Compare commits

...

6 Commits

8 changed files with 289 additions and 141 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/go1.19.13-2-openssl-fips.tar.gz
SOURCES/go1.19.13.tar.gz
SOURCES/go1.21.9-1-openssl-fips.tar.gz
SOURCES/go1.21.9.tar.gz

View File

@ -1,2 +1,2 @@
3335b6ee2baab3a616b7a969b62ac1c9ed136b74 SOURCES/go1.19.13-2-openssl-fips.tar.gz
5627a7cd27f73a12c909dd818d310deda7146b86 SOURCES/go1.19.13.tar.gz
1162b641e8b23110eaab7496003585ea6c786158 SOURCES/go1.21.9-1-openssl-fips.tar.gz
54c038c82c82ebe2ad4ee2d0a3d7c4d39809f59a SOURCES/go1.21.9.tar.gz

View File

@ -1,53 +0,0 @@
From 241192ecd31ca03a6f68fa7e55bb9f66040d3a2f Mon Sep 17 00:00:00 2001
From: Lynn Boger <laboger@linux.vnet.ibm.com>
Date: Thu, 14 Jul 2022 10:47:28 -0500
Subject: [PATCH] cmd/link: use correct path for dynamic loader on ppc64le
The setting of the path for the dynamic loader when building for
linux/ppc64le ELF v2 was incorrectly set to the path for
PPC64 ELF v1. This has not caused issues in the common cases
because this string can be set based on the default GO_LDSO setting.
It does result in an incorrect value when cross compiling binaries
with -buildmode=pie.
Updates #53813
Change-Id: I84de1c97b42e0434760b76a57c5a05e055fbb730
---
src/cmd/link/internal/ppc64/obj.go | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
index b6d5ad92af..bca8fa9212 100644
--- a/src/cmd/link/internal/ppc64/obj.go
+++ b/src/cmd/link/internal/ppc64/obj.go
@@ -38,9 +38,12 @@ import (
)
func Init() (*sys.Arch, ld.Arch) {
- arch := sys.ArchPPC64
- if buildcfg.GOARCH == "ppc64le" {
- arch = sys.ArchPPC64LE
+ arch := sys.ArchPPC64LE
+ dynld := "/lib64/ld64.so.2"
+
+ if buildcfg.GOARCH == "ppc64" {
+ arch = sys.ArchPPC64
+ dynld = "/lib64/ld64.so.1"
}
theArch := ld.Arch{
@@ -64,9 +67,7 @@ func Init() (*sys.Arch, ld.Arch) {
Machoreloc1: machoreloc1,
Xcoffreloc1: xcoffreloc1,
- // TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
- Linuxdynld: "/lib64/ld64.so.1",
-
+ Linuxdynld: dynld,
Freebsddynld: "XXX",
Openbsddynld: "XXX",
Netbsddynld: "XXX",
--
2.35.3

View File

@ -1,36 +1,13 @@
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index da5b179..6a772df 100644
index 36a20e8b2a..8c2dd1b44b 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -1247,18 +1247,20 @@ func (t *tester) cgoTest(dt *distTest) error {
fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.")
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
} else {
if goos != "android" {
- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
}
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), ".")
t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`, ".")
if goos != "android" {
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl")
+ /*
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, ".")
// -static in CGO_LDFLAGS triggers a different code path
// than -static in -extldflags, so test both.
// See issue #16651.
cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", ".")
setEnv(cmd, "CGO_LDFLAGS", "-static -pthread")
+ */
}
}
@@ -1268,7 +1270,7 @@ func (t *tester) cgoTest(dt *distTest) error {
t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie", ".")
}
t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie", ".")
- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", ".")
+ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl")
panic("unknown linkmode with static build: " + linkmode)
}
- gt.tags = append(gt.tags, "static")
+ gt.tags = append(gt.tags, "static", "no_openssl")
}
}
gt.ldflags = strings.Join(ldflags, " ")

View File

@ -0,0 +1,172 @@
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
index 56adf47bf6..9537870e3c 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
@@ -22,22 +22,10 @@ var (
type PublicKeyECDH struct {
_pkey *C.GO_EVP_PKEY
bytes []byte
-
- // priv is only set when PublicKeyECDH is derived from a private key,
- // in which case priv's finalizer is responsible for freeing _pkey.
- // This ensures priv is not finalized while the public key is alive,
- // which could cause use-after-free and double-free behavior.
- //
- // We could avoid this altogether by using EVP_PKEY_up_ref
- // when instantiating a derived public key, unfortunately
- // it is not available on OpenSSL 1.0.2.
- priv *PrivateKeyECDH
}
func (k *PublicKeyECDH) finalize() {
- if k.priv == nil {
- C._goboringcrypto_EVP_PKEY_free(k._pkey)
- }
+ C._goboringcrypto_EVP_PKEY_free(k._pkey)
}
type PrivateKeyECDH struct {
@@ -58,7 +46,7 @@ func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) {
if err != nil {
return nil, err
}
- k := &PublicKeyECDH{pkey, append([]byte(nil), bytes...), nil}
+ k := &PublicKeyECDH{pkey, append([]byte(nil), bytes...)}
runtime.SetFinalizer(k, (*PublicKeyECDH).finalize)
return k, nil
}
@@ -87,14 +75,22 @@ func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) {
var bytes []byte
var cbytes *C.uchar
- n := C._goboringcrypto_EVP_PKEY_get1_encoded_ecdh_public_key(k._pkey, &cbytes)
+ pkey := C._goboringcrypto_EVP_PKEY_ref(k._pkey)
+ if pkey == nil {
+ return nil, NewOpenSSLError("EVP_PKEY_ref")
+ }
+ defer func() {
+ C._goboringcrypto_EVP_PKEY_free(pkey)
+ }()
+ n := C._goboringcrypto_EVP_PKEY_get1_encoded_ecdh_public_key(pkey, &cbytes)
if n == 0 {
return nil, NewOpenSSLError("EVP_PKEY_get1_encoded_ecdh_public_key")
}
bytes = C.GoBytes(unsafe.Pointer(cbytes), C.int(n))
C.free(unsafe.Pointer(cbytes))
- pub := &PublicKeyECDH{k._pkey, bytes, k}
+ pub := &PublicKeyECDH{pkey, bytes}
+ pkey = nil
runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize)
return pub, nil
}
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
index a900b3f9e7..03367d5520 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
@@ -827,6 +827,9 @@ DEFINEFUNC(GO_EVP_PKEY *, EVP_PKEY_new, (void), ())
DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY * arg0), (arg0))
DEFINEFUNC(int, EVP_PKEY_set1_RSA, (GO_EVP_PKEY * arg0, GO_RSA *arg1), (arg0, arg1))
DEFINEFUNC(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY * arg0, GO_EC_KEY *arg1), (arg0, arg1))
+DEFINEFUNC(const GO_EC_KEY *, EVP_PKEY_get0_EC_KEY, (const GO_EVP_PKEY *pkey), (pkey))
+GO_EVP_PKEY *_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey);
+
DEFINEFUNC(int, EVP_PKEY_verify,
(EVP_PKEY_CTX *ctx, const unsigned char *sig, unsigned int siglen, const unsigned char *tbs, size_t tbslen),
(ctx, sig, siglen, tbs, tbslen))
@@ -1083,15 +1086,6 @@ enum {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DEFINEFUNC(int, EVP_PKEY_set1_encoded_public_key, (GO_EVP_PKEY *pkey, const unsigned char *pub, size_t publen), (pkey, pub, publen))
DEFINEFUNC(size_t, EVP_PKEY_get1_encoded_public_key, (GO_EVP_PKEY *pkey, unsigned char **ppub), (pkey, ppub))
-
-DEFINEFUNC(const GO_EC_KEY *, EVP_PKEY_get0_EC_KEY, (const GO_EVP_PKEY *pkey), (pkey))
-#else
-DEFINEFUNCINTERNAL(void *, EVP_PKEY_get0, (const GO_EVP_PKEY *pkey), (pkey))
-static const GO_EC_KEY *
-_goboringcrypto_EVP_PKEY_get0_EC_KEY(const GO_EVP_PKEY *pkey)
-{
- return _goboringcrypto_internal_EVP_PKEY_get0(pkey);
-}
#endif
GO_EVP_PKEY *_goboringcrypto_EVP_PKEY_new_for_ecdh(int nid, const uint8_t *bytes, size_t len, int is_private);
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
index 24a9615108..c6b23a984b 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
@@ -5,6 +5,7 @@
// +build !msan
#include "goopenssl.h"
+#include <assert.h>
int _goboringcrypto_EVP_sign(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *msg,
size_t msgLen, uint8_t *sig, size_t *slen,
@@ -138,3 +139,52 @@ err:
return ret;
}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNCINTERNAL(int, EVP_PKEY_up_ref, (GO_EVP_PKEY *pkey), (pkey))
+
+GO_EVP_PKEY *
+_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey)
+{
+ if (_goboringcrypto_internal_EVP_PKEY_up_ref(pkey) != 1)
+ return NULL;
+
+ return pkey;
+}
+
+#else
+GO_EVP_PKEY *
+_goboringcrypto_EVP_PKEY_ref(GO_EVP_PKEY *pkey)
+{
+ GO_EVP_PKEY *result = NULL;
+
+ if (pkey->type != EVP_PKEY_EC && pkey->type != EVP_PKEY_RSA)
+ return NULL;
+
+ result = _goboringcrypto_EVP_PKEY_new();
+ if (!result)
+ goto err;
+
+ switch (pkey->type) {
+ case EVP_PKEY_EC:
+ if (_goboringcrypto_EVP_PKEY_set1_EC_KEY(result, _goboringcrypto_EVP_PKEY_get0_EC_KEY()) != 1)
+ goto err;
+ break;
+
+ case EVP_PKEY_RSA:
+ if (_goboringcrypto_EVP_PKEY_set1_RSA_KEY(result, _goboringcrypto_EVP_PKEY_get0_RSA_KEY()) != 1)
+ goto err;
+
+ break;
+
+ default:
+ assert(0);
+ }
+
+ return result;
+
+err:
+ _goboringcrypto_EVP_PKEY_free(result);
+ return NULL;
+}
+#endif
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
index 75ba7a8a59..1e016676a0 100644
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
@@ -116,7 +116,9 @@ func (k *PrivateKeyRSA) withKey(f func(*C.GO_RSA) C.int) C.int {
func setupRSA(withKey func(func(*C.GO_RSA) C.int) C.int,
padding C.int, h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
- init func(*C.GO_EVP_PKEY_CTX) C.int) (pkey *C.GO_EVP_PKEY, ctx *C.GO_EVP_PKEY_CTX, err error) {
+ init func(*C.GO_EVP_PKEY_CTX) C.int) (_ *C.GO_EVP_PKEY,_ *C.GO_EVP_PKEY_CTX, err error) {
+ var pkey *C.GO_EVP_PKEY
+ var ctx *C.GO_EVP_PKEY_CTX
defer func() {
if err != nil {
if pkey != nil {

View File

@ -0,0 +1,22 @@
From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Fri, 9 Feb 2024 20:06:16 +0100
Subject: [PATCH] Set GOTOOLCHAIN to local
---
go.env | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/go.env b/go.env
index 6ff2b921d4..e87f6e7b6d 100644
--- a/go.env
+++ b/go.env
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
# Automatically download newer toolchains as directed by go.mod files.
# See https://go.dev/doc/toolchain for details.
-GOTOOLCHAIN=auto
+GOTOOLCHAIN=local
--
2.43.0

View File

@ -0,0 +1,15 @@
diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
index 0853178e3a..16eb37734b 100644
--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
}
func TestOverlongMessagePKCS1v15(t *testing.T) {
+ // OpenSSL now returns a random string instead of an error
+ if boring.Enabled() {
+ t.Skip("Not relevant in boring mode")
+ }
ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
if err == nil {

View File

@ -56,7 +56,7 @@
%endif
# Controls what ever we fail on failed tests
%ifarch x86_64 %{arm} aarch64 ppc64le s390x
%ifarch x86_64 %{arm} ppc64le s390x
%global fail_on_tests 1
%else
%global fail_on_tests 0
@ -69,12 +69,8 @@
%global shared 0
%endif
# Pre build std lib with -race enabled
%ifarch x86_64
%global race 1
%else
# Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
%global race 0
%endif
%ifarch x86_64
%global gohostarch amd64
@ -95,13 +91,14 @@
%global gohostarch s390x
%endif
%global go_api 1.19
%global version 1.19.13
%global pkg_release 2
%global go_api 1.21
%global version 1.21.9
%global pkg_release 1
Name: golang
Version: %{version}
Release: 1%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
@ -140,16 +137,16 @@ Requires: %{name}-src = %{version}-%{release}
Requires: openssl-devel
Requires: diffutils
# Proposed patch by jcajka https://golang.org/cl/86541
Patch221: fix_TestScript_list_std.patch
Patch229: fix-memleak-setupRSA.patch
Patch1939923: skip_test_rhbz1939923.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
Patch2: disable_static_tests_part1.patch
Patch3: disable_static_tests_part2.patch
Patch4: skip-test-overlong-message.patch
Patch5: modify_go.env.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -157,6 +154,9 @@ Obsoletes: %{name}-docs < 1.1-4
# RPM can't handle symlink -> dir with subpackages, so merge back
Obsoletes: %{name}-data < 1.1.1-4
# We don't build golang-race anymore, rhbz#2230599
Obsoletes: golang-race < 1.20.0
# These are the only RHEL/Fedora architectures that we compile this package for
ExclusiveArch: %{golang_arches}
@ -246,7 +246,6 @@ popd
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch
# Configure crypto tests
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@ -254,13 +253,9 @@ ln -s ../go-go%{version} go
./scripts/configure-crypto-tests.sh
popd
%patch2 -p1
%patch3 -p1
%autopatch -p1
%patch221 -p1
%patch1939923 -p1
%patch227 -p1
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
cp %{SOURCE2} ./src/runtime/
@ -331,7 +326,7 @@ rm -rf pkg/bootstrap/bin
# install everything into libdir (until symlink problems are fixed)
# https://code.google.com/p/go/issues/detail?id=5830
cp -apv api bin doc lib pkg src misc test VERSION \
cp -apv api bin doc lib pkg src misc test go.env VERSION \
$RPM_BUILD_ROOT%{goroot}
# bz1099206
@ -344,12 +339,11 @@ cwd=$(pwd)
src_list=$cwd/go-src.list
pkg_list=$cwd/go-pkg.list
shared_list=$cwd/go-shared.list
race_list=$cwd/go-race.list
misc_list=$cwd/go-misc.list
docs_list=$cwd/go-docs.list
tests_list=$cwd/go-tests.list
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
pushd $RPM_BUILD_ROOT%{goroot}
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list
@ -380,13 +374,6 @@ pushd $RPM_BUILD_ROOT%{goroot}
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
%endif
%if %{race}
find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
%endif
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
@ -524,38 +511,66 @@ cd ..
%files -f go-pkg.list bin
%{_bindir}/go
%{_bindir}/gofmt
%{goroot}/go.env
%if %{shared}
%files -f go-shared.list shared
%endif
%if %{race}
%files -f go-race.list race
%endif
%changelog
* Thu Oct 12 2023 David Benoit <dbenoit@redhat.com> - 1.19.13-1
- Fix CVE-2023-39325
- Resolves: RHEL-12618
* Fri Apr 12 2024 David Benoit <dbenoit@redhat.com> - 1.21.9-1
- Fix CVE-2023-45288
- Resolves: RHEL-31915
* Wed Aug 30 2023 David Benoit <dbenoit@redhat.com> - 1.19.12-1
- Update to Go 1.19.12
- Midstream patches
- Resolves: rhbz#2223641
* Mon Apr 1 2024 Archana Ravindar <aravinda@redhat.com> - 1.21.7-2
- Fix CVE-2024-1394
- Resolves RHEL-24300
* Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
- Update to Go 1.19.10
- Resolves: rhbz#2217623
- Resolves: rhbz#2217609
- Resolves: rhbz#2217581
* Tue Feb 13 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
- Rebase to Go 1.21.7
- Add release information
- Set GOTOOLCHAIN to local
- Skip TestOverlongMessagePKCS1v15
- Resolves: RHEL-24082
- Resolves: RHEL-18363
- Resolves: RHEL-18382
* Wed May 17 2023 Alejandro Sáez <asm@redhat.com> - 1.19.9-1
- Rebase to Go 1.19.9
- Resolves: rhbz#2204473
* Wed Nov 08 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-4
- Do not remove GOPROXY/GOSUMDB
- Related: RHEL-12620
* Wed Mar 01 2023 David Benoit <dbenoit@redhat.com> - 1.19.6-1
- Rebase to Go 1.19.6
- Resolves: rhbz#2174430
* Thu Nov 02 2023 David Benoit <dbenoit@redhat.com> - 1.21.3-3
- Fix go.env in Go 1.21
- Related: RHEL-12620
* Tue Oct 31 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-2
- Rebase disable_static_tests_part2.patch to Go 1.21.3
- Add missing strict fips runtime detection patch
- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Remove fix-memory-leak patch as it is fixed upstream
- Resolves: RHEL-12620
* Fri Oct 20 2023 Archana Ravindar <aravinda@redhat.com> - 1.21.3-1
- Rebase Go to 1.21.3
- Resolves: RHEL-12620
* Mon Aug 14 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-2
- Retire golang-race package
- Resolves: rhbz#2230599
* Tue Jul 25 2023 Alejandro Sáez <asm@redhat.com> - 1.20.6-1
- Rebase to Go 1.20.6
- Resolves: rhbz#2217596
* Mon May 29 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
- Rebase to Go 1.20.4
- Resolves: rhbz#2204474
* Tue Apr 11 2023 David Benoit <dbenoit@redhat.com> - 1.20.3-1
- Rebase to Go 1.20.3
- Remove race archives
- Update static tests patches
- Resolves: rhbz#2185260
* Tue Jan 3 2023 David Benoit <dbenoit@redhat.com> - 1.19.4-2
- Fix memory leaks in EVP_{sign,verify}_raw