4 changed files with 50 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/compiler-rt-18.1.8.src.tar.xz
-SOURCES/go1.22.9-1-openssl-fips.tar.gz
+SOURCES/go1.22.5-1-openssl-fips.tar.gz
-SOURCES/go1.22.9.tar.gz
+SOURCES/go1.22.5.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,3 +1,3 @@
 6ecbfa5516b60adb4e4e60f991b0d8ddf5aab12a SOURCES/compiler-rt-18.1.8.src.tar.xz
-af6e318112b0e4fa6f42978d5c80e2c4fc5ca02c SOURCES/go1.22.9-1-openssl-fips.tar.gz
+aa46d1a360c3c9e85a2c5b75dfa927d3d4ccf016 SOURCES/go1.22.5-1-openssl-fips.tar.gz
-3860690f8aee2de5da3cd46af6e84f4f94bfc5f0 SOURCES/go1.22.9.tar.gz
+38de97e677498c347fb7350e40a5d61be29973f9 SOURCES/go1.22.5.tar.gz
--- a/SOURCES/fix-standard-crypto-panic.patch
+++ b/SOURCES/fix-standard-crypto-panic.patch
@ -0,0 +1,44 @@
 diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
 index 3d3a9a36ee..8dc2d46b52 100644
 --- a/src/crypto/internal/backend/openssl.go
 +++ b/src/crypto/internal/backend/openssl.go
@@ -25,6 +25,22 @@ var enabled bool
 var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
 func init() {
 +	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 +	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 +	// other values: do not override OpenSSL configured FIPS mode.
 +	var fips string
 +	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 +		fips = v
 +	} else if hostFIPSModeEnabled() {
 +		// System configuration can only force FIPS mode.
 +		fips = "1"
 +	}
 +
 +	// Use Go standard crypto, do not load openssl
 +	if (fips != "1") {
 +		return
 +	}
 +
 	version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
 	if version == "" {
 		var fallbackVersion string
@@ -49,16 +65,6 @@ func init() {
 	if err := openssl.Init(version); err != nil {
 		panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
 	}
 -	// 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
 -	// 1: FIPS required: abort the process if it is not enabled and can't be enabled.
 -	// other values: do not override OpenSSL configured FIPS mode.
 -	var fips string
 -	if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
 -		fips = v
 -	} else if hostFIPSModeEnabled() {
 -		// System configuration can only force FIPS mode.
 -		fips = "1"
 -	}
 	switch fips {
 	case "0":
 		if openssl.FIPS() {
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -93,7 +93,7 @@
 %endif
 %global go_api 1.22
-%global go_version 1.22.9
+%global go_version 1.22.5
 %global version %{go_version}
 %global pkg_release 1
@ -154,6 +154,7 @@ Patch1939923:   skip_test_rhbz1939923.patch
 Patch4:		modify_go.env.patch
 Patch6:		skip_TestCrashDumpsAllThreads.patch
 Patch7:		fix-standard-crypto-panic.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -583,23 +584,6 @@ cd ..
 %endif
 %changelog
 * Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-2
 - Fix sources
 - Related: RHEL-67672
 * Thu Nov 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.9-1
 - Update to Go 1.22.9
 - Resolves: RHEL-67672
 * Thu Oct 03 2024 Archana <aravinda@redhat.com> - 1.22.7-2
 - Rebuilt to use right build target
 - Related: RHEL-57867
 * Tue Sep 24 2024 David Benoit <dbenoit@redhat.com> - 1.22.7-1
 - Update to Go 1.22.7
 - Remove fix-standard-crypto-panic.patch (upstreamed)
 - Resolves: RHEL-57867
 * Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
 - Rebuild race detector archives from LLVM sources
 - Add golang-race subpackage