import golang-1.17.2-1.module+el8.6.0+12972+ebab5911

2021-10-28 04:51:33 +00:00 · 2021-10-28 04:51:33 +00:00 · f2948b6ce8
parent 25a96dacf4
commit f2948b6ce8
5 changed files with 21 additions and 157 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz
+SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-e693273f254789980a55720bd48ac8741d446f21 SOURCES/go-go-1.16.7-1-openssl-fips.tar.gz
+583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
--- a/SOURCES/golang-1.15-warnCN.patch
+++ b/SOURCES/golang-1.15-warnCN.patch
@ -1,25 +0,0 @@
-diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
-index 50f4d4a..121fd1b 100644
--- a/src/crypto/x509/verify.go
-+++ b/src/crypto/x509/verify.go
-@@ -20,6 +20,9 @@ import (
- 
- // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
- var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
-+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
-+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
-+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
- 
- type InvalidReason int
- 
-@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
- 	names := c.DNSNames
- 	if c.commonNameAsHostname() {
- 		names = []string{c.Subject.CommonName}
-+		if warnCN {
-+			fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
-+				"Using CN without SAN is deprecated and will not work in future versions.\n")
-+		}
- 	}
- 
- 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
--- a/SOURCES/reject-leading-zeros.patch
+++ b/SOURCES/reject-leading-zeros.patch
@ -1,109 +0,0 @@
-diff --git a/doc/go1.16.html b/doc/go1.16.html
-index 0beb62d..fc6b668 100644
--- a/doc/go1.16.html
-+++ b/doc/go1.16.html
-@@ -891,6 +891,14 @@ func TestFoo(t *testing.T) {
-       is missing; this is common on musl-based systems and makes
-       Go programs match the behavior of C programs on those systems.
-     </p>
-+    <p><!-- CL325829 -->
-+      The <a href="/pkg/net/#ParseIP"><code>ParseIP</code></a> and <a href="/pkg/net/#ParseCIDR"><code>ParseCIDR</code></a>
-+      functions now reject IPv4 addresses which contain decimal components with leading zeros.
-+      These components were always interpreted as decimal, but some operating systems treat them as octal.
-+      This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses
-+      which were then used in their original form with non-Go applications which interpreted components as octal. Generally,
-+      it is advisable to always re-encoded values after validation, which avoids this class of parser misalignment issues.
-+    </p>
-   </dd>
- </dl><!-- net -->
- 
-diff --git a/src/net/hosts_test.go b/src/net/hosts_test.go
-index f850e2f..19c4399 100644
--- a/src/net/hosts_test.go
-+++ b/src/net/hosts_test.go
-@@ -36,7 +36,7 @@ var lookupStaticHostTests = []struct {
- 		},
- 	},
- 	{
-		"testdata/ipv4-hosts", // see golang.org/issue/8996
-+		"testdata/ipv4-hosts",
- 		[]staticHostEntry{
- 			{"localhost", []string{"127.0.0.1", "127.0.0.2", "127.0.0.3"}},
- 			{"localhost.localdomain", []string{"127.0.0.3"}},
-@@ -102,7 +102,7 @@ var lookupStaticAddrTests = []struct {
- 		},
- 	},
- 	{
-		"testdata/ipv4-hosts", // see golang.org/issue/8996
-+		"testdata/ipv4-hosts",
- 		[]staticHostEntry{
- 			{"127.0.0.1", []string{"localhost"}},
- 			{"127.0.0.2", []string{"localhost"}},
-diff --git a/src/net/ip.go b/src/net/ip.go
-index c00fe8e..007f3f7 100644
--- a/src/net/ip.go
-+++ b/src/net/ip.go
-@@ -552,6 +552,10 @@ func parseIPv4(s string) IP {
- 		if !ok || n > 0xFF {
- 			return nil
- 		}
-+		if c > 1 && s[0] == '0' {
-+			// Reject non-zero components with leading zeroes.
-+			return nil
-+		}
- 		s = s[c:]
- 		p[i] = byte(n)
- 	}
-diff --git a/src/net/ip_test.go b/src/net/ip_test.go
-index a5fc5e6..585381d 100644
--- a/src/net/ip_test.go
-+++ b/src/net/ip_test.go
-@@ -20,9 +20,7 @@ var parseIPTests = []struct {
- }{
- 	{"127.0.1.2", IPv4(127, 0, 1, 2)},
- 	{"127.0.0.1", IPv4(127, 0, 0, 1)},
-	{"127.001.002.003", IPv4(127, 1, 2, 3)},
- 	{"::ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
-	{"::ffff:127.001.002.003", IPv4(127, 1, 2, 3)},
- 	{"::ffff:7f01:0203", IPv4(127, 1, 2, 3)},
- 	{"0:0:0:0:0000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
- 	{"0:0:0:0:000000:ffff:127.1.2.3", IPv4(127, 1, 2, 3)},
-@@ -42,6 +40,11 @@ var parseIPTests = []struct {
- 	{"fe80::1%911", nil},
- 	{"", nil},
- 	{"a1:a2:a3:a4::b1:b2:b3:b4", nil}, // Issue 6628
-+	{"127.001.002.003", nil},
-+	{"::ffff:127.001.002.003", nil},
-+	{"123.000.000.000", nil},
-+	{"1.2..4", nil},
-+	{"0123.0.0.1", nil},
- }
- 
- func TestParseIP(t *testing.T) {
-@@ -357,6 +360,7 @@ var parseCIDRTests = []struct {
- 	{"0.0.-2.0/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.-2.0/32"}},
- 	{"0.0.0.-3/32", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.-3/32"}},
- 	{"0.0.0.0/-0", nil, nil, &ParseError{Type: "CIDR address", Text: "0.0.0.0/-0"}},
-+	{"127.000.000.001/32", nil, nil, &ParseError{Type: "CIDR address", Text: "127.000.000.001/32"}},
- 	{"", nil, nil, &ParseError{Type: "CIDR address", Text: ""}},
- }
- 
-diff --git a/src/net/testdata/ipv4-hosts b/src/net/testdata/ipv4-hosts
-index 5208bb4..6b99675 100644
--- a/src/net/testdata/ipv4-hosts
-+++ b/src/net/testdata/ipv4-hosts
-@@ -1,12 +1,8 @@
- # See https://tools.ietf.org/html/rfc1123.
-#
-# The literal IPv4 address parser in the net package is a relaxed
-# one. It may accept a literal IPv4 address in dotted-decimal notation
-# with leading zeros such as "001.2.003.4".
- 
- # internet address and host name
- 127.0.0.1	localhost	# inline comment separated by tab
-127.000.000.002	localhost       # inline comment separated by space
-+127.0.0.2	localhost   # inline comment separated by space
- 
- # internet address, host name and aliases
-127.000.000.003	localhost	localhost.localdomain
-+127.0.0.3	localhost	localhost.localdomain
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -95,8 +95,8 @@
 %global gohostarch  s390x
 %endif

-%global go_api 1.16
-%global go_version 1.16.7
+%global go_api 1.17
+%global go_version 1.17.2
 %global pkg_release 1

 Name:           golang
@ -140,16 +140,6 @@ Patch215:       go1.5-zoneinfo_testing_only.patch
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch

-# Add an env var to optionally trigger a warning in x509 when
-# Common Name is used as hostname
-# rhbz#1889437
-Patch223:       golang-1.15-warnCN.patch
-
-# Fix incorrect parsing of extraneous zeros in net/ip
-# https://bugzilla.redhat.com/show_bug.cgi?id=1993316
-# https://go-review.googlesource.com/c/go/+/325829
-Patch1993316: reject-leading-zeros.patch
-
 Patch1939923:   skip_test_rhbz1939923.patch

 # Fix FIPS mode memory leaks
@ -248,12 +238,8 @@ Requires:       %{name} = %{version}-%{release}

 %patch221 -p1

-%patch223 -p1
-
 %patch1939923 -p1

-%patch1993316 -p1
-
 %patch1951877 -p1


@ -326,7 +312,7 @@ rm -rf pkg/bootstrap/bin

 # install everything into libdir (until symlink problems are fixed)
 # https://code.google.com/p/go/issues/detail?id=5830
-cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \
+cp -apv api bin doc lib pkg src misc test VERSION \
   $RPM_BUILD_ROOT%{goroot}

 # bz1099206
@ -448,19 +434,23 @@ export GO_TEST_RUN=""

 %if %{fail_on_tests}

-./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
+# TestEd25519Vectors needs network connectivity but it should be cover by
+# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
+export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
+
+./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST

 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list ./... | grep -v tls) -v
+  go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  go test -v -run "Boring"
+  go test -v -run "Boring" $DISABLE_Ed25519_TEST
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@ -523,6 +513,14 @@ cd ..
 %endif

 %changelog
+* Tue Oct 12 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+- Rebase to Go 1.17.2
+- Related: rhbz#2014088
+- Remove golang-1.15-warnCN.patch
+- Remove reject-leading-zeros.patch
+- Remove favicon.ico and robots.txt references
+- Exclude TestEd25519Vectors test 
+
 * Tue Aug 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.7-1
 - Rebase to Go 1.16.7
 - Resolves: rhbz#1994079