Compare commits

...

No commits in common. "c8-beta-stream-rhel8" and "c8-stream-rhel8" have entirely different histories.

6 changed files with 133 additions and 278 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/go1.21.7-1-openssl-fips.tar.gz SOURCES/go1.22.9-1-openssl-fips.tar.gz
SOURCES/go1.21.7.tar.gz SOURCES/go1.22.9.tar.gz

View File

@ -1,2 +1,2 @@
95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz af6e318112b0e4fa6f42978d5c80e2c4fc5ca02c SOURCES/go1.22.9-1-openssl-fips.tar.gz
1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz 3860690f8aee2de5da3cd46af6e84f4f94bfc5f0 SOURCES/go1.22.9.tar.gz

View File

@ -1,5 +1,18 @@
From 24aac090069f79307aeceb8362f60a3cc5e60f7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Fri, 3 May 2024 17:25:19 +0200
Subject: [PATCH] disable_static_tests_part1
---
src/crypto/internal/backend/nobackend.go | 4 ++--
src/crypto/internal/backend/openssl.go | 4 ++--
src/crypto/internal/boring/goboringcrypto.h | 1 +
src/crypto/internal/boring/syso/syso.go | 2 +-
src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h | 1 +
5 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
index 5f258a2..5dbbc42 100644 index 5b0e356dff..a2e17f7fa5 100644
--- a/src/crypto/internal/backend/nobackend.go --- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go +++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@
@ -8,13 +21,28 @@ index 5f258a2..5dbbc42 100644
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl -//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl -// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static +//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static +// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static static
package backend package backend
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
index 3d3a9a36ee..7e32d3b0fa 100644
--- a/src/crypto/internal/backend/openssl.go
+++ b/src/crypto/internal/backend/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
// Package openssl provides access to OpenSSLCrypto implementation functions.
// Check the variable Enabled to find out whether OpenSSLCrypto is available.
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index d6d99b1..f2fe332 100644 index 2b11049728..dec1cb2851 100644
--- a/src/crypto/internal/boring/goboringcrypto.h --- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h +++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@ @@ -1,4 +1,5 @@
@ -24,7 +52,7 @@ index d6d99b1..f2fe332 100644
// license that can be found in the LICENSE file. // license that can be found in the LICENSE file.
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
index b338754..db5ea1e 100644 index b3387545e6..db5ea1e3d9 100644
--- a/src/crypto/internal/boring/syso/syso.go --- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go +++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
@ -36,253 +64,16 @@ index b338754..db5ea1e 100644
// This package only exists with GOEXPERIMENT=boringcrypto. // This package only exists with GOEXPERIMENT=boringcrypto.
// It provides the actual syso file. // It provides the actual syso file.
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
index 079fc3c..e826d0b 100644 index e488bf2014..e776aa46a3 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go --- a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
index 0b61e79..94d0c98 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
index afec529..d822152 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
index 6d6a562..17cc314 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
@@ -1,4 +1,5 @@ @@ -1,4 +1,5 @@
// Copyright 2017 The Go Authors. All rights reserved. // This header file describes the OpenSSL ABI as built for use in Go.
+// +build !static +// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build linux
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
index ae40b93..17bc075 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl #include <stdlib.h> // size_t
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl --
2.44.0
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
index 6f00177..f466b18 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
index 7c0b5d6..262af07 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
index d49194d..ff15054 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
index 2349db1..57fbb04 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 4379019..5034c46 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
index 49d40a7..3b3dbf8 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
index 7eb645e..1c3225a 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
@@ -1,4 +1,5 @@
// This file contains a port of the BoringSSL AEAD interface.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
index df4ebe3..876393b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
index 2eedd5b..04510d3 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
@@ -1,4 +1,5 @@
// This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
index 362d9e5..bebafef 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
@@ -1,4 +1,5 @@
// This file contains HMAC portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
index 2824147..8bc1d85 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
@@ -1,4 +1,5 @@
// This file contains RSA portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
index 22bd865..b7aa26b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
index b3668b8..dcdae70 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
index 915c840..8623d9d 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
index 0b55ced..57309c0 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl

View File

@ -1,15 +0,0 @@
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
index 0853178e3a..16eb37734b 100644
--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
}
func TestOverlongMessagePKCS1v15(t *testing.T) {
+ // OpenSSL now returns a random string instead of an error
+ if boring.Enabled() {
+ t.Skip("Not relevant in boring mode")
+ }
ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
if err == nil {

View File

@ -0,0 +1,27 @@
From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Wed, 27 Mar 2024 17:15:48 +0100
Subject: [PATCH] Skip TestCrashDumpsAllThreads
---
src/runtime/crash_unix_test.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
index 123a462423..a0034d6455 100644
--- a/src/runtime/crash_unix_test.go
+++ b/src/runtime/crash_unix_test.go
@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
}
+ if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
+ t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
+ }
+
testenv.MustHaveGoBuild(t)
if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
--
2.44.0

View File

@ -91,8 +91,8 @@
%global gohostarch s390x %global gohostarch s390x
%endif %endif
%global go_api 1.21 %global go_api 1.22
%global version 1.21.7 %global version 1.22.9
%global pkg_release 1 %global pkg_release 1
Name: golang Name: golang
@ -144,8 +144,8 @@ Patch1939923: skip_test_rhbz1939923.patch
Patch2: disable_static_tests_part1.patch Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch Patch3: disable_static_tests_part2.patch
Patch4: skip-test-overlong-message.patch
Patch5: modify_go.env.patch Patch5: modify_go.env.patch
Patch7: skip_TestCrashDumpsAllThreads.patch
# Having documentation separate was broken # Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4 Obsoletes: %{name}-docs < 1.1-4
@ -242,9 +242,12 @@ Requires: %{name} = %{version}-%{release}
pushd .. pushd ..
tar -xf %{SOURCE1} tar -xf %{SOURCE1}
popd popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch # Add --no-backup-if-mismatch option to avoid creating .orig temp files
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch for p in "$patch_dir"/*.patch; do
echo "Applying $p"
patch -p1 --no-backup-if-mismatch < $p
done
# Configure crypto tests # Configure crypto tests
pushd ../go-go%{version}-%{pkg_release}-openssl-fips pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -449,11 +452,12 @@ export GO_TEST_RUN=""
# Run tests with FIPS enabled. # Run tests with FIPS enabled.
export GOLANG_FIPS=1 export GOLANG_FIPS=1
export OPENSSL_FORCE_FIPS_MODE=1
pushd crypto pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
go test $(go list ./... | grep -v tls) -v go test -timeout 50m $(go list ./... | grep -v tls) -v
# Check that signature functions have parity between boring and notboring # Check that signature functions have parity between boring and notboring
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v
popd popd
# Run all FIPS specific TLS tests # Run all FIPS specific TLS tests
pushd crypto/tls pushd crypto/tls
@ -517,6 +521,54 @@ cd ..
%endif %endif
%changelog %changelog
* Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
- Update to Go 1.22.9
- Resolves: RHEL-67668
* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
- Update to Go 1.22.7
- Resolves: RHEL-58223
- Resolves: RHEL-57961
- Resolves: RHEL-57847
- Resolves: RHEL-57860
* Fri Sep 06 2024 Archana <aravinda@redhat.com> - 1.22.5-3
- Update fix that loads Openssl in FIPS mode if fips==1
- Related: RHEL-52485
* Mon Sep 02 2024 Archana <aravinda@redhat.com> - 1.22.5-2
- Include fix that loads Openssl only in FIPS mode to avoid panic
- Resolves: RHEL-52485
* Fri Jul 12 2024 Archana <aravinda@redhat.com> - 1.22.5-1
- Rebase to Go1.22.5 to fix CVE-2024-24791
- Resolves: RHEL-46972
* Fri Jun 07 2024 Archana <aravinda@redhat.com> - 1.22.4-1
- Addresses CVEs-2024-24789 and CVE-2024-24790
- Resolves: RHEL-40157
* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
- Update openssl backend
- Resolves: RHEL-36102
* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
- Restore HashSign / HashVerify API
- Resolves: RHEL-35884
* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.22.3-1
- Update to Go 1.22.3
- Resolves: RHEL-35884
- Resolves: RHEL-35075
- Resolves: RHEL-35632
- Resolves: RHEL-35901
* Thu May 02 2024 Alejandro Sáez <asm@redhat.com> - 1.22.2-1
- Rebase to 1.22.2
- Re-enable CGO
- Skip TestCrashDumpsAllThreads
- Resolves: RHEL-33157
* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1 * Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
- Rebase to Go 1.21.7 - Rebase to Go 1.21.7
- Add release information - Add release information