19 changed files with 595 additions and 654 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,84 +1,2 @@
-/go1.8.3.src.tar.gz
-/go1.8.4.src.tar.gz
-/go1.8.5.src.tar.gz
-/go1.10.src.tar.gz
-/go1.10.2.src.tar.gz
-/dev.boringcrypto.go1.10.tar.gz
-/go1.9.7.linux-amd64.tar.gz
-/go1.9.7.linux-386.tar.gz
-/go1.9.7.linux-ppc64le.tar.gz
-/go1.9.7.linux-s390x.tar.gz
-/go1.9.7.linux-arm64.tar.gz
-/go1.10.3-openssl-1-1-fips.tar.gz
-/go1.11-openssl-1.1-fips.tar.gz
-/go1.11.5-openssl-1.1.tar.gz
-/go-go1.11.5-openssl-1.1.tar.gz
-/go1.12.1-openssl-fips.tar.gz
-/go1.12.1-3-openssl-fips.tar.gz
-/go1.12.1-4-openssl-fips.tar.gz
-/go1.12.1-8-openssl-fips.tar.gz
-/go1.12.1-9-openssl-fips.tar.gz
-/go1.12.5-1-openssl-fips.tar.gz
-/go1.12.6-1-openssl-fips.tar.gz
-/go-go-1.12.6-2-openssl-fips.tar.gz
-/go-go-1.12.6-3-openssl-fips.tar.gz
-/go-go-1.12.8-2-openssl-fips.tar.gz
-/go-go-1.13.4-1-openssl-fips.tar.gz
-/go-go-1.14.2-1-openssl-fips.tar.gz
-/go-go-1.14.4-1-openssl-fips.tar.gz
-/go-go-1.14.6-1-openssl-fips.tar.gz
-/go-go-1.14.7-1-openssl-fips.tar.gz
-/go-go-1.14.7-2-openssl-fips.tar.gz
-/go-go-1.15.0-2-openssl-fips.tar.gz
-/go-go-1.15.2-1-openssl-fips.tar.gz
-/go-go-1.15.3-1-openssl-fips.tar.gz
-/go-go-1.15.5-1-openssl-fips.tar.gz
-/go-go-1.15.7-1-openssl-fips.tar.gz
-/go-go-1.16.1-1-openssl-fips.tar.gz
-/go-go-1.16.1-2-openssl-fips.tar.gz
-/go-go-1.16.4-1-openssl-fips.tar.gz
-/go-go-1.16.5-1-openssl-fips.tar.gz
-/go-go-1.16.6-1-openssl-fips.tar.gz
-/go-go-1.16.6-3-openssl-fips.tar.gz
-/go-go-1.16.7-1-openssl-fips.tar.gz
-/go-go-1.17.2-1-openssl-fips.tar.gz
-/go-go-1.17.3-1-openssl-fips.tar.gz
-/go-go-1.17.4-1-openssl-fips.tar.gz
-/go-go-1.17.5-1-openssl-fips.tar.gz
-/go-go-1.17.7-1-openssl-fips.tar.gz
-/go1.19.1.tar.gz
-/go1.19.2.tar.gz
-/go1.19.4-1-openssl-fips.tar.gz
-/go1.19.4.tar.gz
-/go1.19.6.tar.gz
-/go1.19.6-1-openssl-fips.tar.gz
-/go1.20.3.tar.gz
-/go1.20.3-1-openssl-fips.tar.gz
-/go1.20.4.tar.gz
-/go1.20.4-3-openssl-fips.tar.gz
-/go1.20.6.tar.gz
-/go1.20.6-1-openssl-fips.tar.gz
-/go1.20.8.tar.gz
-/go1.20.8-1-openssl-fips.tar.gz
-/go1.21.3-1-openssl-fips.tar.gz
-/go1.21.3.tar.gz
-/go1.21.4.tar.gz
-/go1.21.4-1-openssl-fips.tar.gz
-/go1.21.7.tar.gz
-/go1.21.7-1-openssl-fips.tar.gz
-/go1.22.1.tar.gz
-/go1.22.1-1-openssl-fips.tar.gz
-/go1.22.1-2-openssl-fips.tar.gz
-/go1.22.2.tar.gz
-/go1.22.2-1-openssl-fips.tar.gz
-/go1.22.3.src.tar.gz
-/go1.22.3-1-openssl-fips.tar.gz
-/go1.22.3.tar.gz
-/go1.22.3-2-openssl-fips.tar.gz
-/go1.22.3-3-openssl-fips.tar.gz
-/go1.22.4.tar.gz
-/go1.22.4-1-openssl-fips.tar.gz
-/go1.22.5.tar.gz
-/go1.22.5-1-openssl-fips.tar.gz
-/51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.gz
-/compiler-rt-18.1.8.src.tar.xz
+SOURCES/go1.21.13-4-openssl-fips.tar.gz
+SOURCES/go1.21.13.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -0,0 +1,2 @@
+cfcfc208c18ecffcebe3d6218537f495eb555395 SOURCES/go1.21.13-4-openssl-fips.tar.gz
+a6aa471b6f806146bbd4ffec11b70ca834421a2e SOURCES/go1.21.13.tar.gz
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-mockbuild:
-	centpkg mockbuild
-
-spectool:
-	spectool -g golang.spec
--- a/README.md
+++ b/README.md
@ -1,65 +0,0 @@
-# Golang
-
-## Introduction
-
-This package holds the spec file and related patches for the Golang package.
-The golang package is part of the larger go-toolset meta package.
-
-## Sources
-
-This particular branch provides Go 1.16.x. The sources for this branch can be
-found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is
-coming from a pagure fork as opposed to an upstream tarball is due to certain
-patches we have written and currently maintain in order to claim FIPS compliance
-by calling into OpenSSL. Shipping a forked version of the toolchain is not the
-ideal scenario, and there is work in progress with upstream to enable us to
-instead ship a pure upstream toolchain and include a crypto module in go-toolset
-which will satisfy our FIPS requirements.
-
-The current fork is based on an upstream branch[[0]] which uses
-boringcrypto[[1]] instead of OpenSSL.
-
-If you need to make changes to the source for a rebase or bug fix, check out the
-pagure repo and switch to the branch listed above. Once you have made your
-changes you can test them locally with `./all.bash`. You may want to export
-`GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are
-correct. Please note however that the test suite does not fully expect FIPS
-compliance, and will attempt to test non FIPS compliant code paths. The easiest
-way to test your changes correctly is to create a tarball locally and execute a
-mockbuild using this packge, which knows how to correctly run the testsuite in
-both FIPS and non-FIPS modes.
-
-NOTE: The way pagure previously handled uploaded releases has changed, and
-releases must be tagged in the appropriate branch, from which pagure will
-generate source tarballs.
-
-## Testing & building changes
-
-The first test you should run is a local mockbuild. This can be done with the
-rhpkg command:
-
-```
-rhpkg mockbuild
-```
-
-Once everything builds and passes locally you'll likely want to perform a
-scratch build. This will ensure that the changes you made build and run
-correctly on all architectures that this package supports. The best way to do
-this is to run a scratch build from your local sources without first having to
-push them. This ensures your changes are correct before commiting them to the
-repo. This can also be done via the following rhpkg command:
-
-```
-rhpkg scratch-build --srpm
-```
-
-Once your scratch build has passed you can execute a real build:
-
-```
-rhpkg build
-```
-
---
-
-[0] https://github.com/golang/go/tree/dev.boringcrypto 
-[1] https://opensource.google.com/projects/boringssl
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
@ -0,0 +1,374 @@
+diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go
+index 47618fe..d93784d 100644
+--- a/src/crypto/boring/boring.go
+++ b/src/crypto/boring/boring.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
+//go:build boringcrypto && !static
+ 
+ // Package boring exposes functions that are only available when building with
+ // Go+BoringCrypto. This package is available on all targets as long as the
+diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
+index 33a53a8..f630ea5 100644
+--- a/src/crypto/internal/backend/nobackend.go
+++ b/src/crypto/internal/backend/nobackend.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package backend
+ 
+diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
+index 59370ec..eb81ef6 100644
+--- a/src/crypto/internal/backend/openssl.go
+++ b/src/crypto/internal/backend/openssl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ // Package openssl provides access to OpenSSLCrypto implementation functions.
+ // Check the variable Enabled to find out whether OpenSSLCrypto is available.
+diff --git a/src/crypto/internal/boring/div_test.c b/src/crypto/internal/boring/div_test.c
+index f909cc9..8530533 100644
+--- a/src/crypto/internal/boring/div_test.c
+++ b/src/crypto/internal/boring/div_test.c
+@@ -1,4 +1,5 @@
+ // Copyright 2022 The Go Authors. All rights reserved.
+// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
+index 2b11049..dec1cb2 100644
+--- a/src/crypto/internal/boring/goboringcrypto.h
+++ b/src/crypto/internal/boring/goboringcrypto.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
+index b338754..db5ea1e 100644
+--- a/src/crypto/internal/boring/syso/syso.go
+++ b/src/crypto/internal/boring/syso/syso.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
+//go:build boringcrypto && !static
+ 
+ // This package only exists with GOEXPERIMENT=boringcrypto.
+ // It provides the actual syso file.
+diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go
+index e5e4783..a0d9523 100644
+--- a/src/crypto/tls/fipsonly/fipsonly.go
+++ b/src/crypto/tls/fipsonly/fipsonly.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
+//go:build boringcrypto && !static
+ 
+ // Package fipsonly restricts all TLS configuration to FIPS-approved settings.
+ //
+diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go
+index f8485dc..6563ac4 100644
+--- a/src/crypto/tls/fipsonly/fipsonly_test.go
+++ b/src/crypto/tls/fipsonly/fipsonly_test.go
+@@ -2,7 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build boringcrypto
+//go:build boringcrypto && !static
+ 
+ package fipsonly
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
+index 079fc3c..e826d0b 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/aes.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
+index 9537870..c491628 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/ecdh.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
+index 9f46388..87feb18 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/ecdsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/evp.go b/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
+index 46d2bdd..34f4a43 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/evp.go
+@@ -1,5 +1,5 @@
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
+index ac6c64f..5526db9 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/goopenssl.h
+@@ -1,4 +1,5 @@
+ // Copyright 2017 The Go Authors. All rights reserved.
+// +build !static
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ // +build linux
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
+index 2e21224..83da261 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/hkdf.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
+index 3af1924..57a525a 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/hmac.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
+index 5093cde..0610495 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
+-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
+index 17a9034..db51ced 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
+index 7ce9833..fe66288 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_ecdsa_signature.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
+index a45ed60..2b541fd 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_evp.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
+index 49d40a7..3b3dbf8 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_lock_setup.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
+index 7eb645e..1c3225a 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_aead_gcm.c
+@@ -1,4 +1,5 @@
+ // This file contains a port of the BoringSSL AEAD interface.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
+index df4ebe3..876393b 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ctr128.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
+index 8205b04..dcd751d 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_ecdh.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
+index 2eedd5b..04510d3 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_evp_md5_sha1.c
+@@ -1,4 +1,5 @@
+ // This file contains a backport of the EVP_md5_sha1 method.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
+index a5996d6..2552081 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
+@@ -1,4 +1,5 @@
+ // This file contains HMAC portability wrappers.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
+index e214929..c9f6887 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_rsa.c
+@@ -1,4 +1,5 @@
+ // This file contains RSA portability wrappers.
+// +build !static
+ // +build linux
+ // +build !android
+ // +build !no_openssl
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
+index 22bd865..b7aa26b 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_stub_rand.c
+@@ -1,4 +1,5 @@
+ // +build linux
+// +build !static
+ // +build !android
+ // +build !no_openssl
+ // +build !cmd_go_bootstrap
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
+index b3668b8..dcdae70 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/rand.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
+index 7870b93..564db24 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/rsa.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
+diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
+index 0b55ced..57309c0 100644
+--- a/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/sha.go
+@@ -2,8 +2,8 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
+-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
+ 
+ package openssl
+ 
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
@ -0,0 +1,13 @@
+diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
+index 36a20e8b2a..8c2dd1b44b 100644
+--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
+@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
+ 			} else {
+ 				panic("unknown linkmode with static build: " + linkmode)
+ 			}
+-			gt.tags = append(gt.tags, "static")
+			gt.tags = append(gt.tags, "static", "no_openssl")
+ 		}
+ 		gt.ldflags = strings.Join(ldflags, " ")
+ 
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
--- a/SOURCES/modify_go.env.patch
+++ b/SOURCES/modify_go.env.patch
@ -0,0 +1,22 @@
+From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Fri, 9 Feb 2024 20:06:16 +0100
+Subject: [PATCH] Set GOTOOLCHAIN to local
+
+---
+ go.env | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/go.env b/go.env
+index 6ff2b921d4..e87f6e7b6d 100644
+--- a/go.env
+++ b/go.env
+@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
+ 
+ # Automatically download newer toolchains as directed by go.mod files.
+ # See https://go.dev/doc/toolchain for details.
+-GOTOOLCHAIN=auto
+GOTOOLCHAIN=local
+-- 
+2.43.0
+
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -69,7 +69,6 @@
 %global shared 0
 %endif

-# Pre build std lib with -race enabled
 # Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
 %global race 0

@ -92,17 +91,14 @@
 %global gohostarch  s390x
 %endif

-%global go_api 1.22
-%global go_version 1.22.5
-%global version %{go_version}
-%global pkg_release 1
-
-# LLVM compiler-rt version for race detector
-%global llvm_compiler_rt_version 18.1.8
+%global go_api 1.21
+%global version 1.21.13
+%global pkg_release 4

 Name:           golang
 Version:        %{version}
 Release:        2%{?dist}
+
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -117,7 +113,6 @@ Source0:        https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
 Source1:       https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
 # make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
 Source2:        fedora.go
-Source3: 	https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz

 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 # Actual Go based bootstrap compiler provided by above source.
@ -136,14 +131,9 @@ BuildRequires:  openssl-devel
 # for tests
 BuildRequires:  pcre-devel, glibc-static, perl

-# Necessary for building llvm address sanitizer for Go race detector
-BuildRequires: libstdc++-devel
-BuildRequires: clang
-
 Provides:       go = %{version}-%{release}
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
-Requires:       %{name}-race = %{version}-%{release}
 Requires:       openssl-devel
 Requires:       diffutils

@ -152,9 +142,9 @@ Patch221:       fix_TestScript_list_std.patch

 Patch1939923:   skip_test_rhbz1939923.patch

-Patch4:		modify_go.env.patch
-Patch6:		skip_TestCrashDumpsAllThreads.patch
-Patch7:		fix-standard-crypto-panic.patch
+Patch2:		disable_static_tests_part1.patch
+Patch3:		disable_static_tests_part2.patch
+Patch5:		modify_go.env.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -162,6 +152,9 @@ Obsoletes:      %{name}-docs < 1.1-4
 # RPM can't handle symlink -> dir with subpackages, so merge back
 Obsoletes:      %{name}-data < 1.1.1-4

+# We don't build golang-race anymore, rhbz#2230599
+Obsoletes:      golang-race < 1.20.0
+
 # These are the only RHEL/Fedora architectures that we compile this package for
 ExclusiveArch:  %{golang_arches}

@ -232,23 +225,15 @@ Summary:        Golang shared object libraries
 %{summary}.
 %endif

-%package -n go-toolset
-Summary:        Package that installs go-toolset
-Requires:       %{name} = %{version}-%{release}
-%ifarch x86_64 aarch64 ppc64le
-Requires:       delve
-%endif
-
-%description -n go-toolset
-This is the main package for go-toolset.
-
-
+%if %{race}
 %package        race
-Summary:	Race detetector library object files.
+Summary:        Golang std library with -race enabled
+
 Requires:       %{name} = %{version}-%{release}

 %description    race
-Binary library objects for Go's race detector.
+%{summary}
+%endif

 %prep
 %setup -q -n go-go%{version}
@ -260,7 +245,7 @@ patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
 # Add --no-backup-if-mismatch option to avoid creating .orig temp files
 for p in "$patch_dir"/*.patch; do
       echo "Applying $p"
-	patch --no-backup-if-mismatch -p1 < $p
+      patch -p1 --no-backup-if-mismatch < $p
 done

 # Configure crypto tests
@ -274,11 +259,6 @@ popd
 sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION

 cp %{SOURCE2} ./src/runtime/
-# Delete the bundled race detector objects.
-find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
-
-# Delete the boring binary blob.  We use the system OpenSSL instead.
-rm -rf src/crypto/internal/boring/syso

 %build
 set -xe
@ -287,38 +267,6 @@ uname -a
 cat /proc/cpuinfo
 cat /proc/meminfo

-# Build race detector .syso's from llvm sources
-%global tsan_buildflags %(echo %{build_cflags} | sed 's/-mtls-dialect=gnu2//')
-mkdir ../llvm
-
-tar -xf %{SOURCE3} -C ../llvm
-tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
-
-# The script uses uname -a and grep to set the GOARCH.  This
-# is unreliable and can get the wrong architecture in
-# circumstances like cross-architecture emulation.  We fix it
-# by just reading GOARCH directly from Go.
-export GOARCH=$(go env GOARCH)
-
-%ifarch x86_64
-pushd "${tsan_go_dir}"
-  CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v3 ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
-
-pushd "${tsan_go_dir}"
-  CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v1 ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
-
-%else
-pushd "${tsan_go_dir}"
-  CFLAGS="${tsan_buildflags}" CC=clang ./buildgo.sh
-popd
-cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
-%endif
-
-
 # bootstrap compiler GOROOT
 %if !%{golang_bootstrap}
 export GOROOT_BOOTSTRAP=/
@ -496,16 +444,18 @@ export GO_TEST_RUN=""

 %if %{fail_on_tests}

+# TestEd25519Vectors needs network connectivity but it should be cover by
+# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127
+
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN

 # Run tests with FIPS enabled.
 export GOLANG_FIPS=1
-export OPENSSL_FORCE_FIPS_MODE=1
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  go test -timeout 50m $(go list ./... | grep -v tls) -v
+  go test $(go list ./... | grep -v tls) -v
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test -timeout 50m $(go list ./... | grep -v tls) -v
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
@ -550,13 +500,8 @@ cd ..
 # prelink blacklist
 %{_sysconfdir}/prelink.conf.d

+
 %files -f go-src.list src
-%ifarch x86_64
-%exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
-%exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
-%else
-%exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
-%endif

 %files -f go-docs.list docs

@ -573,138 +518,84 @@ cd ..
 %files -f go-shared.list shared
 %endif

-%files -n go-toolset
-
-%files race
-%ifarch x86_64
-%{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
-%{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
-%else
-%{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
-%endif
-
 %changelog
-* Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
- Rebuild race detector archives from LLVM sources
- Add golang-race subpackage
- Resolves: RHEL-33421
- Remove unused crypto/internal/boring/syso package
- Resolves: RHEL-54335
+* Mon Sep 16 2024 David Benoit <dbenoit@redhat.com> - 1.21.13-2
+- Rebuild Go with CVE Fixes
+- Remove fix-memleak-setupRSA.patch (exists upstream)
+- Resolves: RHEL-58223
+- Resolves: RHEL-57961
+- Resolves: RHEL-57847
+- Resolves: RHEL-57860

-* Thu Jul 11 2024 Archana <aravinda@redhat.com> - 1.22.5-1
- Rebase to Go1.22.5 to address CVE-2024-24791
- Resolves: RHEL-46973
+* Wed Aug 21 2024 Archana <aravinda@redhat.com> - 1.21.13-1
+- Update to Go1.21.13 to fix CVE-2024-24791
+- Resolves: RHEL-47198

-* Thu Jun 27 2024 David Benoit <dbenoit@redhat.com> - 1.22.4-2
- Fix panic in standard crypto mode without openssl
- Resolves: RHEL-45359
+* Wed Jun 12 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.11-1
+- Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790
+- Resolves: RHEL-40274

-* Thu Jun 6 2024 Archana Ravindar <aravinda@redhat.com> - 1.22.4-1
- Rebase to Go1.22.4 that includes fixes for CVE-2024-24789 and CVE-2024-24790
- Resolves: RHEL-40156
+* Thu May 23 2024 David Benoit <dbenoit@redhat.com> - 1.21.10
+- Update to Go 1.21.10
+- Resolves: RHEL-36993

-* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
- Update openssl backend
- Resolves: RHEL-36101
+* Fri Apr 12 2024 David Benoit <dbenoit@redhat.com> - 1.21.9-1
+- Fix CVE-2023-45288
+- Resolves: RHEL-31915

-* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
- Restore HashSign / HashVerify API
- Resolves: RHEL-35883
+* Mon Apr 1 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.7-2
+- Fix CVE-2024-1394
+- Resolves RHEL-24300

-* Wed May 22 2024 Alejandro Sáez <asm@redhat.com> - 1.22.3-1
- Rebase to 1.22.3
- Removes re-enable-cgo.patch
- Resolves: RHEL-35634
- Resolves: RHEL-35883
- Resolves: RHEL-10068
- Resolves: RHEL-34924
-
-* Thu Apr 18 2024 Derek Parker <deparker@redhat.com> - 1.22.2-1
- Rebase to 1.22.2
- Resolves: RHEL-28941
-
-* Tue Apr 09 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-2
- Set the AMD64 baseline to v2
-
-* Tue Mar 19 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-1
- Rebase to Go 1.22.1
- Re-enable CGO
- Resolves: RHEL-29527
- Resolves: RHEL-28175
-
-* Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
+* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
 - Rebase to Go 1.21.7
- Set GOTOOLCHAIN to local
- Resolves: RHEL-24334
- Resolves: RHEL-18364
- Resolves: RHEL-18365
-
-* Thu Nov 30 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-2
 - Add release information
+- Set GOTOOLCHAIN to local
+- Skip TestOverlongMessagePKCS1v15
+- Resolves: RHEL-24082
+- Resolves: RHEL-18363
+- Resolves: RHEL-18382

-* Tue Nov 14 2023 Alejandro Sáez <asm@redhat.com> - 1.21.4-1
- Rebase to Go 1.21.4
- Resolves: RHEL-11871
+* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
+- Do not remove GOPROXY/GOSUMDB
+- Related: RHEL-12620

-* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-5
- Don't change GOPROXY/GOSUMDB
- Related: RHEL-12624
+* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
+- Fix go.env in Go 1.21
+- Related: RHEL-12620

-* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
- Fix missing go.env in Go 1.21
- Related: RHEL-12624
-
-* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-3
+* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
+- Rebase disable_static_tests_part2.patch to Go 1.21.3
 - Add missing strict fips runtime detection patch
 - Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Related: RHEL-12624
-
-* Wed Oct 25 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
- Rebase disable_static_tests_part2.patch to Go 1.21.3
- Related: RHEL-12624
+- Remove fix-memory-leak patch as it is fixed upstream
+- Resolves: RHEL-12620

 * Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
- Rebase to Go 1.21.3
- Resolves: RHEL-12624
+- Rebase Go to 1.21.3
+- Resolves: RHEL-12620

-* Wed Sep 27 2023 Alejandro Sáez <asm@redhat.com> - 1.20.8-1
- Rebase to Go 1.20.8
- Remove fix-memory-leak-evp-sign-verify.patch as it is already included in the source
- Resolves: RHEL-2775
-
-* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-5
+* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
 - Retire golang-race package
- Resolves: rhbz#2230705
+- Resolves: rhbz#2230599

-* Tue Jul 18 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
+* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
 - Rebase to Go 1.20.6
- Change to autopatch
- Resolves: rhbz#2222313
-
-* Fri Jun 23 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-3
- Increase the timeout in the tests
- Related: rhbz#2204477
-
-* Fri Jun 09 2023 Carl George <carl@redhat.com> - 1.20.4-2
- Add go-toolset subpackage to ensure golang and go-toolset are published together
- Resolves: rhbz#2117248
+- Resolves: rhbz#2217596

 * Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
 - Rebase to Go 1.20.4
- Resolves: rhbz#2204477
+- Resolves: rhbz#2204474

 * Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
 - Rebase to Go 1.20.3
 - Remove race archives
- Update static test patches
- Resolves: rhbz#2185259
+- Update static tests patches
+- Resolves: rhbz#2185260

-* Wed Mar 01 2023 David Benoit <dbenoit@redhat.com> - 1.19.6-1
- Rebase to Go 1.19.6
- Resolves: rhbz#2174429
- Fix memory leak
- Resolves: rhbz#2157602
- Enable tests in check phase
+* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
+- Fix memory leaks in EVP_{sign,verify}_raw
+- Resolves: rhbz#2132767

 * Wed Dec 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.4-1
 - Rebase to Go 1.19.4
@ -712,130 +603,150 @@ cd ..
 - Remove defunct patches
 - Remove downstream generated FIPS mode patches
 - Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144539
+- Resolves: rhbz#2144542

-* Wed Nov 30 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
- Fix endian issue in FIPS mode
- Resolves: rhbz#1966992
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-4
+- Enable big endian support in FIPS mode
+- Resolves: rhbz#1969844

-* Fri Oct 21 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
- Update go to version 1.19.2
- Resolves: rhbz#2134407
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-3
+- Restore old HashSign/HashVerify API
+- Resolves: rhbz#2132730
+
+* Mon Oct 17 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-2
+- Add support for 4096 bit keys in x509
+- Resolves: rhbz#2132694
+
+* Thu Oct 13 2022 David Benoit <dbenoit@redhat.com> - 1.19.2-1
+- Rebase to Go 1.19.2
+- Resolves: rhbz#2132730

 * Wed Sep 14 2022 David Benoit <dbenoit@redhat.com> - 1.19.1-2
 - Rebase to Go 1.19.1
- Temporarily disable crypto tests
- Resolves: rhbz#2131028
+- Resolves: rhbz#2131026

-* Wed Aug 10 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
- Update to Go 1.18.4
- Resolves: rhbz#2109180
- Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode
+* Wed Aug 03 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-2
+- Adds patch for PIE mode issues on PPC64LE
+- Resolves: rhbz#2111593

-* Fri Aug 05 2022 Alejandro Sáez <asm@redhat.com> - 1.18.4-1
- Update to Go 1.18.4
- Resolves: rhbz#2109180
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.4-1
+- Update Go to version 1.18.4
+- Resolves: rhbz#2109179

-* Fri Jun 10 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-2
- Update deprecated openssl algorithms patch
- Rebuild against openssl-3.0.1-33
- Resolves: rhbz#2092136
- Related: rhbz#2092016
+* Wed Jul 20 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-3
+- Clean up dist-git patches
+- Resolves: rhbz#2109175

-* Mon May 02 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
- Rebase to Go 1.18.2
- Move to github.com/golang-fips/go
- Resolves: rhbz#2075169
- Resolves: rhbz#2060769
- Resolves: rhbz#2067531
- Resolves: rhbz#2067536
- Resolves: rhbz#2067552
- Resolves: rhbz#2025637
+* Thu Jul 07 2022 Alejandro Sáez <asm@redhat.com> - 1.18.2-2
+- Bump up release version
+- Related: rhbz#2075162

-* Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
+* Thu Jun 16 2022 David Benoit <dbenoit@redhat.com> - 1.18.2-1
+- Update to Go 1.18.2
+- Related: rhbz#2075162
+
+* Mon Apr 18 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-2
+- Enable SHA1 in some contexts
+- Related: rhbz#2075162
+
+* Wed Apr 13 2022 David Benoit <dbenoit@redhat.com> - 1.18.0-1
+- Update Go to 1.18.0
+- Resolves: rhbz#2075162
+
+* Thu Feb 17 2022 David Benoit <dbenoit@redhat.com> - 1.17.7-1
+- Rebase to Go 1.17.7
+- Remove fips memory leak patch (fixed in tree)
+- Resolves: rhbz#2015930
+
+* Fri Dec 10 2021 David Benoit <dbenoit@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5
- Add remove_waitgroup_misuse_tests patch
- Add remove_ed25519vectors_test.patch
- Remove FIPS checks to avoid issues in the CI
- Related: rhbz#2031116
- Resolves: rhbz#2022829
- Resolves: rhbz#2024687
- Resolves: rhbz#2030851
- Resolves: rhbz#2031253
+- Remove vdso_s390x_gettime patch
+- Resolves: rhbz#2031112
+- Related: rhbz#2028570

-* Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
+* Fri Dec 03 2021 David Benoit <dbenoit@redhat.com> - 1.17.4-1
+- Rebase Go to 1.17.4
+- Add remove_waitgroup_misuse_tests patch
+- Related: rhbz#2014088
+- Resolves: rhbz#2028570
+- Resolves: rhbz#2022828
+- Resolves: rhbz#2024686
+- Resolves: rhbz#2028662
+
+* Wed Oct 27 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-2
+- Resolves: rhbz#2014704
+
+* Tue Oct 12 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
 - Rebase to Go 1.17.2
- Related: rhbz#2014087
+- Related: rhbz#2014088
+- Remove golang-1.15-warnCN.patch
+- Remove reject-leading-zeros.patch
 - Remove favicon.ico and robots.txt references
 - Exclude TestEd25519Vectors test 
- Update patch rhbz1952381
- Remove rhbz1904567 patch
- Remove rhbz1939923 patch

-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.6-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Tue Aug 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.7-1
+- Rebase to Go 1.16.7
+- Resolves: rhbz#1994079
+- Add reject leading zeros patch
+- Resolves: rhbz#1993314

-* Wed Aug 4 2021 Derek Parker <deparker@redhat.com> - 1.16.6-3
- Include ppc64le VDSO segfault backport fix
- Resolves: rhbz#1966622
+* Wed Jul 21 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
+- Fix TestBoringServerCurves failure when run by itself
+- Resolves: rhbz#1976168

-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
- Bump release
- Resolves: rhbz#1904567
+* Thu Jul 15 2021 David Benoit <dbenoit@redhat.com> - 1.16.6-1
+- Rebase to go-1.16.6-1-openssl-fips
+- Resolves: rhbz#1982281
+- Addresses CVE-2021-34558

-* Mon Aug 2 2021 Derek Parker <deparker@redhat.com> - 1.16.6-2
- Backport fix allowing LTO to be enabled on cgo sources
- Resolves: rhbz#1904567
+* Tue Jul 06 2021 Alejandro Sáez <asm@redhat.com> - 1.16.5-1
+- Rebase to 1.16.5
+- Removes rhbz#1955032 patch, it's already included in this release
+- Removes rhbz#1956891 patch, it's already included in this release
+- Related: rhbz#1979677
+- Related: rhbz#1968738
+- Related: rhbz#1972420

-* Tue Jul 20 2021 Derek Parker <deparker@redhat.com> - 1.16.6-1
- Rebase to 1.16.6
- Resolves: rhbz#1984124
- Replace symbols no longer present in OpenSSL 3.0 ABI
- Resolves: rhbz#1984110
- Fix TestBoringServerCurves failing when ran by itself
- Resolves: rhbz#1977914
+* Thu Jun 17 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-3
+- Fix zero-size allocation memory leak.
+- Related: rhbz#1951877

-* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.4-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
-  Related: rhbz#1971065
+* Tue Jun 08 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
+- Resolves: rhbz#1951877

-* Fri May 28 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
- Port to OpenSSL 3.0
- Resolves: rhbz#1952381
+* Mon May 24 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
+- Rebase to go-1.16.4-1-openssl-fips

-* Fri May 14 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
- Rebase to 1.16.4
- Resolves: rhbz#1955035
- Resolves: rhbz#1957961
+* Tue May 04 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-3
+- Resolves: rhbz#1956891

-* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.16.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu Apr 29 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
+- Resolves: rhbz#1955032

-* Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-2
- Rebase to go-1.16.1-2-openssl-fips
- Resolves: rhbz#1922455
-
-* Tue Mar 30 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
+* Wed Mar 17 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-1
 - Rebase to go-1.16.1-2-openssl-fips
+- Resolves: rhbz#1938071
 - Adds a workaround for rhbz#1939923
 - Removes Patch224, it's on upstream -> rhbz#1888673
 - Removes Patch225, it's on upstream -> https://go-review.googlesource.com/c/text/+/238238
 - Removes old patches for cleaning purposes
- Related: rhbz#1942898

 * Fri Jan 22 2021 David Benoit <dbenoit@redhat.com> - 1.15.7-1
 - Rebase to 1.15.7
- Resolves: rhbz#1892207
- Resolves: rhbz#1918755
+- Resolves: rhbz#1870531
+- Resolves: rhbz#1919261

 * Tue Nov 24 2020 David Benoit <dbenoit@redhat.com> - 1.15.5-1
 - Rebase to 1.15.5
- Resolves: rhbz#1899184
- Resolves: rhbz#1899185
- Resolves: rhbz#1899186
+- Resolves: rhbz#1898652
+- Resolves: rhbz#1898660
+- Resolves: rhbz#1898649

-* Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
+* Mon Nov 16 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-2
+- fix typo in patch file name
+- Related: rhbz#1881539
+
+* Thu Nov 12 2020 David Benoit <dbenoit@redhat.com> - 1.15.3-1
 - Rebase to 1.15.3
 - fix x/text infinite loop
 - Resolves: rhbz#1881539
--- a/fix-standard-crypto-panic.patch
+++ b/fix-standard-crypto-panic.patch
@ -1,44 +0,0 @@
-diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
-index 3d3a9a36ee..8dc2d46b52 100644
--- a/src/crypto/internal/backend/openssl.go
-+++ b/src/crypto/internal/backend/openssl.go
-@@ -25,6 +25,22 @@ var enabled bool
- var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
- 
- func init() {
-+	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
-+	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
-+	// other values: do not override OpenSSL configured FIPS mode.
-+	var fips string
-+	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
-+		fips = v
-+	} else if hostFIPSModeEnabled() {
-+		// System configuration can only force FIPS mode.
-+		fips = "1"
-+	}
-+
-+	// Use Go standard crypto, do not load openssl
-+	if (fips != "1") {
-+		return
-+	}
-+
- 	version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
- 	if version == "" {
- 		var fallbackVersion string
-@@ -49,16 +65,6 @@ func init() {
- 	if err := openssl.Init(version); err != nil {
- 		panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
- 	}
-	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
-	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
-	// other values: do not override OpenSSL configured FIPS mode.
-	var fips string
-	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
-		fips = v
-	} else if hostFIPSModeEnabled() {
-		// System configuration can only force FIPS mode.
-		fips = "1"
-	}
- 	switch fips {
- 	case "0":
- 		if openssl.FIPS() {
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
--- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/modify_go.env.patch
+++ b/modify_go.env.patch
@ -1,27 +0,0 @@
-From d6e201910aa29262851c9274a4cd3645022d3539 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
-Date: Tue, 9 Apr 2024 10:05:46 +0200
-Subject: [PATCH] Modify environment variables defaults
-
- Set GOTOOLCHAIN to local
- Set GOAMD64 to v2
---
- go.env | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/go.env b/go.env
-index 6ff2b921d4..aadcda023b 100644
--- a/go.env
-+++ b/go.env
-@@ -9,4 +9,7 @@ GOSUMDB=sum.golang.org
- 
- # Automatically download newer toolchains as directed by go.mod files.
- # See https://go.dev/doc/toolchain for details.
-GOTOOLCHAIN=auto
-+GOTOOLCHAIN=local
-+
-+# The AMD64 baseline for RHEL9 is v2.
-+GOAMD64=v2
-- 
-2.44.0
-
--- a/ppc64le-internal-linker-fix.patch
+++ b/ppc64le-internal-linker-fix.patch
@ -1,122 +0,0 @@
-diff --git a/src/cmd/go/testdata/script/trampoline_reuse_test.txt b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
-new file mode 100644
-index 0000000000000..bca897c16d054
--- /dev/null
-+++ b/src/cmd/go/testdata/script/trampoline_reuse_test.txt
-@@ -0,0 +1,100 @@
-+# Verify PPC64 does not reuse a trampoline which is too far away.
-+# This tests an edge case where the direct call relocation addend should
-+# be ignored when computing the distance from the direct call to the
-+# already placed trampoline
-+[short] skip
-+[!ppc64] [!ppc64le] skip
-+[aix] skip
-+
-+# Note, this program does not run. Presumably, 'DWORD $0' is simpler to
-+# assembly 2^26 or so times.
-+#
-+# We build something which should be laid out as such:
-+#
-+# bar.Bar
-+# main.Func1
-+# bar.Bar+400-tramp0
-+# main.BigAsm
-+# main.Func2
-+# bar.Bar+400-tramp1
-+#
-+# bar.Bar needs to be placed far enough away to generate relocations
-+# from main package calls. and main.Func1 and main.Func2 are placed
-+# a bit more than the direct call limit apart, but not more than 0x400
-+# bytes beyond it (to verify the reloc calc).
-+
-+go build
-+
-+-- go.mod --
-+
-+module foo
-+
-+go 1.19
-+
-+-- main.go --
-+
-+package main
-+
-+import "foo/bar"
-+
-+func Func1()
-+
-+func main() {
-+        Func1()
-+        bar.Bar2()
-+}
-+
-+-- foo.s --
-+
-+TEXT main·Func1(SB),0,$0-0
-+        CALL bar·Bar+0x400(SB)
-+        CALL main·BigAsm(SB)
-+// A trampoline will be placed here to bar.Bar
-+
-+// This creates a gap sufficiently large to prevent trampoline reuse
-+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
-+#define NOP256 NOP64 NOP64 NOP64 NOP64
-+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
-+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
-+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
-+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
-+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
-+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
-+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
-+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
-+#define BIGNOP NOP2S24 NOP2S24
-+TEXT main·BigAsm(SB),0,$0-0
-+        // Fill to the direct call limit so Func2 must generate a new trampoline.
-+        // As the implicit trampoline above is just barely unreachable.
-+        BIGNOP
-+        MOVD $main·Func2(SB), R3
-+
-+TEXT main·Func2(SB),0,$0-0
-+        CALL bar·Bar+0x400(SB)
-+// Another trampoline should be placed here.
-+
-+-- bar/bar.s --
-+
-+#define NOP64 DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0; DWORD $0;
-+#define NOP256 NOP64 NOP64 NOP64 NOP64
-+#define NOP2S10 NOP256 NOP256 NOP256 NOP256
-+#define NOP2S12 NOP2S10 NOP2S10 NOP2S10 NOP2S10
-+#define NOP2S14 NOP2S12 NOP2S12 NOP2S12 NOP2S12
-+#define NOP2S16 NOP2S14 NOP2S14 NOP2S14 NOP2S14
-+#define NOP2S18 NOP2S16 NOP2S16 NOP2S16 NOP2S16
-+#define NOP2S20 NOP2S18 NOP2S18 NOP2S18 NOP2S18
-+#define NOP2S22 NOP2S20 NOP2S20 NOP2S20 NOP2S20
-+#define NOP2S24 NOP2S22 NOP2S22 NOP2S22 NOP2S22
-+#define BIGNOP NOP2S24 NOP2S24 NOP2S10
-+// A very big not very interesting function.
-+TEXT bar·Bar(SB),0,$0-0
-+        BIGNOP
-+
-+-- bar/bar.go --
-+
-+package bar
-+
-+func Bar()
-+
-+func Bar2() {
-+}
-diff --git a/src/cmd/link/internal/ppc64/asm.go b/src/cmd/link/internal/ppc64/asm.go
-index 5d5fbe2a97735..6313879da083c 100644
--- a/src/cmd/link/internal/ppc64/asm.go
-+++ b/src/cmd/link/internal/ppc64/asm.go
-@@ -900,8 +900,9 @@ func trampoline(ctxt *ld.Link, ldr *loader.Loader, ri int, rs, s loader.Sym) {
- 				if ldr.SymValue(tramp) == 0 {
- 					break
- 				}
-
-				t = ldr.SymValue(tramp) + r.Add() - (ldr.SymValue(s) + int64(r.Off()))
-+				// Note, the trampoline is always called directly. The addend of the original relocation is accounted for in the
-+				// trampoline itself.
-+				t = ldr.SymValue(tramp) - (ldr.SymValue(s) + int64(r.Off()))
- 
- 				// With internal linking, the trampoline can be used if it is not too far.
- 				// With external linking, the trampoline must be in this section for it to be reused.
--- a/skip_TestCrashDumpsAllThreads.patch
+++ b/skip_TestCrashDumpsAllThreads.patch
@ -1,27 +0,0 @@
-From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
-Date: Wed, 27 Mar 2024 17:15:48 +0100
-Subject: [PATCH] Skip TestCrashDumpsAllThreads
-
---
- src/runtime/crash_unix_test.go | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
-index 123a462423..a0034d6455 100644
--- a/src/runtime/crash_unix_test.go
-+++ b/src/runtime/crash_unix_test.go
-@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
- 		t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
- 	}
- 
-+	if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
-+		t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
-+	}
-+
- 	testenv.MustHaveGoBuild(t)
- 
- 	if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
-- 
-2.44.0
-
--- a/3
+++ b/3
@ -1,3 +0,0 @@
-SHA512 (compiler-rt-18.1.8.src.tar.xz) = fb8795bd51c9b005c2ad1975591e9e2715740d6407ccad41379f136ef2e8d24ded8b97b01165a3ae4bd377119a6a1049ca05d3220404fc12bee86114ff2bff0d
-SHA512 (go1.22.5-1-openssl-fips.tar.gz) = 230fa331c2470a7a42c916cd1bec79fa423e913d7722235b4386b0aaf678e9baefc71d5c201a6d2c63d5936d06f2756b945ba54513109b046d569daeecc1cef3
-SHA512 (go1.22.5.tar.gz) = e0208d239ce4a4965d3c33fe5befbb1e919a0a695c9ef87c9dfc42d8b888c34301a6eb06a848a4eb662459bc06445d2a1f07275aa5d5e4b0cadb83e0bca0cab7