.gitignore

@@ -1,2 +1,2 @@
-SOURCES/go1.21.7-1-openssl-fips.tar.gz
+SOURCES/go1.24.6-1-openssl-fips.tar.gz
-SOURCES/go1.21.7.tar.gz
+SOURCES/go1.24.6.tar.gz

.golang.metadata

@@ -1,2 +1,2 @@
-95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz
+5a76a00182a4e6ee8bb5a75ea99e545a10e09c39 SOURCES/go1.24.6-1-openssl-fips.tar.gz
-1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz
+e156513b78ffa159c033bec54675cc3dd2fe9101 SOURCES/go1.24.6.tar.gz

SOURCES/disable_static_tests_part1.patch

@@ -1,20 +1,35 @@
 diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
-index 5f258a2..5dbbc42 100644
+index 95c2cdc..88df624 100644
 --- a/src/crypto/internal/backend/nobackend.go
 +++ b/src/crypto/internal/backend/nobackend.go
 @@ -2,8 +2,8 @@
  // Use of this source code is governed by a BSD-style
  // license that can be found in the LICENSE file.
  
--//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || purego
--// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl purego
-+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
++//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || purego || static
-+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl purego static
  
  package backend
  
+diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
+index 297c3cb..1a4fa10 100644
+--- a/src/crypto/internal/backend/openssl.go
++++ b/src/crypto/internal/backend/openssl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !purego
+-// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!purego
++//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !purego && !static
++// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!purego,!static
+ 
+ // Package openssl provides access to OpenSSLCrypto implementation functions.
+ // Check the variable Enabled to find out whether OpenSSLCrypto is available.
 diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
-index d6d99b1..f2fe332 100644
+index 2b11049..dec1cb2 100644
 --- a/src/crypto/internal/boring/goboringcrypto.h
 +++ b/src/crypto/internal/boring/goboringcrypto.h
 @@ -1,4 +1,5 @@
@@ -36,253 +51,13 @@ index b338754..db5ea1e 100644
  
  // This package only exists with GOEXPERIMENT=boringcrypto.
  // It provides the actual syso file.
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
-index 079fc3c..e826d0b 100644
+index e488bf2..e776aa4 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+--- a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
++++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
-index 0b61e79..94d0c98 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
-index afec529..d822152 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
-index 6d6a562..17cc314 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
 @@ -1,4 +1,5 @@
- // Copyright 2017 The Go Authors. All rights reserved.
+ // This header file describes the OpenSSL ABI as built for use in Go.
 +// +build !static
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- // +build linux
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
-index ae40b93..17bc075 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
  
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+ #include <stdlib.h> // size_t
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
-index 6f00177..f466b18 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
-index 7c0b5d6..262af07 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
--// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
-+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
-+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
-index d49194d..ff15054 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
-index 2349db1..57fbb04 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
-@@ -1,4 +1,5 @@
- // +build linux
-+// +build !static
- // +build !android
- // +build !no_openssl
- // +build !cmd_go_bootstrap
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-index 4379019..5034c46 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-@@ -1,4 +1,5 @@
- // +build linux
-+// +build !static
- // +build !android
- // +build !no_openssl
- // +build !cmd_go_bootstrap
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
-index 49d40a7..3b3dbf8 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
-@@ -1,4 +1,5 @@
- // +build linux
-+// +build !static
- // +build !android
- // +build !no_openssl
- // +build !cmd_go_bootstrap
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
-index 7eb645e..1c3225a 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
-@@ -1,4 +1,5 @@
- // This file contains a port of the BoringSSL AEAD interface.
-+// +build !static
- // +build linux
- // +build !android
- // +build !no_openssl
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
-index df4ebe3..876393b 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
-@@ -1,4 +1,5 @@
- // +build linux
-+// +build !static
- // +build !android
- // +build !no_openssl
- // +build !cmd_go_bootstrap
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
-index 2eedd5b..04510d3 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
-@@ -1,4 +1,5 @@
- // This file contains a backport of the EVP_md5_sha1 method.
-+// +build !static
- // +build linux
- // +build !android
- // +build !no_openssl
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
-index 362d9e5..bebafef 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
-@@ -1,4 +1,5 @@
- // This file contains HMAC portability wrappers.
-+// +build !static
- // +build linux
- // +build !android
- // +build !no_openssl
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
-index 2824147..8bc1d85 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
-@@ -1,4 +1,5 @@
- // This file contains RSA portability wrappers.
-+// +build !static
- // +build linux
- // +build !android
- // +build !no_openssl
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
-index 22bd865..b7aa26b 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
-@@ -1,4 +1,5 @@
- // +build linux
-+// +build !static
- // +build !android
- // +build !no_openssl
- // +build !cmd_go_bootstrap
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
-index b3668b8..dcdae70 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
-index 915c840..8623d9d 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
- 
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
-index 0b55ced..57309c0 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
-@@ -2,8 +2,8 @@
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- 
--//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
--// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
-+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
-+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
- 
- package openssl
  

SOURCES/fedora.go

@@ -1,5 +1,9 @@
+//go:build rpm_crashtraceback
 // +build rpm_crashtraceback
 
+// Copyright 2017 The Fedora Project Contributors. All rights reserved.
+// Use of this source code is governed by the MIT license.
+
 package runtime
 
 func init() {

SOURCES/skip-test-overlong-message.patch

@@ -1,15 +0,0 @@
-diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
-index 0853178e3a..16eb37734b 100644
---- a/src/crypto/rsa/pkcs1v15_test.go
-+++ b/src/crypto/rsa/pkcs1v15_test.go
-@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
- }
- 
- func TestOverlongMessagePKCS1v15(t *testing.T) {
-+	// OpenSSL now returns a random string instead of an error
-+	if boring.Enabled() {
-+		t.Skip("Not relevant in boring mode")
-+	}
- 	ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
- 	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
- 	if err == nil {

SOURCES/skip_TestCrashDumpsAllThreads.patch

@@ -0,0 +1,27 @@
+From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Wed, 27 Mar 2024 17:15:48 +0100
+Subject: [PATCH] Skip TestCrashDumpsAllThreads
+
+---
+ src/runtime/crash_unix_test.go | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
+index 123a462423..a0034d6455 100644
+--- a/src/runtime/crash_unix_test.go
++++ b/src/runtime/crash_unix_test.go
+@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
+ 		t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
+ 	}
+ 
++	if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
++		t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
++	}
++
+ 	testenv.MustHaveGoBuild(t)
+ 
+ 	if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
+-- 
+2.44.0
+

SPECS/golang.spec

@@ -91,8 +91,8 @@
 %global gohostarch  s390x
 %endif
 
-%global go_api 1.21
+%global go_api 1.24
-%global version 1.21.7
+%global version 1.24.6
 %global pkg_release 1
 
 Name:           golang
@@ -144,8 +144,8 @@ Patch1939923:   skip_test_rhbz1939923.patch
 
 Patch2:		disable_static_tests_part1.patch
 Patch3:		disable_static_tests_part2.patch
-Patch4:		skip-test-overlong-message.patch
 Patch5:		modify_go.env.patch
+Patch7:		skip_TestCrashDumpsAllThreads.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -242,9 +242,12 @@ Requires:       %{name} = %{version}-%{release}
 pushd ..
 tar -xf %{SOURCE1}
 popd
-patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
+patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
-patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
+# Add --no-backup-if-mismatch option to avoid creating .orig temp files
-patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
+for p in "$patch_dir"/*.patch; do
+	echo "Applying $p"
+	patch -p1 --no-backup-if-mismatch < $p
+done
 
 # Configure crypto tests
 pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@@ -255,6 +258,8 @@ popd
 %autopatch -p1
 
 sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
+# Delete the boring binary blob.  We use the system OpenSSL instead.
+rm -rf src/crypto/internal/boring/syso
 
 cp %{SOURCE2} ./src/runtime/
 
@@ -449,11 +454,12 @@ export GO_TEST_RUN=""
 
 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
+export OPENSSL_FORCE_FIPS_MODE=1
 pushd crypto
   # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test $(go list ./... | grep -v tls) -v
+  go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
   # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@@ -517,6 +523,79 @@ cd ..
 %endif
 
 %changelog
+* Wed Aug 13 2025 David Benoit <dbenoit@redhat.com> - 1.24.6-1
+- Update to Go 1.24.6 (fips-1)
+- Resolves: RHEL-106455
+
+* Tue Jul 01 2025 David Benoit <dbenoit@redhat.com> - 1.24.4-1
+- Update to Go 1.24.4 (fips-1)
+- Resolves: RHEL-85264
+
+* Mon Jun 02 2025 Alejandro Sáez <asm@redhat.com> - 1.23.9-1
+- Update to Go 1.23.9
+- Resolves: RHEL-94636
+
+* Thu Mar 13 2025 David Benoit <dbenoit@redhat.com> - 1.23.6-1
+- Update to Go 1.23.6
+- Resolves: RHEL-83824
+
+* Tue Jan 21 2025 Archana <aravinda@redhat.com> - 1.22.11-1
+- Rebase to Go1.22.11 to pick up fixes for CVE 2024-45341 and 2024-45336
+- Fix test failures with expired certificates
+- Resolves: RHEL-73752
+
+* Fri Dec 13 2024 Alejandro Sáez <asm@redhat.com> - 1.22.9-2
+- Remove bundled boringcrypto blob
+- Resolves: RHEL-54338
+
+* Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
+- Update to Go 1.22.9
+- Resolves: RHEL-67668
+
+* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
+- Update to Go 1.22.7
+- Resolves: RHEL-58223
+- Resolves: RHEL-57961
+- Resolves: RHEL-57847
+- Resolves: RHEL-57860
+
+* Fri Sep 06 2024 Archana <aravinda@redhat.com> - 1.22.5-3
+- Update fix that loads Openssl in FIPS mode if fips==1
+- Related: RHEL-52485
+
+* Mon Sep 02 2024 Archana <aravinda@redhat.com> - 1.22.5-2
+- Include fix that loads Openssl only in FIPS mode to avoid panic
+- Resolves: RHEL-52485
+
+* Fri Jul 12 2024 Archana <aravinda@redhat.com> - 1.22.5-1
+- Rebase to Go1.22.5 to fix CVE-2024-24791
+- Resolves: RHEL-46972
+
+* Fri Jun 07 2024 Archana <aravinda@redhat.com> - 1.22.4-1
+- Addresses CVEs-2024-24789 and CVE-2024-24790
+- Resolves: RHEL-40157
+
+* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
+- Update openssl backend
+- Resolves: RHEL-36102
+
+* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
+- Restore HashSign / HashVerify API
+- Resolves: RHEL-35884
+
+* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.22.3-1
+- Update to Go 1.22.3
+- Resolves: RHEL-35884
+- Resolves: RHEL-35075
+- Resolves: RHEL-35632
+- Resolves: RHEL-35901
+
+* Thu May 02 2024 Alejandro Sáez <asm@redhat.com> - 1.22.2-1
+- Rebase to 1.22.2
+- Re-enable CGO
+- Skip TestCrashDumpsAllThreads
+- Resolves: RHEL-33157
+
 * Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to Go 1.21.7
 - Add release information