diff --git a/.gitignore b/.gitignore index 3fbcf0a..bd37c2e 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ SOURCES/go1.19.4.tar.gz /go1.21.3.tar.gz /go1.21.7.tar.gz /go1.21.7-1-openssl-fips.tar.gz +/go1.22.2.tar.gz +/go1.22.2-1-openssl-fips.tar.gz diff --git a/cgo-lto-fix.patch b/cgo-lto-fix.patch deleted file mode 100644 index 2aca0e3..0000000 --- a/cgo-lto-fix.patch +++ /dev/null @@ -1,289 +0,0 @@ -From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001 -From: Ian Lance Taylor -Date: Tue, 25 May 2021 16:31:41 -0700 -Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS - -The linker now accepts unrecognized object files in external linking mode. -These objects will simply be passed to the external linker. -This permits using -flto which can generate pure byte code objects, -whose symbol table the linker does not know how to read. - -The cgo tool now passes -fno-lto when generating objects whose symbols -it needs to read. The cgo tool now emits matching types in different -objects, so that the lto linker does not report a mismatch. - -This is based on https://golang.org/cl/293290 by Derek Parker. - -For #43505 -Fixes #43830 -Fixes #46295 - -Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad -Reviewed-on: https://go-review.googlesource.com/c/go/+/322614 -Trust: Ian Lance Taylor -Run-TryBot: Ian Lance Taylor -TryBot-Result: Go Bot -Reviewed-by: Michael Hudson-Doyle ---- - -diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go -index ae61725..a73e998 100644 ---- a/src/cmd/cgo/gcc.go -+++ b/src/cmd/cgo/gcc.go -@@ -1638,6 +1638,8 @@ - c = append(c, "-maix64") - c = append(c, "-mcmodel=large") - } -+ // disable LTO so we get an object whose symbols we can read -+ c = append(c, "-fno-lto") - c = append(c, "-") //read input from standard input - return c - } -diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go -index 8c31d5b..94152f4 100644 ---- a/src/cmd/cgo/out.go -+++ b/src/cmd/cgo/out.go -@@ -168,8 +168,18 @@ - if *gccgo { - fmt.Fprintf(fc, "extern byte *%s;\n", n.C) - } else { -- fmt.Fprintf(fm, "extern char %s[];\n", n.C) -- fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) -+ // Force a reference to all symbols so that -+ // the external linker will add DT_NEEDED -+ // entries as needed on ELF systems. -+ // Treat function variables differently -+ // to avoid type confict errors from LTO -+ // (Link Time Optimization). -+ if n.Kind == "fpvar" { -+ fmt.Fprintf(fm, "extern void %s();\n", n.C) -+ } else { -+ fmt.Fprintf(fm, "extern char %s[];\n", n.C) -+ fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) -+ } - fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C) - fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C) - fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C) -@@ -1042,7 +1052,7 @@ - fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName) - fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype) - -- fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName) -+ fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName) - - if gccResult != "void" { - // Write results back to frame. -diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 50bf80b..bc49c6d 100644 ---- a/src/cmd/dist/test.go -+++ b/src/cmd/dist/test.go -@@ -722,14 +722,29 @@ - }, - }) - if t.hasCxx() { -- t.tests = append(t.tests, distTest{ -- name: "swig_callback", -- heading: "../misc/swig/callback", -- fn: func(dt *distTest) error { -- t.addCmd(dt, "misc/swig/callback", t.goTest()) -- return nil -+ t.tests = append(t.tests, -+ distTest{ -+ name: "swig_callback", -+ heading: "../misc/swig/callback", -+ fn: func(dt *distTest) error { -+ t.addCmd(dt, "misc/swig/callback", t.goTest()) -+ return nil -+ }, - }, -- }) -+ distTest{ -+ name: "swig_callback_lto", -+ heading: "../misc/swig/callback", -+ fn: func(dt *distTest) error { -+ cmd := t.addCmd(dt, "misc/swig/callback", t.goTest()) -+ cmd.Env = append(os.Environ(), -+ "CGO_CFLAGS=-flto", -+ "CGO_CXXFLAGS=-flto", -+ "CGO_LDFLAGS=-flto", -+ ) -+ return nil -+ }, -+ }, -+ ) - } - } - } -diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt -new file mode 100644 -index 0000000..e2483ba ---- /dev/null -+++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt -@@ -0,0 +1,33 @@ -+# tests golang.org/issue/43830 -+ -+[!cgo] skip 'skipping test without cgo' -+[openbsd] env CC='clang' -+[openbsd] [!exec:clang] skip 'skipping test without clang present' -+[!openbsd] env CC='gcc' -+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' -+ -+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' -+ -+go build main.go -+ -+-- main.go -- -+ -+package main -+ -+import "fmt" -+ -+// #include "hello.h" -+import "C" -+ -+func main() { -+ hello := C.hello -+ fmt.Printf("%v\n", hello) -+} -+ -+-- hello.h -- -+ -+#include -+ -+void hello(void) { -+ printf("hello\n"); -+} -diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt -new file mode 100644 -index 0000000..06ab2f3 ---- /dev/null -+++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt -@@ -0,0 +1,39 @@ -+# tests golang.org/issue/43830 -+ -+[!cgo] skip 'skipping test without cgo' -+[openbsd] env CC='clang' -+[openbsd] [!exec:clang] skip 'skipping test without clang present' -+[!openbsd] env CC='gcc' -+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' -+ -+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' -+ -+go build main.go add.go -+ -+-- main.go -- -+ -+package main -+ -+/* -+int c_add(int a, int b) { -+ return myadd(a, b); -+} -+*/ -+import "C" -+ -+func main() { -+ println(C.c_add(1, 2)) -+} -+ -+-- add.go -- -+ -+package main -+ -+import "C" -+ -+/* test */ -+ -+//export myadd -+func myadd(a C.int, b C.int) C.int { -+ return a + b -+} -diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go -index 22f53a4..23915f9 100644 ---- a/src/cmd/link/internal/ld/ar.go -+++ b/src/cmd/link/internal/ld/ar.go -@@ -124,6 +124,10 @@ - - libgcc := sym.Library{Pkg: "libgcc"} - h := ldobj(ctxt, f, &libgcc, l, pname, name) -+ if h.ld == nil { -+ Errorf(nil, "%s unrecognized object file at offset %d", name, off) -+ continue -+ } - f.MustSeek(h.off, 0) - h.ld(ctxt, f, h.pkg, h.length, h.pn) - } -diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go -index ae0d752..20f1d0b 100644 ---- a/src/cmd/link/internal/ld/config.go -+++ b/src/cmd/link/internal/ld/config.go -@@ -241,6 +241,10 @@ - return true, "dynamically linking with a shared library" - } - -+ if unknownObjFormat { -+ return true, "some input objects have an unrecognized file format" -+ } -+ - return false, "" - } - -@@ -248,7 +252,7 @@ - // - // It is called after flags are processed and inputs are processed, - // so the ctxt.LinkMode variable has an initial value from the -linkmode --// flag and the iscgo externalobj variables are set. -+// flag and the iscgo, externalobj, and unknownObjFormat variables are set. - func determineLinkMode(ctxt *Link) { - extNeeded, extReason := mustLinkExternal(ctxt) - via := "" -diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index e8f001b..644faeb 100644 ---- a/src/cmd/link/internal/ld/lib.go -+++ b/src/cmd/link/internal/ld/lib.go -@@ -343,10 +343,16 @@ - const pkgdef = "__.PKGDEF" - - var ( -- // Set if we see an object compiled by the host compiler that is not -- // from a package that is known to support internal linking mode. -+ // externalobj is set to true if we see an object compiled by -+ // the host compiler that is not from a package that is known -+ // to support internal linking mode. - externalobj = false -- theline string -+ -+ // unknownObjFormat is set to true if we see an object whose -+ // format we don't recognize. -+ unknownObjFormat = false -+ -+ theline string - ) - - func Lflag(ctxt *Link, arg string) { -@@ -1065,6 +1071,10 @@ - } - - f.MustSeek(h.off, 0) -+ if h.ld == nil { -+ Errorf(nil, "%s: unrecognized object file format", h.pn) -+ continue -+ } - h.ld(ctxt, f, h.pkg, h.length, h.pn) - f.Close() - } -@@ -1855,6 +1865,14 @@ - return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file) - } - -+ if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' { -+ // An unrecognized object is just passed to the external linker. -+ // If we try to read symbols from this object, we will -+ // report an error at that time. -+ unknownObjFormat = true -+ return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file) -+ } -+ - /* check the header */ - line, err := f.ReadString('\n') - if err != nil { diff --git a/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch b/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch deleted file mode 100644 index 25294d3..0000000 --- a/cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001 -From: Lynn Boger -Date: Thu, 14 Jul 2022 10:47:28 -0500 -Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le - -The setting of the path for the dynamic loader when building for -linux/ppc64le ELF v2 was incorrectly set to the path for -PPC64 ELF v1. This has not caused issues in the common cases -because this string can be set based on the default GO_LDSO setting. -It does result in an incorrect value when cross compiling binaries -with -buildmode=pie. - -Updates #53813 - -Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730 ---- - src/cmd/link/internal/ppc64/obj.go | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go -index b6d5ad92af..bca8fa9212 100644 ---- a/src/cmd/link/internal/ppc64/obj.go -+++ b/src/cmd/link/internal/ppc64/obj.go -@@ -38,9 +38,12 @@ import ( - ) - - func Init() (*sys.Arch, ld.Arch) { -- arch := sys.ArchPPC64 -- if buildcfg.GOARCH == "ppc64le" { -- arch = sys.ArchPPC64LE -+ arch := sys.ArchPPC64LE -+ dynld := "/lib64/ld64.so.2" -+ -+ if buildcfg.GOARCH == "ppc64" { -+ arch = sys.ArchPPC64 -+ dynld = "/lib64/ld64.so.1" - } - - theArch := ld.Arch{ -@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) { - Machoreloc1: machoreloc1, - Xcoffreloc1: xcoffreloc1, - -- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1, -- Linuxdynld: "/lib64/ld64.so.1", -- -+ Linuxdynld: dynld, - Freebsddynld: "XXX", - Openbsddynld: "XXX", - Netbsddynld: "XXX", --- -2.35.3 - diff --git a/disable_static_external_tests.patch b/disable_static_external_tests.patch deleted file mode 100644 index 55181ca..0000000 --- a/disable_static_external_tests.patch +++ /dev/null @@ -1,310 +0,0 @@ -diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index d9eb9c3..506f979 100644 ---- a/src/cmd/dist/test.go -+++ b/src/cmd/dist/test.go -@@ -1180,18 +1180,20 @@ func (t *tester) cgoTest(dt *distTest) error { - fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.") - } else { - if goos != "android" { -- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) -+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") - } - t.addCmd(dt, "misc/cgo/nocgo", t.goTest()) - t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`) - if goos != "android" { -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") -+ /* - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) - // -static in CGO_LDFLAGS triggers a different code path - // than -static in -extldflags, so test both. - // See issue #16651. - cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static") - setEnv(cmd, "CGO_LDFLAGS", "-static -pthread") -+ */ - } - } - -@@ -1201,7 +1203,7 @@ func (t *tester) cgoTest(dt *distTest) error { - t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie") - } - t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie") -- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie") -+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl") - } - } - } -diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go -index a495bd7..2c6107b 100644 ---- a/src/crypto/internal/boring/aes.go -+++ b/src/crypto/internal/boring/aes.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/aes_test.go b/src/crypto/internal/boring/aes_test.go -index 3b4c364..371bc20 100644 ---- a/src/crypto/internal/boring/aes_test.go -+++ b/src/crypto/internal/boring/aes_test.go -@@ -1,9 +1,5 @@ --// +build linux --// +build !android --// +build !no_openssl --// +build !cmd_go_bootstrap --// +build !msan --// +build cgo -+//go:build linux && !android && !no_openssl && !cmd_go_bootstrap && !msan && cgo && !static -+// +build linux,!android,!no_openssl,!cmd_go_bootstrap,!msan,cgo,!static - - package boring - -diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go -index ec6e80c..05431b1 100644 ---- a/src/crypto/internal/boring/boring.go -+++ b/src/crypto/internal/boring/boring.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go -index f72da41..33ee442 100644 ---- a/src/crypto/internal/boring/ecdsa.go -+++ b/src/crypto/internal/boring/ecdsa.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h -index 4547ade..b8aaae4 100644 ---- a/src/crypto/internal/boring/goboringcrypto.h -+++ b/src/crypto/internal/boring/goboringcrypto.h -@@ -1,6 +1,12 @@ - // Copyright 2017 The Go Authors. All rights reserved. - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. -+// +build linux -+// +build !android -+// +build !no_openssl -+// +build !cmd_go_bootstrap -+// +build !msan -+// +build !static - - // This header file describes the BoringCrypto ABI as built for use in Go. - // The BoringCrypto build for Go (which generates goboringcrypto_*.syso) -diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h -index 4820385..ac41482 100644 ---- a/src/crypto/internal/boring/goopenssl.h -+++ b/src/crypto/internal/boring/goopenssl.h -@@ -6,6 +6,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - // This header file describes the OpenSSL ABI as built for use in Go. - -diff --git a/src/crypto/internal/boring/hmac.go b/src/crypto/internal/boring/hmac.go -index 4e913c3..10cfbb3 100644 ---- a/src/crypto/internal/boring/hmac.go -+++ b/src/crypto/internal/boring/hmac.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go -index e513834..08c5245 100644 ---- a/src/crypto/internal/boring/notboring.go -+++ b/src/crypto/internal/boring/notboring.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl --// +build !linux !cgo android cmd_go_bootstrap msan no_openssl -+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static -+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static - - package boring - -diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c -index 710d074..853be3d 100644 ---- a/src/crypto/internal/boring/openssl_ecdsa_signature.c -+++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c -@@ -3,6 +3,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - -diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c -index 36be702..331dfd3 100644 ---- a/src/crypto/internal/boring/openssl_evp.c -+++ b/src/crypto/internal/boring/openssl_evp.c -@@ -3,6 +3,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - -diff --git a/src/crypto/internal/boring/openssl_lock_setup.c b/src/crypto/internal/boring/openssl_lock_setup.c -index 955924e..c0f3435 100644 ---- a/src/crypto/internal/boring/openssl_lock_setup.c -+++ b/src/crypto/internal/boring/openssl_lock_setup.c -@@ -3,6 +3,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - #include -diff --git a/src/crypto/internal/boring/openssl_port_aead_gcm.c b/src/crypto/internal/boring/openssl_port_aead_gcm.c -index b39bf54..80c933a 100644 ---- a/src/crypto/internal/boring/openssl_port_aead_gcm.c -+++ b/src/crypto/internal/boring/openssl_port_aead_gcm.c -@@ -4,6 +4,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - #include -diff --git a/src/crypto/internal/boring/openssl_port_ctr128.c b/src/crypto/internal/boring/openssl_port_ctr128.c -index abaff5c..e2263a5 100644 ---- a/src/crypto/internal/boring/openssl_port_ctr128.c -+++ b/src/crypto/internal/boring/openssl_port_ctr128.c -@@ -3,6 +3,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - -diff --git a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c -index 8418c38..39bf3ae 100644 ---- a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c -+++ b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c -@@ -4,6 +4,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - // The following is a partial backport of crypto/evp/m_md5_sha1.c, - // commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the -diff --git a/src/crypto/internal/boring/openssl_port_hmac.c b/src/crypto/internal/boring/openssl_port_hmac.c -index be7c71a..35e1860 100644 ---- a/src/crypto/internal/boring/openssl_port_hmac.c -+++ b/src/crypto/internal/boring/openssl_port_hmac.c -@@ -4,6 +4,8 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static -+ - - #include "goboringcrypto.h" - -diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c -index 5174f66..a8008e9 100644 ---- a/src/crypto/internal/boring/openssl_port_rsa.c -+++ b/src/crypto/internal/boring/openssl_port_rsa.c -@@ -4,6 +4,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - -diff --git a/src/crypto/internal/boring/openssl_stub_rand.c b/src/crypto/internal/boring/openssl_stub_rand.c -index 18d6777..e8ac53b 100644 ---- a/src/crypto/internal/boring/openssl_stub_rand.c -+++ b/src/crypto/internal/boring/openssl_stub_rand.c -@@ -3,6 +3,7 @@ - // +build !no_openssl - // +build !cmd_go_bootstrap - // +build !msan -+// +build !static - - #include "goboringcrypto.h" - #include -diff --git a/src/crypto/internal/boring/rand.go b/src/crypto/internal/boring/rand.go -index e9c334f..3adbd4d 100644 ---- a/src/crypto/internal/boring/rand.go -+++ b/src/crypto/internal/boring/rand.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go -index b1a2f57..0cabadb 100644 ---- a/src/crypto/internal/boring/rsa.go -+++ b/src/crypto/internal/boring/rsa.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - -diff --git a/src/crypto/internal/boring/sha.go b/src/crypto/internal/boring/sha.go -index bdcc782..6184d6c 100644 ---- a/src/crypto/internal/boring/sha.go -+++ b/src/crypto/internal/boring/sha.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package boring - diff --git a/disable_static_tests_part1.patch b/disable_static_tests_part1.patch index 5b99e48..2f1adc0 100644 --- a/disable_static_tests_part1.patch +++ b/disable_static_tests_part1.patch @@ -1,5 +1,18 @@ +From 24aac090069f79307aeceb8362f60a3cc5e60f7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Fri, 3 May 2024 17:25:19 +0200 +Subject: [PATCH] disable_static_tests_part1 + +--- + src/crypto/internal/backend/nobackend.go | 4 ++-- + src/crypto/internal/backend/openssl.go | 4 ++-- + src/crypto/internal/boring/goboringcrypto.h | 1 + + src/crypto/internal/boring/syso/syso.go | 2 +- + src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h | 1 + + 5 files changed, 7 insertions(+), 5 deletions(-) + diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go -index 5f258a2..5dbbc42 100644 +index 5b0e356dff..a2e17f7fa5 100644 --- a/src/crypto/internal/backend/nobackend.go +++ b/src/crypto/internal/backend/nobackend.go @@ -2,8 +2,8 @@ @@ -8,13 +21,28 @@ index 5f258a2..5dbbc42 100644 -//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl -// +build !linux !cgo android cmd_go_bootstrap msan no_openssl -+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static -+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static ++//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static || static ++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static static package backend +diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go +index 3d3a9a36ee..7e32d3b0fa 100644 +--- a/src/crypto/internal/backend/openssl.go ++++ b/src/crypto/internal/backend/openssl.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static + + // Package openssl provides access to OpenSSLCrypto implementation functions. + // Check the variable Enabled to find out whether OpenSSLCrypto is available. diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h -index d6d99b1..f2fe332 100644 +index 2b11049728..dec1cb2851 100644 --- a/src/crypto/internal/boring/goboringcrypto.h +++ b/src/crypto/internal/boring/goboringcrypto.h @@ -1,4 +1,5 @@ @@ -24,7 +52,7 @@ index d6d99b1..f2fe332 100644 // license that can be found in the LICENSE file. diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go -index b338754..db5ea1e 100644 +index b3387545e6..db5ea1e3d9 100644 --- a/src/crypto/internal/boring/syso/syso.go +++ b/src/crypto/internal/boring/syso/syso.go @@ -2,7 +2,7 @@ @@ -36,253 +64,16 @@ index b338754..db5ea1e 100644 // This package only exists with GOEXPERIMENT=boringcrypto. // It provides the actual syso file. -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go -index 079fc3c..e826d0b 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go -index 0b61e79..94d0c98 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -index afec529..d822152 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h -index 6d6a562..17cc314 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h +index e488bf2014..e776aa46a3 100644 +--- a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h ++++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h @@ -1,4 +1,5 @@ - // Copyright 2017 The Go Authors. All rights reserved. + // This header file describes the OpenSSL ABI as built for use in Go. +// +build !static - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - // +build linux -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go -index ae40b93..17bc075 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go -index 6f00177..f466b18 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go -index 7c0b5d6..262af07 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl --// +build !linux !cgo android cmd_go_bootstrap msan no_openssl -+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static -+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go -index d49194d..ff15054 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c -index 2349db1..57fbb04 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c -@@ -1,4 +1,5 @@ - // +build linux -+// +build !static - // +build !android - // +build !no_openssl - // +build !cmd_go_bootstrap -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -index 4379019..5034c46 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -@@ -1,4 +1,5 @@ - // +build linux -+// +build !static - // +build !android - // +build !no_openssl - // +build !cmd_go_bootstrap -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c -index 49d40a7..3b3dbf8 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c -@@ -1,4 +1,5 @@ - // +build linux -+// +build !static - // +build !android - // +build !no_openssl - // +build !cmd_go_bootstrap -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c -index 7eb645e..1c3225a 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c -@@ -1,4 +1,5 @@ - // This file contains a port of the BoringSSL AEAD interface. -+// +build !static - // +build linux - // +build !android - // +build !no_openssl -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c -index df4ebe3..876393b 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c -@@ -1,4 +1,5 @@ - // +build linux -+// +build !static - // +build !android - // +build !no_openssl - // +build !cmd_go_bootstrap -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c -index 2eedd5b..04510d3 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c -@@ -1,4 +1,5 @@ - // This file contains a backport of the EVP_md5_sha1 method. -+// +build !static - // +build linux - // +build !android - // +build !no_openssl -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c -index 362d9e5..bebafef 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c -@@ -1,4 +1,5 @@ - // This file contains HMAC portability wrappers. -+// +build !static - // +build linux - // +build !android - // +build !no_openssl -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c -index 2824147..8bc1d85 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c -@@ -1,4 +1,5 @@ - // This file contains RSA portability wrappers. -+// +build !static - // +build linux - // +build !android - // +build !no_openssl -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c -index 22bd865..b7aa26b 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c -@@ -1,4 +1,5 @@ - // +build linux -+// +build !static - // +build !android - // +build !no_openssl - // +build !cmd_go_bootstrap -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go -index b3668b8..dcdae70 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go -index 915c840..8623d9d 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl - -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go -index 0b55ced..57309c0 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static - - package openssl + #include // size_t +-- +2.44.0 + diff --git a/fix-memory-leak-evp-sign-verify.patch b/fix-memory-leak-evp-sign-verify.patch deleted file mode 100644 index f2eae14..0000000 --- a/fix-memory-leak-evp-sign-verify.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -index 76bac5b..24a9615 100644 ---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c -@@ -43,7 +43,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m - GO_RSA *rsa_key) { - int ret = 0; - GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); -- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); -+ if (!pk) -+ return 0; -+ -+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) -+ goto err; - - if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) - goto err; -@@ -63,6 +67,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m - err: - if (ctx) - _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pk) -+ _goboringcrypto_EVP_PKEY_free(pk); - - return ret; - } -@@ -103,7 +109,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, - int ret = 0; - EVP_PKEY_CTX *ctx; - GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new(); -- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key); -+ if (!pk) -+ return 0; -+ -+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key))) -+ goto err; - - if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL))) - goto err; -@@ -123,6 +133,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen, - err: - if (ctx) - _goboringcrypto_EVP_PKEY_CTX_free(ctx); -+ if (pk) -+ _goboringcrypto_EVP_PKEY_free(pk); - - return ret; - } diff --git a/go1.5-zoneinfo_testing_only.patch b/go1.5-zoneinfo_testing_only.patch deleted file mode 100644 index 5f0046e..0000000 --- a/go1.5-zoneinfo_testing_only.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff --git a/src/time/internal_test.go b/src/time/internal_test.go -index f0dddb7..415949a 100644 ---- a/src/time/internal_test.go -+++ b/src/time/internal_test.go -@@ -4,13 +4,15 @@ - - package time - -+import "runtime" -+ - func init() { - // force US/Pacific for time zone tests - ForceUSPacificForTesting() - } - - func initTestingZone() { -- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:]) -+ z, err := loadLocation("America/Los_Angeles", zoneSources) - if err != nil { - panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata") - } -@@ -21,8 +23,9 @@ func initTestingZone() { - var OrigZoneSources = zoneSources - - func forceZipFileForTesting(zipOnly bool) { -- zoneSources = make([]string, len(OrigZoneSources)) -+ zoneSources = make([]string, len(OrigZoneSources)+1) - copy(zoneSources, OrigZoneSources) -+ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip") - if zipOnly { - zoneSources = zoneSources[len(zoneSources)-1:] - } -diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go -index f032aa7..e3e5547 100644 ---- a/src/time/zoneinfo_test.go -+++ b/src/time/zoneinfo_test.go -@@ -9,6 +9,7 @@ import ( - "fmt" - "os" - "reflect" -+ "runtime" - "testing" - "time" - ) -@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) { - t.Fatal(err) - } - -- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1]) -+ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip") - if err != nil { - t.Fatal(err) - } -diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go -index 23f8b3c..228db1b 100644 ---- a/src/time/zoneinfo_unix.go -+++ b/src/time/zoneinfo_unix.go -@@ -12,7 +12,6 @@ - package time - - import ( -- "runtime" - "syscall" - ) - -@@ -22,7 +21,6 @@ var zoneSources = []string{ - "/usr/share/zoneinfo/", - "/usr/share/lib/zoneinfo/", - "/usr/lib/locale/TZ/", -- runtime.GOROOT() + "/lib/time/zoneinfo.zip", - } - - func initLocal() { diff --git a/golang.spec b/golang.spec index c70dcf3..7b30344 100644 --- a/golang.spec +++ b/golang.spec @@ -91,8 +91,8 @@ %global gohostarch s390x %endif -%global go_api 1.21 -%global version 1.21.7 +%global go_api 1.22 +%global version 1.22.2 %global pkg_release 1 Name: golang @@ -144,8 +144,9 @@ Patch1939923: skip_test_rhbz1939923.patch Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch -Patch4: skip-test-overlong-message.patch Patch5: modify_go.env.patch +Patch6: re-enable-cgo.patch +Patch7: skip_TestCrashDumpsAllThreads.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -242,9 +243,11 @@ Requires: %{name} = %{version}-%{release} pushd .. tar -xf %{SOURCE1} popd -patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch -patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch -patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch +patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches" +for p in "$patch_dir"/*.patch; do + echo "Applying $p" + patch -p1 < $p +done # Configure crypto tests pushd ../go-go%{version}-%{pkg_release}-openssl-fips @@ -449,11 +452,12 @@ export GO_TEST_RUN="" # Run tests with FIPS enabled. export GOLANG_FIPS=1 +export OPENSSL_FORCE_FIPS_MODE=1 pushd crypto # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later - go test $(go list ./... | grep -v tls) -v + go test -timeout 50m $(go list ./... | grep -v tls) -v # Check that signature functions have parity between boring and notboring - CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v + CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v popd # Run all FIPS specific TLS tests pushd crypto/tls @@ -517,6 +521,12 @@ cd .. %endif %changelog +* Thu May 02 2024 Alejandro Sáez - 1.22.2-1 +- Rebase to 1.22.2 +- Re-enable CGO +- Skip TestCrashDumpsAllThreads +- Resolves: RHEL-33157 + * Tue Feb 13 2024 Alejandro Sáez - 1.21.7-1 - Rebase to Go 1.21.7 - Add release information diff --git a/openssl_deprecated_algorithm_tests.patch b/openssl_deprecated_algorithm_tests.patch deleted file mode 100644 index 46f8822..0000000 --- a/openssl_deprecated_algorithm_tests.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go -index a4f2e2dbbe..76701d2e2b 100644 ---- a/src/crypto/rsa/pkcs1v15_test.go -+++ b/src/crypto/rsa/pkcs1v15_test.go -@@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ - } - - func TestDecryptPKCS1v15(t *testing.T) { -+ t.Skip("not supported in FIPS mode") - decryptionFuncs := []func([]byte) ([]byte, error){ - func(ciphertext []byte) (plaintext []byte, err error) { - return DecryptPKCS1v15(nil, testRSA2048PrivateKey, ciphertext) -@@ -76,6 +77,7 @@ func TestDecryptPKCS1v15(t *testing.T) { - } - - func TestEncryptPKCS1v15(t *testing.T) { -+ t.Skip("not supported in FIPS mode") - random := rand.Reader - k := (testRSA2048PrivateKey.N.BitLen() + 7) / 8 - -@@ -137,6 +139,7 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ - } - - func TestEncryptPKCS1v15SessionKey(t *testing.T) { -+ t.Skip("not supported in FIPS mode") - for i, test := range decryptPKCS1v15SessionKeyTests { - key := []byte("FAIL") - err := DecryptPKCS1v15SessionKey(nil, testRSA2048PrivateKey, decodeBase64(test.in), key) -@@ -151,6 +154,7 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) { - } - - func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) { -+ t.Skip("not supported in FIPS mode") - for i, test := range decryptPKCS1v15SessionKeyTests { - plaintext, err := testRSA2048PrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4}) - if err != nil { -@@ -270,6 +274,7 @@ func TestUnpaddedSignature(t *testing.T) { - } - - func TestShortSessionKey(t *testing.T) { -+ t.Skip("not supported in FIPS mode") - // This tests that attempting to decrypt a session key where the - // ciphertext is too small doesn't run outside the array bounds. - ciphertext, err := EncryptPKCS1v15(rand.Reader, &testRSA2048PrivateKey.PublicKey, []byte{1}) -diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index b547a87c71..99e7882866 100644 ---- a/src/crypto/rsa/pss_test.go -+++ b/src/crypto/rsa/pss_test.go -@@ -77,6 +77,7 @@ func TestEMSAPSS(t *testing.T) { - // TestPSSGolden tests all the test vectors in pss-vect.txt from - // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip - func TestPSSGolden(t *testing.T) { -+ t.Skip("SHA1 not supported in boring mode") - inFile, err := os.Open("testdata/pss-vect.txt.bz2") - if err != nil { - t.Fatalf("Failed to open input file: %s", err) -diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 9aa67655ab..2f4e666abb 100644 ---- a/src/crypto/rsa/rsa_test.go -+++ b/src/crypto/rsa/rsa_test.go -@@ -123,28 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { - t.Errorf("private exponent too large") - } - -- if boring.Enabled() { -- // Cannot call encrypt/decrypt directly. Test via PKCS1v15. -- msg := []byte("hi!") -- if priv.Size() >= 256 { -- enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -- if err != nil { -- t.Errorf("EncryptPKCS1v15: %v", err) -- return -- } -- dec, err := DecryptPKCS1v15(rand.Reader, priv, enc) -- if err != nil { -- t.Errorf("DecryptPKCS1v15: %v", err) -- return -- } -- if !bytes.Equal(dec, msg) { -- t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) -- } -- } else { -- t.Logf("skipping check for unsupported key less than 2048 bits") -- } -- return -- } -+ if boring.Enabled() { -+ // Cannot call encrypt/decrypt directly. Test via EncryptOAEP. -+ sha256 := sha256.New() -+ msg := []byte("hi!") -+ if priv.Size() >= 256 { -+ enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil) -+ if err != nil { -+ t.Errorf("EncryptOAEP: %v", err) -+ return -+ } -+ dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, nil) -+ if err != nil { -+ t.Errorf("DecryptOAEP: %v", err) -+ return -+ } -+ if !bytes.Equal(dec, msg) { -+ t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) -+ } -+ } else { -+ t.Logf("skipping check for unsupported key less than 2048 bits") -+ } -+ return -+ } - - pub := &priv.PublicKey - m := big.NewInt(42) diff --git a/re-enable-cgo.patch b/re-enable-cgo.patch new file mode 100644 index 0000000..062a295 --- /dev/null +++ b/re-enable-cgo.patch @@ -0,0 +1,30 @@ +From 09ff18f22def1766faa746df87e57d5b68454246 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Tue, 5 Mar 2024 10:03:13 +0100 +Subject: [PATCH] Re-enable CGO in cmd/go and cmd/pprof + +--- + src/cmd/dist/build.go | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go +index 32e59b446a..941abdcebd 100644 +--- a/src/cmd/dist/build.go ++++ b/src/cmd/dist/build.go +@@ -1304,13 +1304,6 @@ func timelog(op, name string) { + // to switch between the host and target configurations when cross-compiling. + func toolenv() []string { + var env []string +- if !mustLinkExternal(goos, goarch, false) { +- // Unless the platform requires external linking, +- // we disable cgo to get static binaries for cmd/go and cmd/pprof, +- // so that they work on systems without the same dynamic libraries +- // as the original build system. +- env = append(env, "CGO_ENABLED=0") +- } + if isRelease || os.Getenv("GO_BUILDER_NAME") != "" { + // Add -trimpath for reproducible builds of releases. + // Include builders so that -trimpath is well-tested ahead of releases. +-- +2.43.2 + diff --git a/remove_ed25519vectors_test.patch b/remove_ed25519vectors_test.patch deleted file mode 100644 index 45e3182..0000000 --- a/remove_ed25519vectors_test.patch +++ /dev/null @@ -1,128 +0,0 @@ -From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= -Date: Wed, 15 Dec 2021 16:02:15 +0100 -Subject: [PATCH] Remove ed25519vectors_test.go - ---- - src/crypto/ed25519/ed25519vectors_test.go | 109 ---------------------- - 1 file changed, 109 deletions(-) - delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go - -diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go -deleted file mode 100644 -index 74fcdcdf4e..0000000000 ---- a/src/crypto/ed25519/ed25519vectors_test.go -+++ /dev/null -@@ -1,109 +0,0 @@ --// Copyright 2021 The Go Authors. All rights reserved. --// Use of this source code is governed by a BSD-style --// license that can be found in the LICENSE file. -- --package ed25519_test -- --import ( -- "crypto/ed25519" -- "encoding/hex" -- "encoding/json" -- "internal/testenv" -- "os" -- "os/exec" -- "path/filepath" -- "testing" --) -- --// TestEd25519Vectors runs a very large set of test vectors that exercise all --// combinations of low-order points, low-order components, and non-canonical --// encodings. These vectors lock in unspecified and spec-divergent behaviors in --// edge cases that are not security relevant in most contexts, but that can --// cause issues in consensus applications if changed. --// --// Our behavior matches the "classic" unwritten verification rules of the --// "ref10" reference implementation. --// --// Note that although we test for these edge cases, they are not covered by the --// Go 1 Compatibility Promise. Applications that need stable verification rules --// should use github.com/hdevalence/ed25519consensus. --// --// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details. --func TestEd25519Vectors(t *testing.T) { -- jsonVectors := downloadEd25519Vectors(t) -- var vectors []struct { -- A, R, S, M string -- Flags []string -- } -- if err := json.Unmarshal(jsonVectors, &vectors); err != nil { -- t.Fatal(err) -- } -- for i, v := range vectors { -- expectedToVerify := true -- for _, f := range v.Flags { -- switch f { -- // We use the simplified verification formula that doesn't multiply -- // by the cofactor, so any low order residue will cause the -- // signature not to verify. -- // -- // This is allowed, but not required, by RFC 8032. -- case "LowOrderResidue": -- expectedToVerify = false -- // Our point decoding allows non-canonical encodings (in violation -- // of RFC 8032) but R is not decoded: instead, R is recomputed and -- // compared bytewise against the canonical encoding. -- case "NonCanonicalR": -- expectedToVerify = false -- } -- } -- -- publicKey := decodeHex(t, v.A) -- signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...) -- message := []byte(v.M) -- -- didVerify := ed25519.Verify(publicKey, message, signature) -- if didVerify && !expectedToVerify { -- t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags) -- } -- if !didVerify && expectedToVerify { -- t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags) -- } -- } --} -- --func downloadEd25519Vectors(t *testing.T) []byte { -- testenv.MustHaveExternalNetwork(t) -- -- // Download the JSON test file from the GOPROXY with `go mod download`, -- // pinning the version so test and module caching works as expected. -- goTool := testenv.GoToolPath(t) -- path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94" -- cmd := exec.Command(goTool, "mod", "download", "-json", path) -- // TODO: enable the sumdb once the TryBots proxy supports it. -- cmd.Env = append(os.Environ(), "GONOSUMDB=*") -- output, err := cmd.Output() -- if err != nil { -- t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output) -- } -- var dm struct { -- Dir string // absolute path to cached source root directory -- } -- if err := json.Unmarshal(output, &dm); err != nil { -- t.Fatal(err) -- } -- -- jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json")) -- if err != nil { -- t.Fatalf("failed to read ed25519vectors.json: %v", err) -- } -- return jsonVectors --} -- --func decodeHex(t *testing.T, s string) []byte { -- t.Helper() -- b, err := hex.DecodeString(s) -- if err != nil { -- t.Errorf("invalid hex: %v", err) -- } -- return b --} --- -2.33.1 - diff --git a/rhbz1955035.patch b/rhbz1955035.patch deleted file mode 100644 index 024eafe..0000000 --- a/rhbz1955035.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4ec78a579cc3c83a7d0afc7483fb3e69e2fd87a7 Mon Sep 17 00:00:00 2001 -From: "Paul E. Murphy" -Date: Tue, 27 Apr 2021 15:05:51 -0500 -Subject: [PATCH] cmd/link: disable plugin support if cgo is disabled - -Functional plugin support requires cgo to be enabled. Disable -it if the environment has disabled cgo. - -This prevents unexpected linker failures when linking large -binaries with cgo disabled which use the plugin package. - -Fixes #45564 - -Change-Id: Ib71f0e089f7373b7b3e3cd53da3612291e7bc473 -Reviewed-on: https://go-review.googlesource.com/c/go/+/314449 -Run-TryBot: Paul Murphy -Reviewed-by: Cherry Zhang -TryBot-Result: Go Bot -Trust: Lynn Boger ---- - src/cmd/link/internal/ld/lib.go | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index 0e77424884..f7a32aebae 100644 ---- a/src/cmd/link/internal/ld/lib.go -+++ b/src/cmd/link/internal/ld/lib.go -@@ -533,7 +533,10 @@ func (ctxt *Link) loadlib() { - // up symbol by name may not get expected result. - - iscgo = ctxt.LibraryByPkg["runtime/cgo"] != nil -- ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil -+ -+ // Plugins a require cgo support to function. Similarly, plugins may require additional -+ // internal linker support on some platforms which may not be implemented. -+ ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil && iscgo - - // We now have enough information to determine the link mode. - determineLinkMode(ctxt) --- -2.30.2 - diff --git a/skip_TestCrashDumpsAllThreads.patch b/skip_TestCrashDumpsAllThreads.patch new file mode 100644 index 0000000..92e7eca --- /dev/null +++ b/skip_TestCrashDumpsAllThreads.patch @@ -0,0 +1,27 @@ +From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Wed, 27 Mar 2024 17:15:48 +0100 +Subject: [PATCH] Skip TestCrashDumpsAllThreads + +--- + src/runtime/crash_unix_test.go | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go +index 123a462423..a0034d6455 100644 +--- a/src/runtime/crash_unix_test.go ++++ b/src/runtime/crash_unix_test.go +@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) { + t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196") + } + ++ if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" { ++ t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650") ++ } ++ + testenv.MustHaveGoBuild(t) + + if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") { +-- +2.44.0 + diff --git a/sources b/sources index 4571540..2ed4166 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (go1.21.7.tar.gz) = 367fdc64475b2c7f639fdc74b2934594ae787def78048897159b42275adb11bee7169cda12d87dd62b3fc66e2d6fdf96c6fe6afa39c700c6e398117a7c82bbf2 -SHA512 (go1.21.7-1-openssl-fips.tar.gz) = 6dba839d045a7f820cef25c638b7b4545779af46a855916027d28d3014b06f481271ebebe34ee33d4a9506f376c13cf8ee03e78d8b71764f3c6676f46dc82e11 +SHA512 (go1.22.2.tar.gz) = c9c6f0a745229a41ff17fdb5192a5700c5eead2dfd7c3de9273ccfda64db0ee73dceb6bfc5d7cd2df87e31bbee53b96360742a9f853c79456bb178f2da001065 +SHA512 (go1.22.2-1-openssl-fips.tar.gz) = 01a7924f86be2030207b32bbac5b0b4f5b5e8430349eb1d0a1ade8a48536e4402fdf000f8c07e7bd270df338e5f97553f6933045ad96411aa9b2dfd7f127d280