import UBI golang-1.19.13-1.module+el8.8.0+20373+d9cd605c

2023-10-16 14:22:53 +00:00 · 2023-10-16 14:22:53 +00:00 · bc947cd8d7
commit bc947cd8d7
parent 2640bac9b5
4 changed files with 17 additions and 58 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/go1.19.10-1-openssl-fips.tar.gz
-SOURCES/go1.19.10.tar.gz
+SOURCES/go1.19.13-2-openssl-fips.tar.gz
+SOURCES/go1.19.13.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,2 +1,2 @@
-b282758e02d28b0c946f3d42a3a2a2df83995733 SOURCES/go1.19.10-1-openssl-fips.tar.gz
-d894732eb0aebd89eeb404e3e8e51af47a581e71 SOURCES/go1.19.10.tar.gz
+3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz
+5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz
--- a/SOURCES/fix-memory-leak-evp-sign-verify.patch
+++ b/SOURCES/fix-memory-leak-evp-sign-verify.patch
@ -1,48 +0,0 @@
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
-                              GO_RSA *rsa_key) {
-   int ret = 0;
-   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
-+  if (!pk)
-+    return 0;
-+
-+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
-+    goto err;
- 
-   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
-     goto err;
-@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
- err:
-   if (ctx)
-     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+  if (pk)
-+    _goboringcrypto_EVP_PKEY_free(pk);
- 
-   return ret;
- }
-@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
-   int ret = 0;
-   EVP_PKEY_CTX *ctx;
-   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
-  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
-+  if (!pk)
-+    return 0;
-+
-+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
-+    goto err;
- 
-   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
-     goto err;
-@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
- err:
-   if (ctx)
-     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+  if (pk)
-+    _goboringcrypto_EVP_PKEY_free(pk);
- 
-   return ret;
- }
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -96,13 +96,12 @@
 %endif

 %global go_api 1.19
-%global version 1.19.10
-%global pkg_release 1
+%global version 1.19.13
+%global pkg_release 2

 Name:           golang
 Version:        %{version}
 Release:        1%{?dist}
-
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -149,7 +148,6 @@ Patch1939923:   skip_test_rhbz1939923.patch

 Patch2: 	disable_static_tests_part1.patch
 Patch3: 	disable_static_tests_part2.patch
-Patch6:		fix-memory-leak-evp-sign-verify.patch

 Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch

@ -247,6 +245,8 @@ tar -xf %{SOURCE1}
 popd
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch

 # Configure crypto tests
 pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -254,10 +254,8 @@ ln -s ../go-go%{version} go
 ./scripts/configure-crypto-tests.sh
 popd

-
 %patch2 -p1
 %patch3 -p1
-%patch6 -p1

 %patch221 -p1

@ -536,6 +534,15 @@ cd ..
 %endif

 %changelog
+* Thu Oct 12 2023 David Benoit <dbenoit@redhat.com> - 1.19.13-1
+- Fix CVE-2023-39325
+- Resolves: RHEL-12618
+
+* Wed Aug 30 2023 David Benoit <dbenoit@redhat.com> - 1.19.12-1
+- Update to Go 1.19.12
+- Midstream patches
+- Resolves: rhbz#2223641
+
 * Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
 - Update to Go 1.19.10
 - Resolves: rhbz#2217623