9 changed files with 346 additions and 258 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,2 @@
-SOURCES/compiler-rt-18.1.8.src.tar.xz
-SOURCES/go1.25.5-1-openssl-fips.tar.gz
-SOURCES/go1.25.5.tar.gz
+SOURCES/go1.21.7-1-openssl-fips.tar.gz
+SOURCES/go1.21.7.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,3 +1,2 @@
-6ecbfa5516b60adb4e4e60f991b0d8ddf5aab12a SOURCES/compiler-rt-18.1.8.src.tar.xz
-d85ac31a94137b3bcaff6af37ee233d36200c870 SOURCES/go1.25.5-1-openssl-fips.tar.gz
-bd09219d3b0223eb69ef9096093ff28e1f210099 SOURCES/go1.25.5.tar.gz
+95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz
+1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
@ -0,0 +1,288 @@
+diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
+index 5f258a2..5dbbc42 100644
+--- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package backend
+ 
+diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
+index d6d99b1..f2fe332 100644
+--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
+index b338754..db5ea1e 100644
+--- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
+//go:build boringcrypto && !static
+ 
+ // This package only exists with GOEXPERIMENT=boringcrypto.
+ // It provides the actual syso file.
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+index 079fc3c..e826d0b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+index 0b61e79..94d0c98 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+index afec529..d822152 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+index 6d6a562..17cc314 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ // +build linux
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+index ae40b93..17bc075 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+index 6f00177..f466b18 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+index 7c0b5d6..262af07 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+index d49194d..ff15054 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+index 2349db1..57fbb04 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+index 4379019..5034c46 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+index 49d40a7..3b3dbf8 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+index 7eb645e..1c3225a 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+@@ -1,4 +1,5 @@
+ // This file contains a port of the BoringSSL AEAD interface.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+index df4ebe3..876393b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+index 2eedd5b..04510d3 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+@@ -1,4 +1,5 @@
+ // This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+index 362d9e5..bebafef 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+@@ -1,4 +1,5 @@
+ // This file contains HMAC portability wrappers.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+index 2824147..8bc1d85 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+@@ -1,4 +1,5 @@
+ // This file contains RSA portability wrappers.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+index 22bd865..b7aa26b 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+index b3668b8..dcdae70 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+index 915c840..8623d9d 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+index 0b55ced..57309c0 100644
+--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
@ -0,0 +1,13 @@
+diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
+index 36a20e8b2a..8c2dd1b44b 100644
+--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
+@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
+ 			} else {
+ 				panic("unknown linkmode with static build: " + linkmode)
+ 			}
+-			gt.tags = append(gt.tags, "static")
+			gt.tags = append(gt.tags, "static", "no_openssl")
+ 		}
+ 		gt.ldflags = strings.Join(ldflags, " ")
+ 
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
@ -1,9 +1,5 @@
-//go:build rpm_crashtraceback
 // +build rpm_crashtraceback

-// Copyright 2017 The Fedora Project Contributors. All rights reserved.
-// Use of this source code is governed by the MIT license.
-
 package runtime

 func init() {
--- a/SOURCES/revert_dwarf5.patch
+++ b/SOURCES/revert_dwarf5.patch
@ -1,42 +0,0 @@
-From e90ae9076a108b83c645814f75a574c14a5a4b98 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
-Date: Wed, 27 Aug 2025 16:18:09 +0200
-Subject: [PATCH] Revert DWARF5 as default, use DWARF4
-
---
- src/internal/buildcfg/exp.go | 13 +------------
- 1 file changed, 1 insertion(+), 12 deletions(-)
-
-diff --git a/src/internal/buildcfg/exp.go b/src/internal/buildcfg/exp.go
-index 689ca8ce58..b2ea97481b 100644
--- a/src/internal/buildcfg/exp.go
-+++ b/src/internal/buildcfg/exp.go
-@@ -67,24 +67,13 @@ func ParseGOEXPERIMENT(goos, goarch, goexp string) (*ExperimentFlags, error) {
- 		regabiSupported = true
- 	}
- 
-	// Older versions (anything before V16) of dsymutil don't handle
-	// the .debug_rnglists section in DWARF5. See
-	// https://github.com/golang/go/issues/26379#issuecomment-2677068742
-	// for more context. This disables all DWARF5 on mac, which is not
-	// ideal (would be better to disable just for cases where we know
-	// the build will use external linking). In the GOOS=aix case, the
-	// XCOFF format (as far as can be determined) doesn't seem to
-	// support the necessary section subtypes for DWARF-specific
-	// things like .debug_addr (needed for DWARF 5).
-	dwarf5Supported := (goos != "darwin" && goos != "ios" && goos != "aix")
-
- 	baseline := goexperiment.Flags{
- 		RegabiWrappers:  regabiSupported,
- 		RegabiArgs:      regabiSupported,
- 		AliasTypeParams: true,
- 		SwissMap:        true,
- 		SyncHashTrieMap: true,
-		Dwarf5:          dwarf5Supported,
-+		Dwarf5:          false,
- 	}
- 
- 	// Start with the statically enabled set of experiments.
-- 
-2.51.0
-
--- a/SOURCES/skip-test-overlong-message.patch
+++ b/SOURCES/skip-test-overlong-message.patch
@ -0,0 +1,15 @@
+diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
+index 0853178e3a..16eb37734b 100644
+--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
+@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
+ }
+ 
+ func TestOverlongMessagePKCS1v15(t *testing.T) {
+	// OpenSSL now returns a random string instead of an error
+	if boring.Enabled() {
+		t.Skip("Not relevant in boring mode")
+	}
+ 	ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
+ 	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
+ 	if err == nil {
--- a/SOURCES/skip_TestCrashDumpsAllThreads.patch
+++ b/SOURCES/skip_TestCrashDumpsAllThreads.patch
@ -1,27 +0,0 @@
-From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
-Date: Wed, 27 Mar 2024 17:15:48 +0100
-Subject: [PATCH] Skip TestCrashDumpsAllThreads
-
---
- src/runtime/crash_unix_test.go | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
-index 123a462423..a0034d6455 100644
--- a/src/runtime/crash_unix_test.go
-+++ b/src/runtime/crash_unix_test.go
-@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
- 		t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
- 	}
- 
-+	if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
-+		t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
-+	}
-+
- 	testenv.MustHaveGoBuild(t)
- 
- 	if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
-- 
-2.44.0
-
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -69,7 +69,6 @@
 %global shared 0
 %endif

-# Pre build std lib with -race enabled
 # Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
 %global race 0

@ -92,17 +91,14 @@
 %global gohostarch  s390x
 %endif

-%global go_api 1.25
-%global go_version 1.25.5
-%global version %{go_version}
+%global go_api 1.21
+%global version 1.21.7
 %global pkg_release 1

-# LLVM compiler-rt version for race detector
-%global llvm_compiler_rt_version 18.1.8
-
 Name:           golang
 Version:        %{version}
 Release:        1%{?dist}
+
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -114,10 +110,9 @@ Source0:        https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
 # located at https://github.com/golang-fips/openssl-fips,
 # And pre-genetated patches to set up the module for a given
 # Go release are located at https://github.com/golang-fips/go.
-Source1:	https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
+Source1:       https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
 Source2:        fedora.go
-Source3: 	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz

 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 # Actual Go based bootstrap compiler provided by above source.
@ -136,14 +131,9 @@ BuildRequires:  openssl-devel
 # for tests
 BuildRequires:  pcre-devel, glibc-static, perl

-# Necessary for building llvm address sanitizer for Go race detector
-BuildRequires: libstdc++-devel
-BuildRequires: clang
-
 Provides:       go = %{version}-%{release}
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
-Requires:       %{name}-race = %{version}-%{release}
 Requires:       openssl-devel
 Requires:       diffutils

@ -152,10 +142,10 @@ Patch221:       fix_TestScript_list_std.patch

 Patch1939923:   skip_test_rhbz1939923.patch

-Patch4:		modify_go.env.patch
-Patch6:		skip_TestCrashDumpsAllThreads.patch
-# Related: https://sourceware.org/bugzilla/show_bug.cgi?id=33204
-Patch7:     revert_dwarf5.patch
+Patch2:		disable_static_tests_part1.patch
+Patch3:		disable_static_tests_part2.patch
+Patch4:		skip-test-overlong-message.patch
+Patch5:		modify_go.env.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -163,6 +153,9 @@ Obsoletes:      %{name}-docs < 1.1-4
 # RPM can't handle symlink -> dir with subpackages, so merge back
 Obsoletes:      %{name}-data < 1.1.1-4

+# We don't build golang-race anymore, rhbz#2230599
+Obsoletes:      golang-race < 1.20.0
+
 # These are the only RHEL/Fedora architectures that we compile this package for
 ExclusiveArch:  %{golang_arches}

@ -233,23 +226,15 @@ Summary:        Golang shared object libraries
 %{summary}.
 %endif

-%package -n go-toolset
-Summary:        Package that installs go-toolset
-Requires:       %{name} = %{version}-%{release}
-%ifarch x86_64 aarch64 ppc64le
-Requires:       delve
-%endif
+%if %{race}
+%package        race
+Summary:        Golang std library with -race enabled

-%description -n go-toolset
-This is the main package for go-toolset.
-
-
-%package race
-Summary:	Race detetector library object files.
 Requires:       %{name} = %{version}-%{release}

 %description    race
-Binary library objects for Go's race detector.
+%{summary}
+%endif

 %prep
 %setup -q -n go-go%{version}
@ -257,12 +242,9 @@ Binary library objects for Go's race detector.
 pushd ..
 tar -xf %{SOURCE1}
 popd
-patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
-# Add --no-backup-if-mismatch option to avoid creating .orig temp files
-for p in "$patch_dir"/*.patch; do
-	echo "Applying $p"
-	patch --no-backup-if-mismatch -p1 < $p
-done
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch

 # Configure crypto tests
 pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -275,11 +257,6 @@ popd
 sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION

 cp %{SOURCE2} ./src/runtime/
-# Delete the bundled race detector objects.
-find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
-
-# Delete the boring binary blob.  We use the system OpenSSL instead.
-rm -rf src/crypto/internal/boring/syso

 %build
 set -xe
@ -288,40 +265,6 @@ uname -a
 cat /proc/cpuinfo
 cat /proc/meminfo

-# Build race detector .syso's from llvm sources
-# The race detector requests a -fno-exceptions build.
-%global tsan_buildflags %(rpm -D 'toolchain clang' -E '%{optflags}' | sed 's/-fexceptions//')
-%global tsan_optflag -O1
-mkdir ../llvm
-
-tar -xf %{SOURCE3} -C ../llvm
-tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
-
-# The script uses uname -a and grep to set the GOARCH.  This
-# is unreliable and can get the wrong architecture in
-# circumstances like cross-architecture emulation.  We fix it
-# by just reading GOARCH directly from Go.
-export GOARCH=$(go env GOARCH)
-
-%ifarch x86_64
-pushd "${tsan_go_dir}"
-  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang GOAMD64=v3 ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
-
-pushd "${tsan_go_dir}"
-  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang GOAMD64=v1 ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
-
-%else
-pushd "${tsan_go_dir}"
-  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
-%endif
-
-
 # bootstrap compiler GOROOT
 %if !%{golang_bootstrap}
 export GOROOT_BOOTSTRAP=/
@ -425,7 +368,7 @@ pushd $RPM_BUILD_ROOT%{goroot}
        echo "%%{goroot}/$file" >> $shared_list
        echo "%%{golibdir}/$(basename $file)" >> $shared_list
    done
-
+    
    find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
    find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
 %endif
@ -499,16 +442,18 @@ export GO_TEST_RUN=""

 %if %{fail_on_tests}

+# TestEd25519Vectors needs network connectivity but it should be cover by
+# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
+
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN

 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
-export OPENSSL_FORCE_FIPS_MODE=1
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
+  go test $(go list ./... | grep -v tls) -v
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@ -553,13 +498,8 @@ cd ..
 # prelink blacklist
 %{_sysconfdir}/prelink.conf.d

+
 %files -f go-src.list src
-%ifarch x86_64
-%exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
-%exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
-%else
-%exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
-%endif

 %files -f go-docs.list docs

@ -576,100 +516,7 @@ cd ..
 %files -f go-shared.list shared
 %endif

-%files -n go-toolset
-
-%files race
-%ifarch x86_64
-%{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
-%{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
-%else
-%{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
-%endif
-
 %changelog
-* Mon Jan 19 2026 dbenoit <dbenoit@redhat.com> - 1.25.5-1
- Update to Go 1.25.5 (fips-1)
- Resolves: RHEL-139365
-
-* Wed Oct 29 2025 David Benoit <dbenoit@redhat.com> - 1.25.3-1
- Update to Go 1.25.3 (sync from CentOS Stream 9)
- Build go-toolset as a subpackage
- Preserve GOAMD64=v1 for RHEL 8
- Resolves: RHEL-121223
-
-* Wed Aug 13 2025 David Benoit <dbenoit@redhat.com> - 1.24.6-1
- Update to Go 1.24.6 (fips-1)
- Resolves: RHEL-106455
-
-* Tue Jul 01 2025 David Benoit <dbenoit@redhat.com> - 1.24.4-1
- Update to Go 1.24.4 (fips-1)
- Resolves: RHEL-85264
-
-* Mon Jun 02 2025 Alejandro Sáez <asm@redhat.com> - 1.23.9-1
- Update to Go 1.23.9
- Resolves: RHEL-94636
-
-* Thu Mar 13 2025 David Benoit <dbenoit@redhat.com> - 1.23.6-1
- Update to Go 1.23.6
- Resolves: RHEL-83824
-
-* Tue Jan 21 2025 Archana <aravinda@redhat.com> - 1.22.11-1
- Rebase to Go1.22.11 to pick up fixes for CVE 2024-45341 and 2024-45336
- Fix test failures with expired certificates
- Resolves: RHEL-73752
-
-* Fri Dec 13 2024 Alejandro Sáez <asm@redhat.com> - 1.22.9-2
- Remove bundled boringcrypto blob
- Resolves: RHEL-54338
-
-* Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
- Update to Go 1.22.9
- Resolves: RHEL-67668
-
-* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
- Update to Go 1.22.7
- Resolves: RHEL-58223
- Resolves: RHEL-57961
- Resolves: RHEL-57847
- Resolves: RHEL-57860
-
-* Fri Sep 06 2024 Archana <aravinda@redhat.com> - 1.22.5-3
- Update fix that loads Openssl in FIPS mode if fips==1
- Related: RHEL-52485
-
-* Mon Sep 02 2024 Archana <aravinda@redhat.com> - 1.22.5-2
- Include fix that loads Openssl only in FIPS mode to avoid panic
- Resolves: RHEL-52485
-
-* Fri Jul 12 2024 Archana <aravinda@redhat.com> - 1.22.5-1
- Rebase to Go1.22.5 to fix CVE-2024-24791
- Resolves: RHEL-46972
-
-* Fri Jun 07 2024 Archana <aravinda@redhat.com> - 1.22.4-1
- Addresses CVEs-2024-24789 and CVE-2024-24790
- Resolves: RHEL-40157
-
-* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
- Update openssl backend
- Resolves: RHEL-36102
-
-* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
- Restore HashSign / HashVerify API
- Resolves: RHEL-35884
-
-* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.22.3-1
- Update to Go 1.22.3
- Resolves: RHEL-35884
- Resolves: RHEL-35075
- Resolves: RHEL-35632
- Resolves: RHEL-35901
-
-* Thu May 02 2024 Alejandro Sáez <asm@redhat.com> - 1.22.2-1
- Rebase to 1.22.2
- Re-enable CGO
- Skip TestCrashDumpsAllThreads
- Resolves: RHEL-33157
-
 * Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to Go 1.21.7
 - Add release information