20 changed files with 693 additions and 660 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,86 +1,2 @@
-/go1.8.3.src.tar.gz
+SOURCES/go1.21.13-4-openssl-fips.tar.gz
-/go1.8.4.src.tar.gz
+SOURCES/go1.21.13.tar.gz
 /go1.8.5.src.tar.gz
 /go1.10.src.tar.gz
 /go1.10.2.src.tar.gz
 /dev.boringcrypto.go1.10.tar.gz
 /go1.9.7.linux-amd64.tar.gz
 /go1.9.7.linux-386.tar.gz
 /go1.9.7.linux-ppc64le.tar.gz
 /go1.9.7.linux-s390x.tar.gz
 /go1.9.7.linux-arm64.tar.gz
 /go1.10.3-openssl-1-1-fips.tar.gz
 /go1.11-openssl-1.1-fips.tar.gz
 /go1.11.5-openssl-1.1.tar.gz
 /go-go1.11.5-openssl-1.1.tar.gz
 /go1.12.1-openssl-fips.tar.gz
 /go1.12.1-3-openssl-fips.tar.gz
 /go1.12.1-4-openssl-fips.tar.gz
 /go1.12.1-8-openssl-fips.tar.gz
 /go1.12.1-9-openssl-fips.tar.gz
 /go1.12.5-1-openssl-fips.tar.gz
 /go1.12.6-1-openssl-fips.tar.gz
 /go-go-1.12.6-2-openssl-fips.tar.gz
 /go-go-1.12.6-3-openssl-fips.tar.gz
 /go-go-1.12.8-2-openssl-fips.tar.gz
 /go-go-1.13.4-1-openssl-fips.tar.gz
 /go-go-1.14.2-1-openssl-fips.tar.gz
 /go-go-1.14.4-1-openssl-fips.tar.gz
 /go-go-1.14.6-1-openssl-fips.tar.gz
 /go-go-1.14.7-1-openssl-fips.tar.gz
 /go-go-1.14.7-2-openssl-fips.tar.gz
 /go-go-1.15.0-2-openssl-fips.tar.gz
 /go-go-1.15.2-1-openssl-fips.tar.gz
 /go-go-1.15.3-1-openssl-fips.tar.gz
 /go-go-1.15.5-1-openssl-fips.tar.gz
 /go-go-1.15.7-1-openssl-fips.tar.gz
 /go-go-1.16.1-1-openssl-fips.tar.gz
 /go-go-1.16.1-2-openssl-fips.tar.gz
 /go-go-1.16.4-1-openssl-fips.tar.gz
 /go-go-1.16.5-1-openssl-fips.tar.gz
 /go-go-1.16.6-1-openssl-fips.tar.gz
 /go-go-1.16.6-3-openssl-fips.tar.gz
 /go-go-1.16.7-1-openssl-fips.tar.gz
 /go-go-1.17.2-1-openssl-fips.tar.gz
 /go-go-1.17.3-1-openssl-fips.tar.gz
 /go-go-1.17.4-1-openssl-fips.tar.gz
 /go-go-1.17.5-1-openssl-fips.tar.gz
 /go-go-1.17.7-1-openssl-fips.tar.gz
 /go1.19.1.tar.gz
 /go1.19.2.tar.gz
 /go1.19.4-1-openssl-fips.tar.gz
 /go1.19.4.tar.gz
 /go1.19.6.tar.gz
 /go1.19.6-1-openssl-fips.tar.gz
 /go1.20.3.tar.gz
 /go1.20.3-1-openssl-fips.tar.gz
 /go1.20.4.tar.gz
 /go1.20.4-3-openssl-fips.tar.gz
 /go1.20.6.tar.gz
 /go1.20.6-1-openssl-fips.tar.gz
 /go1.20.8.tar.gz
 /go1.20.8-1-openssl-fips.tar.gz
 /go1.21.3-1-openssl-fips.tar.gz
 /go1.21.3.tar.gz
 /go1.21.4.tar.gz
 /go1.21.4-1-openssl-fips.tar.gz
 /go1.21.7.tar.gz
 /go1.21.7-1-openssl-fips.tar.gz
 /go1.22.1.tar.gz
 /go1.22.1-1-openssl-fips.tar.gz
 /go1.22.1-2-openssl-fips.tar.gz
 /go1.22.2.tar.gz
 /go1.22.2-1-openssl-fips.tar.gz
 /go1.22.3.src.tar.gz
 /go1.22.3-1-openssl-fips.tar.gz
 /go1.22.3.tar.gz
 /go1.22.3-2-openssl-fips.tar.gz
 /go1.22.3-3-openssl-fips.tar.gz
 /go1.22.4.tar.gz
 /go1.22.4-1-openssl-fips.tar.gz
 /go1.22.5.tar.gz
 /go1.22.5-1-openssl-fips.tar.gz
 /51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.gz
 /compiler-rt-18.1.8.src.tar.xz
 /go1.23.2.tar.gz
 /go1.23.2-2-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -0,0 +1,2 @@
 cfcfc208c18ecffcebe3d6218537f495eb555395 SOURCES/go1.21.13-4-openssl-fips.tar.gz
 a6aa471b6f806146bbd4ffec11b70ca834421a2e SOURCES/go1.21.13.tar.gz
--- a/5
+++ b/5
@ -1,5 +0,0 @@
 mockbuild:
 	centpkg mockbuild
 spectool:
 	spectool -g golang.spec
--- a/README.md
+++ b/README.md
@ -1,65 +0,0 @@
 # Golang
 ## Introduction
 This package holds the spec file and related patches for the Golang package.
 The golang package is part of the larger go-toolset meta package.
 ## Sources
 This particular branch provides Go 1.16.x. The sources for this branch can be
 found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is
 coming from a pagure fork as opposed to an upstream tarball is due to certain
 patches we have written and currently maintain in order to claim FIPS compliance
 by calling into OpenSSL. Shipping a forked version of the toolchain is not the
 ideal scenario, and there is work in progress with upstream to enable us to
 instead ship a pure upstream toolchain and include a crypto module in go-toolset
 which will satisfy our FIPS requirements.
 The current fork is based on an upstream branch[[0]] which uses
 boringcrypto[[1]] instead of OpenSSL.
 If you need to make changes to the source for a rebase or bug fix, check out the
 pagure repo and switch to the branch listed above. Once you have made your
 changes you can test them locally with `./all.bash`. You may want to export
 `GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are
 correct. Please note however that the test suite does not fully expect FIPS
 compliance, and will attempt to test non FIPS compliant code paths. The easiest
 way to test your changes correctly is to create a tarball locally and execute a
 mockbuild using this packge, which knows how to correctly run the testsuite in
 both FIPS and non-FIPS modes.
 NOTE: The way pagure previously handled uploaded releases has changed, and
 releases must be tagged in the appropriate branch, from which pagure will
 generate source tarballs.
 ## Testing & building changes
 The first test you should run is a local mockbuild. This can be done with the
 rhpkg command:
 ```
 rhpkg mockbuild
 ```
 Once everything builds and passes locally you'll likely want to perform a
 scratch build. This will ensure that the changes you made build and run
 correctly on all architectures that this package supports. The best way to do
 this is to run a scratch build from your local sources without first having to
 push them. This ensures your changes are correct before commiting them to the
 repo. This can also be done via the following rhpkg command:
 ```
 rhpkg scratch-build --srpm
 ```
 Once your scratch build has passed you can execute a real build:
 ```
 rhpkg build
 ```
 ---
 [0] https://github.com/golang/go/tree/dev.boringcrypto 
 [1] https://opensource.google.com/projects/boringssl
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
@ -0,0 +1,374 @@
 diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go
 index 47618fe..d93784d 100644
 --- a/src/crypto/boring/boring.go
 +++ b/src/crypto/boring/boring.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build boringcrypto
 +//go:build boringcrypto && !static
 // Package boring exposes functions that are only available when building with
 // Go+BoringCrypto. This package is available on all targets as long as the
 diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
 index 33a53a8..f630ea5 100644
 --- a/src/crypto/internal/backend/nobackend.go
 +++ b/src/crypto/internal/backend/nobackend.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
 -// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
 +//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
 +// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
 package backend
 diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
 index 59370ec..eb81ef6 100644
 --- a/src/crypto/internal/backend/openssl.go
 +++ b/src/crypto/internal/backend/openssl.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
 // Package openssl provides access to OpenSSLCrypto implementation functions.
 // Check the variable Enabled to find out whether OpenSSLCrypto is available.
 diff --git a/src/crypto/internal/boring/div_test.c b/src/crypto/internal/boring/div_test.c
 index f909cc9..8530533 100644
 --- a/src/crypto/internal/boring/div_test.c
 +++ b/src/crypto/internal/boring/div_test.c
@@ -1,4 +1,5 @@
 // Copyright 2022 The Go Authors. All rights reserved.
 +// +build !static
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
 index 2b11049..dec1cb2 100644
 --- a/src/crypto/internal/boring/goboringcrypto.h
 +++ b/src/crypto/internal/boring/goboringcrypto.h
@@ -1,4 +1,5 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 +// +build !static
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
 index b338754..db5ea1e 100644
 --- a/src/crypto/internal/boring/syso/syso.go
 +++ b/src/crypto/internal/boring/syso/syso.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build boringcrypto
 +//go:build boringcrypto && !static
 // This package only exists with GOEXPERIMENT=boringcrypto.
 // It provides the actual syso file.
 diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go
 index e5e4783..a0d9523 100644
 --- a/src/crypto/tls/fipsonly/fipsonly.go
 +++ b/src/crypto/tls/fipsonly/fipsonly.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build boringcrypto
 +//go:build boringcrypto && !static
 // Package fipsonly restricts all TLS configuration to FIPS-approved settings.
 //
 diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go
 index f8485dc..6563ac4 100644
 --- a/src/crypto/tls/fipsonly/fipsonly_test.go
 +++ b/src/crypto/tls/fipsonly/fipsonly_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build boringcrypto
 +//go:build boringcrypto && !static
 package fipsonly
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
 index 079fc3c..e826d0b 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
 index 9537870..c491628 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
 index 9f46388..87feb18 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/evp.go b/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
 index 46d2bdd..34f4a43 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
@@ -1,5 +1,5 @@
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
 index ac6c64f..5526db9 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
@@ -1,4 +1,5 @@
 // Copyright 2017 The Go Authors. All rights reserved.
 +// +build !static
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 // +build linux
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
 index 2e21224..83da261 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
 index 3af1924..57a525a 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
 index 5093cde..0610495 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
 -// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
 +//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
 +// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
 index 17a9034..db51ced 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
 index 7ce9833..fe66288 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
 index a45ed60..2b541fd 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
 index 49d40a7..3b3dbf8 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
 index 7eb645e..1c3225a 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
@@ -1,4 +1,5 @@
 // This file contains a port of the BoringSSL AEAD interface.
 +// +build !static
 // +build linux
 // +build !android
 // +build !no_openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
 index df4ebe3..876393b 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
 index 8205b04..dcd751d 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
 index 2eedd5b..04510d3 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
@@ -1,4 +1,5 @@
 // This file contains a backport of the EVP_md5_sha1 method.
 +// +build !static
 // +build linux
 // +build !android
 // +build !no_openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
 index a5996d6..2552081 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
@@ -1,4 +1,5 @@
 // This file contains HMAC portability wrappers.
 +// +build !static
 // +build linux
 // +build !android
 // +build !no_openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
 index e214929..c9f6887 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
@@ -1,4 +1,5 @@
 // This file contains RSA portability wrappers.
 +// +build !static
 // +build linux
 // +build !android
 // +build !no_openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
 index 22bd865..b7aa26b 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
@@ -1,4 +1,5 @@
 // +build linux
 +// +build !static
 // +build !android
 // +build !no_openssl
 // +build !cmd_go_bootstrap
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
 index b3668b8..dcdae70 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
 index 7870b93..564db24 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
 index 0b55ced..57309c0 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
@@ -2,8 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 -//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
 -// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
 +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
 +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
 package openssl
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
@ -0,0 +1,13 @@
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
 index 36a20e8b2a..8c2dd1b44b 100644
 --- a/src/cmd/dist/test.go
 +++ b/src/cmd/dist/test.go
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
 			} else {
 				panic("unknown linkmode with static build: " + linkmode)
 			}
 -			gt.tags = append(gt.tags, "static")
 +			gt.tags = append(gt.tags, "static", "no_openssl")
 		}
 		gt.ldflags = strings.Join(ldflags, " ")
--- a/SOURCES/evp-digest-sign-final.patch
+++ b/SOURCES/evp-digest-sign-final.patch
@ -0,0 +1,92 @@
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
 index ac6c64f86d..5213b841dc 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
@@ -264,7 +264,7 @@ int _goboringcrypto_HMAC_Update(GO_HMAC_CTX *ctx,
 int _goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX *ctx);
 void _goboringcrypto_HMAC_CTX_free(GO_HMAC_CTX *ctx);
 int _goboringcrypto_HMAC_Final(GO_HMAC_CTX *ctx,
 -			       unsigned char *md, unsigned int *len);
 +			       unsigned char *md, unsigned int len);
 #include <openssl/evp.h>
 #include <openssl/aes.h>
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
 index 3af1924884..c76d6690aa 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
@@ -121,7 +121,9 @@ func (h *boringHMAC) finalize() {
 func (h *boringHMAC) Write(p []byte) (int, error) {
 	if len(p) > 0 {
 -		C._goboringcrypto_HMAC_Update(h.ctx, (*C.uint8_t)(unsafe.Pointer(&p[0])), C.size_t(len(p)))
 +		if C._goboringcrypto_HMAC_Update(h.ctx, (*C.uint8_t)(unsafe.Pointer(&p[0])), C.size_t(len(p))) == 0 {
 +			panic("boringcrypto: HMAC_Update failed")
 +		}
 	}
 	runtime.KeepAlive(h)
 	return len(p), nil
@@ -136,10 +138,12 @@ func (h *boringHMAC) BlockSize() int {
 }
 func (h *boringHMAC) Sum(in []byte) []byte {
 +	size := h.Size()
 	if h.sum == nil {
 -		size := h.Size()
 		h.sum = make([]byte, size)
 	}
 -	C._goboringcrypto_HMAC_Final(h.ctx, (*C.uint8_t)(unsafe.Pointer(&h.sum[0])), nil)
 +	if C._goboringcrypto_HMAC_Final(h.ctx, (*C.uint8_t)(unsafe.Pointer(&h.sum[0])), C.uint(size)) == 0 {
 +		panic("boringcrypto: HMAC_Final failed")
 +	}
 	return append(in, h.sum...)
 }
 diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
 index d26ce90c82..f7dabb25e0 100644
 --- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
 +++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
@@ -115,10 +115,10 @@ void _goboringcrypto_HMAC_CTX_free(GO_HMAC_CTX *ctx)
 }
 int _goboringcrypto_HMAC_Final(GO_HMAC_CTX *ctx,
 -			       unsigned char *md, unsigned int *len)
 +			       unsigned char *md, unsigned int len)
 {
   EVP_MD_CTX *mdctx = NULL;
 -  size_t slen;
 +  size_t slen = len;
   int ret = 0;
   mdctx = _goboringcrypto_EVP_MD_CTX_create();
@@ -128,9 +128,10 @@ int _goboringcrypto_HMAC_Final(GO_HMAC_CTX *ctx,
   if (_goboringcrypto_internal_EVP_MD_CTX_copy_ex(mdctx, ctx->mdctx) != 1)
     goto err;
 -  ret = _goboringcrypto_EVP_DigestSignFinal(mdctx, md, &slen);
 -  if (ret == 1 && len)
 -    *len = slen;
 +  if (_goboringcrypto_EVP_DigestSignFinal(mdctx, md, &slen) != 1)
 +    goto err;
 +
 +  ret = 1;
  err:
   _goboringcrypto_EVP_MD_CTX_free(mdctx);
@@ -219,7 +220,7 @@ void _goboringcrypto_HMAC_CTX_free(GO_HMAC_CTX *ctx)
 }
 int _goboringcrypto_HMAC_Final(GO_HMAC_CTX *ctx,
 -			       unsigned char *md, unsigned int *len)
 +			       unsigned char *md, unsigned int len)
 {
   HMAC_CTX hctx;
   int ret;
@@ -228,7 +229,7 @@ int _goboringcrypto_HMAC_Final(GO_HMAC_CTX *ctx,
   if (ret != 1)
     return ret;
 -  ret = _goboringcrypto_internal_HMAC_Final(&hctx, md, len);
 +  ret = _goboringcrypto_internal_HMAC_Final(&hctx, md, &len);
   _goboringcrypto_internal_HMAC_CTX_cleanup(&hctx);
   return ret;
 }
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
--- a/SOURCES/modify_go.env.patch
+++ b/SOURCES/modify_go.env.patch
@ -0,0 +1,22 @@
 From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Fri, 9 Feb 2024 20:06:16 +0100
 Subject: [PATCH] Set GOTOOLCHAIN to local
 ---
 go.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/go.env b/go.env
 index 6ff2b921d4..e87f6e7b6d 100644
 --- a/go.env
 +++ b/go.env
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
 # Automatically download newer toolchains as directed by go.mod files.
 # See https://go.dev/doc/toolchain for details.
 -GOTOOLCHAIN=auto
 +GOTOOLCHAIN=local
 -- 
 2.43.0
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -69,7 +69,6 @@
 %global shared 0
 %endif
 # Pre build std lib with -race enabled
 # Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
 %global race 0
@ -92,17 +91,14 @@
 %global gohostarch  s390x
 %endif
-%global go_api 1.23
+%global go_api 1.21
-%global go_version 1.23.2
+%global version 1.21.13
-%global version %{go_version}
+%global pkg_release 4
 %global pkg_release 2
 # LLVM compiler-rt version for race detector
 %global llvm_compiler_rt_version 18.1.8
 Name:           golang
 Version:        %{version}
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -114,10 +110,9 @@ Source0:        https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
 # located at https://github.com/golang-fips/openssl-fips,
 # And pre-genetated patches to set up the module for a given
 # Go release are located at https://github.com/golang-fips/go.
-Source1:	https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
+Source1:       https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
 Source2:        fedora.go
 Source3: 	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz
 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 # Actual Go based bootstrap compiler provided by above source.
@ -136,14 +131,9 @@ BuildRequires:  openssl-devel
 # for tests
 BuildRequires:  pcre-devel, glibc-static, perl
 # Necessary for building llvm address sanitizer for Go race detector
 BuildRequires: libstdc++-devel
 BuildRequires: clang
 Provides:       go = %{version}-%{release}
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
 Requires:       %{name}-race = %{version}-%{release}
 Requires:       openssl-devel
 Requires:       diffutils
@ -152,8 +142,11 @@ Patch221:       fix_TestScript_list_std.patch
 Patch1939923:   skip_test_rhbz1939923.patch
-Patch4:		modify_go.env.patch
+Patch2:		disable_static_tests_part1.patch
-Patch6:		skip_TestCrashDumpsAllThreads.patch
+Patch3:		disable_static_tests_part2.patch
 Patch5:		modify_go.env.patch
 Patch231:	evp-digest-sign-final.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -161,6 +154,9 @@ Obsoletes:      %{name}-docs < 1.1-4
 # RPM can't handle symlink -> dir with subpackages, so merge back
 Obsoletes:      %{name}-data < 1.1.1-4
 # We don't build golang-race anymore, rhbz#2230599
 Obsoletes:      golang-race < 1.20.0
 # These are the only RHEL/Fedora architectures that we compile this package for
 ExclusiveArch:  %{golang_arches}
@ -231,23 +227,15 @@ Summary:        Golang shared object libraries
 %{summary}.
 %endif
-%package -n go-toolset
+%if %{race}
-Summary:        Package that installs go-toolset
+%package        race
-Requires:       %{name} = %{version}-%{release}
+Summary:        Golang std library with -race enabled
 %ifarch x86_64 aarch64 ppc64le
 Requires:       delve
 %endif
 %description -n go-toolset
 This is the main package for go-toolset.
 %package race
 Summary:	Race detetector library object files.
 Requires:       %{name} = %{version}-%{release}
 %description    race
-Binary library objects for Go's race detector.
+%{summary}
 %endif
 %prep
 %setup -q -n go-go%{version}
@ -258,8 +246,8 @@ popd
 patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
 # Add --no-backup-if-mismatch option to avoid creating .orig temp files
 for p in "$patch_dir"/*.patch; do
-	echo "Applying $p"
+       echo "Applying $p"
-	patch --no-backup-if-mismatch -p1 < $p
+      patch -p1 --no-backup-if-mismatch < $p
 done
 # Configure crypto tests
@ -273,11 +261,6 @@ popd
 sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
 cp %{SOURCE2} ./src/runtime/
 # Delete the bundled race detector objects.
 find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
 # Delete the boring binary blob.  We use the system OpenSSL instead.
 rm -rf src/crypto/internal/boring/syso
 %build
 set -xe
@ -286,38 +269,6 @@ uname -a
 cat /proc/cpuinfo
 cat /proc/meminfo
 # Build race detector .syso's from llvm sources
 %global tsan_buildflags %(echo %{build_cflags} | sed 's/-mtls-dialect=gnu2//')
 mkdir ../llvm
 tar -xf %{SOURCE3} -C ../llvm
 tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
 # The script uses uname -a and grep to set the GOARCH.  This
 # is unreliable and can get the wrong architecture in
 # circumstances like cross-architecture emulation.  We fix it
 # by just reading GOARCH directly from Go.
 export GOARCH=$(go env GOARCH)
 %ifarch x86_64
 pushd "${tsan_go_dir}"
  CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v3 ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
 pushd "${tsan_go_dir}"
  CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v1 ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
 %else
 pushd "${tsan_go_dir}"
  CFLAGS="${tsan_buildflags}" CC=clang ./buildgo.sh
 popd
 cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 # bootstrap compiler GOROOT
 %if !%{golang_bootstrap}
 export GOROOT_BOOTSTRAP=/
@ -495,16 +446,18 @@ export GO_TEST_RUN=""
 %if %{fail_on_tests}
 # TestEd25519Vectors needs network connectivity but it should be cover by
 # this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
 export OPENSSL_FORCE_FIPS_MODE=1
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test -timeout 50m $(go list ./... | grep -v tls) -v
+  go test $(go list ./... | grep -v tls) -v
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@ -549,13 +502,8 @@ cd ..
 # prelink blacklist
 %{_sysconfdir}/prelink.conf.d
 %files -f go-src.list src
 %ifarch x86_64
 %exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
 %exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
 %else
 %exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 %files -f go-docs.list docs
@ -572,143 +520,88 @@ cd ..
 %files -f go-shared.list shared
 %endif
 %files -n go-toolset
 %files race
 %ifarch x86_64
 %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
 %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
 %else
 %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
 %endif
 %changelog
-* Wed Oct 23 2024 Archana <aravinda@redhat.com> - 1.23.2-1
+* Tue Oct 01 2024 David Benoit <dbenoit@redhat.com> - 1.21.13-3
- Rebase to Go1.23.2
+- Add evp-digest-sign-final.patch
- Remove fix standard crypto panic patch as the source already has changes
+- Resolves: RHEL-61109
 - Resolves: RHEL-62392
-* Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
+* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.21.13-2
- Rebuild race detector archives from LLVM sources
+- Rebuild Go with CVE Fixes
- Add golang-race subpackage
+- Remove fix-memleak-setupRSA.patch (exists upstream)
- Resolves: RHEL-33421
+- Resolves: RHEL-58223
- Remove unused crypto/internal/boring/syso package
+- Resolves: RHEL-57961
- Resolves: RHEL-54335
+- Resolves: RHEL-57847
 - Resolves: RHEL-57860
-* Thu Jul 11 2024 Archana <aravinda@redhat.com> - 1.22.5-1
+* Wed Aug 21 2024 Archana <aravinda@redhat.com> - 1.21.13-1
- Rebase to Go1.22.5 to address CVE-2024-24791
+- Update to Go1.21.13 to fix CVE-2024-24791
- Resolves: RHEL-46973
+- Resolves: RHEL-47198
-* Thu Jun 27 2024 David Benoit <dbenoit@redhat.com> - 1.22.4-2
+* Wed Jun 12 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.11-1
- Fix panic in standard crypto mode without openssl
+- Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790
- Resolves: RHEL-45359
+- Resolves: RHEL-40274
-* Thu Jun 6 2024 Archana Ravindar <aravinda@redhat.com> - 1.22.4-1
+* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.21.10
- Rebase to Go1.22.4 that includes fixes for CVE-2024-24789 and CVE-2024-24790
+- Update to Go 1.21.10
- Resolves: RHEL-40156
+- Resolves: RHEL-36993
-* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
+* Fri Apr 12 2024 David Benoit <dbenoit@redhat.com> - 1.21.9-1
- Update openssl backend
+- Fix CVE-2023-45288
- Resolves: RHEL-36101
+- Resolves: RHEL-31915
-* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
+* Mon Apr 1 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.7-2
- Restore HashSign / HashVerify API
+- Fix CVE-2024-1394
- Resolves: RHEL-35883
+- Resolves RHEL-24300
-* Wed May 22 2024 Alejandro Sáez <asm@redhat.com> - 1.22.3-1
+* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to 1.22.3
 - Removes re-enable-cgo.patch
 - Resolves: RHEL-35634
 - Resolves: RHEL-35883
 - Resolves: RHEL-10068
 - Resolves: RHEL-34924
 * Thu Apr 18 2024 Derek Parker <deparker@redhat.com> - 1.22.2-1
 - Rebase to 1.22.2
 - Resolves: RHEL-28941
 * Tue Apr 09 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-2
 - Set the AMD64 baseline to v2
 * Tue Mar 19 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-1
 - Rebase to Go 1.22.1
 - Re-enable CGO
 - Resolves: RHEL-29527
 - Resolves: RHEL-28175
 * Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to Go 1.21.7
 - Set GOTOOLCHAIN to local
 - Resolves: RHEL-24334
 - Resolves: RHEL-18364
 - Resolves: RHEL-18365
 * Thu Nov 30 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-2
 - Add release information
 - Set GOTOOLCHAIN to local
 - Skip TestOverlongMessagePKCS1v15
 - Resolves: RHEL-24082
 - Resolves: RHEL-18363
 - Resolves: RHEL-18382
-* Tue Nov 14 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-1
+* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
- Rebase to Go 1.21.4
+- Do not remove GOPROXY/GOSUMDB
- Resolves: RHEL-11871
+- Related: RHEL-12620
-* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-5
+* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
- Don't change GOPROXY/GOSUMDB
+- Fix go.env in Go 1.21
- Related: RHEL-12624
+- Related: RHEL-12620
-* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
+* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
- Fix missing go.env in Go 1.21
+- Rebase disable_static_tests_part2.patch to Go 1.21.3
 - Related: RHEL-12624
 * Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-3
 - Add missing strict fips runtime detection patch
 - Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Related: RHEL-12624
+- Remove fix-memory-leak patch as it is fixed upstream
-
+- Resolves: RHEL-12620
 * Wed Oct 25 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
 - Rebase disable_static_tests_part2.patch to Go 1.21.3
 - Related: RHEL-12624
 * Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
- Rebase to Go 1.21.3
+- Rebase Go to 1.21.3
- Resolves: RHEL-12624
+- Resolves: RHEL-12620
-* Wed Sep 27 2023 Alejandro Sáez <asm@redhat.com> - 1.20.8-1
+* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
 - Rebase to Go 1.20.8
 - Remove fix-memory-leak-evp-sign-verify.patch as it is already included in the source
 - Resolves: RHEL-2775
 * Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-5
 - Retire golang-race package
- Resolves: rhbz#2230705
+- Resolves: rhbz#2230599
-* Tue Jul 18 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
+* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
 - Rebase to Go 1.20.6
- Change to autopatch
+- Resolves: rhbz#2217596
 - Resolves: rhbz#2222313
 * Fri Jun 23 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-3
 - Increase the timeout in the tests
 - Related: rhbz#2204477
 * Fri Jun 09 2023 Carl George <carl@redhat.com> - 1.20.4-2
 - Add go-toolset subpackage to ensure golang and go-toolset are published together
 - Resolves: rhbz#2117248
 * Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
 - Rebase to Go 1.20.4
- Resolves: rhbz#2204477
+- Resolves: rhbz#2204474
 * Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
 - Rebase to Go 1.20.3
 - Remove race archives
- Update static test patches
+- Update static tests patches
- Resolves: rhbz#2185259
+- Resolves: rhbz#2185260
-* Wed Mar 01 2023 David Benoit <dbenoit@redhat.com> - 1.19.6-1
+* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Rebase to Go 1.19.6
+- Fix memory leaks in EVP_{sign,verify}_raw
- Resolves: rhbz#2174429
+- Resolves: rhbz#2132767
 - Fix memory leak
 - Resolves: rhbz#2157602
 - Enable tests in check phase
 * Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
 - Rebase to Go 1.19.4
@ -716,130 +609,150 @@ cd ..
 - Remove defunct patches
 - Remove downstream generated FIPS mode patches
 - Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144539
+- Resolves: rhbz#2144542
-* Wed Nov 30 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
- Fix endian issue in FIPS mode
+- Enable big endian support in FIPS mode
- Resolves: rhbz#1966992
+- Resolves: rhbz#1969844
-* Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
- Update go to version 1.19.2
+- Restore old HashSign/HashVerify API
- Resolves: rhbz#2134407
+- Resolves: rhbz#2132730
 * Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
 - Add support for 4096 bit keys in x509
 - Resolves: rhbz#2132694
 * Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
 - Rebase to Go 1.19.2
 - Resolves: rhbz#2132730
 * Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
 - Rebase to Go 1.19.1
- Temporarily disable crypto tests
+- Resolves: rhbz#2131026
 - Resolves: rhbz#2131028
-* Wed Aug 10 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
- Update to Go 1.18.4
+- Adds patch for PIE mode issues on PPC64LE
- Resolves: rhbz#2109180
+- Resolves: rhbz#2111593
 - Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode
-* Fri Aug 05 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-1
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
- Update to Go 1.18.4
+- Update Go to version 1.18.4
- Resolves: rhbz#2109180
+- Resolves: rhbz#2109179
-* Fri Jun 10 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-2
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-3
- Update deprecated openssl algorithms patch
+- Clean up dist-git patches
- Rebuild against openssl-3.0.1-33
+- Resolves: rhbz#2109175
 - Resolves: rhbz#2092136
 - Related: rhbz#2092016
-* Mon May 02 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
+* Thu Jul 07 2022 Alejandro Sáez <asm@redhat.com> - 1.18.2-2
- Rebase to Go 1.18.2
+- Bump up release version
- Move to github.com/golang-fips/go
+- Related: rhbz#2075162
 - Resolves: rhbz#2075169
 - Resolves: rhbz#2060769
 - Resolves: rhbz#2067531
 - Resolves: rhbz#2067536
 - Resolves: rhbz#2067552
 - Resolves: rhbz#2025637
-* Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
+* Thu Jun 16 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
 - Update to Go 1.18.2
 - Related: rhbz#2075162
 * Mon Apr 18 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-2
 - Enable SHA1 in some contexts
 - Related: rhbz#2075162
 * Wed Apr 13 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-1
 - Update Go to 1.18.0
 - Resolves: rhbz#2075162
 * Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
 - Rebase to Go 1.17.7
 - Remove fips memory leak patch (fixed in tree)
 - Resolves: rhbz#2015930
 * Fri Dec 10 2021 David Benoit <dbenoit@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5
- Add remove_waitgroup_misuse_tests patch
+- Remove vdso_s390x_gettime patch
- Add remove_ed25519vectors_test.patch
+- Resolves: rhbz#2031112
- Remove FIPS checks to avoid issues in the CI
+- Related: rhbz#2028570
 - Related: rhbz#2031116
 - Resolves: rhbz#2022829
 - Resolves: rhbz#2024687
 - Resolves: rhbz#2030851
 - Resolves: rhbz#2031253
-* Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+* Fri Dec 03 2021 David Benoit <dbenoit@redhat.com> - 1.17.4-1
 - Rebase Go to 1.17.4
 - Add remove_waitgroup_misuse_tests patch
 - Related: rhbz#2014088
 - Resolves: rhbz#2028570
 - Resolves: rhbz#2022828
 - Resolves: rhbz#2024686
 - Resolves: rhbz#2028662
 * Wed Oct 27 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-2
 - Resolves: rhbz#2014704
 * Tue Oct 12 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
 - Rebase to Go 1.17.2
- Related: rhbz#2014087
+- Related: rhbz#2014088
 - Remove golang-1.15-warnCN.patch
 - Remove reject-leading-zeros.patch
 - Remove favicon.ico and robots.txt references
 - Exclude TestEd25519Vectors test 
 - Update patch rhbz1952381
 - Remove rhbz1904567 patch
 - Remove rhbz1939923 patch
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
+* Tue Aug 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.7-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebase to Go 1.16.7
-  Related: rhbz#1991688
+- Resolves: rhbz#1994079
 - Add reject leading zeros patch
 - Resolves: rhbz#1993314
-* Wed Aug 4 2021 Derek Parker <deparker@redhat.com> - 1.16.6-3
+* Wed Jul 21 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
- Include ppc64le VDSO segfault backport fix
+- Fix TestBoringServerCurves failure when run by itself
- Resolves: rhbz#1966622
+- Resolves: rhbz#1976168
-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
+* Thu Jul 15 2021 David Benoit <dbenoit@redhat.com> - 1.16.6-1
- Bump release
+- Rebase to go-1.16.6-1-openssl-fips
- Resolves: rhbz#1904567
+- Resolves: rhbz#1982281
 - Addresses CVE-2021-34558
-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
+* Tue Jul 06 2021 Alejandro Sáez <asm@redhat.com> - 1.16.5-1
- Backport fix allowing LTO to be enabled on cgo sources
+- Rebase to 1.16.5
- Resolves: rhbz#1904567
+- Removes rhbz#1955032 patch, it's already included in this release
 - Removes rhbz#1956891 patch, it's already included in this release
 - Related: rhbz#1979677
 - Related: rhbz#1968738
 - Related: rhbz#1972420
-* Tue Jul 20 2021 Derek Parker <deparker@redhat.com> - 1.16.6-1
+* Thu Jun 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-3
- Rebase to 1.16.6
+- Fix zero-size allocation memory leak.
- Resolves: rhbz#1984124
+- Related: rhbz#1951877
 - Replace symbols no longer present in OpenSSL 3.0 ABI
 - Resolves: rhbz#1984110
 - Fix TestBoringServerCurves failing when ran by itself
 - Resolves: rhbz#1977914
-* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.4-3
+* Tue Jun 08 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
+- Resolves: rhbz#1951877
  Related: rhbz#1971065
-* Fri May 28 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
+* Mon May 24 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
- Port to OpenSSL 3.0
+- Rebase to go-1.16.4-1-openssl-fips
 - Resolves: rhbz#1952381
-* Fri May 14 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
+* Tue May 04 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-3
- Rebase to 1.16.4
+- Resolves: rhbz#1956891
 - Resolves: rhbz#1955035
 - Resolves: rhbz#1957961
-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.1-3
+* Thu Apr 29 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Resolves: rhbz#1955032
-* Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
+* Wed Mar 17 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
 - Rebase to go-1.16.1-2-openssl-fips
 - Resolves: rhbz#1922455
 * Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
 - Rebase to go-1.16.1-2-openssl-fips
 - Resolves: rhbz#1938071
 - Adds a workaround for rhbz#1939923
 - Removes Patch224, it's on upstream -> rhbz#1888673
 - Removes Patch225, it's on upstream -> https://go-review.googlesource.com/c/text/+/238238
 - Removes old patches for cleaning purposes
 - Related: rhbz#1942898
 * Fri Jan 22 2021 David Benoit <dbenoit@redhat.com> - 1.15.7-1
 - Rebase to 1.15.7
- Resolves: rhbz#1892207
+- Resolves: rhbz#1870531
- Resolves: rhbz#1918755
+- Resolves: rhbz#1919261
 * Tue Nov 24 2020 David Benoit <dbenoit@redhat.com> - 1.15.5-1
 - Rebase to 1.15.5
- Resolves: rhbz#1899184
+- Resolves: rhbz#1898652
- Resolves: rhbz#1899185
+- Resolves: rhbz#1898660
- Resolves: rhbz#1899186
+- Resolves: rhbz#1898649
-* Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
+* Mon Nov 16 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
 - fix typo in patch file name
 - Related: rhbz#1881539
 * Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-1
 - Rebase to 1.15.3
 - fix x/text infinite loop
 - Resolves: rhbz#1881539
--- a/fix-standard-crypto-panic.patch
+++ b/fix-standard-crypto-panic.patch
@ -1,44 +0,0 @@
 diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
 index 3d3a9a36ee..8dc2d46b52 100644
 --- a/src/crypto/internal/backend/openssl.go
 +++ b/src/crypto/internal/backend/openssl.go
@@ -25,6 +25,22 @@ var enabled bool
 var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
 func init() {
 +	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 +	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 +	// other values: do not override OpenSSL configured FIPS mode.
 +	var fips string
 +	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 +		fips = v
 +	} else if hostFIPSModeEnabled() {
 +		// System configuration can only force FIPS mode.
 +		fips = "1"
 +	}
 +
 +	// Use Go standard crypto, do not load openssl
 +	if (fips != "1") {
 +		return
 +	}
 +
 	version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
 	if version == "" {
 		var fallbackVersion string
@@ -49,16 +65,6 @@ func init() {
 	if err := openssl.Init(version); err != nil {
 		panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
 	}
 -	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 -	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 -	// other values: do not override OpenSSL configured FIPS mode.
 -	var fips string
 -	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 -		fips = v
 -	} else if hostFIPSModeEnabled() {
 -		// System configuration can only force FIPS mode.
 -		fips = "1"
 -	}
 	switch fips {
 	case "0":
 		if openssl.FIPS() {
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
 --- !Policy
 product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/modify_go.env.patch
+++ b/modify_go.env.patch
@ -1,27 +0,0 @@
 From d6e201910aa29262851c9274a4cd3645022d3539 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Tue, 9 Apr 2024 10:05:46 +0200
 Subject: [PATCH] Modify environment variables defaults
 - Set GOTOOLCHAIN to local
 - Set GOAMD64 to v2
 ---
 go.env | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/go.env b/go.env
 index 6ff2b921d4..aadcda023b 100644
 --- a/go.env
 +++ b/go.env
@@ -9,4 +9,7 @@ GOSUMDB=sum.golang.org
 # Automatically download newer toolchains as directed by go.mod files.
 # See https://go.dev/doc/toolchain for details.
 -GOTOOLCHAIN=auto
 +GOTOOLCHAIN=local
 +
 +# The AMD64 baseline for RHEL9 is v2.
 +GOAMD64=v2
 -- 
 2.44.0
--- a/ppc64le-internal-linker-fix.patch
+++ b/ppc64le-internal-linker-fix.patch
@ -1,122 +0,0 @@
 diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
 new file mode 100644
 index 0000000000000..bca897c16d054
 --- /dev/null
 +++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
@@ -0,0 +1,100 @@
 +# Verify PPC64 does not reuse a trampoline which is too far away.
 +# This tests an edge case where the direct call relocation addend should
 +# be ignored when computing the distance from the direct call to the
 +# already placed trampoline
 +[short] skip
 +[!ppc64] [!ppc64le] skip
 +[aix] skip
 +
 +# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
 +# assembly 2^26 or so times.
 +#
 +# We build something which should be laid out as such:
 +#
 +# bar.Bar
 +# main.Func1
 +# bar.Bar+400-tramp0
 +# main.BigAsm
 +# main.Func2
 +# bar.Bar+400-tramp1
 +#
 +# bar.Bar needs to be placed far enough away to generate relocations
 +# from main package calls. and main.Func1 and main.Func2 are placed
 +# a bit more than the direct call limit apart, but not more than 0x400
 +# bytes beyond it (to verify the reloc calc).
 +
 +go build
 +
 +-- go.mod --
 +
 +module foo
 +
 +go 1.19
 +
 +-- main.go --
 +
 +package main
 +
 +import "foo/bar"
 +
 +func Func1()
 +
 +func main() {
 +        Func1()
 +        bar.Bar2()
 +}
 +
 +-- foo.s --
 +
 +TEXT main·Func1(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +        CALL main·BigAsm(SB)
 +// A trampoline will be placed here to bar.Bar
 +
 +// This creates a gap sufficiently large to prevent trampoline reuse
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24
 +TEXT main·BigAsm(SB),0,$0-0
 +        // Fill to the direct call limit so Func2 must generate a new trampoline.
 +        // As the implicit trampoline above is just barely unreachable.
 +        BIGNOP
 +        MOVD $main·Func2(SB), R3
 +
 +TEXT main·Func2(SB),0,$0-0
 +        CALL bar·Bar+0x400(SB)
 +// Another trampoline should be placed here.
 +
 +-- bar/bar.s --
 +
 +#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
 +#define NOP256 NOP64 NOP64 NOP64 NOP64
 +#define NOP2S10 NOP256 NOP256 NOP256 NOP256
 +#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
 +#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
 +#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
 +#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
 +#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
 +#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
 +#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
 +#define BIGNOP NOP2S24 NOP2S24 NOP2S10
 +// A very big not very interesting function.
 +TEXT bar·Bar(SB),0,$0-0
 +        BIGNOP
 +
 +-- bar/bar.go --
 +
 +package bar
 +
 +func Bar()
 +
 +func Bar2() {
 +}
 diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
 index 5d5fbe2a97735..6313879da083c 100644
 --- a/src/cmd/link/internal/ppc64/asm.go
 +++ b/src/cmd/link/internal/ppc64/asm.go
@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
 				if ldr.SymValue(tramp) == 0 {
 					break
 				}
 -
 -				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
 +				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
 +				// trampoline itself.
 +				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
 				// With internal linking, the trampoline can be used if it is not too far.
 				// With external linking, the trampoline must be in this section for it to be reused.
--- a/skip_TestCrashDumpsAllThreads.patch
+++ b/skip_TestCrashDumpsAllThreads.patch
@ -1,27 +0,0 @@
 From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Wed, 27 Mar 2024 17:15:48 +0100
 Subject: [PATCH] Skip TestCrashDumpsAllThreads
 ---
 src/runtime/crash_unix_test.go | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
 index 123a462423..a0034d6455 100644
 --- a/src/runtime/crash_unix_test.go
 +++ b/src/runtime/crash_unix_test.go
@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
 		t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
 	}
 +	if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
 +		t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
 +	}
 +
 	testenv.MustHaveGoBuild(t)
 	if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
 -- 
 2.44.0
--- a/3
+++ b/3
@ -1,3 +0,0 @@
 SHA512 (go1.23.2.tar.gz) = 7850c182dd1a68c66002e3f269c07e7ba19c615b138e57f5924cae7856a7b4fb9a895dafa38b9d76577c632289b4fe005bc1311370410f8c237479024f41d9f7
 SHA512 (compiler-rt-18.1.8.src.tar.xz) = fb8795bd51c9b005c2ad1975591e9e2715740d6407ccad41379f136ef2e8d24ded8b97b01165a3ae4bd377119a6a1049ca05d3220404fc12bee86114ff2bff0d
 SHA512 (go1.23.2-2-openssl-fips.tar.gz) = 787ff12ee46f9eaec92d9696484d150e6c533be180dc1c42fc963e5ca7d1ef67a7a45950ba0015776ba8504cce3a2bfcefb387dfdd747d4e0330565d54aaa7dd
		`@ -0,0 +1,2 @@`
							`cfcfc208c18ecffcebe3d6218537f495eb555395 SOURCES/go1.21.13-4-openssl-fips.tar.gz`
							`a6aa471b6f806146bbd4ffec11b70ca834421a2e SOURCES/go1.21.13.tar.gz`