Compare commits

...

No commits in common. "c8-stream-rhel8" and "c8s-stream-rhel8" have entirely different histories.

11 changed files with 565 additions and 229 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/go1.22.9-1-openssl-fips.tar.gz
SOURCES/go1.22.9.tar.gz
SOURCES/go1.19.4-1-openssl-fips.tar.gz
SOURCES/go1.19.4.tar.gz

View File

@ -1,2 +1,2 @@
af6e318112b0e4fa6f42978d5c80e2c4fc5ca02c SOURCES/go1.22.9-1-openssl-fips.tar.gz
3860690f8aee2de5da3cd46af6e84f4f94bfc5f0 SOURCES/go1.22.9.tar.gz
9463e718b1a8daa61009caa6c113197cbefbe9eb SOURCES/go1.19.4-1-openssl-fips.tar.gz
6debf76aa6fb97daff4d49502153a47093883c28 SOURCES/go1.19.4.tar.gz

View File

@ -0,0 +1,53 @@
From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
From: Lynn Boger <laboger@linux.vnet.ibm.com>
Date: Thu, 14 Jul 2022 10:47:28 -0500
Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
The setting of the path for the dynamic loader when building for
linux/ppc64le ELF v2 was incorrectly set to the path for
PPC64 ELF v1. This has not caused issues in the common cases
because this string can be set based on the default GO_LDSO setting.
It does result in an incorrect value when cross compiling binaries
with -buildmode=pie.
Updates #53813
Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
---
src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
index b6d5ad92af..bca8fa9212 100644
--- a/src/cmd/link/internal/ppc64/obj.go
+++ b/src/cmd/link/internal/ppc64/obj.go
@@ -38,9 +38,12 @@ import (
)
func Init() (*sys.Arch, ld.Arch) {
- arch := sys.ArchPPC64
- if buildcfg.GOARCH == "ppc64le" {
- arch = sys.ArchPPC64LE
+ arch := sys.ArchPPC64LE
+ dynld := "/lib64/ld64.so.2"
+
+ if buildcfg.GOARCH == "ppc64" {
+ arch = sys.ArchPPC64
+ dynld = "/lib64/ld64.so.1"
}
theArch := ld.Arch{
@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
Machoreloc1: machoreloc1,
Xcoffreloc1: xcoffreloc1,
- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
- Linuxdynld: "/lib64/ld64.so.1",
-
+ Linuxdynld: dynld,
Freebsddynld: "XXX",
Openbsddynld: "XXX",
Netbsddynld: "XXX",
--
2.35.3

View File

@ -1,18 +1,5 @@
From 24aac090069f79307aeceb8362f60a3cc5e60f7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Fri, 3 May 2024 17:25:19 +0200
Subject: [PATCH] disable_static_tests_part1
---
src/crypto/internal/backend/nobackend.go | 4 ++--
src/crypto/internal/backend/openssl.go | 4 ++--
src/crypto/internal/boring/goboringcrypto.h | 1 +
src/crypto/internal/boring/syso/syso.go | 2 +-
src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h | 1 +
5 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
index 5b0e356dff..a2e17f7fa5 100644
index 5f258a2..5dbbc42 100644
--- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@
@ -21,28 +8,13 @@ index 5b0e356dff..a2e17f7fa5 100644
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static static
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package backend
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
index 3d3a9a36ee..7e32d3b0fa 100644
--- a/src/crypto/internal/backend/openssl.go
+++ b/src/crypto/internal/backend/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
// Package openssl provides access to OpenSSLCrypto implementation functions.
// Check the variable Enabled to find out whether OpenSSLCrypto is available.
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
index 2b11049728..dec1cb2851 100644
index d6d99b1..f2fe332 100644
--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@
@ -52,7 +24,7 @@ index 2b11049728..dec1cb2851 100644
// license that can be found in the LICENSE file.
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
index b3387545e6..db5ea1e3d9 100644
index b338754..db5ea1e 100644
--- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@
@ -64,16 +36,253 @@ index b3387545e6..db5ea1e3d9 100644
// This package only exists with GOEXPERIMENT=boringcrypto.
// It provides the actual syso file.
diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
index e488bf2014..e776aa46a3 100644
--- a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
index 079fc3c..e826d0b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
index 0b61e79..94d0c98 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
index afec529..d822152 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
index 6d6a562..17cc314 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
@@ -1,4 +1,5 @@
// This header file describes the OpenSSL ABI as built for use in Go.
// Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// +build linux
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
index ae40b93..17bc075 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
#include <stdlib.h> // size_t
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
index 6f00177..f466b18 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
index 7c0b5d6..262af07 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
index d49194d..ff15054 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
index 2349db1..57fbb04 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 4379019..5034c46 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
index 49d40a7..3b3dbf8 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
index 7eb645e..1c3225a 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
@@ -1,4 +1,5 @@
// This file contains a port of the BoringSSL AEAD interface.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
index df4ebe3..876393b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
index 2eedd5b..04510d3 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
@@ -1,4 +1,5 @@
// This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
index 362d9e5..bebafef 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
@@ -1,4 +1,5 @@
// This file contains HMAC portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
index 2824147..8bc1d85 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
@@ -1,4 +1,5 @@
// This file contains RSA portability wrappers.
+// +build !static
// +build linux
// +build !android
// +build !no_openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
index 22bd865..b7aa26b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
@@ -1,4 +1,5 @@
// +build linux
+// +build !static
// +build !android
// +build !no_openssl
// +build !cmd_go_bootstrap
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
index b3668b8..dcdae70 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
index 915c840..8623d9d 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
index 0b55ced..57309c0 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
package openssl
--
2.44.0

View File

@ -1,13 +1,36 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index 36a20e8b2a..8c2dd1b44b 100644
index da5b179..6a772df 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
} else {
panic("unknown linkmode with static build: " + linkmode)
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
- gt.tags = append(gt.tags, "static")
+ gt.tags = append(gt.tags, "static", "no_openssl")
}
gt.ldflags = strings.Join(ldflags, " ")
@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
}
}
}

View File

@ -0,0 +1,48 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 2124978..1f853b4 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
GO_RSA *rsa_key) {
int ret = 0;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}
@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
int ret = 0;
EVP_PKEY_CTX *ctx;
GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
- _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
+ if (!pk)
+ return 0;
+
+ if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
+ goto err;
if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
goto err;
@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
err:
if (ctx)
_goboringcrypto_EVP_PKEY_CTX_free(ctx);
+ if (pk)
+ _goboringcrypto_EVP_PKEY_free(pk);
return ret;
}

View File

@ -0,0 +1,13 @@
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
index 10d1cf0..51feb3b 100644
--- a/src/crypto/tls/boring_test.go
+++ b/src/crypto/tls/boring_test.go
@@ -326,7 +326,7 @@ func TestBoringCertAlgs(t *testing.T) {
I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK)
L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK)
- L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring)
+ L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf)
// client verifying server cert
testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) {

View File

@ -1,22 +0,0 @@
From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Fri, 9 Feb 2024 20:06:16 +0100
Subject: [PATCH] Set GOTOOLCHAIN to local
---
go.env | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/go.env b/go.env
index 6ff2b921d4..e87f6e7b6d 100644
--- a/go.env
+++ b/go.env
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
# Automatically download newer toolchains as directed by go.mod files.
# See https://go.dev/doc/toolchain for details.
-GOTOOLCHAIN=auto
+GOTOOLCHAIN=local
--
2.43.0

View File

@ -0,0 +1,122 @@
diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
new file mode 100644
index 0000000000000..bca897c16d054
--- /dev/null
+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
+# Verify PPC64 does not reuse a trampoline which is too far away.
+# This tests an edge case where the direct call relocation addend should
+# be ignored when computing the distance from the direct call to the
+# already placed trampoline
+[short] skip
+[!ppc64] [!ppc64le] skip
+[aix] skip
+
+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
+# assembly 2^26 or so times.
+#
+# We build something which should be laid out as such:
+#
+# bar.Bar
+# main.Func1
+# bar.Bar+400-tramp0
+# main.BigAsm
+# main.Func2
+# bar.Bar+400-tramp1
+#
+# bar.Bar needs to be placed far enough away to generate relocations
+# from main package calls. and main.Func1 and main.Func2 are placed
+# a bit more than the direct call limit apart, but not more than 0x400
+# bytes beyond it (to verify the reloc calc).
+
+go build
+
+-- go.mod --
+
+module foo
+
+go 1.19
+
+-- main.go --
+
+package main
+
+import "foo/bar"
+
+func Func1()
+
+func main() {
+ Func1()
+ bar.Bar2()
+}
+
+-- foo.s --
+
+TEXT main·Func1(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+ CALL main·BigAsm(SB)
+// A trampoline will be placed here to bar.Bar
+
+// This creates a gap sufficiently large to prevent trampoline reuse
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24
+TEXT main·BigAsm(SB),0,$0-0
+ // Fill to the direct call limit so Func2 must generate a new trampoline.
+ // As the implicit trampoline above is just barely unreachable.
+ BIGNOP
+ MOVD $main·Func2(SB), R3
+
+TEXT main·Func2(SB),0,$0-0
+ CALL bar·Bar+0x400(SB)
+// Another trampoline should be placed here.
+
+-- bar/bar.s --
+
+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
+#define NOP256 NOP64 NOP64 NOP64 NOP64
+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
+#define BIGNOP NOP2S24 NOP2S24 NOP2S10
+// A very big not very interesting function.
+TEXT bar·Bar(SB),0,$0-0
+ BIGNOP
+
+-- bar/bar.go --
+
+package bar
+
+func Bar()
+
+func Bar2() {
+}
diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
index 5d5fbe2a97735..6313879da083c 100644
--- a/src/cmd/link/internal/ppc64/asm.go
+++ b/src/cmd/link/internal/ppc64/asm.go
@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
if ldr.SymValue(tramp) == 0 {
break
}
-
- t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
+ // Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
+ // trampoline itself.
+ t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
// With internal linking, the trampoline can be used if it is not too far.
// With external linking, the trampoline must be in this section for it to be reused.

View File

@ -1,27 +0,0 @@
From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Wed, 27 Mar 2024 17:15:48 +0100
Subject: [PATCH] Skip TestCrashDumpsAllThreads
---
src/runtime/crash_unix_test.go | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
index 123a462423..a0034d6455 100644
--- a/src/runtime/crash_unix_test.go
+++ b/src/runtime/crash_unix_test.go
@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
}
+ if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
+ t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
+ }
+
testenv.MustHaveGoBuild(t)
if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
--
2.44.0

View File

@ -56,7 +56,7 @@
%endif
# Controls what ever we fail on failed tests
%ifarch x86_64 %{arm} ppc64le s390x
%ifarch x86_64 %{arm} aarch64 ppc64le s390x
%global fail_on_tests 1
%else
%global fail_on_tests 0
@ -69,8 +69,12 @@
%global shared 0
%endif
# Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
# Pre build std lib with -race enabled
%ifarch x86_64
%global race 1
%else
%global race 0
%endif
%ifarch x86_64
%global gohostarch amd64
@ -91,14 +95,13 @@
%global gohostarch s390x
%endif
%global go_api 1.22
%global version 1.22.9
%global go_api 1.19
%global version 1.19.4
%global pkg_release 1
Name: golang
Version: %{version}
Release: 1%{?dist}
Release: 2%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
@ -137,15 +140,19 @@ Requires: %{name}-src = %{version}-%{release}
Requires: openssl-devel
Requires: diffutils
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
Patch1939923: skip_test_rhbz1939923.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch5: modify_go.env.patch
Patch7: skip_TestCrashDumpsAllThreads.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch4: ppc64le-internal-linker-fix.patch
Patch5: fix-test-1024-leaf-certs.patch
Patch6: fix-memory-leak-evp-sign-verify.patch
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -153,9 +160,6 @@ Obsoletes: %{name}-docs < 1.1-4
# RPM can't handle symlink -> dir with subpackages, so merge back
Obsoletes: %{name}-data < 1.1.1-4
# We don't build golang-race anymore, rhbz#2230599
Obsoletes: golang-race < 1.20.0
# These are the only RHEL/Fedora architectures that we compile this package for
ExclusiveArch: %{golang_arches}
@ -242,22 +246,19 @@ Requires: %{name} = %{version}-%{release}
pushd ..
tar -xf %{SOURCE1}
popd
patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
# Add --no-backup-if-mismatch option to avoid creating .orig temp files
for p in "$patch_dir"/*.patch; do
echo "Applying $p"
patch -p1 --no-backup-if-mismatch < $p
done
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
# Configure crypto tests
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
ln -s ../go-go%{version} go
./scripts/configure-crypto-tests.sh
popd
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%autopatch -p1
%patch221 -p1
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
%patch1939923 -p1
%patch227 -p1
cp %{SOURCE2} ./src/runtime/
@ -328,7 +329,7 @@ rm -rf pkg/bootstrap/bin
# install everything into libdir (until symlink problems are fixed)
# https://code.google.com/p/go/issues/detail?id=5830
cp -apv api bin doc lib pkg src misc test go.env VERSION \
cp -apv api bin doc lib pkg src misc test VERSION \
$RPM_BUILD_ROOT%{goroot}
# bz1099206
@ -341,11 +342,12 @@ cwd=$(pwd)
src_list=$cwd/go-src.list
pkg_list=$cwd/go-pkg.list
shared_list=$cwd/go-shared.list
race_list=$cwd/go-race.list
misc_list=$cwd/go-misc.list
docs_list=$cwd/go-docs.list
tests_list=$cwd/go-tests.list
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
pushd $RPM_BUILD_ROOT%{goroot}
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list
@ -376,6 +378,13 @@ pushd $RPM_BUILD_ROOT%{goroot}
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
%endif
%if %{race}
find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
%endif
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
@ -452,12 +461,11 @@ export GO_TEST_RUN=""
# Run tests with FIPS enabled.
export GOLANG_FIPS=1
export OPENSSL_FORCE_FIPS_MODE=1
pushd crypto
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
go test -timeout 50m $(go list ./... | grep -v tls) -v
go test $(go list ./... | grep -v tls) -v
# Check that signature functions have parity between boring and notboring
CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
popd
# Run all FIPS specific TLS tests
pushd crypto/tls
@ -514,107 +522,16 @@ cd ..
%files -f go-pkg.list bin
%{_bindir}/go
%{_bindir}/gofmt
%{goroot}/go.env
%if %{shared}
%files -f go-shared.list shared
%endif
%if %{race}
%files -f go-race.list race
%endif
%changelog
* Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
- Update to Go 1.22.9
- Resolves: RHEL-67668
* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
- Update to Go 1.22.7
- Resolves: RHEL-58223
- Resolves: RHEL-57961
- Resolves: RHEL-57847
- Resolves: RHEL-57860
* Fri Sep 06 2024 Archana <aravinda@redhat.com> - 1.22.5-3
- Update fix that loads Openssl in FIPS mode if fips==1
- Related: RHEL-52485
* Mon Sep 02 2024 Archana <aravinda@redhat.com> - 1.22.5-2
- Include fix that loads Openssl only in FIPS mode to avoid panic
- Resolves: RHEL-52485
* Fri Jul 12 2024 Archana <aravinda@redhat.com> - 1.22.5-1
- Rebase to Go1.22.5 to fix CVE-2024-24791
- Resolves: RHEL-46972
* Fri Jun 07 2024 Archana <aravinda@redhat.com> - 1.22.4-1
- Addresses CVEs-2024-24789 and CVE-2024-24790
- Resolves: RHEL-40157
* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
- Update openssl backend
- Resolves: RHEL-36102
* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
- Restore HashSign / HashVerify API
- Resolves: RHEL-35884
* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.22.3-1
- Update to Go 1.22.3
- Resolves: RHEL-35884
- Resolves: RHEL-35075
- Resolves: RHEL-35632
- Resolves: RHEL-35901
* Thu May 02 2024 Alejandro Sáez <asm@redhat.com> - 1.22.2-1
- Rebase to 1.22.2
- Re-enable CGO
- Skip TestCrashDumpsAllThreads
- Resolves: RHEL-33157
* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
- Rebase to Go 1.21.7
- Add release information
- Set GOTOOLCHAIN to local
- Skip TestOverlongMessagePKCS1v15
- Resolves: RHEL-24082
- Resolves: RHEL-18363
- Resolves: RHEL-18382
* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
- Do not remove GOPROXY/GOSUMDB
- Related: RHEL-12620
* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
- Fix go.env in Go 1.21
- Related: RHEL-12620
* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
- Rebase disable_static_tests_part2.patch to Go 1.21.3
- Add missing strict fips runtime detection patch
- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Remove fix-memory-leak patch as it is fixed upstream
- Resolves: RHEL-12620
* Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
- Rebase Go to 1.21.3
- Resolves: RHEL-12620
* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
- Retire golang-race package
- Resolves: rhbz#2230599
* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
- Rebase to Go 1.20.6
- Resolves: rhbz#2217596
* Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
- Rebase to Go 1.20.4
- Resolves: rhbz#2204474
* Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
- Rebase to Go 1.20.3
- Remove race archives
- Update static tests patches
- Resolves: rhbz#2185260
* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Fix memory leaks in EVP_{sign,verify}_raw
- Resolves: rhbz#2132767