:
- _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (ctx)
+ _goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pkey)
+ _goboringcrypto_EVP_PKEY_free(pkey);
+
return ret;
}
int _goboringcrypto_EVP_RSA_sign(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, uint8_t *sig, unsigned int *slen, RSA *rsa)
{
+ int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
- return 0;
- return _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
+ result = 0;
+ goto err;
+ }
+ result = _goboringcrypto_EVP_sign(md, NULL, msg, msgLen, sig, slen, key);
+err:
+ _goboringcrypto_EVP_PKEY_free(key);
+ return result;
}
int _goboringcrypto_EVP_RSA_verify(EVP_MD *md, const uint8_t *msg, unsigned int msgLen, const uint8_t *sig, unsigned int slen, GO_RSA *rsa)
{
+ int result;
EVP_PKEY *key = _goboringcrypto_EVP_PKEY_new();
- if (!_goboringcrypto_EVP_PKEY_assign_RSA(key, rsa))
- {
- return 0;
+ if (!_goboringcrypto_EVP_PKEY_set1_RSA(key, rsa)) {
+ result = 0;
+ goto err;
}
- return _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+ result = _goboringcrypto_EVP_verify(md, NULL, msg, msgLen, sig, slen, key);
+err:
+ _goboringcrypto_EVP_PKEY_free(key);
+ return result;
+
}
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index 2eefc27..698c08e 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -162,12 +162,23 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
return nil, nil, NewOpenSSLError("EVP_PKEY_set_rsa_oaep_md failed")
}
// ctx takes ownership of label, so malloc a copy for BoringCrypto to free.
- clabel := (*C.uint8_t)(C.malloc(C.size_t(len(label))))
- if clabel == nil {
- return nil, nil, fail("OPENSSL_malloc")
+ var clabel *C.uint8_t
+ clabel = nil
+ // OpenSSL 1.1.1 does not take ownership of the label if the length is zero.
+ // Depending on the malloc implementation, if clabel is allocated with malloc(0),
+ // metadata for the size-zero allocation is never cleaned up, which is a memory leak.
+ // As such, we must only allocate clabel if the label is of non zero length.
+ if len(label) > 0 {
+ clabel = (*C.uint8_t)(C.malloc(C.size_t(len(label))))
+ if clabel == nil {
+ return nil, nil, fail("OPENSSL_malloc")
+ }
+ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
}
- copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
- if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) == 0 {
+ if C._goboringcrypto_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, clabel, C.int(len(label))) != 1 {
+ if clabel != nil {
+ C.free(unsafe.Pointer(clabel))
+ }
return nil, nil, NewOpenSSLError("EVP_PKEY_CTX_set0_rsa_oaep_label failed")
}
}

13
SOURCES/fix_TestScript_list_std.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/cmd/go/testdata/script/list_std.txt b/src/cmd/go/testdata/script/list_std.txt
index 6ab1bd1674..4a00e436fd 100644
--- a/src/cmd/go/testdata/script/list_std.txt
+++ b/src/cmd/go/testdata/script/list_std.txt
@@ -6,7 +6,7 @@ env GO111MODULE=off
# Listing GOROOT should only find standard packages.
cd $GOROOT/src
go list -f '{{if not .Standard}}{{.ImportPath}}{{end}}' ./...
-! stdout .
+stdout _$GOROOT
# Standard packages should include cmd, but not cmd/vendor.
go list ./...

70
SOURCES/go1.5-zoneinfo_testing_only.patch Normal file
View File

@ -0,0 +1,70 @@
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go 2017-12-05 14:55:10.574637475 +0100
@@ -4,13 +4,15 @@
package time
+import "runtime"
+
func init() {
// force US/Pacific for time zone tests
ForceUSPacificForTesting()
}
func initTestingZone() {
- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
+ z, err := loadLocation("America/Los_Angeles", zoneSources)
if err != nil {
panic("cannot load America/Los_Angeles for testing: " + err.Error())
}
@@ -21,8 +23,9 @@ func initTestingZone() {
var OrigZoneSources = zoneSources
func forceZipFileForTesting(zipOnly bool) {
- zoneSources = make([]string, len(OrigZoneSources))
+ zoneSources = make([]string, len(OrigZoneSources)+1)
copy(zoneSources, OrigZoneSources)
+ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if zipOnly {
zoneSources = zoneSources[len(zoneSources)-1:]
}
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go 2017-12-05 14:58:09.823109248 +0100
@@ -8,6 +8,7 @@ import (
"fmt"
"os"
"reflect"
+ "runtime"
"testing"
"time"
)
@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testi
t.Fatal(err)
}
- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
+ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
if err != nil {
t.Fatal(err)
}
diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go
--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time 2017-12-05 01:10:10.000000000 +0100
+++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go 2017-12-05 14:55:10.574637475 +0100
@@ -12,7 +12,6 @@
package time
import (
- "runtime"
"syscall"
)
@@ -22,7 +21,6 @@ var zoneSources = []string{
"/usr/share/zoneinfo/",
"/usr/share/lib/zoneinfo/",
"/usr/lib/locale/TZ/",
- runtime.GOROOT() + "/lib/time/zoneinfo.zip",
}
func initLocal() {

25
SOURCES/golang-1.15-warnCN.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index 50f4d4a..121fd1b 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -20,6 +20,9 @@ import (
// ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
type InvalidReason int
@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
names := c.DNSNames
if c.commonNameAsHostname() {
names = []string{c.Subject.CommonName}
+ if warnCN {
+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
+ "Using CN without SAN is deprecated and will not work in future versions.\n")
+ }
}
candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.

1
SOURCES/golang-gdbinit Normal file
View File

@ -0,0 +1 @@
add-auto-load-safe-path /usr/lib/golang/src/pkg/runtime/runtime-gdb.py

3
SOURCES/golang-prelink.conf Normal file
View File

@ -0,0 +1,3 @@
# there are ELF files in src which are testdata and shouldn't be modified
-b /usr/lib/golang/src
-b /usr/lib64/golang/src

37
SOURCES/rhbz1955032.patch Normal file
View File

@ -0,0 +1,37 @@
From 983dea90c169930e35721232afe39fd4e3fbe4a6 Mon Sep 17 00:00:00 2001
From: Paul E. Murphy <murp@ibm.com>
Date: Tue, 27 Apr 2021 15:05:51 -0500
Subject: [PATCH] cmd/link: disable plugin support if cgo is disabled
Functional plugin support requires cgo to be enabled. Disable
it if the environment has disabled cgo.
This prevents unexpected linker failures when linking large
binaries with cgo disabled which use the plugin package.
Fixes #45564
Change-Id: Ib71f0e089f7373b7b3e3cd53da3612291e7bc473
Reviewed-on: https://go-review.googlesource.com/c/go/+/314449
Run-TryBot: Paul Murphy <murp@ibm.com>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
---
diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index adf1669..043bf5a 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -539,7 +539,10 @@
// up symbol by name may not get expected result.
iscgo = ctxt.LibraryByPkg["runtime/cgo"] != nil
- ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil
+
+ // Plugins a require cgo support to function. Similarly, plugins may require additional
+ // internal linker support on some platforms which may not be implemented.
+ ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil && iscgo
// We now have enough information to determine the link mode.
determineLinkMode(ctxt)

69
SOURCES/rhbz1956891.patch Normal file
View File

@ -0,0 +1,69 @@
From 9ed736ac2a99aa2e7ef7d8bed3b01ca8b20a6f80 Mon Sep 17 00:00:00 2001
From: Lynn Boger <laboger@linux.vnet.ibm.com>
Date: Thu, 29 Apr 2021 16:07:25 -0500
Subject: [PATCH] cmd/link/internal: fix use of DynlinkingGo with ppc64le trampolines
When creating programs with large text sections on ppc64le,
trampolines are needed for calls that are too far; however
they are not created if the code is generated such that the TOC
register r2 is initialized and maintained in the code because
then the external linker can create the trampolines. Previously
the function DynlinkingGo was used to determine this but in the
case where plugins are used, this could return true even though
r2 is not valid.
To fix this problem I've added a new function r2Valid which returns
true when the build options indicate that the r2 is
initialized and maintained. Because of the ways that
DynlinkingGo is used I wanted to maintain its previous
behavior.
Fixes #45850
Change-Id: I6d902eba6ad41757aa6474948b79acdbd479cb38
Reviewed-on: https://go-review.googlesource.com/c/go/+/315289
Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
---
diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
index 0638502..b877864 100644
--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
@@ -651,6 +651,16 @@
return int64(o2)<<32 | int64(o1)
}
+// Determine if the code was compiled so that the TOC register R2 is initialized and maintained
+func r2Valid(ctxt *ld.Link) bool {
+ switch ctxt.BuildMode {
+ case ld.BuildModeCArchive, ld.BuildModeCShared, ld.BuildModePIE, ld.BuildModeShared, ld.BuildModePlugin:
+ return true
+ }
+ // -linkshared option
+ return ctxt.IsSharedGoLink()
+}
+
// resolve direct jump relocation r in s, and add trampoline if necessary
func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
@@ -658,7 +668,7 @@
// For internal linking, trampolines are always created for long calls.
// For external linking, the linker can insert a call stub to handle a long call, but depends on having the TOC address in
// r2. For those build modes with external linking where the TOC address is not maintained in r2, trampolines must be created.
- if ctxt.IsExternal() && (ctxt.DynlinkingGo() || ctxt.BuildMode == ld.BuildModeCArchive || ctxt.BuildMode == ld.BuildModeCShared || ctxt.BuildMode == ld.BuildModePIE) {
+ if ctxt.IsExternal() && r2Valid(ctxt) {
// No trampolines needed since r2 contains the TOC
return
}
@@ -712,7 +722,7 @@
}
}
if ldr.SymType(tramp) == 0 {
- if ctxt.DynlinkingGo() || ctxt.BuildMode == ld.BuildModeCArchive || ctxt.BuildMode == ld.BuildModeCShared || ctxt.BuildMode == ld.BuildModePIE {
+ if r2Valid(ctxt) {
// Should have returned for above cases
ctxt.Errorf(s, "unexpected trampoline for shared or dynamic linking")
} else {

12
SOURCES/skip_test_rhbz1939923.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 51dda16815..2d1e1b1e6e 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
}
func TestCreateCertificateBrokenSigner(t *testing.T) {
+ t.Skip("TODO Fix me: rhbz#1939923")
template := &Certificate{
SerialNumber: big.NewInt(10),
DNSNames: []string{"example.com"},

1196
SPECS/golang.spec Normal file
View File

File diff suppressed because it is too large Load Diff