Rebase to go1.12rc1

2019-02-18 10:06:45 +01:00 · 2019-02-18 10:06:45 +01:00 · 73766cf515
parent e3e1bdbf46
commit 73766cf515
4 changed files with 7 additions and 44 deletions
--- a/.gitignore
+++ b/.gitignore
@ -63,3 +63,4 @@
 /go1.11.2.src.tar.gz
 /go1.11.4.src.tar.gz
 /go1.12beta2.src.tar.gz
+/go1.12rc1.src.tar.gz
--- a/CVE-2019-6486.patch
+++ b/CVE-2019-6486.patch
@ -1,39 +0,0 @@
-From 193c16a3648b8670a762e925b6ac6e074f468a20 Mon Sep 17 00:00:00 2001
-From: Filippo Valsorda <filippo@golang.org>
-Date: Tue, 22 Jan 2019 16:02:41 -0500
-Subject: [PATCH] crypto/elliptic: reduce subtraction term to prevent long busy loop
-
-If beta8 is unusually large, the addition loop might take a very long
-time to bring x3-beta8 back positive.
-
-This would lead to a DoS vulnerability in the implementation of the
-P-521 and P-384 elliptic curves that may let an attacker craft inputs
-to ScalarMult that consume excessive amounts of CPU.
-
-This fixes CVE-2019-6486.
-
-Fixes #29903
-
-Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a
-Reviewed-on: https://team-review.git.corp.google.com/c/399777
-Reviewed-by: Adam Langley <agl@google.com>
-Reviewed-by: Julie Qiu <julieqiu@google.com>
-Reviewed-on: https://go-review.googlesource.com/c/159218
-Reviewed-by: Julie Qiu <julie@golang.org>
---
-
-diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
-index 4fc2b5e..c84657c 100644
--- a/src/crypto/elliptic/elliptic.go
-+++ b/src/crypto/elliptic/elliptic.go
-@@ -210,8 +210,9 @@
- 
- 	x3 := new(big.Int).Mul(alpha, alpha)
- 	beta8 := new(big.Int).Lsh(beta, 3)
-+	beta8.Mod(beta8, curve.P)
- 	x3.Sub(x3, beta8)
-	for x3.Sign() == -1 {
-+	if x3.Sign() == -1 {
- 		x3.Add(x3, curve.P)
- 	}
- 	x3.Mod(x3, curve.P)
--- a/golang.spec
+++ b/golang.spec
@ -102,11 +102,11 @@
 %endif

 %global go_api 1.12
-%global go_version 1.12beta2
+%global go_version 1.12rc1

 Name:           golang
 Version:        1.12
-Release:        0.beta2.2%{?dist}.1
+Release:        0.rc1.1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -183,7 +183,6 @@ Requires:       go-srpm-macros

 Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
-Patch3:       CVE-2019-6486.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -309,7 +308,6 @@ Requires:       %{name} = %{version}-%{release}

 %patch1 -p1
 %patch2 -p1
-%patch3 -p1

 cp %{SOURCE1} ./src/runtime/

@ -548,6 +546,9 @@ fi
 %endif

 %changelog
+* Mon Feb 18 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.rc1.1
+- Rebase to go1.12rc1
+
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.12-0.beta2.2.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (go1.12beta2.src.tar.gz) = 76dc2ef89a01617afaf6b29d2327463e2efe930123ad8175a1f017d61207c19b86a40878a36b1f2cc1be5da16c9cf1285dcff5add0dc593a684c8296530633d8
+SHA512 (go1.12rc1.src.tar.gz) = a27569637fc2acc55234c9580edefd50ec9abe2b468410a0d50393f0494d8b8d8a4180d530a23b6b3cf3a365cf0b31a7c04ad7c989bdb8dcb8544857f969565a