From ce2a039e09ad04dfc6bedf0a27a06576044b4a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= Date: Wed, 8 Jun 2022 18:14:05 +0200 Subject: [PATCH] Backport of patches Co-authored-by: Maxwell G Skip tests for arm Adds 0004-fix-CVE-2022-24675.patch Resolves: rhbz#2080125 Adds 0005-fix-CVE-2022-28327.patch Resolves: rhbz#2079826 --- 0004-fix-CVE-2022-24675.patch | 291 +++++++++++++++++++++++++++++++ 0005-fix-CVE-2022-28327.patch | 320 ++++++++++++++++++++++++++++++++++ golang.spec | 37 ++-- 3 files changed, 634 insertions(+), 14 deletions(-) create mode 100644 0004-fix-CVE-2022-24675.patch create mode 100644 0005-fix-CVE-2022-28327.patch diff --git a/0004-fix-CVE-2022-24675.patch b/0004-fix-CVE-2022-24675.patch new file mode 100644 index 0000000..7706200 --- /dev/null +++ b/0004-fix-CVE-2022-24675.patch @@ -0,0 +1,291 @@ +From 2116d60993e90d3f9b963c979f4bf1d116af03ff Mon Sep 17 00:00:00 2001 +From: Julie Qiu +Date: Tue, 01 Mar 2022 10:19:38 -0600 +Subject: [PATCH] [release-branch.go1.17] encoding/pem: fix stack overflow in Decode + +Previously, Decode called decodeError, a recursive function that was +prone to stack overflows when given a large PEM file containing errors. + +Credit to Juho Nurminen of Mattermost who reported the error. + +Fixes CVE-2022-24675 +Updates #51853 +Fixes #52036 + +Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157 +Reviewed-by: Damien Neil +Reviewed-by: Filippo Valsorda +(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02) +Reviewed-on: https://go-review.googlesource.com/c/go/+/399816 +Run-TryBot: Dmitri Shuralyov +Reviewed-by: Dmitri Shuralyov +Reviewed-by: Cherry Mui +TryBot-Result: Gopher Robot +--- + +diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go +index a7272da..1bee1c1 100644 +--- a/src/encoding/pem/pem.go ++++ b/src/encoding/pem/pem.go +@@ -87,123 +87,97 @@ + // pemStart begins with a newline. However, at the very beginning of + // the byte array, we'll accept the start string without it. + rest = data +- if bytes.HasPrefix(data, pemStart[1:]) { +- rest = rest[len(pemStart)-1 : len(data)] +- } else if i := bytes.Index(data, pemStart); i >= 0 { +- rest = rest[i+len(pemStart) : len(data)] +- } else { +- return nil, data +- } +- +- typeLine, rest := getLine(rest) +- if !bytes.HasSuffix(typeLine, pemEndOfLine) { +- return decodeError(data, rest) +- } +- typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] +- +- p = &Block{ +- Headers: make(map[string]string), +- Type: string(typeLine), +- } +- + for { +- // This loop terminates because getLine's second result is +- // always smaller than its argument. +- if len(rest) == 0 { ++ if bytes.HasPrefix(rest, pemStart[1:]) { ++ rest = rest[len(pemStart)-1:] ++ } else if i := bytes.Index(rest, pemStart); i >= 0 { ++ rest = rest[i+len(pemStart) : len(rest)] ++ } else { + return nil, data + } +- line, next := getLine(rest) + +- i := bytes.IndexByte(line, ':') +- if i == -1 { +- break ++ var typeLine []byte ++ typeLine, rest = getLine(rest) ++ if !bytes.HasSuffix(typeLine, pemEndOfLine) { ++ continue ++ } ++ typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)] ++ ++ p = &Block{ ++ Headers: make(map[string]string), ++ Type: string(typeLine), + } + +- // TODO(agl): need to cope with values that spread across lines. +- key, val := line[:i], line[i+1:] +- key = bytes.TrimSpace(key) +- val = bytes.TrimSpace(val) +- p.Headers[string(key)] = string(val) +- rest = next ++ for { ++ // This loop terminates because getLine's second result is ++ // always smaller than its argument. ++ if len(rest) == 0 { ++ return nil, data ++ } ++ line, next := getLine(rest) ++ ++ i := bytes.IndexByte(line, ':') ++ if i == -1 { ++ break ++ } ++ ++ // TODO(agl): need to cope with values that spread across lines. ++ key, val := line[:i], line[i+1:] ++ key = bytes.TrimSpace(key) ++ val = bytes.TrimSpace(val) ++ p.Headers[string(key)] = string(val) ++ rest = next ++ } ++ ++ var endIndex, endTrailerIndex int ++ ++ // If there were no headers, the END line might occur ++ // immediately, without a leading newline. ++ if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) { ++ endIndex = 0 ++ endTrailerIndex = len(pemEnd) - 1 ++ } else { ++ endIndex = bytes.Index(rest, pemEnd) ++ endTrailerIndex = endIndex + len(pemEnd) ++ } ++ ++ if endIndex < 0 { ++ continue ++ } ++ ++ // After the "-----" of the ending line, there should be the same type ++ // and then a final five dashes. ++ endTrailer := rest[endTrailerIndex:] ++ endTrailerLen := len(typeLine) + len(pemEndOfLine) ++ if len(endTrailer) < endTrailerLen { ++ continue ++ } ++ ++ restOfEndLine := endTrailer[endTrailerLen:] ++ endTrailer = endTrailer[:endTrailerLen] ++ if !bytes.HasPrefix(endTrailer, typeLine) || ++ !bytes.HasSuffix(endTrailer, pemEndOfLine) { ++ continue ++ } ++ ++ // The line must end with only whitespace. ++ if s, _ := getLine(restOfEndLine); len(s) != 0 { ++ continue ++ } ++ ++ base64Data := removeSpacesAndTabs(rest[:endIndex]) ++ p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) ++ n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) ++ if err != nil { ++ continue ++ } ++ p.Bytes = p.Bytes[:n] ++ ++ // the -1 is because we might have only matched pemEnd without the ++ // leading newline if the PEM block was empty. ++ _, rest = getLine(rest[endIndex+len(pemEnd)-1:]) ++ return p, rest + } +- +- var endIndex, endTrailerIndex int +- +- // If there were no headers, the END line might occur +- // immediately, without a leading newline. +- if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) { +- endIndex = 0 +- endTrailerIndex = len(pemEnd) - 1 +- } else { +- endIndex = bytes.Index(rest, pemEnd) +- endTrailerIndex = endIndex + len(pemEnd) +- } +- +- if endIndex < 0 { +- return decodeError(data, rest) +- } +- +- // After the "-----" of the ending line, there should be the same type +- // and then a final five dashes. +- endTrailer := rest[endTrailerIndex:] +- endTrailerLen := len(typeLine) + len(pemEndOfLine) +- if len(endTrailer) < endTrailerLen { +- return decodeError(data, rest) +- } +- +- restOfEndLine := endTrailer[endTrailerLen:] +- endTrailer = endTrailer[:endTrailerLen] +- if !bytes.HasPrefix(endTrailer, typeLine) || +- !bytes.HasSuffix(endTrailer, pemEndOfLine) { +- return decodeError(data, rest) +- } +- +- // The line must end with only whitespace. +- if s, _ := getLine(restOfEndLine); len(s) != 0 { +- return decodeError(data, rest) +- } +- +- base64Data := removeSpacesAndTabs(rest[:endIndex]) +- p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data))) +- n, err := base64.StdEncoding.Decode(p.Bytes, base64Data) +- if err != nil { +- return decodeError(data, rest) +- } +- p.Bytes = p.Bytes[:n] +- +- // the -1 is because we might have only matched pemEnd without the +- // leading newline if the PEM block was empty. +- _, rest = getLine(rest[endIndex+len(pemEnd)-1:]) +- +- return +-} +- +-func decodeError(data, rest []byte) (*Block, []byte) { +- // If we get here then we have rejected a likely looking, but +- // ultimately invalid PEM block. We need to start over from a new +- // position. We have consumed the preamble line and will have consumed +- // any lines which could be header lines. However, a valid preamble +- // line is not a valid header line, therefore we cannot have consumed +- // the preamble line for the any subsequent block. Thus, we will always +- // find any valid block, no matter what bytes precede it. +- // +- // For example, if the input is +- // +- // -----BEGIN MALFORMED BLOCK----- +- // junk that may look like header lines +- // or data lines, but no END line +- // +- // -----BEGIN ACTUAL BLOCK----- +- // realdata +- // -----END ACTUAL BLOCK----- +- // +- // we've failed to parse using the first BEGIN line +- // and now will try again, using the second BEGIN line. +- p, rest := Decode(rest) +- if p == nil { +- rest = data +- } +- return p, rest + } + + const pemLineLength = 64 +diff --git a/src/encoding/pem/pem_test.go b/src/encoding/pem/pem_test.go +index b2b6b15..c94b5ca 100644 +--- a/src/encoding/pem/pem_test.go ++++ b/src/encoding/pem/pem_test.go +@@ -107,6 +107,12 @@ + dGVzdA== + -----ENDBAR-----` + ++const pemMissingEndLine = ` ++-----BEGIN FOO----- ++Header: 1` ++ ++var pemRepeatingBegin = strings.Repeat("-----BEGIN \n", 10) ++ + var badPEMTests = []struct { + name string + input string +@@ -131,14 +137,34 @@ + "missing ending space", + pemMissingEndingSpace, + }, ++ { ++ "repeating begin", ++ pemRepeatingBegin, ++ }, ++ { ++ "missing end line", ++ pemMissingEndLine, ++ }, + } + + func TestBadDecode(t *testing.T) { + for _, test := range badPEMTests { +- result, _ := Decode([]byte(test.input)) ++ result, rest := Decode([]byte(test.input)) + if result != nil { + t.Errorf("unexpected success while parsing %q", test.name) + } ++ if string(rest) != test.input { ++ t.Errorf("unexpected rest: %q; want = %q", rest, test.input) ++ } ++ } ++} ++ ++func TestCVE202224675(t *testing.T) { ++ // Prior to CVE-2022-24675, this input would cause a stack overflow. ++ input := []byte(strings.Repeat("-----BEGIN \n", 10000000)) ++ result, rest := Decode(input) ++ if result != nil || !reflect.DeepEqual(rest, input) { ++ t.Errorf("Encode of %#v decoded as %#v", input, rest) + } + } + diff --git a/0005-fix-CVE-2022-28327.patch b/0005-fix-CVE-2022-28327.patch new file mode 100644 index 0000000..b4e8a0d --- /dev/null +++ b/0005-fix-CVE-2022-28327.patch @@ -0,0 +1,320 @@ +From 28ffc15c56ac0edccb5b0147ff942127720ca083 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Wed, 8 Jun 2022 19:27:19 +0200 +Subject: [PATCH] Backport CVE-2022-28327 fix from go1.17 + +--- + src/crypto/elliptic/elliptic_test.go | 92 --------------- + src/crypto/elliptic/p256.go | 2 +- + src/crypto/elliptic/p256_test.go | 169 +++++++++++++++++++++++++++ + 3 files changed, 170 insertions(+), 93 deletions(-) + create mode 100644 src/crypto/elliptic/p256_test.go + +diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go +index bb16b0d163..516a321273 100644 +--- a/src/crypto/elliptic/elliptic_test.go ++++ b/src/crypto/elliptic/elliptic_test.go +@@ -301,29 +301,6 @@ var p224BaseMultTests = []baseMultTest{ + }, + } + +-type scalarMultTest struct { +- k string +- xIn, yIn string +- xOut, yOut string +-} +- +-var p256MultTests = []scalarMultTest{ +- { +- "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737", +- "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea", +- "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad", +- "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3", +- "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0", +- }, +- { +- "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd", +- "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06", +- "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031", +- "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991", +- "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684", +- }, +-} +- + func TestBaseMult(t *testing.T) { + p224 := P224() + for i, e := range p224BaseMultTests { +@@ -359,65 +336,6 @@ func TestGenericBaseMult(t *testing.T) { + } + } + +-func TestP256BaseMult(t *testing.T) { +- p256 := P256() +- p256Generic := p256.Params() +- +- scalars := make([]*big.Int, 0, len(p224BaseMultTests)+1) +- for _, e := range p224BaseMultTests { +- k, _ := new(big.Int).SetString(e.k, 10) +- scalars = append(scalars, k) +- } +- k := new(big.Int).SetInt64(1) +- k.Lsh(k, 500) +- scalars = append(scalars, k) +- +- for i, k := range scalars { +- x, y := p256.ScalarBaseMult(k.Bytes()) +- x2, y2 := p256Generic.ScalarBaseMult(k.Bytes()) +- if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 { +- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2) +- } +- +- if testing.Short() && i > 5 { +- break +- } +- } +-} +- +-func TestP256Mult(t *testing.T) { +- p256 := P256() +- p256Generic := p256.Params() +- +- for i, e := range p224BaseMultTests { +- x, _ := new(big.Int).SetString(e.x, 16) +- y, _ := new(big.Int).SetString(e.y, 16) +- k, _ := new(big.Int).SetString(e.k, 10) +- +- xx, yy := p256.ScalarMult(x, y, k.Bytes()) +- xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes()) +- if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 { +- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2) +- } +- if testing.Short() && i > 5 { +- break +- } +- } +- +- for i, e := range p256MultTests { +- x, _ := new(big.Int).SetString(e.xIn, 16) +- y, _ := new(big.Int).SetString(e.yIn, 16) +- k, _ := new(big.Int).SetString(e.k, 16) +- expectedX, _ := new(big.Int).SetString(e.xOut, 16) +- expectedY, _ := new(big.Int).SetString(e.yOut, 16) +- +- xx, yy := p256.ScalarMult(x, y, k.Bytes()) +- if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 { +- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY) +- } +- } +-} +- + func testInfinity(t *testing.T, curve Curve) { + _, x, y, _ := GenerateKey(curve, rand.Reader) + x, y = curve.ScalarMult(x, y, curve.Params().N.Bytes()) +@@ -477,16 +395,6 @@ func TestInfinity(t *testing.T) { + } + } + +-type synthCombinedMult struct { +- Curve +-} +- +-func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) { +- x1, y1 := s.ScalarBaseMult(baseScalar) +- x2, y2 := s.ScalarMult(bigX, bigY, scalar) +- return s.Add(x1, y1, x2, y2) +-} +- + func TestCombinedMult(t *testing.T) { + type combinedMult interface { + Curve +diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go +index c23e414156..787e3e7444 100644 +--- a/src/crypto/elliptic/p256.go ++++ b/src/crypto/elliptic/p256.go +@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) { + n := new(big.Int).SetBytes(in) + var scalarBytes []byte + +- if n.Cmp(p256Params.N) >= 0 { ++ if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) { + n.Mod(n, p256Params.N) + scalarBytes = n.Bytes() + } else { +diff --git a/src/crypto/elliptic/p256_test.go b/src/crypto/elliptic/p256_test.go +new file mode 100644 +index 0000000000..694186df81 +--- /dev/null ++++ b/src/crypto/elliptic/p256_test.go +@@ -0,0 +1,169 @@ ++// Copyright 2021 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package elliptic ++ ++import ( ++ "math/big" ++ "testing" ++) ++ ++type scalarMultTest struct { ++ k string ++ xIn, yIn string ++ xOut, yOut string ++} ++ ++var p256MultTests = []scalarMultTest{ ++ { ++ "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737", ++ "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea", ++ "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad", ++ "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3", ++ "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0", ++ }, ++ { ++ "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd", ++ "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06", ++ "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031", ++ "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991", ++ "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684", ++ }, ++} ++ ++func TestP256BaseMult(t *testing.T) { ++ p256 := P256() ++ p256Generic := p256.Params() ++ ++ scalars := make([]*big.Int, 0, len(p224BaseMultTests)+1) ++ for _, e := range p224BaseMultTests { ++ k, _ := new(big.Int).SetString(e.k, 10) ++ scalars = append(scalars, k) ++ } ++ k := new(big.Int).SetInt64(1) ++ k.Lsh(k, 500) ++ scalars = append(scalars, k) ++ ++ for i, k := range scalars { ++ x, y := p256.ScalarBaseMult(k.Bytes()) ++ x2, y2 := p256Generic.ScalarBaseMult(k.Bytes()) ++ if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 { ++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2) ++ } ++ ++ if testing.Short() && i > 5 { ++ break ++ } ++ } ++} ++ ++func TestP256Mult(t *testing.T) { ++ p256 := P256() ++ p256Generic := p256.Params() ++ ++ for i, e := range p224BaseMultTests { ++ x, _ := new(big.Int).SetString(e.x, 16) ++ y, _ := new(big.Int).SetString(e.y, 16) ++ k, _ := new(big.Int).SetString(e.k, 10) ++ ++ xx, yy := p256.ScalarMult(x, y, k.Bytes()) ++ xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes()) ++ if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 { ++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2) ++ } ++ if testing.Short() && i > 5 { ++ break ++ } ++ } ++ ++ for i, e := range p256MultTests { ++ x, _ := new(big.Int).SetString(e.xIn, 16) ++ y, _ := new(big.Int).SetString(e.yIn, 16) ++ k, _ := new(big.Int).SetString(e.k, 16) ++ expectedX, _ := new(big.Int).SetString(e.xOut, 16) ++ expectedY, _ := new(big.Int).SetString(e.yOut, 16) ++ ++ xx, yy := p256.ScalarMult(x, y, k.Bytes()) ++ if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 { ++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY) ++ } ++ } ++} ++ ++type synthCombinedMult struct { ++ Curve ++} ++ ++func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) { ++ x1, y1 := s.ScalarBaseMult(baseScalar) ++ x2, y2 := s.ScalarMult(bigX, bigY, scalar) ++ return s.Add(x1, y1, x2, y2) ++} ++ ++func TestP256CombinedMult(t *testing.T) { ++ type combinedMult interface { ++ Curve ++ CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) ++ } ++ ++ p256, ok := P256().(combinedMult) ++ if !ok { ++ p256 = &synthCombinedMult{P256()} ++ } ++ ++ gx := p256.Params().Gx ++ gy := p256.Params().Gy ++ ++ zero := make([]byte, 32) ++ one := make([]byte, 32) ++ one[31] = 1 ++ two := make([]byte, 32) ++ two[31] = 2 ++ ++ // 0×G + 0×G = ∞ ++ x, y := p256.CombinedMult(gx, gy, zero, zero) ++ if x.Sign() != 0 || y.Sign() != 0 { ++ t.Errorf("0×G + 0×G = (%d, %d), should be ∞", x, y) ++ } ++ ++ // 1×G + 0×G = G ++ x, y = p256.CombinedMult(gx, gy, one, zero) ++ if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 { ++ t.Errorf("1×G + 0×G = (%d, %d), should be (%d, %d)", x, y, gx, gy) ++ } ++ ++ // 0×G + 1×G = G ++ x, y = p256.CombinedMult(gx, gy, zero, one) ++ if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 { ++ t.Errorf("0×G + 1×G = (%d, %d), should be (%d, %d)", x, y, gx, gy) ++ } ++ ++ // 1×G + 1×G = 2×G ++ x, y = p256.CombinedMult(gx, gy, one, one) ++ ggx, ggy := p256.ScalarBaseMult(two) ++ if x.Cmp(ggx) != 0 || y.Cmp(ggy) != 0 { ++ t.Errorf("1×G + 1×G = (%d, %d), should be (%d, %d)", x, y, ggx, ggy) ++ } ++ ++ minusOne := new(big.Int).Sub(p256.Params().N, big.NewInt(1)) ++ // 1×G + (-1)×G = ∞ ++ x, y = p256.CombinedMult(gx, gy, one, minusOne.Bytes()) ++ if x.Sign() != 0 || y.Sign() != 0 { ++ t.Errorf("1×G + (-1)×G = (%d, %d), should be ∞", x, y) ++ } ++} ++ ++func TestIssue52075(t *testing.T) { ++ Gx, Gy := P256().Params().Gx, P256().Params().Gy ++ scalar := make([]byte, 33) ++ scalar[32] = 1 ++ x, y := P256().ScalarBaseMult(scalar) ++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { ++ t.Errorf("unexpected output (%v,%v)", x, y) ++ } ++ x, y = P256().ScalarMult(Gx, Gy, scalar) ++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { ++ t.Errorf("unexpected output (%v,%v)", x, y) ++ } ++} +-- +2.35.3 + diff --git a/golang.spec b/golang.spec index 4f8fd3e..6dc536e 100644 --- a/golang.spec +++ b/golang.spec @@ -1,7 +1,7 @@ %bcond_with bootstrap # temporalily ignore test failures # due to https://github.com/golang/go/issues/39466 -%ifarch aarch64 +%ifarch aarch64 %{arm} %bcond_without ignore_tests %else %bcond_with ignore_tests @@ -59,13 +59,6 @@ %global golang_bootstrap 1 %endif -# Controls what ever we fail on failed tests -%if %{with ignore_tests} -%global fail_on_tests 0 -%else -%global fail_on_tests 1 -%endif - # Build golang shared objects for stdlib %ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 %global shared 1 @@ -109,7 +102,7 @@ %global go_version %{go_api}.15 # For rpmdev-bumpspec and releng automation -%global baserelease 1 +%global baserelease 2 Name: golang Version: %{go_version} @@ -159,6 +152,18 @@ Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch +# The issue: https://github.com/golang/go/issues/51853 +# Fixed in: go1.19 +# Backported by upstream to go1.18.1 and Go1.17.9 +# Patch: https://go-review.googlesource.com/c/go/+/399816/ +Patch4: 0004-fix-CVE-2022-24675.patch + +# The issue: https://github.com/golang/go/issues/52075 +# Fixed in: go1.19 +# Backported by upstream to go1.18 +# Patch: https://go-review.googlesource.com/c/go/+/397135/ +Patch5: 0005-fix-CVE-2022-28327.patch + # Having documentation separate was broken Obsoletes: %{name}-docs < 1.1-4 @@ -459,11 +464,7 @@ export CGO_ENABLED=0 # make sure to not timeout export GO_TEST_TIMEOUT_SCALE=2 -%if %{fail_on_tests} -./run.bash --no-rebuild -v -v -v -k -%else -./run.bash --no-rebuild -v -v -v -k || : -%endif +./run.bash --no-rebuild -v -v -v -k %{?with_ignore_tests: || :} cd .. @@ -529,6 +530,14 @@ fi %endif %changelog +* Wed Jun 08 2022 Alejandro Sáez - 1.16.15-2 +- Backport of patches. +- Skip tests for arm +- Adds 0004-fix-CVE-2022-24675.patch +- Resolves: rhbz#2080125 +- Adds 0005-fix-CVE-2022-28327.patch +- Resolves: rhbz#2079826 + * Thu Mar 10 2022 Alejandro Sáez - 1.16.15-1 - Update to go1.16.15