import golang-1.17.2-1.el9

2021-12-07 11:37:35 -05:00 · 2021-12-07 11:37:35 -05:00 · fcc4c2ec72
commit fcc4c2ec72
parent cb41cf6a2c
8 changed files with 39 additions and 608 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
+SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-97a713b08ed6438c1b488c29fb4c1b2d654831c8 SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
+583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
--- a/SOURCES/cgo-lto-fix.patch
+++ b/SOURCES/cgo-lto-fix.patch
@ -1,289 +0,0 @@
 From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001
 From: Ian Lance Taylor <iant@golang.org>
 Date: Tue, 25 May 2021 16:31:41 -0700
 Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS
 The linker now accepts unrecognized object files in external linking mode.
 These objects will simply be passed to the external linker.
 This permits using -flto which can generate pure byte code objects,
 whose symbol table the linker does not know how to read.
 The cgo tool now passes -fno-lto when generating objects whose symbols
 it needs to read. The cgo tool now emits matching types in different
 objects, so that the lto linker does not report a mismatch.
 This is based on https://golang.org/cl/293290 by Derek Parker.
 For #43505
 Fixes #43830
 Fixes #46295
 Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad
 Reviewed-on: https://go-review.googlesource.com/c/go/+/322614
 Trust: Ian Lance Taylor <iant@golang.org>
 Run-TryBot: Ian Lance Taylor <iant@golang.org>
 TryBot-Result: Go Bot <gobot@golang.org>
 Reviewed-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
 ---
 diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go
 index ae61725..a73e998 100644
 --- a/src/cmd/cgo/gcc.go
 +++ b/src/cmd/cgo/gcc.go
@@ -1638,6 +1638,8 @@
 		c = append(c, "-maix64")
 		c = append(c, "-mcmodel=large")
 	}
 +	// disable LTO so we get an object whose symbols we can read
 +	c = append(c, "-fno-lto")
 	c = append(c, "-") //read input from standard input
 	return c
 }
 diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
 index 8c31d5b..94152f4 100644
 --- a/src/cmd/cgo/out.go
 +++ b/src/cmd/cgo/out.go
@@ -168,8 +168,18 @@
 			if *gccgo {
 				fmt.Fprintf(fc, "extern byte *%s;\n", n.C)
 			} else {
 -				fmt.Fprintf(fm, "extern char %s[];\n", n.C)
 -				fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
 +				// Force a reference to all symbols so that
 +				// the external linker will add DT_NEEDED
 +				// entries as needed on ELF systems.
 +				// Treat function variables differently
 +				// to avoid type confict errors from LTO
 +				// (Link Time Optimization).
 +				if n.Kind == "fpvar" {
 +					fmt.Fprintf(fm, "extern void %s();\n", n.C)
 +				} else {
 +					fmt.Fprintf(fm, "extern char %s[];\n", n.C)
 +					fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
 +				}
 				fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C)
 				fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C)
 				fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C)
@@ -1042,7 +1052,7 @@
 		fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName)
 		fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype)
 -		fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName)
 +		fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName)
 		if gccResult != "void" {
 			// Write results back to frame.
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
 index 50bf80b..bc49c6d 100644
 --- a/src/cmd/dist/test.go
 +++ b/src/cmd/dist/test.go
@@ -722,14 +722,29 @@
 				},
 			})
 			if t.hasCxx() {
 -				t.tests = append(t.tests, distTest{
 -					name:    "swig_callback",
 -					heading: "../misc/swig/callback",
 -					fn: func(dt *distTest) error {
 -						t.addCmd(dt, "misc/swig/callback", t.goTest())
 -						return nil
 +				t.tests = append(t.tests,
 +					distTest{
 +						name:    "swig_callback",
 +						heading: "../misc/swig/callback",
 +						fn: func(dt *distTest) error {
 +							t.addCmd(dt, "misc/swig/callback", t.goTest())
 +							return nil
 +						},
 					},
 -				})
 +					distTest{
 +						name:    "swig_callback_lto",
 +						heading: "../misc/swig/callback",
 +						fn: func(dt *distTest) error {
 +							cmd := t.addCmd(dt, "misc/swig/callback", t.goTest())
 +							cmd.Env = append(os.Environ(),
 +								"CGO_CFLAGS=-flto",
 +								"CGO_CXXFLAGS=-flto",
 +								"CGO_LDFLAGS=-flto",
 +							)
 +							return nil
 +						},
 +					},
 +				)
 			}
 		}
 	}
 diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
 new file mode 100644
 index 0000000..e2483ba
 --- /dev/null
 +++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
@@ -0,0 +1,33 @@
 +# tests golang.org/issue/43830
 +
 +[!cgo] skip 'skipping test without cgo'
 +[openbsd] env CC='clang'
 +[openbsd] [!exec:clang] skip 'skipping test without clang present'
 +[!openbsd] env CC='gcc'
 +[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
 +
 +env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
 +
 +go build main.go
 +
 +-- main.go --
 +
 +package main
 +
 +import "fmt"
 +
 +// #include "hello.h"
 +import "C"
 +
 +func main() {
 +	hello := C.hello
 +	fmt.Printf("%v\n", hello)
 +}
 +
 +-- hello.h --
 +
 +#include <stdio.h>
 +
 +void hello(void) {
 +  printf("hello\n");
 +}
 diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
 new file mode 100644
 index 0000000..06ab2f3
 --- /dev/null
 +++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
@@ -0,0 +1,39 @@
 +# tests golang.org/issue/43830
 +
 +[!cgo] skip 'skipping test without cgo'
 +[openbsd] env CC='clang'
 +[openbsd] [!exec:clang] skip 'skipping test without clang present'
 +[!openbsd] env CC='gcc'
 +[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
 +
 +env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
 +
 +go build main.go add.go
 +
 +-- main.go --
 +
 +package main
 +
 +/*
 +int c_add(int a, int b) {
 +	return myadd(a, b);
 +}
 +*/
 +import "C"
 +
 +func main() {
 +	println(C.c_add(1, 2))
 +}
 +
 +-- add.go --
 +
 +package main
 +
 +import "C"
 +
 +/* test */
 +
 +//export myadd
 +func myadd(a C.int, b C.int) C.int {
 +	return a + b
 +}
 diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go
 index 22f53a4..23915f9 100644
 --- a/src/cmd/link/internal/ld/ar.go
 +++ b/src/cmd/link/internal/ld/ar.go
@@ -124,6 +124,10 @@
 			libgcc := sym.Library{Pkg: "libgcc"}
 			h := ldobj(ctxt, f, &libgcc, l, pname, name)
 +			if h.ld == nil {
 +				Errorf(nil, "%s unrecognized object file at offset %d", name, off)
 +				continue
 +			}
 			f.MustSeek(h.off, 0)
 			h.ld(ctxt, f, h.pkg, h.length, h.pn)
 		}
 diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go
 index ae0d752..20f1d0b 100644
 --- a/src/cmd/link/internal/ld/config.go
 +++ b/src/cmd/link/internal/ld/config.go
@@ -241,6 +241,10 @@
 		return true, "dynamically linking with a shared library"
 	}
 +	if unknownObjFormat {
 +		return true, "some input objects have an unrecognized file format"
 +	}
 +
 	return false, ""
 }
@@ -248,7 +252,7 @@
 //
 // It is called after flags are processed and inputs are processed,
 // so the ctxt.LinkMode variable has an initial value from the -linkmode
 -// flag and the iscgo externalobj variables are set.
 +// flag and the iscgo, externalobj, and unknownObjFormat variables are set.
 func determineLinkMode(ctxt *Link) {
 	extNeeded, extReason := mustLinkExternal(ctxt)
 	via := ""
 diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
 index e8f001b..644faeb 100644
 --- a/src/cmd/link/internal/ld/lib.go
 +++ b/src/cmd/link/internal/ld/lib.go
@@ -343,10 +343,16 @@
 const pkgdef = "__.PKGDEF"
 var (
 -	// Set if we see an object compiled by the host compiler that is not
 -	// from a package that is known to support internal linking mode.
 +	// externalobj is set to true if we see an object compiled by
 +	// the host compiler that is not from a package that is known
 +	// to support internal linking mode.
 	externalobj = false
 -	theline     string
 +
 +	// unknownObjFormat is set to true if we see an object whose
 +	// format we don't recognize.
 +	unknownObjFormat = false
 +
 +	theline string
 )
 func Lflag(ctxt *Link, arg string) {
@@ -1065,6 +1071,10 @@
 		}
 		f.MustSeek(h.off, 0)
 +		if h.ld == nil {
 +			Errorf(nil, "%s: unrecognized object file format", h.pn)
 +			continue
 +		}
 		h.ld(ctxt, f, h.pkg, h.length, h.pn)
 		f.Close()
 	}
@@ -1855,6 +1865,14 @@
 		return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file)
 	}
 +	if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' {
 +		// An unrecognized object is just passed to the external linker.
 +		// If we try to read symbols from this object, we will
 +		// report an error at that time.
 +		unknownObjFormat = true
 +		return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file)
 +	}
 +
 	/* check the header */
 	line, err := f.ReadString('\n')
 	if err != nil {
--- a/SOURCES/golang-1.15-warnCN.patch
+++ b/SOURCES/golang-1.15-warnCN.patch
@ -1,25 +0,0 @@
 diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
 index 50f4d4a..121fd1b 100644
 --- a/src/crypto/x509/verify.go
 +++ b/src/crypto/x509/verify.go
@@ -20,6 +20,9 @@ import (
 // ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
 var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
 +// if using Common Name as a hostname is enabled via x509ignoreCN=0,
 +// warnCN enables a warning whenever Common Name is interpreted as a hostname.
 +var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
 type InvalidReason int
@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
 	names := c.DNSNames
 	if c.commonNameAsHostname() {
 		names = []string{c.Subject.CommonName}
 +		if warnCN {
 +			fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
 +				"Using CN without SAN is deprecated and will not work in future versions.\n")
 +		}
 	}
 	candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
--- a/SOURCES/ppc64le-vdso-segfault-fix.patch
+++ b/SOURCES/ppc64le-vdso-segfault-fix.patch
@ -1,229 +0,0 @@
 From 16ab7e49d4070c4f68e88836b123dbe6da8bb015 Mon Sep 17 00:00:00 2001
 From: Derek Parker <parkerderek86@gmail.com>
 Date: Thu, 17 Jun 2021 20:22:40 +0000
 Subject: [PATCH] [release-branch.go1.16] runtime: fix crash during VDSO calls on PowerPC
 This patch reinstates a fix for PowerPC with regard to making VDSO calls
 while receiving a signal, and subsequently crashing. The crash happens
 because certain VDSO calls can modify the r30 register, which is where g
 is stored. This change was reverted for PowerPC because r30 is supposed
 to be a non-volatile register. This is true, but that only makes a
 guarantee across function calls, but not "within" a function call. This
 patch was seemingly fine before because the Linux kernel still had hand
 rolled assembly VDSO function calls, however with a recent change to C
 function calls it seems the compiler used can generate instructions
 which temporarily clobber r30. This means that when we receive a signal
 during one of these calls the value of r30 will not be the g as the
 runtime expects, causing a segfault.
 You can see from this assembly dump how the register is clobbered during
 the call:
 (the following is from a 5.13rc2 kernel)
 ```
 Dump of assembler code for function __cvdso_clock_gettime_data:
   0x00007ffff7ff0700 <+0>:     cmplwi  r4,15
   0x00007ffff7ff0704 <+4>:     bgt     0x7ffff7ff07f0 <__cvdso_clock_gettime_data+240>
   0x00007ffff7ff0708 <+8>:     li      r9,1
   0x00007ffff7ff070c <+12>:    slw     r9,r9,r4
   0x00007ffff7ff0710 <+16>:    andi.   r10,r9,2179
   0x00007ffff7ff0714 <+20>:    beq     0x7ffff7ff0810 <__cvdso_clock_gettime_data+272>
   0x00007ffff7ff0718 <+24>:    rldicr  r10,r4,4,59
   0x00007ffff7ff071c <+28>:    lis     r9,32767
   0x00007ffff7ff0720 <+32>:    std     r30,-16(r1)
   0x00007ffff7ff0724 <+36>:    std     r31,-8(r1)
   0x00007ffff7ff0728 <+40>:    add     r6,r3,r10
   0x00007ffff7ff072c <+44>:    ori     r4,r9,65535
   0x00007ffff7ff0730 <+48>:    lwz     r8,0(r3)
   0x00007ffff7ff0734 <+52>:    andi.   r9,r8,1
   0x00007ffff7ff0738 <+56>:    bne     0x7ffff7ff07d0 <__cvdso_clock_gettime_data+208>
   0x00007ffff7ff073c <+60>:    lwsync
   0x00007ffff7ff0740 <+64>:    mftb    r30      <---- RIGHT HERE
 => 0x00007ffff7ff0744 <+68>:    ld      r12,40(r6)
 ```
 What I believe is happening is that the kernel changed the PowerPC VDSO
 calls to use standard C calls instead of using hand rolled assembly. The
 hand rolled assembly calls never touched r30, so this change was safe to
 roll back. That does not seem to be the case anymore as on the 5.13rc2
 kernel the compiler *is* generating assembly which modifies r30, making
 this change again unsafe and causing a crash when the program receives a
 signal during these calls (which will happen often due to async
 preempt). This change happened here:
 https://lwn.net/ml/linux-kernel/235e5571959cfa89ced081d7e838ed5ff38447d2.1601365870.git.christophe.leroy@csgroup.eu/.
 I realize this was reverted due to unexplained hangs in PowerPC
 builders, but I think we should reinstate this change and investigate
 those issues separately:
 https://github.com/golang/go/commit/f4ca3c1e0a2066ca4f7bd6203866d282ed34acf2
 Fixes #46858
 Change-Id: Ib18d7bbfc80a1a9cb558f0098878d41081324b52
 GitHub-Last-Rev: c3002bcfca3ef58b27485e31328e6297b7a9dfe7
 GitHub-Pull-Request: golang/go#46767
 Reviewed-on: https://go-review.googlesource.com/c/go/+/328110
 Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
 TryBot-Result: Go Bot <gobot@golang.org>
 Reviewed-by: Cherry Mui <cherryyz@google.com>
 Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
 (cherry picked from commit 16e82be454cbf41299e6a055d54d489ca4612ee0)
 Reviewed-on: https://go-review.googlesource.com/c/go/+/334410
 Run-TryBot: Cherry Mui <cherryyz@google.com>
 ---
 diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
 index 3f70707..89f936e 100644
 --- a/src/runtime/signal_unix.go
 +++ b/src/runtime/signal_unix.go
@@ -381,7 +381,7 @@
 //go:nosplit
 func sigFetchG(c *sigctxt) *g {
 	switch GOARCH {
 -	case "arm", "arm64":
 +	case "arm", "arm64", "ppc64", "ppc64le":
 		if !iscgo && inVDSOPage(c.sigpc()) {
 			// When using cgo, we save the g on TLS and load it from there
 			// in sigtramp. Just use that.
 diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
 index fd69ee7..7be8c4c 100644
 --- a/src/runtime/sys_linux_ppc64x.s
 +++ b/src/runtime/sys_linux_ppc64x.s
@@ -215,15 +215,45 @@
 	MOVD	(g_sched+gobuf_sp)(R7), R1	// Set SP to g0 stack
 noswitch:
 -	SUB	$16, R1			// Space for results
 -	RLDICR	$0, R1, $59, R1		// Align for C code
 +	SUB	$16, R1                 // Space for results
 +	RLDICR	$0, R1, $59, R1         // Align for C code
 	MOVD	R12, CTR
 	MOVD	R1, R4
 -	BL	(CTR)			// Call from VDSO
 -	MOVD	$0, R0			// Restore R0
 -	MOVD	0(R1), R3		// sec
 -	MOVD	8(R1), R5		// nsec
 -	MOVD	R15, R1			// Restore SP
 +
 +	// Store g on gsignal's stack, so if we receive a signal
 +	// during VDSO code we can find the g.
 +	// If we don't have a signal stack, we won't receive signal,
 +	// so don't bother saving g.
 +	// When using cgo, we already saved g on TLS, also don't save
 +	// g here.
 +	// Also don't save g if we are already on the signal stack.
 +	// We won't get a nested signal.
 +	MOVBZ	runtime·iscgo(SB), R22
 +	CMP	R22, $0
 +	BNE	nosaveg
 +	MOVD	m_gsignal(R21), R22	// g.m.gsignal
 +	CMP	R22, $0
 +	BEQ	nosaveg
 +
 +	CMP	g, R22
 +	BEQ	nosaveg
 +	MOVD	(g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
 +	MOVD	g, (R22)
 +
 +	BL	(CTR)	// Call from VDSO
 +
 +	MOVD	$0, (R22)	// clear g slot, R22 is unchanged by C code
 +
 +	JMP	finish
 +
 +nosaveg:
 +	BL	(CTR)	// Call from VDSO
 +
 +finish:
 +	MOVD	$0, R0		// Restore R0
 +	MOVD	0(R1), R3	// sec
 +	MOVD	8(R1), R5	// nsec
 +	MOVD	R15, R1		// Restore SP
 	// Restore vdsoPC, vdsoSP
 	// We don't worry about being signaled between the two stores.
@@ -235,7 +265,7 @@
 	MOVD	32(R1), R6
 	MOVD	R6, m_vdsoPC(R21)
 -finish:
 +return:
 	MOVD	R3, sec+0(FP)
 	MOVW	R5, nsec+8(FP)
 	RET
@@ -246,7 +276,7 @@
 	SYSCALL $SYS_clock_gettime
 	MOVD	32(R1), R3
 	MOVD	40(R1), R5
 -	JMP	finish
 +	JMP	return
 TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
 	MOVD	$1, R3		// CLOCK_MONOTONIC
@@ -282,7 +312,37 @@
 	RLDICR	$0, R1, $59, R1		// Align for C code
 	MOVD	R12, CTR
 	MOVD	R1, R4
 -	BL	(CTR)			// Call from VDSO
 +
 +	// Store g on gsignal's stack, so if we receive a signal
 +	// during VDSO code we can find the g.
 +	// If we don't have a signal stack, we won't receive signal,
 +	// so don't bother saving g.
 +	// When using cgo, we already saved g on TLS, also don't save
 +	// g here.
 +	// Also don't save g if we are already on the signal stack.
 +	// We won't get a nested signal.
 +	MOVBZ	runtime·iscgo(SB), R22
 +	CMP	R22, $0
 +	BNE	nosaveg
 +	MOVD	m_gsignal(R21), R22	// g.m.gsignal
 +	CMP	R22, $0
 +	BEQ	nosaveg
 +
 +	CMP	g, R22
 +	BEQ	nosaveg
 +	MOVD	(g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
 +	MOVD	g, (R22)
 +
 +	BL	(CTR)	// Call from VDSO
 +
 +	MOVD	$0, (R22)	// clear g slot, R22 is unchanged by C code
 +
 +	JMP	finish
 +
 +nosaveg:
 +	BL	(CTR)	// Call from VDSO
 +
 +finish:
 	MOVD	$0, R0			// Restore R0
 	MOVD	0(R1), R3		// sec
 	MOVD	8(R1), R5		// nsec
@@ -298,7 +358,7 @@
 	MOVD	32(R1), R6
 	MOVD	R6, m_vdsoPC(R21)
 -finish:
 +return:
 	// sec is in R3, nsec in R5
 	// return nsec in R3
 	MOVD	$1000000000, R4
@@ -313,7 +373,7 @@
 	SYSCALL $SYS_clock_gettime
 	MOVD	32(R1), R3
 	MOVD	40(R1), R5
 -	JMP	finish
 +	JMP	return
 TEXT runtime·rtsigprocmask(SB),NOSPLIT|NOFRAME,$0-28
 	MOVW	how+0(FP), R3
@@ -366,7 +426,7 @@
 	// this might be called in external code context,
 	// where g is not set.
 	MOVBZ	runtime·iscgo(SB), R6
 -	CMP 	R6, $0
 +	CMP	R6, $0
 	BEQ	2(PC)
 	BL	runtime·load_g(SB)
--- a/SOURCES/rhbz1952381.patch
+++ b/SOURCES/rhbz1952381.patch
@ -1,5 +1,5 @@
 diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
-index 2ca64bf..8111b6d 100644
+index 457decf..961795a 100644
 --- a/src/crypto/internal/boring/aes.go
 +++ b/src/crypto/internal/boring/aes.go
@@ -130,7 +130,11 @@ func (c *aesCipher) Decrypt(dst, src []byte) {
@ -15,7 +15,7 @@ index 2ca64bf..8111b6d 100644
 	outlen := C.int(0)
 	C._goboringcrypto_EVP_CipherUpdate(c.dec_ctx, (*C.uchar)(unsafe.Pointer(&dst[0])), &outlen, (*C.uchar)(unsafe.Pointer(&src[0])), C.int(aesBlockSize))
 	runtime.KeepAlive(c)
-@@ -165,6 +169,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
+@@ -157,6 +161,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
 	}
 	if len(src) > 0 {
 		outlen := C.int(0)
@ -108,7 +108,7 @@ index e7ae80c..45c856b 100644
 type fail string
 diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
-index 3585458..0762c95 100644
+index 745e8a4..284e845 100644
 --- a/src/crypto/internal/boring/goopenssl.h
 +++ b/src/crypto/internal/boring/goopenssl.h
@@ -14,6 +14,15 @@
@ -202,7 +202,7 @@ index 3585458..0762c95 100644
 #include <openssl/rand.h>
-@@ -716,6 +741,7 @@ static inline int
+@@ -735,6 +759,7 @@ static inline int
 _goboringcrypto_EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
 	return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0, (void *)md);
 }
@ -346,7 +346,7 @@ index ff5c439..6047d65 100644
 	return len(b), nil
 }
 diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
-index 2eefc27..668c12f 100644
+index 0223243..b72af0d 100644
 --- a/src/crypto/internal/boring/rsa.go
 +++ b/src/crypto/internal/boring/rsa.go
@@ -141,7 +141,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
@ -677,18 +677,10 @@ index 3dd1ec9..60c769c 100644
 	pub := &PublicKey{
 		E: 65537,
 diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
-index 497dd62..d83e7e0 100644
+index 6a5a93f..2032b4b 100644
 --- a/src/crypto/rsa/pss_test.go
 +++ b/src/crypto/rsa/pss_test.go
-@@ -10,6 +10,7 @@ import (
+@@ -132,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
 	"compress/bzip2"
 	"crypto"
 	"crypto/rand"
 +	"crypto/boring"
 	"crypto/sha1"
 	_ "crypto/sha256"
 	"encoding/hex"
@@ -131,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
 	opts := &PSSOptions{
 		SaltLength: PSSSaltLengthEqualsHash,
 	}
@ -696,7 +688,7 @@ index 497dd62..d83e7e0 100644
 	for marker := range values {
 		switch marker {
 		case newKeyMarker:
-@@ -173,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
+@@ -174,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
 	h.Write(hashed)
 	hashed = h.Sum(nil)
@ -718,7 +710,7 @@ index 497dd62..d83e7e0 100644
 		t.Error(err)
 	}
 }
-@@ -211,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
+@@ -212,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
 		{8, 8, true},
 	}
@ -934,7 +926,7 @@ index d9693a7..cfe020e 100644
 			label := []byte(fmt.Sprintf("hi#%d", j))
 			enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
 diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
-index 5485080..575b99f 100644
+index 94a24ff..577bc73 100644
 --- a/src/crypto/tls/boring_test.go
 +++ b/src/crypto/tls/boring_test.go
@@ -26,7 +26,7 @@ import (
@ -964,7 +956,7 @@ index 5485080..575b99f 100644
 	serverConfig.Certificates = make([]Certificate, 1)
 	serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
 	serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
-@@ -203,7 +203,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
+@@ -204,7 +204,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
 	for _, sigHash := range defaultSupportedSignatureAlgorithms {
 		t.Run(fmt.Sprintf("%#x", sigHash), func(t *testing.T) {
@ -973,7 +965,7 @@ index 5485080..575b99f 100644
 			serverConfig.Certificates = make([]Certificate, 1)
 			testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
-@@ -262,7 +262,7 @@ func TestBoringClientHello(t *testing.T) {
+@@ -263,7 +263,7 @@ func TestBoringClientHello(t *testing.T) {
 	defer c.Close()
 	defer s.Close()
@ -982,7 +974,7 @@ index 5485080..575b99f 100644
 	// All sorts of traps for the client to avoid.
 	clientConfig.MinVersion = VersionSSL30
 	clientConfig.MaxVersion = VersionTLS13
-@@ -336,12 +336,12 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -337,12 +337,12 @@ func TestBoringCertAlgs(t *testing.T) {
 	// client verifying server cert
 	testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@ -997,7 +989,7 @@ index 5485080..575b99f 100644
 		serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
 		serverConfig.BuildNameToCertificate()
-@@ -364,11 +364,11 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -365,11 +365,11 @@ func TestBoringCertAlgs(t *testing.T) {
 	// server verifying client cert
 	testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@ -1011,7 +1003,7 @@ index 5485080..575b99f 100644
 		serverConfig.ClientCAs = pool
 		serverConfig.ClientAuth = RequireAndVerifyClientCert
-@@ -393,8 +393,13 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -394,8 +394,13 @@ func TestBoringCertAlgs(t *testing.T) {
 	// exhaustive test with computed answers.
 	r1pool := x509.NewCertPool()
 	r1pool.AddCert(R1.cert)
@ -1027,7 +1019,7 @@ index 5485080..575b99f 100644
 	fipstls.Force()
 	testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
 	testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
-@@ -457,6 +462,10 @@ func TestBoringCertAlgs(t *testing.T) {
+@@ -458,6 +463,10 @@ func TestBoringCertAlgs(t *testing.T) {
 				addRoot(r&1, R1)
 				addRoot(r&2, R2)
 				rootName = rootName[1:] // strip leading comma
@ -1038,7 +1030,7 @@ index 5485080..575b99f 100644
 				testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify)
 				testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify)
 				fipstls.Force()
-@@ -576,6 +585,16 @@ var (
+@@ -577,6 +586,16 @@ var (
 	testRSA2048PrivateKey  *rsa.PrivateKey
 )
@ -1056,7 +1048,7 @@ index 5485080..575b99f 100644
 	block, _ := pem.Decode([]byte(`
 -----BEGIN CERTIFICATE-----
 diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
-index 51dda16..31723b6 100644
+index a4053ab..aff4ff2 100644
 --- a/src/crypto/x509/x509_test.go
 +++ b/src/crypto/x509/x509_test.go
@@ -151,6 +151,7 @@ func TestPKIXMismatchPublicKeyFormat(t *testing.T) {
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
@ -1,12 +0,0 @@
 diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
 index 51dda16815..2d1e1b1e6e 100644
 --- a/src/crypto/x509/x509_test.go
 +++ b/src/crypto/x509/x509_test.go
@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
 }
 func TestCreateCertificateBrokenSigner(t *testing.T) {
 +	t.Skip("TODO Fix me: rhbz#1939923")
 	template := &Certificate{
 		SerialNumber: big.NewInt(10),
 		DNSNames:     []string{"example.com"},
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -95,13 +95,13 @@
 %global gohostarch  s390x
 %endif
-%global go_api 1.16
+%global go_api 1.17
-%global go_version 1.16.6
+%global go_version 1.17.2
-%global pkg_release 3
+%global pkg_release 1
 Name:           golang
 Version:        %{go_version}
-Release:        4%{?dist}
+Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -144,19 +144,9 @@ Patch215:       go1.5-zoneinfo_testing_only.patch
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221:       fix_TestScript_list_std.patch
 # Add an env var to optionally trigger a warning in x509 when
 # Common Name is used as hostname
 # rhbz#1889437
 Patch223:       golang-1.15-warnCN.patch
 Patch1939923:   skip_test_rhbz1939923.patch
 # Port to openssl 3.0
 Patch1952381:   rhbz1952381.patch
 Patch1904567: cgo-lto-fix.patch
 Patch334410: ppc64le-vdso-segfault-fix.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -250,15 +240,8 @@ Requires:       %{name} = %{version}-%{release}
 %patch221 -p1
 %patch223 -p1
 %patch1952381 -p1
 %patch1939923 -p1
 %patch1904567 -p1
 %patch334410 -p1
 cp %{SOURCE1} ./src/runtime/
 %build
@ -328,7 +311,7 @@ rm -rf pkg/bootstrap/bin
 # install everything into libdir (until symlink problems are fixed)
 # https://code.google.com/p/go/issues/detail?id=5830
-cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \
+cp -apv api bin doc lib pkg src misc test VERSION \
   $RPM_BUILD_ROOT%{goroot}
 # bz1099206
@ -415,6 +398,7 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
 # prelink blacklist
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d
 cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf
 sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go
 %check
 export GOROOT=$(pwd -P)
@ -501,15 +485,16 @@ EOM
 export OPENSSL_CONF=$TEST_BORING_CNF
 # Run tests with FIPS enabled.
 export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
+  GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  GOLANG_FIPS=1 go test -v -run "Boring"
+  GOLANG_FIPS=1 go test -v -run "Boring" $DISABLE_Ed25519_TEST
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@ -572,6 +557,15 @@ cd ..
 %endif
 %changelog
 * Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
 - Rebase to Go 1.17.2
 - Related: rhbz#2014087
 - Remove favicon.ico and robots.txt references
 - Exclude TestEd25519Vectors test
 - Update patch rhbz1952381
 - Remove rhbz1904567 patch
 - Remove rhbz1939923 patch
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
`@ -1 +1 @@`
	`SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz`	`SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz`
`@ -1 +1 @@`
	`97a713b08ed6438c1b488c29fb4c1b2d654831c8 SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz`	`583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz`