Merge branch 'master' into f22

2015-12-14 14:19:08 +01:00 · 2015-12-14 14:19:08 +01:00 · d0dd1c0984
commit d0dd1c0984
parent 8046fe0d0c 85525165e1
2 changed files with 65 additions and 1 deletions
--- a/bz1290543.patch
+++ b/bz1290543.patch
@ -0,0 +1,55 @@
 From a0ea93dea5f5741addc8c96b7ed037d0e359e33f Mon Sep 17 00:00:00 2001
 From: Adam Langley <agl@golang.org>
 Date: Fri, 27 Nov 2015 13:50:36 -0800
 Subject: [PATCH] crypto/x509: permit serial numbers to be negative.
 Some software that produces certificates doesn't encode integers
 correctly and, about half the time, ends up producing certificates with
 serial numbers that are actually negative.
 This buggy software, sadly, appears to be common enough that we should
 let these errors pass. This change allows a Certificate.SerialNumber to
 be negative.
 Fixes #8265.
 Change-Id: Ief35dae23988fb6d5e2873e3c521366fb03c6af4
 Reviewed-on: https://go-review.googlesource.com/17247
 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
 ---
 src/crypto/x509/x509.go      | 4 ----
 src/crypto/x509/x509_test.go | 6 +++++-
 2 files changed, 5 insertions(+), 5 deletions(-)
 diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
 index bbc63241..126432d 100644
 --- a/src/crypto/x509/x509.go
 +++ b/src/crypto/x509/x509.go
@@ -909,10 +909,6 @@ func parseCertificate(in *certificate) (*Certificate, error) {
 		return nil, err
 	}
 -	if in.TBSCertificate.SerialNumber.Sign() < 0 {
 -		return nil, errors.New("x509: negative serial number")
 -	}
 -
 	out.Version = in.TBSCertificate.Version + 1
 	out.SerialNumber = in.TBSCertificate.SerialNumber
 diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
 index 61b1773..2c01ec7 100644
 --- a/src/crypto/x509/x509_test.go
 +++ b/src/crypto/x509/x509_test.go
@@ -343,7 +343,11 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
 	for _, test := range tests {
 		commonName := "test.example.com"
 		template := Certificate{
 -			SerialNumber: big.NewInt(1),
 +			// SerialNumber is negative to ensure that negative
 +			// values are parsed. This is due to the prevalence of
 +			// buggy code that produces certificates with negative
 +			// serial numbers.
 +			SerialNumber: big.NewInt(-1),
 			Subject: pkix.Name{
 				CommonName:   commonName,
 				Organization: []string{"Σ Acme Co"},
--- a/golang.spec
+++ b/golang.spec
@ -89,7 +89,7 @@
 Name:           golang
 Version:        1.5.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -122,6 +122,10 @@ Patch0:         golang-1.2-verbose-build.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1038683
 Patch1:         golang-1.2-remove-ECC-p224.patch
 # Accept x509 certs with negative serial
 # https://bugzilla.redhat.com/show_bug.cgi?id=1290543
 # https://github.com/golang/go/issues/8265
 Patch2:         bz1290543.patch
 # use the arch dependent path in the bootstrap
 Patch212:       golang-1.5-bootstrap-binary-path.patch
@ -256,6 +260,8 @@ Summary:        Golang shared object libraries
 # remove the P224 curve
 %patch1 -p1
 %patch2 -p1
 # use the arch dependent path in the bootstrap
 %patch212 -p1
@ -472,6 +478,9 @@ fi
 %endif
 %changelog
 * Fri Dec 11 2015 Jakub Čajka <jcajka@redhat.com> - 1.5.2-2
 - bz1290543 Accept x509 certs with negative serial
 * Tue Dec 08 2015 Jakub Čajka <jcajka@redhat.com> - 1.5.2-1
 - bz1288263 rebase to 1.5.2
 - spec file clean up