import UBI golang-1.20.12-2.module+el8.9.0+21033+5795bdf6

2024-02-20 13:36:01 +00:00 · 2024-02-20 13:36:01 +00:00 · a82e9eff70
parent 32f77170e3
commit a82e9eff70
4 changed files with 32 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/go1.20.10-1-openssl-fips.tar.gz
-SOURCES/go1.20.10.tar.gz
+SOURCES/go1.20.12-1-openssl-fips.tar.gz
+SOURCES/go1.20.12.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,2 +1,2 @@
-a16d4c1ed23caee22e90f86027d861cadb634993 SOURCES/go1.20.10-1-openssl-fips.tar.gz
-f919ce5ad523ccba39500cab7ccd1ebbfde70021 SOURCES/go1.20.10.tar.gz
+551cf7aae2d428bb376cf2b8d56443ab2ee7d133 SOURCES/go1.20.12-1-openssl-fips.tar.gz
+6d5bc127443fc42b1af8d9ba4115abe18554feb7 SOURCES/go1.20.12.tar.gz
--- a/SOURCES/skip-test-overlong-message.patch
+++ b/SOURCES/skip-test-overlong-message.patch
@ -0,0 +1,15 @@
+diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
+index 0853178e3a..16eb37734b 100644
+--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
+@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
+ }
+ 
+ func TestOverlongMessagePKCS1v15(t *testing.T) {
+	// OpenSSL now returns a random string instead of an error
+	if boring.Enabled() {
+		t.Skip("Not relevant in boring mode")
+	}
+ 	ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
+ 	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
+ 	if err == nil {
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -92,12 +92,12 @@
 %endif

 %global go_api 1.20
-%global version 1.20.10
+%global version 1.20.12
 %global pkg_release 1

 Name:           golang
 Version:        %{version}
-Release:        1%{?dist}
+Release:        2%{?dist}

 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
@ -140,6 +140,7 @@ Requires:       diffutils

 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch
+Patch222:	skip-test-overlong-message.patch

 Patch1939923:   skip_test_rhbz1939923.patch

@ -255,6 +256,7 @@ popd
 %patch3 -p1

 %patch221 -p1
+%patch222 -p1

 %patch1939923 -p1

@ -518,6 +520,15 @@ cd ..
 %endif

 %changelog
+* Wed Dec 13 2023 David Benoit <dbenoit@redhat.com> - 1.20.12-2
+- Fix sources file
+- Related: RHEL-19231
+
+* Tue Dec 12 2023 David Benoit <dbenoit@redhat.com> - 1.20.12-1
+- Update to Go 1.20.12
+- Fix CVE-2023-39326
+- Resolves: RHEL-19231
+
 * Fri Oct 13 2023 David Benoit <dbenoit@redhat.com> - 1.20.10-1
 - Update to Go 1.20.10
 - Fix CVE-2023-39325