21 changed files with 318 additions and 705 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,95 +1,2 @@
-/go1.8.3.src.tar.gz
+SOURCES/go1.23.9-1-openssl-fips.tar.gz
-/go1.8.4.src.tar.gz
+SOURCES/go1.23.9.tar.gz
 /go1.8.5.src.tar.gz
 /go1.10.src.tar.gz
 /go1.10.2.src.tar.gz
 /dev.boringcrypto.go1.10.tar.gz
 /go1.9.7.linux-amd64.tar.gz
 /go1.9.7.linux-386.tar.gz
 /go1.9.7.linux-ppc64le.tar.gz
 /go1.9.7.linux-s390x.tar.gz
 /go1.9.7.linux-arm64.tar.gz
 /go1.10.3-openssl-1-1-fips.tar.gz
 /go1.11-openssl-1.1-fips.tar.gz
 /go1.11.5-openssl-1.1.tar.gz
 /go-go1.11.5-openssl-1.1.tar.gz
 /go1.12.1-openssl-fips.tar.gz
 /go1.12.1-3-openssl-fips.tar.gz
 /go1.12.1-4-openssl-fips.tar.gz
 /go1.12.1-8-openssl-fips.tar.gz
 /go1.12.1-9-openssl-fips.tar.gz
 /go1.12.5-1-openssl-fips.tar.gz
 /go1.12.6-1-openssl-fips.tar.gz
 /go-go-1.12.6-2-openssl-fips.tar.gz
 /go-go-1.12.6-3-openssl-fips.tar.gz
 /go-go-1.12.8-2-openssl-fips.tar.gz
 /go-go-1.13.4-1-openssl-fips.tar.gz
 /go-go-1.14.2-1-openssl-fips.tar.gz
 /go-go-1.14.4-1-openssl-fips.tar.gz
 /go-go-1.14.6-1-openssl-fips.tar.gz
 /go-go-1.14.7-1-openssl-fips.tar.gz
 /go-go-1.14.7-2-openssl-fips.tar.gz
 /go-go-1.15.0-2-openssl-fips.tar.gz
 /go-go-1.15.2-1-openssl-fips.tar.gz
 /go-go-1.15.3-1-openssl-fips.tar.gz
 /go-go-1.15.5-1-openssl-fips.tar.gz
 /go-go-1.15.7-1-openssl-fips.tar.gz
 /go-go-1.16.1-1-openssl-fips.tar.gz
 /go-go-1.16.1-2-openssl-fips.tar.gz
 /go-go-1.16.4-1-openssl-fips.tar.gz
 /go-go-1.16.5-1-openssl-fips.tar.gz
 /go-go-1.16.6-1-openssl-fips.tar.gz
 /go-go-1.16.6-3-openssl-fips.tar.gz
 /go-go-1.16.7-1-openssl-fips.tar.gz
 /go-go-1.17.2-1-openssl-fips.tar.gz
 /go-go-1.17.3-1-openssl-fips.tar.gz
 /go-go-1.17.4-1-openssl-fips.tar.gz
 /go-go-1.17.5-1-openssl-fips.tar.gz
 /go-go-1.17.7-1-openssl-fips.tar.gz
 /go1.19.1.tar.gz
 /go1.19.2.tar.gz
 /go1.19.4-1-openssl-fips.tar.gz
 /go1.19.4.tar.gz
 /go1.19.6.tar.gz
 /go1.19.6-1-openssl-fips.tar.gz
 /go1.20.3.tar.gz
 /go1.20.3-1-openssl-fips.tar.gz
 /go1.20.4.tar.gz
 /go1.20.4-3-openssl-fips.tar.gz
 /go1.20.6.tar.gz
 /go1.20.6-1-openssl-fips.tar.gz
 /go1.20.8.tar.gz
 /go1.20.8-1-openssl-fips.tar.gz
 /go1.21.3-1-openssl-fips.tar.gz
 /go1.21.3.tar.gz
 /go1.21.4.tar.gz
 /go1.21.4-1-openssl-fips.tar.gz
 /go1.21.7.tar.gz
 /go1.21.7-1-openssl-fips.tar.gz
 /go1.22.1.tar.gz
 /go1.22.1-1-openssl-fips.tar.gz
 /go1.22.1-2-openssl-fips.tar.gz
 /go1.22.2.tar.gz
 /go1.22.2-1-openssl-fips.tar.gz
 /go1.22.3.src.tar.gz
 /go1.22.3-1-openssl-fips.tar.gz
 /go1.22.3.tar.gz
 /go1.22.3-2-openssl-fips.tar.gz
 /go1.22.3-3-openssl-fips.tar.gz
 /go1.22.4.tar.gz
 /go1.22.4-1-openssl-fips.tar.gz
 /go1.22.5.tar.gz
 /go1.22.5-1-openssl-fips.tar.gz
 /51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.gz
 /compiler-rt-18.1.8.src.tar.xz
 /go1.23.2.tar.gz
 /go1.23.2-2-openssl-fips.tar.gz
 /go1.23.4.tar.gz
 /go1.23.4-1-openssl-fips.tar.gz
 /go1.24.3.tar.gz
 /go1.24.3-1-openssl-fips.tar.gz
 /go1.24.3-2-openssl-fips.tar.gz
 /go1.24.3-3-openssl-fips.tar.gz
 /go1.24.4.src.tar.gz
 /go1.24.4-1-openssl-fips.tar.gz
 /go1.24.4.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -0,0 +1,2 @@
 f88e1a017f8abb82764e1340b858268b8beca1d8 SOURCES/go1.23.9-1-openssl-fips.tar.gz
 ac7c4463e6f0e61fceb6c4e73d7c7d9da61d6a5d SOURCES/go1.23.9.tar.gz
--- a/5
+++ b/5
@ -1,5 +0,0 @@
 mockbuild:
 	centpkg mockbuild
 spectool:
 	spectool -g golang.spec
--- a/README.md
+++ b/README.md
@ -1,65 +0,0 @@
 # Golang
 ## Introduction
 This package holds the spec file and related patches for the Golang package.
 The golang package is part of the larger go-toolset meta package.
 ## Sources
 This particular branch provides Go 1.16.x. The sources for this branch can be
 found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is
 coming from a pagure fork as opposed to an upstream tarball is due to certain
 patches we have written and currently maintain in order to claim FIPS compliance
 by calling into OpenSSL. Shipping a forked version of the toolchain is not the
 ideal scenario, and there is work in progress with upstream to enable us to
 instead ship a pure upstream toolchain and include a crypto module in go-toolset
 which will satisfy our FIPS requirements.
 The current fork is based on an upstream branch[[0]] which uses
 boringcrypto[[1]] instead of OpenSSL.
 If you need to make changes to the source for a rebase or bug fix, check out the
 pagure repo and switch to the branch listed above. Once you have made your
 changes you can test them locally with `./all.bash`. You may want to export
 `GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are
 correct. Please note however that the test suite does not fully expect FIPS
 compliance, and will attempt to test non FIPS compliant code paths. The easiest
 way to test your changes correctly is to create a tarball locally and execute a
 mockbuild using this packge, which knows how to correctly run the testsuite in
 both FIPS and non-FIPS modes.
 NOTE: The way pagure previously handled uploaded releases has changed, and
 releases must be tagged in the appropriate branch, from which pagure will
 generate source tarballs.
 ## Testing & building changes
 The first test you should run is a local mockbuild. This can be done with the
 rhpkg command:
 ```
 rhpkg mockbuild
 ```
 Once everything builds and passes locally you'll likely want to perform a
 scratch build. This will ensure that the changes you made build and run
 correctly on all architectures that this package supports. The best way to do
 this is to run a scratch build from your local sources without first having to
 push them. This ensures your changes are correct before commiting them to the
 repo. This can also be done via the following rhpkg command:
 ```
 rhpkg scratch-build --srpm
 ```
 Once your scratch build has passed you can execute a real build:
 ```
 rhpkg build
 ```
 ---
 [0] https://github.com/golang/go/tree/dev.boringcrypto 
 [1] https://opensource.google.com/projects/boringssl
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
@ -0,0 +1,63 @@
 diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
 index 95c2cdc..88df624 100644
 --- a/src/crypto/internal/backend/nobackend.go
 +++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || purego
 -// +build !linux !cgo android cmd_go_bootstrap msan no_openssl purego
 +//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || purego || static
 +// +build !linux !cgo android cmd_go_bootstrap msan no_openssl purego static
 package backend
 diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
 index 297c3cb..1a4fa10 100644
 --- a/src/crypto/internal/backend/openssl.go
 +++ b/src/crypto/internal/backend/openssl.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !purego
 -// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!purego
 +//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !purego && !static
 +// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!purego,!static
 // Package openssl provides access to OpenSSLCrypto implementation functions.
 // Check the variable Enabled to find out whether OpenSSLCrypto is available.
 diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
 index 2b11049..dec1cb2 100644
 --- a/src/crypto/internal/boring/goboringcrypto.h
 +++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 +// +build !static
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
 index b338754..db5ea1e 100644
 --- a/src/crypto/internal/boring/syso/syso.go
 +++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build boringcrypto
 +//go:build boringcrypto && !static
 // This package only exists with GOEXPERIMENT=boringcrypto.
 // It provides the actual syso file.
 diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
 index e488bf2..e776aa4 100644
 --- a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
 +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h
@@ -1,4 +1,5 @@
 // This header file describes the OpenSSL ABI as built for use in Go.
 +// +build !static
 #include <stdlib.h> // size_t
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
@ -0,0 +1,13 @@
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
 index 36a20e8b2a..8c2dd1b44b 100644
 --- a/src/cmd/dist/test.go
 +++ b/src/cmd/dist/test.go
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
 			} else {
 				panic("unknown linkmode with static build: " + linkmode)
 			}
 -			gt.tags = append(gt.tags, "static")
 +			gt.tags = append(gt.tags, "static", "no_openssl")
 		}
 		gt.ldflags = strings.Join(ldflags, " ")
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
@ -0,0 +1,7 @@
 // +build rpm_crashtraceback
 package runtime
 func init() {
 	setTraceback("crash")
 }
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
--- a/SOURCES/modify_go.env.patch
+++ b/SOURCES/modify_go.env.patch
@ -0,0 +1,22 @@
 From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Fri, 9 Feb 2024 20:06:16 +0100
 Subject: [PATCH] Set GOTOOLCHAIN to local
 ---
 go.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/go.env b/go.env
 index 6ff2b921d4..e87f6e7b6d 100644
 --- a/go.env
 +++ b/go.env
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
 # Automatically download newer toolchains as directed by go.mod files.
 # See https://go.dev/doc/toolchain for details.
 -GOTOOLCHAIN=auto
 +GOTOOLCHAIN=local
 -- 
 2.43.0
--- a/SOURCES/skip_TestCrashDumpsAllThreads.patch
+++ b/SOURCES/skip_TestCrashDumpsAllThreads.patch
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -69,7 +69,6 @@
 %global shared 0
 %endif
 # Pre build std lib with -race enabled
 # Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
 %global race 0
@ -92,17 +91,14 @@
 %global gohostarch  s390x
 %endif
-%global go_api 1.24
+%global go_api 1.23
-%global go_version 1.24.4
+%global version 1.23.9
 %global version %{go_version}
 %global pkg_release 1
 # LLVM compiler-rt version for race detector
 %global llvm_compiler_rt_version 18.1.8
 Name:           golang
 Version:        %{version}
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -117,7 +113,6 @@ Source0:        https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
 Source1:       https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
 Source2:        fedora.go
 Source3: 	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz
 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 # Actual Go based bootstrap compiler provided by above source.
@ -136,14 +131,9 @@ BuildRequires:  openssl-devel
 # for tests
 BuildRequires:  pcre-devel, glibc-static, perl
 # Necessary for building llvm address sanitizer for Go race detector
 BuildRequires: libstdc++-devel
 BuildRequires: clang
 Provides:       go = %{version}-%{release}
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
 Requires:       %{name}-race = %{version}-%{release}
 Requires:       openssl-devel
 Requires:       diffutils
@ -152,8 +142,10 @@ Patch221:       fix_TestScript_list_std.patch
 Patch1939923:   skip_test_rhbz1939923.patch
-Patch4:		modify_go.env.patch
+Patch2:		disable_static_tests_part1.patch
-Patch6:		skip_TestCrashDumpsAllThreads.patch
+Patch3:		disable_static_tests_part2.patch
 Patch5:		modify_go.env.patch
 Patch7:		skip_TestCrashDumpsAllThreads.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -161,6 +153,9 @@ Obsoletes:      %{name}-docs < 1.1-4
 # RPM can't handle symlink -> dir with subpackages, so merge back
 Obsoletes:      %{name}-data < 1.1.1-4
 # We don't build golang-race anymore, rhbz#2230599
 Obsoletes:      golang-race < 1.20.0
 # These are the only RHEL/Fedora architectures that we compile this package for
 ExclusiveArch:  %{golang_arches}
@ -231,23 +226,15 @@ Summary:        Golang shared object libraries
 %{summary}.
 %endif
-%package -n go-toolset
+%if %{race}
 Summary:        Package that installs go-toolset
 Requires:       %{name} = %{version}-%{release}
 %ifarch x86_64 aarch64 ppc64le
 Requires:       delve
 %endif
 %description -n go-toolset
 This is the main package for go-toolset.
 %package        race
-Summary:	Race detetector library object files.
+Summary:        Golang std library with -race enabled
 Requires:       %{name} = %{version}-%{release}
 %description    race
-Binary library objects for Go's race detector.
+%{summary}
 %endif
 %prep
 %setup -q -n go-go%{version}
@ -259,7 +246,7 @@ patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
 # Add --no-backup-if-mismatch option to avoid creating .orig temp files
 for p in "$patch_dir"/*.patch; do
 	echo "Applying $p"
-	patch --no-backup-if-mismatch -p1 < $p
+	patch -p1 --no-backup-if-mismatch < $p
 done
 # Configure crypto tests
@ -271,14 +258,11 @@ popd
 %autopatch -p1
 sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
 cp %{SOURCE2} ./src/runtime/
 # Delete the bundled race detector objects.
 find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
 # Delete the boring binary blob.  We use the system OpenSSL instead.
 rm -rf src/crypto/internal/boring/syso
 cp %{SOURCE2} ./src/runtime/
 %build
 set -xe
 # print out system information
@ -286,40 +270,6 @@ uname -a
 cat /proc/cpuinfo
 cat /proc/meminfo
 # Build race detector .syso's from llvm sources
 # The race detector requests a -fno-exceptions build.
 %global tsan_buildflags %(rpm -D 'toolchain clang' -E '%{optflags}' | sed 's/-fexceptions//')
 %global tsan_optflag -O1
 mkdir ../llvm
 tar -xf %{SOURCE3} -C ../llvm
 tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
 # The script uses uname -a and grep to set the GOARCH.  This
 # is unreliable and can get the wrong architecture in
 # circumstances like cross-architecture emulation.  We fix it
 # by just reading GOARCH directly from Go.
 export GOARCH=$(go env GOARCH)
 %ifarch x86_64
 pushd "${tsan_go_dir}"
  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang GOAMD64=v3 ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
 pushd "${tsan_go_dir}"
  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang GOAMD64=v1 ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
 %else
 pushd "${tsan_go_dir}"
  CFLAGS="%{tsan_buildflags} %{tsan_optflag}" CC=clang ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 # bootstrap compiler GOROOT
 %if !%{golang_bootstrap}
 export GOROOT_BOOTSTRAP=/
@ -342,7 +292,7 @@ export CC_FOR_TARGET="gcc"
 export GOOS=linux
 export GOARCH=%{gohostarch}
-DEFAULT_GO_LD_FLAGS="-s -w"
+DEFAULT_GO_LD_FLAGS=""
 %if !%{external_linker}
 export GO_LDFLAGS="-linkmode internal $DEFAULT_GO_LD_FLAGS"
 %else
@ -497,6 +447,9 @@ export GO_TEST_RUN=""
 %if %{fail_on_tests}
 # TestEd25519Vectors needs network connectivity but it should be cover by
 # this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
 # Run tests with FIPS enabled.
@ -504,9 +457,9 @@ export GOLANG_FIPS=1
 export OPENSSL_FORCE_FIPS_MODE=1
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
+  go test -timeout 50m $(go list ./... | grep -v tls) -v
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v -skip="TestEd25519Vectors|TestACVP"
+  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@ -551,13 +504,8 @@ cd ..
 # prelink blacklist
 %{_sysconfdir}/prelink.conf.d
 %files -f go-src.list src
 %ifarch x86_64
 %exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
 %exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
 %else
 %exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 %files -f go-docs.list docs
@ -574,176 +522,121 @@ cd ..
 %files -f go-shared.list shared
 %endif
 %files -n go-toolset
 %files race
 %ifarch x86_64
 %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
 %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
 %else
 %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 %changelog
-* Thu Jun 26 2025 Alejandro Sáez <asm@redhat.com> - 1.24.4-2
+* Mon Jun 02 2025 Alejandro Sáez <asm@redhat.com> - 1.23.9-1
- Add LD_FLAGS for stripping binaries
+- Update to Go 1.23.9
- Resolves: RHEL-93238
+- Resolves: RHEL-94636
-* Fri Jun 13 2025 David Benoit <dbenoit@redhat.com> - 1.24.4-1
+* Thu Mar 13 2025 David Benoit <dbenoit@redhat.com> - 1.23.6-1
- Update to Go 1.24.4 (fips-1)
+- Update to Go 1.23.6
- Resolves: RHEL-95998
+- Resolves: RHEL-83824
-* Mon Jun 02 2025 David Benoit <dbenoit@redhat.com> - 1.24.3-3
+* Tue Jan 21 2025 Archana <aravinda@redhat.com> - 1.22.11-1
- Update to Go 1.24.3 (fips-3)
+- Rebase to Go1.22.11 to pick up fixes for CVE 2024-45341 and 2024-45336
- Fix linkage issue in bin/go
+- Fix test failures with expired certificates
- Fix loading issue in non-fips mode
+- Resolves: RHEL-73752
 - Related: RHEL-83439
 - Related: RHEL-87632
-* Thu May 29 2025 David Benoit <dbenoit@redhat.com> - 1.24.3-2
+* Fri Dec 13 2024 Alejandro Sáez <asm@redhat.com> - 1.22.9-2
- Update to Go 1.24.3 (fips-2)
+- Remove bundled boringcrypto blob
- Resolves: RHEL-87632
+- Resolves: RHEL-54338
-* Thu May 08 2025 David Benoit <dbenoit@redhat.com> - 1.24.3-1
+* Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
- Update to Go 1.24.3 (fips-1)
+- Update to Go 1.22.9
- Exclude TestEd25519Vectors, TestACVP which require network
+- Resolves: RHEL-67668
 - Resolves: RHEL-83439
 - Resolves: RHEL-85268
 - Resolves: RHEL-87632
 - Resolves: RHEL-91312
 - Resolves: RHEL-92023
-* Thu Jan 09 2025 David Benoit <dbenoit@redhat.com> - 1.23.4-1
+* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
- Update to Go 1.23.4 (fips-1)
+- Update to Go 1.22.7
- Resolves: RHEL-61048
+- Resolves: RHEL-58223
- Resolves: RHEL-61223
+- Resolves: RHEL-57961
 - Resolves: RHEL-57847
 - Resolves: RHEL-57860
-* Wed Oct 23 2024 Archana <aravinda@redhat.com> - 1.23.2-1
+* Fri Sep 06 2024 Archana <aravinda@redhat.com> - 1.22.5-3
- Rebase to Go1.23.2
+- Update fix that loads Openssl in FIPS mode if fips==1
- Remove fix standard crypto panic patch as the source already has changes
+- Related: RHEL-52485
 - Resolves: RHEL-62392
-* Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
+* Mon Sep 02 2024 Archana <aravinda@redhat.com> - 1.22.5-2
- Rebuild race detector archives from LLVM sources
+- Include fix that loads Openssl only in FIPS mode to avoid panic
- Add golang-race subpackage
+- Resolves: RHEL-52485
 - Resolves: RHEL-33421
 - Remove unused crypto/internal/boring/syso package
 - Resolves: RHEL-54335
-* Thu Jul 11 2024 Archana <aravinda@redhat.com> - 1.22.5-1
+* Fri Jul 12 2024 Archana <aravinda@redhat.com> - 1.22.5-1
- Rebase to Go1.22.5 to address CVE-2024-24791
+- Rebase to Go1.22.5 to fix CVE-2024-24791
- Resolves: RHEL-46973
+- Resolves: RHEL-46972
-* Thu Jun 27 2024 David Benoit <dbenoit@redhat.com> - 1.22.4-2
+* Fri Jun 07 2024 Archana <aravinda@redhat.com> - 1.22.4-1
- Fix panic in standard crypto mode without openssl
+- Addresses CVEs-2024-24789 and CVE-2024-24790
- Resolves: RHEL-45359
+- Resolves: RHEL-40157
 * Thu Jun 6 2024 Archana Ravindar <aravinda@redhat.com> - 1.22.4-1
 - Rebase to Go1.22.4 that includes fixes for CVE-2024-24789 and CVE-2024-24790
 - Resolves: RHEL-40156
 * Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
 - Update openssl backend
- Resolves: RHEL-36101
+- Resolves: RHEL-36102
 * Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
 - Restore HashSign / HashVerify API
- Resolves: RHEL-35883
+- Resolves: RHEL-35884
-* Wed May 22 2024 Alejandro Sáez <asm@redhat.com> - 1.22.3-1
+* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.22.3-1
- Rebase to 1.22.3
+- Update to Go 1.22.3
- Removes re-enable-cgo.patch
+- Resolves: RHEL-35884
- Resolves: RHEL-35634
+- Resolves: RHEL-35075
- Resolves: RHEL-35883
+- Resolves: RHEL-35632
- Resolves: RHEL-10068
+- Resolves: RHEL-35901
 - Resolves: RHEL-34924
-* Thu Apr 18 2024 Derek Parker <deparker@redhat.com> - 1.22.2-1
+* Thu May 02 2024 Alejandro Sáez <asm@redhat.com> - 1.22.2-1
 - Rebase to 1.22.2
 - Resolves: RHEL-28941
 * Tue Apr 09 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-2
 - Set the AMD64 baseline to v2
 * Tue Mar 19 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-1
 - Rebase to Go 1.22.1
 - Re-enable CGO
- Resolves: RHEL-29527
+- Skip TestCrashDumpsAllThreads
- Resolves: RHEL-28175
+- Resolves: RHEL-33157
-* Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
+* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to Go 1.21.7
 - Set GOTOOLCHAIN to local
 - Resolves: RHEL-24334
 - Resolves: RHEL-18364
 - Resolves: RHEL-18365
 * Thu Nov 30 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-2
 - Add release information
 - Set GOTOOLCHAIN to local
 - Skip TestOverlongMessagePKCS1v15
 - Resolves: RHEL-24082
 - Resolves: RHEL-18363
 - Resolves: RHEL-18382
-* Tue Nov 14 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-1
+* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
- Rebase to Go 1.21.4
+- Do not remove GOPROXY/GOSUMDB
- Resolves: RHEL-11871
+- Related: RHEL-12620
-* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-5
+* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
- Don't change GOPROXY/GOSUMDB
+- Fix go.env in Go 1.21
- Related: RHEL-12624
+- Related: RHEL-12620
-* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
+* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
- Fix missing go.env in Go 1.21
+- Rebase disable_static_tests_part2.patch to Go 1.21.3
 - Related: RHEL-12624
 * Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-3
 - Add missing strict fips runtime detection patch
 - Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Related: RHEL-12624
+- Remove fix-memory-leak patch as it is fixed upstream
-
+- Resolves: RHEL-12620
 * Wed Oct 25 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
 - Rebase disable_static_tests_part2.patch to Go 1.21.3
 - Related: RHEL-12624
 * Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
- Rebase to Go 1.21.3
+- Rebase Go to 1.21.3
- Resolves: RHEL-12624
+- Resolves: RHEL-12620
-* Wed Sep 27 2023 Alejandro Sáez <asm@redhat.com> - 1.20.8-1
+* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
 - Rebase to Go 1.20.8
 - Remove fix-memory-leak-evp-sign-verify.patch as it is already included in the source
 - Resolves: RHEL-2775
 * Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-5
 - Retire golang-race package
- Resolves: rhbz#2230705
+- Resolves: rhbz#2230599
-* Tue Jul 18 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
+* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
 - Rebase to Go 1.20.6
- Change to autopatch
+- Resolves: rhbz#2217596
 - Resolves: rhbz#2222313
 * Fri Jun 23 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-3
 - Increase the timeout in the tests
 - Related: rhbz#2204477
 * Fri Jun 09 2023 Carl George <carl@redhat.com> - 1.20.4-2
 - Add go-toolset subpackage to ensure golang and go-toolset are published together
 - Resolves: rhbz#2117248
 * Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
 - Rebase to Go 1.20.4
- Resolves: rhbz#2204477
+- Resolves: rhbz#2204474
 * Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
 - Rebase to Go 1.20.3
 - Remove race archives
- Update static test patches
+- Update static tests patches
- Resolves: rhbz#2185259
+- Resolves: rhbz#2185260
-* Wed Mar 01 2023 David Benoit <dbenoit@redhat.com> - 1.19.6-1
+* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Rebase to Go 1.19.6
+- Fix memory leaks in EVP_{sign,verify}_raw
- Resolves: rhbz#2174429
+- Resolves: rhbz#2132767
 - Fix memory leak
 - Resolves: rhbz#2157602
 - Enable tests in check phase
 * Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
 - Rebase to Go 1.19.4
@ -751,130 +644,150 @@ cd ..
 - Remove defunct patches
 - Remove downstream generated FIPS mode patches
 - Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144539
+- Resolves: rhbz#2144542
-* Wed Nov 30 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
- Fix endian issue in FIPS mode
+- Enable big endian support in FIPS mode
- Resolves: rhbz#1966992
+- Resolves: rhbz#1969844
-* Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
- Update go to version 1.19.2
+- Restore old HashSign/HashVerify API
- Resolves: rhbz#2134407
+- Resolves: rhbz#2132730
 * Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
 - Add support for 4096 bit keys in x509
 - Resolves: rhbz#2132694
 * Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
 - Rebase to Go 1.19.2
 - Resolves: rhbz#2132730
 * Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
 - Rebase to Go 1.19.1
- Temporarily disable crypto tests
+- Resolves: rhbz#2131026
 - Resolves: rhbz#2131028
-* Wed Aug 10 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
- Update to Go 1.18.4
+- Adds patch for PIE mode issues on PPC64LE
- Resolves: rhbz#2109180
+- Resolves: rhbz#2111593
 - Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode
-* Fri Aug 05 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-1
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
- Update to Go 1.18.4
+- Update Go to version 1.18.4
- Resolves: rhbz#2109180
+- Resolves: rhbz#2109179
-* Fri Jun 10 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-2
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-3
- Update deprecated openssl algorithms patch
+- Clean up dist-git patches
- Rebuild against openssl-3.0.1-33
+- Resolves: rhbz#2109175
 - Resolves: rhbz#2092136
 - Related: rhbz#2092016
-* Mon May 02 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
+* Thu Jul 07 2022 Alejandro Sáez <asm@redhat.com> - 1.18.2-2
- Rebase to Go 1.18.2
+- Bump up release version
- Move to github.com/golang-fips/go
+- Related: rhbz#2075162
 - Resolves: rhbz#2075169
 - Resolves: rhbz#2060769
 - Resolves: rhbz#2067531
 - Resolves: rhbz#2067536
 - Resolves: rhbz#2067552
 - Resolves: rhbz#2025637
-* Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
+* Thu Jun 16 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
 - Update to Go 1.18.2
 - Related: rhbz#2075162
 * Mon Apr 18 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-2
 - Enable SHA1 in some contexts
 - Related: rhbz#2075162
 * Wed Apr 13 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-1
 - Update Go to 1.18.0
 - Resolves: rhbz#2075162
 * Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
 - Rebase to Go 1.17.7
 - Remove fips memory leak patch (fixed in tree)
 - Resolves: rhbz#2015930
 * Fri Dec 10 2021 David Benoit <dbenoit@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5
- Add remove_waitgroup_misuse_tests patch
+- Remove vdso_s390x_gettime patch
- Add remove_ed25519vectors_test.patch
+- Resolves: rhbz#2031112
- Remove FIPS checks to avoid issues in the CI
+- Related: rhbz#2028570
 - Related: rhbz#2031116
 - Resolves: rhbz#2022829
 - Resolves: rhbz#2024687
 - Resolves: rhbz#2030851
 - Resolves: rhbz#2031253
-* Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+* Fri Dec 03 2021 David Benoit <dbenoit@redhat.com> - 1.17.4-1
 - Rebase Go to 1.17.4
 - Add remove_waitgroup_misuse_tests patch
 - Related: rhbz#2014088
 - Resolves: rhbz#2028570
 - Resolves: rhbz#2022828
 - Resolves: rhbz#2024686
 - Resolves: rhbz#2028662
 * Wed Oct 27 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-2
 - Resolves: rhbz#2014704
 * Tue Oct 12 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
 - Rebase to Go 1.17.2
- Related: rhbz#2014087
+- Related: rhbz#2014088
 - Remove golang-1.15-warnCN.patch
 - Remove reject-leading-zeros.patch
 - Remove favicon.ico and robots.txt references
 - Exclude TestEd25519Vectors test 
 - Update patch rhbz1952381
 - Remove rhbz1904567 patch
 - Remove rhbz1939923 patch
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
+* Tue Aug 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.7-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebase to Go 1.16.7
-  Related: rhbz#1991688
+- Resolves: rhbz#1994079
 - Add reject leading zeros patch
 - Resolves: rhbz#1993314
-* Wed Aug 4 2021 Derek Parker <deparker@redhat.com> - 1.16.6-3
+* Wed Jul 21 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
- Include ppc64le VDSO segfault backport fix
+- Fix TestBoringServerCurves failure when run by itself
- Resolves: rhbz#1966622
+- Resolves: rhbz#1976168
-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
+* Thu Jul 15 2021 David Benoit <dbenoit@redhat.com> - 1.16.6-1
- Bump release
+- Rebase to go-1.16.6-1-openssl-fips
- Resolves: rhbz#1904567
+- Resolves: rhbz#1982281
 - Addresses CVE-2021-34558
-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
+* Tue Jul 06 2021 Alejandro Sáez <asm@redhat.com> - 1.16.5-1
- Backport fix allowing LTO to be enabled on cgo sources
+- Rebase to 1.16.5
- Resolves: rhbz#1904567
+- Removes rhbz#1955032 patch, it's already included in this release
 - Removes rhbz#1956891 patch, it's already included in this release
 - Related: rhbz#1979677
 - Related: rhbz#1968738
 - Related: rhbz#1972420
-* Tue Jul 20 2021 Derek Parker <deparker@redhat.com> - 1.16.6-1
+* Thu Jun 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-3
- Rebase to 1.16.6
+- Fix zero-size allocation memory leak.
- Resolves: rhbz#1984124
+- Related: rhbz#1951877
 - Replace symbols no longer present in OpenSSL 3.0 ABI
 - Resolves: rhbz#1984110
 - Fix TestBoringServerCurves failing when ran by itself
 - Resolves: rhbz#1977914
-* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.4-3
+* Tue Jun 08 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Resolves: rhbz#1951877
  Related: rhbz#1971065
-* Fri May 28 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
+* Mon May 24 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
- Port to OpenSSL 3.0
+- Rebase to go-1.16.4-1-openssl-fips
 - Resolves: rhbz#1952381
-* Fri May 14 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
+* Tue May 04 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-3
- Rebase to 1.16.4
+- Resolves: rhbz#1956891
 - Resolves: rhbz#1955035
 - Resolves: rhbz#1957961
-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.1-3
+* Thu Apr 29 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Resolves: rhbz#1955032
-* Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
+* Wed Mar 17 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
 - Rebase to go-1.16.1-2-openssl-fips
 - Resolves: rhbz#1922455
 * Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
 - Rebase to go-1.16.1-2-openssl-fips
 - Resolves: rhbz#1938071
 - Adds a workaround for rhbz#1939923
 - Removes Patch224, it's on upstream -> rhbz#1888673
 - Removes Patch225, it's on upstream -> https://go-review.googlesource.com/c/text/+/238238
 - Removes old patches for cleaning purposes
 - Related: rhbz#1942898
 * Fri Jan 22 2021 David Benoit <dbenoit@redhat.com> - 1.15.7-1
 - Rebase to 1.15.7
- Resolves: rhbz#1892207
+- Resolves: rhbz#1870531
- Resolves: rhbz#1918755
+- Resolves: rhbz#1919261
 * Tue Nov 24 2020 David Benoit <dbenoit@redhat.com> - 1.15.5-1
 - Rebase to 1.15.5
- Resolves: rhbz#1899184
+- Resolves: rhbz#1898652
- Resolves: rhbz#1899185
+- Resolves: rhbz#1898660
- Resolves: rhbz#1899186
+- Resolves: rhbz#1898649
-* Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
+* Mon Nov 16 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
 - fix typo in patch file name
 - Related: rhbz#1881539
 * Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-1
 - Rebase to 1.15.3
 - fix x/text infinite loop
 - Resolves: rhbz#1881539
--- a/fedora.go
+++ b/fedora.go
@ -1,11 +0,0 @@
 //go:build rpm_crashtraceback
 // +build rpm_crashtraceback
 // Copyright 2017 The Fedora Project Contributors. All rights reserved.
 // Use of this source code is governed by the MIT license.
 package runtime
 func init() {
 	setTraceback("crash")
 }
--- a/fix-standard-crypto-panic.patch
+++ b/fix-standard-crypto-panic.patch
@ -1,44 +0,0 @@
 diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
 index 3d3a9a36ee..8dc2d46b52 100644
 --- a/src/crypto/internal/backend/openssl.go
 +++ b/src/crypto/internal/backend/openssl.go
@@ -25,6 +25,22 @@ var enabled bool
 var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
 func init() {
 +	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 +	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 +	// other values: do not override OpenSSL configured FIPS mode.
 +	var fips string
 +	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 +		fips = v
 +	} else if hostFIPSModeEnabled() {
 +		// System configuration can only force FIPS mode.
 +		fips = "1"
 +	}
 +
 +	// Use Go standard crypto, do not load openssl
 +	if (fips != "1") {
 +		return
 +	}
 +
 	version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
 	if version == "" {
 		var fallbackVersion string
@@ -49,16 +65,6 @@ func init() {
 	if err := openssl.Init(version); err != nil {
 		panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
 	}
 -	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 -	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 -	// other values: do not override OpenSSL configured FIPS mode.
 -	var fips string
 -	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 -		fips = v
 -	} else if hostFIPSModeEnabled() {
 -		// System configuration can only force FIPS mode.
 -		fips = "1"
 -	}
 	switch fips {
 	case "0":
 		if openssl.FIPS() {
--- a/gating.yaml
+++ b/gating.yaml
@ -1,8 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-aarch64.functional}
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-ppc64le.functional}
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-x86_64.functional}
--- a/modify_go.env.patch
+++ b/modify_go.env.patch
@ -1,27 +0,0 @@
 From d6e201910aa29262851c9274a4cd3645022d3539 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Tue, 9 Apr 2024 10:05:46 +0200
 Subject: [PATCH] Modify environment variables defaults
 - Set GOTOOLCHAIN to local
 - Set GOAMD64 to v2
 ---
 go.env | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/go.env b/go.env
 index 6ff2b921d4..aadcda023b 100644
 --- a/go.env
 +++ b/go.env
@@ -9,4 +9,7 @@ GOSUMDB=sum.golang.org
 # Automatically download newer toolchains as directed by go.mod files.
 # See https://go.dev/doc/toolchain for details.
 -GOTOOLCHAIN=auto
 +GOTOOLCHAIN=local
 +
 +# The AMD64 baseline for RHEL9 is v2.
 +GOAMD64=v2
 -- 
 2.44.0
--- a/ppc64le-internal-linker-fix.patch
+++ b/ppc64le-internal-linker-fix.patch
@ -1,122 +0,0 @@
 diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
 new file mode 100644
 index 0000000000000..bca897c16d054
 --- /dev/null
 +++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
 +# Verify PPC64 does not reuse a trampoline which is too far away.
 +# This tests an edge case where the direct call relocation addend should
 +# be ignored when computing the distance from the direct call to the
 +# already placed trampoline
 +[short] skip
 +[!ppc64] [!ppc64le] skip
 +[aix] skip
 +
 +# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
 +# assembly 2^26 or so times.
 +#
 +# We build something which should be laid out as such:
 +#
 +# bar.Bar
 +# main.Func1
 +# bar.Bar+400-tramp0
 +# main.BigAsm
 +# main.Func2
 +# bar.Bar+400-tramp1
 +#
 +# bar.Bar needs to be placed far enough away to generate relocations
 +# from main package calls. and main.Func1 and main.Func2 are placed
 +# a bit more than the direct call limit apart, but not more than 0x400
 +# bytes beyond it (to verify the reloc calc).
 +
 +go build
 +
 +-- go.mod --
 +
 +module foo
 +
 +go 1.19
 +
 +-- main.go --
 +
 +package main
 +
 +import "foo/bar"
 +
 +func Func1()
 +
 +func main() {
 +        Func1()
 +        bar.Bar2()
 +}
 +
 +-- foo.s --
 +
 +TEXT main·Func1(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +        CALL main·BigAsm(SB)
 +// A trampoline will be placed here to bar.Bar
 +
 +// This creates a gap sufficiently large to prevent trampoline reuse
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24
 +TEXT main·BigAsm(SB),0,$0-0
 +        // Fill to the direct call limit so Func2 must generate a new trampoline.
 +        // As the implicit trampoline above is just barely unreachable.
 +        BIGNOP
 +        MOVD $main·Func2(SB), R3
 +
 +TEXT main·Func2(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +// Another trampoline should be placed here.
 +
 +-- bar/bar.s --
 +
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24 NOP2S10
 +// A very big not very interesting function.
 +TEXT bar·Bar(SB),0,$0-0
 +        BIGNOP
 +
 +-- bar/bar.go --
 +
 +package bar
 +
 +func Bar()
 +
 +func Bar2() {
 +}
 diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
 index 5d5fbe2a97735..6313879da083c 100644
 --- a/src/cmd/link/internal/ppc64/asm.go
 +++ b/src/cmd/link/internal/ppc64/asm.go
@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
 				if ldr.SymValue(tramp) == 0 {
 					break
 				}
 -
 -				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
 +				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
 +				// trampoline itself.
 +				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
 				// With internal linking, the trampoline can be used if it is not too far.
 				// With external linking, the trampoline must be in this section for it to be reused.
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -1,29 +0,0 @@
 ---
 debuginfo:
  ignore:
    # go binaries gained/contain debugging symbols: expected (rhbz#2175281 rhbz#2175677)
    - /usr/lib/golang/bin/gofmt
    - /usr/lib/golang/bin/go
    - /usr/lib/golang/pkg/tool/linux_*/addr2line
    - /usr/lib/golang/pkg/tool/linux_*/asm
    - /usr/lib/golang/pkg/tool/linux_*/buildid
    - /usr/lib/golang/pkg/tool/linux_*/cgo
    - /usr/lib/golang/pkg/tool/linux_*/compile
    - /usr/lib/golang/pkg/tool/linux_*/covdata
    - /usr/lib/golang/pkg/tool/linux_*/cover
    - /usr/lib/golang/pkg/tool/linux_*/dist
    - /usr/lib/golang/pkg/tool/linux_*/distpack
    - /usr/lib/golang/pkg/tool/linux_*/doc
    - /usr/lib/golang/pkg/tool/linux_*/fix
    - /usr/lib/golang/pkg/tool/linux_*/link
    - /usr/lib/golang/pkg/tool/linux_*/nm
    - /usr/lib/golang/pkg/tool/linux_*/objdump
    - /usr/lib/golang/pkg/tool/linux_*/pack
    - /usr/lib/golang/pkg/tool/linux_*/pprof
    - /usr/lib/golang/pkg/tool/linux_*/test2json
    - /usr/lib/golang/pkg/tool/linux_*/trace
    - /usr/lib/golang/pkg/tool/linux_*/vet
    # go testdata
    - /usr/lib/golang/src/debug/dwarf/testdata/*.elf
    - /usr/lib/golang/src/debug/elf/testdata/*
    - /usr/lib/golang/src/runtime/pprof/testdata/*
--- a/3
+++ b/3
@ -1,3 +0,0 @@
 SHA512 (go1.24.4.tar.gz) = fbf4e4d2e3641b1f7616ad3641e93582b71eb67d15aaf5eeda60ab5bff2949bf91ec57b5c1fd2fee83906c1c1c5303d8e2af5f06e3de9b3e1381a25218c902c8
 SHA512 (go1.24.4-1-openssl-fips.tar.gz) = d62905d51090a99b20d294e5e23cf2c8d807e620309602364ad30379e65d13ef69ef82666be891f1743c46608a8aa1ab95121db92f38ae5a7b933d242fa7c582
 SHA512 (compiler-rt-18.1.8.src.tar.xz) = fb8795bd51c9b005c2ad1975591e9e2715740d6407ccad41379f136ef2e8d24ded8b97b01165a3ae4bd377119a6a1049ca05d3220404fc12bee86114ff2bff0d
		`@ -0,0 +1,2 @@`
							`f88e1a017f8abb82764e1340b858268b8beca1d8 SOURCES/go1.23.9-1-openssl-fips.tar.gz`
							`ac7c4463e6f0e61fceb6c4e73d7c7d9da61d6a5d SOURCES/go1.23.9.tar.gz`