import UBI golang-1.19.13-1.module+el8.8.0+20373+d9cd605c

This commit is contained in:
eabdullin 2023-10-16 14:22:53 +00:00
parent 2640bac9b5
commit bc947cd8d7
4 changed files with 17 additions and 58 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/go1.19.10-1-openssl-fips.tar.gz SOURCES/go1.19.13-2-openssl-fips.tar.gz
SOURCES/go1.19.10.tar.gz SOURCES/go1.19.13.tar.gz

View File

@ -1,2 +1,2 @@
b282758e02d28b0c946f3d42a3a2a2df83995733 SOURCES/go1.19.10-1-openssl-fips.tar.gz 3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz
d894732eb0aebd89eeb404e3e8e51af47a581e71 SOURCES/go1.19.10.tar.gz 5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz

View File

@ -1,48 +0,0 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}

View File

@ -96,13 +96,12 @@
%endif %endif
%global go_api 1.19 %global go_api 1.19
%global version 1.19.10 %global version 1.19.13
%global pkg_release 1 %global pkg_release 2
Name: golang Name: golang
Version: %{version} Version: %{version}
Release: 1%{?dist} Release: 1%{?dist}
Summary: The Go Programming Language Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain License: BSD and Public Domain
@ -149,7 +148,6 @@ Patch1939923: skip_test_rhbz1939923.patch
Patch2: disable_static_tests_part1.patch Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch Patch3: disable_static_tests_part2.patch
Patch6: fix-memory-leak-evp-sign-verify.patch
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
@ -247,6 +245,8 @@ tar -xf %{SOURCE1}
popd popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch
# Configure crypto tests # Configure crypto tests
pushd ../go-go%{version}-%{pkg_release}-openssl-fips pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -254,10 +254,8 @@ ln -s ../go-go%{version} go
./scripts/configure-crypto-tests.sh ./scripts/configure-crypto-tests.sh
popd popd
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch6 -p1
%patch221 -p1 %patch221 -p1
@ -536,6 +534,15 @@ cd ..
%endif %endif
%changelog %changelog
* Thu Oct 12 2023 David Benoit <dbenoit@redhat.com> - 1.19.13-1
- Fix CVE-2023-39325
- Resolves: RHEL-12618
* Wed Aug 30 2023 David Benoit <dbenoit@redhat.com> - 1.19.12-1
- Update to Go 1.19.12
- Midstream patches
- Resolves: rhbz#2223641
* Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1 * Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
- Update to Go 1.19.10 - Update to Go 1.19.10
- Resolves: rhbz#2217623 - Resolves: rhbz#2217623