import golang-1.17.2-1.el9

This commit is contained in:
CentOS Sources 2021-12-07 11:37:35 -05:00 committed by Stepan Oksanichenko
parent cb41cf6a2c
commit fcc4c2ec72
8 changed files with 39 additions and 608 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz

View File

@ -1 +1 @@
97a713b08ed6438c1b488c29fb4c1b2d654831c8 SOURCES/go-go-1.16.6-3-openssl-fips.tar.gz
583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz

View File

@ -1,289 +0,0 @@
From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001
From: Ian Lance Taylor <iant@golang.org>
Date: Tue, 25 May 2021 16:31:41 -0700
Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS
The linker now accepts unrecognized object files in external linking mode.
These objects will simply be passed to the external linker.
This permits using -flto which can generate pure byte code objects,
whose symbol table the linker does not know how to read.
The cgo tool now passes -fno-lto when generating objects whose symbols
it needs to read. The cgo tool now emits matching types in different
objects, so that the lto linker does not report a mismatch.
This is based on https://golang.org/cl/293290 by Derek Parker.
For #43505
Fixes #43830
Fixes #46295
Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/322614
Trust: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
---
diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go
index ae61725..a73e998 100644
--- a/src/cmd/cgo/gcc.go
+++ b/src/cmd/cgo/gcc.go
@@ -1638,6 +1638,8 @@
c = append(c, "-maix64")
c = append(c, "-mcmodel=large")
}
+ // disable LTO so we get an object whose symbols we can read
+ c = append(c, "-fno-lto")
c = append(c, "-") //read input from standard input
return c
}
diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
index 8c31d5b..94152f4 100644
--- a/src/cmd/cgo/out.go
+++ b/src/cmd/cgo/out.go
@@ -168,8 +168,18 @@
if *gccgo {
fmt.Fprintf(fc, "extern byte *%s;\n", n.C)
} else {
- fmt.Fprintf(fm, "extern char %s[];\n", n.C)
- fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
+ // Force a reference to all symbols so that
+ // the external linker will add DT_NEEDED
+ // entries as needed on ELF systems.
+ // Treat function variables differently
+ // to avoid type confict errors from LTO
+ // (Link Time Optimization).
+ if n.Kind == "fpvar" {
+ fmt.Fprintf(fm, "extern void %s();\n", n.C)
+ } else {
+ fmt.Fprintf(fm, "extern char %s[];\n", n.C)
+ fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C)
+ }
fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C)
fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C)
fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C)
@@ -1042,7 +1052,7 @@
fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName)
fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype)
- fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName)
+ fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName)
if gccResult != "void" {
// Write results back to frame.
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index 50bf80b..bc49c6d 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -722,14 +722,29 @@
},
})
if t.hasCxx() {
- t.tests = append(t.tests, distTest{
- name: "swig_callback",
- heading: "../misc/swig/callback",
- fn: func(dt *distTest) error {
- t.addCmd(dt, "misc/swig/callback", t.goTest())
- return nil
+ t.tests = append(t.tests,
+ distTest{
+ name: "swig_callback",
+ heading: "../misc/swig/callback",
+ fn: func(dt *distTest) error {
+ t.addCmd(dt, "misc/swig/callback", t.goTest())
+ return nil
+ },
},
- })
+ distTest{
+ name: "swig_callback_lto",
+ heading: "../misc/swig/callback",
+ fn: func(dt *distTest) error {
+ cmd := t.addCmd(dt, "misc/swig/callback", t.goTest())
+ cmd.Env = append(os.Environ(),
+ "CGO_CFLAGS=-flto",
+ "CGO_CXXFLAGS=-flto",
+ "CGO_LDFLAGS=-flto",
+ )
+ return nil
+ },
+ },
+ )
}
}
}
diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
new file mode 100644
index 0000000..e2483ba
--- /dev/null
+++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt
@@ -0,0 +1,33 @@
+# tests golang.org/issue/43830
+
+[!cgo] skip 'skipping test without cgo'
+[openbsd] env CC='clang'
+[openbsd] [!exec:clang] skip 'skipping test without clang present'
+[!openbsd] env CC='gcc'
+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
+
+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
+
+go build main.go
+
+-- main.go --
+
+package main
+
+import "fmt"
+
+// #include "hello.h"
+import "C"
+
+func main() {
+ hello := C.hello
+ fmt.Printf("%v\n", hello)
+}
+
+-- hello.h --
+
+#include <stdio.h>
+
+void hello(void) {
+ printf("hello\n");
+}
diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
new file mode 100644
index 0000000..06ab2f3
--- /dev/null
+++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt
@@ -0,0 +1,39 @@
+# tests golang.org/issue/43830
+
+[!cgo] skip 'skipping test without cgo'
+[openbsd] env CC='clang'
+[openbsd] [!exec:clang] skip 'skipping test without clang present'
+[!openbsd] env CC='gcc'
+[!openbsd] [!exec:gcc] skip 'skipping test without gcc present'
+
+env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects'
+
+go build main.go add.go
+
+-- main.go --
+
+package main
+
+/*
+int c_add(int a, int b) {
+ return myadd(a, b);
+}
+*/
+import "C"
+
+func main() {
+ println(C.c_add(1, 2))
+}
+
+-- add.go --
+
+package main
+
+import "C"
+
+/* test */
+
+//export myadd
+func myadd(a C.int, b C.int) C.int {
+ return a + b
+}
diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go
index 22f53a4..23915f9 100644
--- a/src/cmd/link/internal/ld/ar.go
+++ b/src/cmd/link/internal/ld/ar.go
@@ -124,6 +124,10 @@
libgcc := sym.Library{Pkg: "libgcc"}
h := ldobj(ctxt, f, &libgcc, l, pname, name)
+ if h.ld == nil {
+ Errorf(nil, "%s unrecognized object file at offset %d", name, off)
+ continue
+ }
f.MustSeek(h.off, 0)
h.ld(ctxt, f, h.pkg, h.length, h.pn)
}
diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go
index ae0d752..20f1d0b 100644
--- a/src/cmd/link/internal/ld/config.go
+++ b/src/cmd/link/internal/ld/config.go
@@ -241,6 +241,10 @@
return true, "dynamically linking with a shared library"
}
+ if unknownObjFormat {
+ return true, "some input objects have an unrecognized file format"
+ }
+
return false, ""
}
@@ -248,7 +252,7 @@
//
// It is called after flags are processed and inputs are processed,
// so the ctxt.LinkMode variable has an initial value from the -linkmode
-// flag and the iscgo externalobj variables are set.
+// flag and the iscgo, externalobj, and unknownObjFormat variables are set.
func determineLinkMode(ctxt *Link) {
extNeeded, extReason := mustLinkExternal(ctxt)
via := ""
diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index e8f001b..644faeb 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -343,10 +343,16 @@
const pkgdef = "__.PKGDEF"
var (
- // Set if we see an object compiled by the host compiler that is not
- // from a package that is known to support internal linking mode.
+ // externalobj is set to true if we see an object compiled by
+ // the host compiler that is not from a package that is known
+ // to support internal linking mode.
externalobj = false
- theline string
+
+ // unknownObjFormat is set to true if we see an object whose
+ // format we don't recognize.
+ unknownObjFormat = false
+
+ theline string
)
func Lflag(ctxt *Link, arg string) {
@@ -1065,6 +1071,10 @@
}
f.MustSeek(h.off, 0)
+ if h.ld == nil {
+ Errorf(nil, "%s: unrecognized object file format", h.pn)
+ continue
+ }
h.ld(ctxt, f, h.pkg, h.length, h.pn)
f.Close()
}
@@ -1855,6 +1865,14 @@
return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file)
}
+ if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' {
+ // An unrecognized object is just passed to the external linker.
+ // If we try to read symbols from this object, we will
+ // report an error at that time.
+ unknownObjFormat = true
+ return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file)
+ }
+
/* check the header */
line, err := f.ReadString('\n')
if err != nil {

View File

@ -1,25 +0,0 @@
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index 50f4d4a..121fd1b 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -20,6 +20,9 @@ import (
// ignoreCN disables interpreting Common Name as a hostname. See issue 24151.
var ignoreCN = !strings.Contains(os.Getenv("GODEBUG"), "x509ignoreCN=0")
+// if using Common Name as a hostname is enabled via x509ignoreCN=0,
+// warnCN enables a warning whenever Common Name is interpreted as a hostname.
+var warnCN = strings.Contains(os.Getenv("GODEBUG"), "x509warnCN=1")
type InvalidReason int
@@ -1078,6 +1081,10 @@ func (c *Certificate) VerifyHostname(h string) error {
names := c.DNSNames
if c.commonNameAsHostname() {
names = []string{c.Subject.CommonName}
+ if warnCN {
+ fmt.Fprintf(os.Stderr, "x509: Warning - certificate relies on legacy Common Name field. " +
+ "Using CN without SAN is deprecated and will not work in future versions.\n")
+ }
}
candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.

View File

@ -1,229 +0,0 @@
From 16ab7e49d4070c4f68e88836b123dbe6da8bb015 Mon Sep 17 00:00:00 2001
From: Derek Parker <parkerderek86@gmail.com>
Date: Thu, 17 Jun 2021 20:22:40 +0000
Subject: [PATCH] [release-branch.go1.16] runtime: fix crash during VDSO calls on PowerPC
This patch reinstates a fix for PowerPC with regard to making VDSO calls
while receiving a signal, and subsequently crashing. The crash happens
because certain VDSO calls can modify the r30 register, which is where g
is stored. This change was reverted for PowerPC because r30 is supposed
to be a non-volatile register. This is true, but that only makes a
guarantee across function calls, but not "within" a function call. This
patch was seemingly fine before because the Linux kernel still had hand
rolled assembly VDSO function calls, however with a recent change to C
function calls it seems the compiler used can generate instructions
which temporarily clobber r30. This means that when we receive a signal
during one of these calls the value of r30 will not be the g as the
runtime expects, causing a segfault.
You can see from this assembly dump how the register is clobbered during
the call:
(the following is from a 5.13rc2 kernel)
```
Dump of assembler code for function __cvdso_clock_gettime_data:
0x00007ffff7ff0700 <+0>: cmplwi r4,15
0x00007ffff7ff0704 <+4>: bgt 0x7ffff7ff07f0 <__cvdso_clock_gettime_data+240>
0x00007ffff7ff0708 <+8>: li r9,1
0x00007ffff7ff070c <+12>: slw r9,r9,r4
0x00007ffff7ff0710 <+16>: andi. r10,r9,2179
0x00007ffff7ff0714 <+20>: beq 0x7ffff7ff0810 <__cvdso_clock_gettime_data+272>
0x00007ffff7ff0718 <+24>: rldicr r10,r4,4,59
0x00007ffff7ff071c <+28>: lis r9,32767
0x00007ffff7ff0720 <+32>: std r30,-16(r1)
0x00007ffff7ff0724 <+36>: std r31,-8(r1)
0x00007ffff7ff0728 <+40>: add r6,r3,r10
0x00007ffff7ff072c <+44>: ori r4,r9,65535
0x00007ffff7ff0730 <+48>: lwz r8,0(r3)
0x00007ffff7ff0734 <+52>: andi. r9,r8,1
0x00007ffff7ff0738 <+56>: bne 0x7ffff7ff07d0 <__cvdso_clock_gettime_data+208>
0x00007ffff7ff073c <+60>: lwsync
0x00007ffff7ff0740 <+64>: mftb r30 <---- RIGHT HERE
=> 0x00007ffff7ff0744 <+68>: ld r12,40(r6)
```
What I believe is happening is that the kernel changed the PowerPC VDSO
calls to use standard C calls instead of using hand rolled assembly. The
hand rolled assembly calls never touched r30, so this change was safe to
roll back. That does not seem to be the case anymore as on the 5.13rc2
kernel the compiler *is* generating assembly which modifies r30, making
this change again unsafe and causing a crash when the program receives a
signal during these calls (which will happen often due to async
preempt). This change happened here:
https://lwn.net/ml/linux-kernel/235e5571959cfa89ced081d7e838ed5ff38447d2.1601365870.git.christophe.leroy@csgroup.eu/.
I realize this was reverted due to unexplained hangs in PowerPC
builders, but I think we should reinstate this change and investigate
those issues separately:
https://github.com/golang/go/commit/f4ca3c1e0a2066ca4f7bd6203866d282ed34acf2
Fixes #46858
Change-Id: Ib18d7bbfc80a1a9cb558f0098878d41081324b52
GitHub-Last-Rev: c3002bcfca3ef58b27485e31328e6297b7a9dfe7
GitHub-Pull-Request: golang/go#46767
Reviewed-on: https://go-review.googlesource.com/c/go/+/328110
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Trust: Lynn Boger <laboger@linux.vnet.ibm.com>
(cherry picked from commit 16e82be454cbf41299e6a055d54d489ca4612ee0)
Reviewed-on: https://go-review.googlesource.com/c/go/+/334410
Run-TryBot: Cherry Mui <cherryyz@google.com>
---
diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
index 3f70707..89f936e 100644
--- a/src/runtime/signal_unix.go
+++ b/src/runtime/signal_unix.go
@@ -381,7 +381,7 @@
//go:nosplit
func sigFetchG(c *sigctxt) *g {
switch GOARCH {
- case "arm", "arm64":
+ case "arm", "arm64", "ppc64", "ppc64le":
if !iscgo && inVDSOPage(c.sigpc()) {
// When using cgo, we save the g on TLS and load it from there
// in sigtramp. Just use that.
diff --git a/src/runtime/sys_linux_ppc64x.s b/src/runtime/sys_linux_ppc64x.s
index fd69ee7..7be8c4c 100644
--- a/src/runtime/sys_linux_ppc64x.s
+++ b/src/runtime/sys_linux_ppc64x.s
@@ -215,15 +215,45 @@
MOVD (g_sched+gobuf_sp)(R7), R1 // Set SP to g0 stack
noswitch:
- SUB $16, R1 // Space for results
- RLDICR $0, R1, $59, R1 // Align for C code
+ SUB $16, R1 // Space for results
+ RLDICR $0, R1, $59, R1 // Align for C code
MOVD R12, CTR
MOVD R1, R4
- BL (CTR) // Call from VDSO
- MOVD $0, R0 // Restore R0
- MOVD 0(R1), R3 // sec
- MOVD 8(R1), R5 // nsec
- MOVD R15, R1 // Restore SP
+
+ // Store g on gsignal's stack, so if we receive a signal
+ // during VDSO code we can find the g.
+ // If we don't have a signal stack, we won't receive signal,
+ // so don't bother saving g.
+ // When using cgo, we already saved g on TLS, also don't save
+ // g here.
+ // Also don't save g if we are already on the signal stack.
+ // We won't get a nested signal.
+ MOVBZ runtime·iscgo(SB), R22
+ CMP R22, $0
+ BNE nosaveg
+ MOVD m_gsignal(R21), R22 // g.m.gsignal
+ CMP R22, $0
+ BEQ nosaveg
+
+ CMP g, R22
+ BEQ nosaveg
+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
+ MOVD g, (R22)
+
+ BL (CTR) // Call from VDSO
+
+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code
+
+ JMP finish
+
+nosaveg:
+ BL (CTR) // Call from VDSO
+
+finish:
+ MOVD $0, R0 // Restore R0
+ MOVD 0(R1), R3 // sec
+ MOVD 8(R1), R5 // nsec
+ MOVD R15, R1 // Restore SP
// Restore vdsoPC, vdsoSP
// We don't worry about being signaled between the two stores.
@@ -235,7 +265,7 @@
MOVD 32(R1), R6
MOVD R6, m_vdsoPC(R21)
-finish:
+return:
MOVD R3, sec+0(FP)
MOVW R5, nsec+8(FP)
RET
@@ -246,7 +276,7 @@
SYSCALL $SYS_clock_gettime
MOVD 32(R1), R3
MOVD 40(R1), R5
- JMP finish
+ JMP return
TEXT runtime·nanotime1(SB),NOSPLIT,$16-8
MOVD $1, R3 // CLOCK_MONOTONIC
@@ -282,7 +312,37 @@
RLDICR $0, R1, $59, R1 // Align for C code
MOVD R12, CTR
MOVD R1, R4
- BL (CTR) // Call from VDSO
+
+ // Store g on gsignal's stack, so if we receive a signal
+ // during VDSO code we can find the g.
+ // If we don't have a signal stack, we won't receive signal,
+ // so don't bother saving g.
+ // When using cgo, we already saved g on TLS, also don't save
+ // g here.
+ // Also don't save g if we are already on the signal stack.
+ // We won't get a nested signal.
+ MOVBZ runtime·iscgo(SB), R22
+ CMP R22, $0
+ BNE nosaveg
+ MOVD m_gsignal(R21), R22 // g.m.gsignal
+ CMP R22, $0
+ BEQ nosaveg
+
+ CMP g, R22
+ BEQ nosaveg
+ MOVD (g_stack+stack_lo)(R22), R22 // g.m.gsignal.stack.lo
+ MOVD g, (R22)
+
+ BL (CTR) // Call from VDSO
+
+ MOVD $0, (R22) // clear g slot, R22 is unchanged by C code
+
+ JMP finish
+
+nosaveg:
+ BL (CTR) // Call from VDSO
+
+finish:
MOVD $0, R0 // Restore R0
MOVD 0(R1), R3 // sec
MOVD 8(R1), R5 // nsec
@@ -298,7 +358,7 @@
MOVD 32(R1), R6
MOVD R6, m_vdsoPC(R21)
-finish:
+return:
// sec is in R3, nsec in R5
// return nsec in R3
MOVD $1000000000, R4
@@ -313,7 +373,7 @@
SYSCALL $SYS_clock_gettime
MOVD 32(R1), R3
MOVD 40(R1), R5
- JMP finish
+ JMP return
TEXT runtime·rtsigprocmask(SB),NOSPLIT|NOFRAME,$0-28
MOVW how+0(FP), R3
@@ -366,7 +426,7 @@
// this might be called in external code context,
// where g is not set.
MOVBZ runtime·iscgo(SB), R6
- CMP R6, $0
+ CMP R6, $0
BEQ 2(PC)
BL runtime·load_g(SB)

View File

@ -1,5 +1,5 @@
diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go
index 2ca64bf..8111b6d 100644
index 457decf..961795a 100644
--- a/src/crypto/internal/boring/aes.go
+++ b/src/crypto/internal/boring/aes.go
@@ -130,7 +130,11 @@ func (c *aesCipher) Decrypt(dst, src []byte) {
@ -15,7 +15,7 @@ index 2ca64bf..8111b6d 100644
outlen := C.int(0)
C._goboringcrypto_EVP_CipherUpdate(c.dec_ctx, (*C.uchar)(unsafe.Pointer(&dst[0])), &outlen, (*C.uchar)(unsafe.Pointer(&src[0])), C.int(aesBlockSize))
runtime.KeepAlive(c)
@@ -165,6 +169,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
@@ -157,6 +161,11 @@ func (x *aesCBC) CryptBlocks(dst, src []byte) {
}
if len(src) > 0 {
outlen := C.int(0)
@ -108,7 +108,7 @@ index e7ae80c..45c856b 100644
type fail string
diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h
index 3585458..0762c95 100644
index 745e8a4..284e845 100644
--- a/src/crypto/internal/boring/goopenssl.h
+++ b/src/crypto/internal/boring/goopenssl.h
@@ -14,6 +14,15 @@
@ -202,7 +202,7 @@ index 3585458..0762c95 100644
#include <openssl/rand.h>
@@ -716,6 +741,7 @@ static inline int
@@ -735,6 +759,7 @@ static inline int
_goboringcrypto_EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
return _goboringcrypto_EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0, (void *)md);
}
@ -346,7 +346,7 @@ index ff5c439..6047d65 100644
return len(b), nil
}
diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go
index 2eefc27..668c12f 100644
index 0223243..b72af0d 100644
--- a/src/crypto/internal/boring/rsa.go
+++ b/src/crypto/internal/boring/rsa.go
@@ -141,7 +141,7 @@ func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
@ -677,18 +677,10 @@ index 3dd1ec9..60c769c 100644
pub := &PublicKey{
E: 65537,
diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
index 497dd62..d83e7e0 100644
index 6a5a93f..2032b4b 100644
--- a/src/crypto/rsa/pss_test.go
+++ b/src/crypto/rsa/pss_test.go
@@ -10,6 +10,7 @@ import (
"compress/bzip2"
"crypto"
"crypto/rand"
+ "crypto/boring"
"crypto/sha1"
_ "crypto/sha256"
"encoding/hex"
@@ -131,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
@@ -132,7 +132,6 @@ func TestPSSGolden(t *testing.T) {
opts := &PSSOptions{
SaltLength: PSSSaltLengthEqualsHash,
}
@ -696,7 +688,7 @@ index 497dd62..d83e7e0 100644
for marker := range values {
switch marker {
case newKeyMarker:
@@ -173,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
@@ -174,18 +173,13 @@ func TestPSSOpenSSL(t *testing.T) {
h.Write(hashed)
hashed = h.Sum(nil)
@ -718,7 +710,7 @@ index 497dd62..d83e7e0 100644
t.Error(err)
}
}
@@ -211,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
@@ -212,24 +206,47 @@ func TestPSSSigning(t *testing.T) {
{8, 8, true},
}
@ -934,7 +926,7 @@ index d9693a7..cfe020e 100644
label := []byte(fmt.Sprintf("hi#%d", j))
enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, message.in, label)
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
index 5485080..575b99f 100644
index 94a24ff..577bc73 100644
--- a/src/crypto/tls/boring_test.go
+++ b/src/crypto/tls/boring_test.go
@@ -26,7 +26,7 @@ import (
@ -964,7 +956,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = make([]Certificate, 1)
serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
@@ -203,7 +203,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
@@ -204,7 +204,7 @@ func TestBoringServerSignatureAndHash(t *testing.T) {
for _, sigHash := range defaultSupportedSignatureAlgorithms {
t.Run(fmt.Sprintf("%#x", sigHash), func(t *testing.T) {
@ -973,7 +965,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = make([]Certificate, 1)
testingOnlyForceClientHelloSignatureAlgorithms = []SignatureScheme{sigHash}
@@ -262,7 +262,7 @@ func TestBoringClientHello(t *testing.T) {
@@ -263,7 +263,7 @@ func TestBoringClientHello(t *testing.T) {
defer c.Close()
defer s.Close()
@ -982,7 +974,7 @@ index 5485080..575b99f 100644
// All sorts of traps for the client to avoid.
clientConfig.MinVersion = VersionSSL30
clientConfig.MaxVersion = VersionTLS13
@@ -336,12 +336,12 @@ func TestBoringCertAlgs(t *testing.T) {
@@ -337,12 +337,12 @@ func TestBoringCertAlgs(t *testing.T) {
// client verifying server cert
testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@ -997,7 +989,7 @@ index 5485080..575b99f 100644
serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}}
serverConfig.BuildNameToCertificate()
@@ -364,11 +364,11 @@ func TestBoringCertAlgs(t *testing.T) {
@@ -365,11 +365,11 @@ func TestBoringCertAlgs(t *testing.T) {
// server verifying client cert
testClientCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {
@ -1011,7 +1003,7 @@ index 5485080..575b99f 100644
serverConfig.ClientCAs = pool
serverConfig.ClientAuth = RequireAndVerifyClientCert
@@ -393,8 +393,13 @@ func TestBoringCertAlgs(t *testing.T) {
@@ -394,8 +394,13 @@ func TestBoringCertAlgs(t *testing.T) {
// exhaustive test with computed answers.
r1pool := x509.NewCertPool()
r1pool.AddCert(R1.cert)
@ -1027,7 +1019,7 @@ index 5485080..575b99f 100644
fipstls.Force()
testServerCert(t, "basic (fips)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
testClientCert(t, "basic (fips, client cert)", r1pool, L2_I.key, [][]byte{L2_I.der, I_R1.der}, false)
@@ -457,6 +462,10 @@ func TestBoringCertAlgs(t *testing.T) {
@@ -458,6 +463,10 @@ func TestBoringCertAlgs(t *testing.T) {
addRoot(r&1, R1)
addRoot(r&2, R2)
rootName = rootName[1:] // strip leading comma
@ -1038,7 +1030,7 @@ index 5485080..575b99f 100644
testServerCert(t, listName+"->"+rootName[1:], pool, leaf.key, list, shouldVerify)
testClientCert(t, listName+"->"+rootName[1:]+"(client cert)", pool, leaf.key, list, shouldVerify)
fipstls.Force()
@@ -576,6 +585,16 @@ var (
@@ -577,6 +586,16 @@ var (
testRSA2048PrivateKey *rsa.PrivateKey
)
@ -1056,7 +1048,7 @@ index 5485080..575b99f 100644
block, _ := pem.Decode([]byte(`
-----BEGIN CERTIFICATE-----
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 51dda16..31723b6 100644
index a4053ab..aff4ff2 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -151,6 +151,7 @@ func TestPKIXMismatchPublicKeyFormat(t *testing.T) {

View File

@ -1,12 +0,0 @@
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 51dda16815..2d1e1b1e6e 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte
}
func TestCreateCertificateBrokenSigner(t *testing.T) {
+ t.Skip("TODO Fix me: rhbz#1939923")
template := &Certificate{
SerialNumber: big.NewInt(10),
DNSNames: []string{"example.com"},

View File

@ -95,13 +95,13 @@
%global gohostarch s390x
%endif
%global go_api 1.16
%global go_version 1.16.6
%global pkg_release 3
%global go_api 1.17
%global go_version 1.17.2
%global pkg_release 1
Name: golang
Version: %{go_version}
Release: 4%{?dist}
Release: 1%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
@ -144,19 +144,9 @@ Patch215: go1.5-zoneinfo_testing_only.patch
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
# Add an env var to optionally trigger a warning in x509 when
# Common Name is used as hostname
# rhbz#1889437
Patch223: golang-1.15-warnCN.patch
Patch1939923: skip_test_rhbz1939923.patch
# Port to openssl 3.0
Patch1952381: rhbz1952381.patch
Patch1904567: cgo-lto-fix.patch
Patch334410: ppc64le-vdso-segfault-fix.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -250,15 +240,8 @@ Requires: %{name} = %{version}-%{release}
%patch221 -p1
%patch223 -p1
%patch1952381 -p1
%patch1939923 -p1
%patch1904567 -p1
%patch334410 -p1
cp %{SOURCE1} ./src/runtime/
%build
@ -328,7 +311,7 @@ rm -rf pkg/bootstrap/bin
# install everything into libdir (until symlink problems are fixed)
# https://code.google.com/p/go/issues/detail?id=5830
cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \
cp -apv api bin doc lib pkg src misc test VERSION \
$RPM_BUILD_ROOT%{goroot}
# bz1099206
@ -415,6 +398,7 @@ cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
# prelink blacklist
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d
cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf
sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go
%check
export GOROOT=$(pwd -P)
@ -501,15 +485,16 @@ EOM
export OPENSSL_CONF=$TEST_BORING_CNF
# Run tests with FIPS enabled.
export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
# Check that signature functions have parity between boring and notboring
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
popd
# Run all FIPS specific TLS tests
pushd crypto/tls
GOLANG_FIPS=1 go test -v -run "Boring"
GOLANG_FIPS=1 go test -v -run "Boring" $DISABLE_Ed25519_TEST
popd
%else
./run.bash --no-rebuild -v -v -v -k || :
@ -572,6 +557,15 @@ cd ..
%endif
%changelog
* Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
- Rebase to Go 1.17.2
- Related: rhbz#2014087
- Remove favicon.ico and robots.txt references
- Exclude TestEd25519Vectors test
- Update patch rhbz1952381
- Remove rhbz1904567 patch
- Remove rhbz1939923 patch
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688