diff --git a/.gitignore b/.gitignore index cfa204d..0337066 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/go1.20.12-2-openssl-fips.tar.gz -SOURCES/go1.20.12.tar.gz +SOURCES/go1.21.9-1-openssl-fips.tar.gz +SOURCES/go1.21.9.tar.gz diff --git a/.golang.metadata b/.golang.metadata index 07c4ff0..46a4cf1 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1,2 +1,2 @@ -f57205df5fc5d2e0392ca39c795c6d60d22f0c80 SOURCES/go1.20.12-2-openssl-fips.tar.gz -6d5bc127443fc42b1af8d9ba4115abe18554feb7 SOURCES/go1.20.12.tar.gz +1162b641e8b23110eaab7496003585ea6c786158 SOURCES/go1.21.9-1-openssl-fips.tar.gz +54c038c82c82ebe2ad4ee2d0a3d7c4d39809f59a SOURCES/go1.21.9.tar.gz diff --git a/SOURCES/disable_static_tests_part2.patch b/SOURCES/disable_static_tests_part2.patch index aa2d91c..494de22 100644 --- a/SOURCES/disable_static_tests_part2.patch +++ b/SOURCES/disable_static_tests_part2.patch @@ -1,13 +1,13 @@ diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 9f26606..2408505 100644 +index 36a20e8b2a..8c2dd1b44b 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1259,7 +1259,7 @@ func (t *tester) registerCgoTests() { +@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) { } else { panic("unknown linkmode with static build: " + linkmode) } - gt.tags = append(gt.tags, "static") + gt.tags = append(gt.tags, "static", "no_openssl") } + gt.ldflags = strings.Join(ldflags, " ") - t.registerTest("cgo:"+name, "../misc/cgo/test", gt, opts...) diff --git a/SOURCES/fix-memleak-rsa-ecdh.patch b/SOURCES/fix-memleak-setupRSA.patch similarity index 100% rename from SOURCES/fix-memleak-rsa-ecdh.patch rename to SOURCES/fix-memleak-setupRSA.patch diff --git a/SOURCES/modify_go.env.patch b/SOURCES/modify_go.env.patch new file mode 100644 index 0000000..398f5c0 --- /dev/null +++ b/SOURCES/modify_go.env.patch @@ -0,0 +1,22 @@ +From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Fri, 9 Feb 2024 20:06:16 +0100 +Subject: [PATCH] Set GOTOOLCHAIN to local + +--- + go.env | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/go.env b/go.env +index 6ff2b921d4..e87f6e7b6d 100644 +--- a/go.env ++++ b/go.env +@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org + + # Automatically download newer toolchains as directed by go.mod files. + # See https://go.dev/doc/toolchain for details. +-GOTOOLCHAIN=auto ++GOTOOLCHAIN=local +-- +2.43.0 + diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 4be2065..ce1c2fb 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -2,8 +2,6 @@ %global bcond_with strict_fips -%global run_fips_test 0 - # build ids are not currently generated: # https://code.google.com/p/go/issues/detail?id=5238 # @@ -58,7 +56,7 @@ %endif # Controls what ever we fail on failed tests -%ifarch x86_64 %{arm} aarch64 ppc64le s390x +%ifarch x86_64 %{arm} ppc64le s390x %global fail_on_tests 1 %else %global fail_on_tests 0 @@ -94,14 +92,14 @@ %global gohostarch s390x %endif -%global go_api 1.20 -%global go_version 1.20.12 +%global go_api 1.21 +%global go_version 1.21.9 %global version %{go_version} -%global pkg_release 2 +%global pkg_release 1 Name: golang Version: %{version} -Release: 4%{?dist} +Release: 2%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -140,9 +138,9 @@ Requires: %{name}-src = %{version}-%{release} Requires: openssl-devel Requires: diffutils - # Proposed patch by jcajka https://golang.org/cl/86541 Patch221: fix_TestScript_list_std.patch +Patch229: fix-memleak-setupRSA.patch Patch1939923: skip_test_rhbz1939923.patch @@ -150,7 +148,7 @@ Patch1939923: skip_test_rhbz1939923.patch # are incompatible with dlopen in golang-fips Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch -Patch229: fix-memleak-rsa-ecdh.patch +Patch4: modify_go.env.patch # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -244,7 +242,7 @@ Requires: %{name} = %{version}-%{release} %package -n go-toolset Summary: Package that installs go-toolset Requires: %{name} = %{version}-%{release} -%ifarch x86_64 +%ifarch x86_64 aarch64 ppc64le Requires: delve %endif @@ -257,10 +255,9 @@ This is the main package for go-toolset. pushd .. tar -xf %{SOURCE1} popd - -for patch in ../go-go%{version}-%{pkg_release}-openssl-fips/patches/*.patch; do - patch -p1 < "${patch}" -done +patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch +patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch +patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch # Configure crypto tests pushd ../go-go%{version}-%{pkg_release}-openssl-fips @@ -270,6 +267,8 @@ popd %autopatch -p1 +sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION + cp %{SOURCE2} ./src/runtime/ %build @@ -339,7 +338,7 @@ rm -rf pkg/bootstrap/bin # install everything into libdir (until symlink problems are fixed) # https://code.google.com/p/go/issues/detail?id=5830 -cp -apv api bin doc lib pkg src misc test VERSION \ +cp -apv api bin doc lib pkg src misc test go.env VERSION \ $RPM_BUILD_ROOT%{goroot} # bz1099206 @@ -459,7 +458,6 @@ export GO_TEST_RUN="" ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN # Run tests with FIPS enabled. -%if %{run_fips_test} export GOLANG_FIPS=1 export OPENSSL_FORCE_FIPS_MODE=1 pushd crypto @@ -472,7 +470,6 @@ popd pushd crypto/tls go test -v -run "Boring" popd -%endif %else ./run.bash --no-rebuild -v -v -v -k || : %endif @@ -524,6 +521,7 @@ cd .. %files -f go-pkg.list bin %{_bindir}/go %{_bindir}/gofmt +%{goroot}/go.env %if %{shared} %files -f go-shared.list shared @@ -532,28 +530,51 @@ cd .. %files -n go-toolset %changelog -* Fri Apr 19 2024 David Benoit - 1.20.12-4 -- Rebuild for z-stream -- Related: RHEL-28939 +* Mon Apr 15 2024 David Benoit - 1.21.9-2 +- Rebuilt for z-stream +- Related: RHEL-24312 +- Related: RHEL-28940 -* Wed Apr 10 2024 David Benoit - 1.20.12-3 -- Fix CVE-2023-45288 -- Resolves: RHEL-28939 -- Temporarily disable FIPS tests (RHELBLD-14822) - -* Tue Mar 05 2024 David Benoit - 1.20.12-2 +* Fri Apr 5 2024 Archana Ravindar - 1.21.9-1 - Fix CVE-2024-1394 -- Resolves: RHEL-27189 - -* Tue Dec 12 2023 David Benoit - 1.20.12-1 -- Fix CVE-2023-39326 -- Resolves: RHEL-19234 - -* Fri Oct 13 2023 David Benoit - 1.20.10-1 -- Update to Go 1.20.10 -- Fix CVE-2023-39325 -- Midstream patches -- Resolves: RHEL-12623 +- Fix CVE-2023-45288 +- Resolves RHEL-24312 +- Resolves RHEL-28940 + +* Fri Feb 09 2024 Alejandro Sáez - 1.21.7-1 +- Rebase to Go 1.21.7 +- Set GOTOOLCHAIN to local +- Resolves: RHEL-24334 +- Resolves: RHEL-18364 +- Resolves: RHEL-18365 + +* Thu Nov 30 2023 Alejandro Sáez - 1.21.4-2 +- Add release information + +* Tue Nov 14 2023 Alejandro Sáez - 1.21.4-1 +- Rebase to Go 1.21.4 +- Resolves: RHEL-11871 + +* Wed Nov 08 2023 David Benoit - 1.21.3-5 +- Don't change GOPROXY/GOSUMDB +- Related: RHEL-12624 + +* Thu Nov 02 2023 David Benoit - 1.21.3-4 +- Fix missing go.env in Go 1.21 +- Related: RHEL-12624 + +* Tue Oct 31 2023 Archana Ravindar - 1.21.3-3 +- Add missing strict fips runtime detection patch +- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs +- Related: RHEL-12624 + +* Wed Oct 25 2023 Archana Ravindar - 1.21.3-2 +- Rebase disable_static_tests_part2.patch to Go 1.21.3 +- Related: RHEL-12624 + +* Fri Oct 20 2023 Archana Ravindar - 1.21.3-1 +- Rebase to Go 1.21.3 +- Resolves: RHEL-12624 * Wed Sep 27 2023 Alejandro Sáez - 1.20.8-1 - Rebase to Go 1.20.8