rebase to 1.7rc2

added s390x build improved shared lib packaging Resolves: bz1357602 - CVE-2016-5386 Resolves: bz1342090, bz1342090
2016-07-19 14:15:19 +02:00 · 2016-07-19 14:15:19 +02:00 · d36359a723
parent 04b972ebf4
commit d36359a723
6 changed files with 101 additions and 64 deletions
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,4 @@
 /go1.6.src.tar.gz
 /go1.6.1.src.tar.gz
 /go1.6.2.src.tar.gz
+/go1.7rc2.src.tar.gz
--- a/go1.5beta1-disable-TestGdbPython.patch
+++ b/go1.5beta1-disable-TestGdbPython.patch
@ -1,13 +1,12 @@
-diff --git a/src/runtime/runtime-gdb_test.go b/src/runtime/runtime-gdb_test.go
-index f4014b2..2c09441 100644
--- a/src/runtime/runtime-gdb_test.go
-+++ b/src/runtime/runtime-gdb_test.go
-@@ -38,7 +38,7 @@ func main() {
+diff -up go/src/runtime/runtime-gdb_test.go.gdb go/src/runtime/runtime-gdb_test.go
+--- go/src/runtime/runtime-gdb_test.go.gdb	2016-04-28 10:31:13.005689813 +0200
+++ go/src/runtime/runtime-gdb_test.go	2016-04-28 10:32:12.202935125 +0200
+@@ -72,7 +72,7 @@ func main() {
 }
 `
 
 -func TestGdbPython(t *testing.T) {
 +func testGdbPython(t *testing.T) {
- 	if runtime.GOOS == "darwin" {
- 		t.Skip("gdb does not work on darwin")
- 	}
+ 	checkGdbEnvironment(t)
+ 	checkGdbVersion(t)
+ 	checkGdbPython(t)
--- a/golang-1.2-remove-ECC-p224.patch
+++ b/golang-1.2-remove-ECC-p224.patch
@ -1,9 +1,3 @@
-commit f8eb1e50541c8a9e55545d7470dbeab96073a632
-Author: Vincent Batts <vbatts@hashbangbash.com>
-Date:   Thu Jul 16 11:38:45 2015 -0400
-
-    p224
-
 diff --git a/api/go1.txt b/api/go1.txt
 index 5e3dea5..1a1ee83 100644
 --- a/api/go1.txt
@ -17,7 +11,7 @@ index 5e3dea5..1a1ee83 100644
 pkg crypto/elliptic, func P384() Curve
 pkg crypto/elliptic, func P521() Curve
 diff --git a/src/crypto/ecdsa/ecdsa_test.go b/src/crypto/ecdsa/ecdsa_test.go
-index 169944d..c653464 100644
+index fc25fd7..356e617 100644
 --- a/src/crypto/ecdsa/ecdsa_test.go
 +++ b/src/crypto/ecdsa/ecdsa_test.go
@@ -33,11 +33,10 @@ func testKeyGeneration(t *testing.T, c elliptic.Curve, tag string) {
@ -33,7 +27,7 @@ index 169944d..c653464 100644
 	testKeyGeneration(t, elliptic.P384(), "p384")
 	testKeyGeneration(t, elliptic.P521(), "p521")
 }
-@@ -63,11 +62,10 @@ func testSignAndVerify(t *testing.T, c elliptic.Curve, tag string) {
+@@ -98,11 +97,10 @@ func testSignAndVerify(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestSignAndVerify(t *testing.T) {
@ -46,7 +40,7 @@ index 169944d..c653464 100644
 	testSignAndVerify(t, elliptic.P384(), "p384")
 	testSignAndVerify(t, elliptic.P521(), "p521")
 }
-@@ -100,11 +98,10 @@ func testNonceSafety(t *testing.T, c elliptic.Curve, tag string) {
+@@ -135,11 +133,10 @@ func testNonceSafety(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestNonceSafety(t *testing.T) {
@ -59,7 +53,7 @@ index 169944d..c653464 100644
 	testNonceSafety(t, elliptic.P384(), "p384")
 	testNonceSafety(t, elliptic.P521(), "p521")
 }
-@@ -135,11 +132,10 @@ func testINDCCA(t *testing.T, c elliptic.Curve, tag string) {
+@@ -170,11 +167,10 @@ func testINDCCA(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestINDCCA(t *testing.T) {
@ -72,7 +66,7 @@ index 169944d..c653464 100644
 	testINDCCA(t, elliptic.P384(), "p384")
 	testINDCCA(t, elliptic.P521(), "p521")
 }
-@@ -201,8 +197,6 @@ func TestVectors(t *testing.T) {
+@@ -236,8 +232,6 @@ func TestVectors(t *testing.T) {
 			parts := strings.SplitN(line, ",", 2)
 
 			switch parts[0] {
@ -81,6 +75,14 @@ index 169944d..c653464 100644
 			case "P-256":
 				pub.Curve = elliptic.P256()
 			case "P-384":
+@@ -314,7 +308,6 @@ func testNegativeInputs(t *testing.T, curve elliptic.Curve, tag string) {
+ }
+ 
+ func TestNegativeInputs(t *testing.T) {
+-	testNegativeInputs(t, elliptic.P224(), "p224")
+ 	testNegativeInputs(t, elliptic.P256(), "p256")
+ 	testNegativeInputs(t, elliptic.P384(), "p384")
+ 	testNegativeInputs(t, elliptic.P521(), "p521")
 diff --git a/src/crypto/elliptic/bottombits.go b/src/crypto/elliptic/bottombits.go
 new file mode 100644
 index 0000000..4544722
@ -92,10 +94,10 @@ index 0000000..4544722
 +const bottom28Bits = 0xfffffff
 +const two31m3 = 1<<31 - 1<<3
 diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
-index f3b84e1..ca0b7cf 100644
+index c02df45..f713ad7 100644
 --- a/src/crypto/elliptic/elliptic.go
 +++ b/src/crypto/elliptic/elliptic.go
-@@ -331,7 +331,6 @@ var p384 *CurveParams
+@@ -338,7 +338,6 @@ var p384 *CurveParams
 var p521 *CurveParams
 
 func initAll() {
@ -104,7 +106,7 @@ index f3b84e1..ca0b7cf 100644
 	initP384()
 	initP521()
 diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
-index 7e27913..e0034fc 100644
+index 7f3f1a2..833668e 100644
 --- a/src/crypto/elliptic/elliptic_test.go
 +++ b/src/crypto/elliptic/elliptic_test.go
@@ -6,27 +6,25 @@ package elliptic
@ -240,7 +242,7 @@ index 7e27913..e0034fc 100644
 	k, _ := new(big.Int).SetString(e.k, 10)
 	b.StartTimer()
 	for i := 0; i < b.N; i++ {
-@@ -442,14 +393,14 @@ func BenchmarkBaseMultP256(b *testing.B) {
+@@ -454,14 +405,14 @@ func BenchmarkScalarMultP256(b *testing.B) {
 }
 
 func TestMarshal(t *testing.T) {
@ -259,7 +261,7 @@ index 7e27913..e0034fc 100644
 	if xx == nil {
 		t.Error("failed to unmarshal")
 		return
-@@ -459,13 +410,3 @@ func TestMarshal(t *testing.T) {
+@@ -471,13 +422,3 @@ func TestMarshal(t *testing.T) {
 		return
 	}
 }
@ -275,11 +277,11 @@ index 7e27913..e0034fc 100644
 -}
 diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
 deleted file mode 100644
-index 2d3fac7..0000000
+index de266ca..0000000
 --- a/src/crypto/elliptic/p224.go
 +++ /dev/null
@@ -1,765 +0,0 @@
-// Copyright 2012 The Go Authors.  All rights reserved.
+-// Copyright 2012 The Go Authors. All rights reserved.
 -// Use of this source code is governed by a BSD-style
 -// license that can be found in the LICENSE file.
 -
@ -1046,11 +1048,11 @@ index 2d3fac7..0000000
 -}
 diff --git a/src/crypto/elliptic/p224_test.go b/src/crypto/elliptic/p224_test.go
 deleted file mode 100644
-index 4b26d16..0000000
+index 8b4fa04..0000000
 --- a/src/crypto/elliptic/p224_test.go
 +++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2012 The Go Authors.  All rights reserved.
+-// Copyright 2012 The Go Authors. All rights reserved.
 -// Use of this source code is governed by a BSD-style
 -// license that can be found in the LICENSE file.
 -
@ -1120,10 +1122,10 @@ index 83f9916..dea8589 100644
 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	case "P384":
 diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
-index be6c013..428053a 100644
+index 9e6d67d..580831e 100644
 --- a/src/crypto/x509/x509.go
 +++ b/src/crypto/x509/x509.go
-@@ -308,9 +308,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
+@@ -340,9 +340,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
 
 // RFC 5480, 2.1.1.1. Named Curve
 //
@ -1133,7 +1135,7 @@ index be6c013..428053a 100644
 // secp256r1 OBJECT IDENTIFIER ::= {
 //   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
 //   prime(1) 7 }
-@@ -323,7 +320,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
+@@ -355,7 +352,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
 //
 // NB: secp256r1 is equivalent to prime256v1
 var (
@ -1141,7 +1143,7 @@ index be6c013..428053a 100644
 	oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
 	oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
 	oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
-@@ -331,8 +327,6 @@ var (
+@@ -363,8 +359,6 @@ var (
 
 func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
 	switch {
@ -1150,7 +1152,7 @@ index be6c013..428053a 100644
 	case oid.Equal(oidNamedCurveP256):
 		return elliptic.P256()
 	case oid.Equal(oidNamedCurveP384):
-@@ -345,8 +339,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
+@@ -377,8 +371,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
 
 func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) {
 	switch curve {
@ -1159,7 +1161,7 @@ index be6c013..428053a 100644
 	case elliptic.P256():
 		return oidNamedCurveP256, true
 	case elliptic.P384():
-@@ -1466,7 +1458,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgori
+@@ -1508,7 +1500,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgori
 		pubType = ECDSA
 
 		switch pub.Curve {
--- a/golang-1.5-bootstrap-binary-path.patch
+++ b/golang-1.5-bootstrap-binary-path.patch
@ -1,16 +1,16 @@
 diff -up go/src/cmd/dist/buildtool.go.bootstrap go/src/cmd/dist/buildtool.go
--- go/src/cmd/dist/buildtool.go.bootstrap	2015-11-12 06:19:58.000000000 +0100
-+++ go/src/cmd/dist/buildtool.go	2015-11-13 09:54:58.796721027 +0100
-@@ -106,12 +106,20 @@ func bootstrapBuildTools() {
+--- go/src/cmd/dist/buildtool.go.bootstrap	2016-06-06 14:26:37.638374670 +0200
+++ go/src/cmd/dist/buildtool.go	2016-06-06 14:30:33.873262307 +0200
+@@ -111,15 +111,23 @@ func bootstrapBuildTools() {
+ 	defer os.Setenv("GOBIN", os.Getenv("GOBIN"))
 	os.Setenv("GOBIN", "")
 
- 	os.Setenv("GOOS", "")
-	os.Setenv("GOHOSTOS", "")
- 	os.Setenv("GOARCH", "")
-+
 +	hostos := os.Getenv("GOHOSTOS")
 +	hostarch := os.Getenv("GOHOSTARCH")
-+	os.Setenv("GOHOSTOS", "")
+
+ 	os.Setenv("GOOS", "")
+ 	os.Setenv("GOHOSTOS", "")
+ 	os.Setenv("GOARCH", "")
 	os.Setenv("GOHOSTARCH", "")
 
 +	bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch)
@ -18,16 +18,18 @@ diff -up go/src/cmd/dist/buildtool.go.bootstrap go/src/cmd/dist/buildtool.go
 +		bingopath = pathf("%s/bin/go", goroot_bootstrap)
 +	}
 +
- 	// Run Go 1.4 to build binaries.
-	run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-v", "bootstrap/...")
-+	run(workspace, ShowOutput|CheckExit, bingopath, "install", "-v", "bootstrap/...")
+ 	// Run Go 1.4 to build binaries. Use -gcflags=-l to disable inlining to
+ 	// workaround bugs in Go 1.4's compiler. See discussion thread:
+ 	// https://groups.google.com/d/msg/golang-dev/Ss7mCKsvk8w/Gsq7VYI0AwAJ
+-	run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-gcflags=-l", "-v", "bootstrap/...")
+	run(workspace, ShowOutput|CheckExit, bingopath, "install", "-gcflags=-l", "-v", "bootstrap/...")
 
 	// Copy binaries into tool binary directory.
 	for _, name := range bootstrapDirs {
 diff -up go/src/make.bash.bootstrap go/src/make.bash
--- go/src/make.bash.bootstrap	2015-11-13 09:54:58.797721031 +0100
-+++ go/src/make.bash	2015-11-13 10:11:11.633552619 +0100
-@@ -113,8 +113,15 @@ echo '##### Building Go bootstrap tool.'
+--- go/src/make.bash.bootstrap	2016-06-06 14:26:37.628374633 +0200
+++ go/src/make.bash	2016-06-06 14:26:37.638374670 +0200
+@@ -118,8 +118,15 @@ echo '##### Building Go bootstrap tool.'
 echo cmd/dist
 export GOROOT="$(cd .. && pwd)"
 GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4}
@ -45,3 +47,12 @@ diff -up go/src/make.bash.bootstrap go/src/make.bash
 	echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
 	exit 1
 fi
+@@ -128,8 +135,6 @@ if [ "$GOROOT_BOOTSTRAP" == "$GOROOT" ];
+ 	echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
+ 	exit 1
+ fi
+-rm -f cmd/dist/dist
+-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
+ 
+ # -e doesn't propagate out of eval, so check success by hand.
+ eval $(./cmd/dist/dist env -p || echo FAIL=true)
--- a/golang.spec
+++ b/golang.spec
@ -22,17 +22,19 @@
 %global __spec_install_post /usr/lib/rpm/check-rpaths   /usr/lib/rpm/check-buildroot  \
  /usr/lib/rpm/brp-compress

+%global golibdir %{_libdir}/golang
+
 # Golang build options.

 # Build golang using external/internal(close to cgo disabled) linking.
-%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
+%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
 %global external_linker 1
 %else
 %global external_linker 0
 %endif

 # Build golang with cgo enabled/disabled(later equals more or less to internal linking).
-%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
+%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
 %global cgo_enabled 1
 %else
 %global cgo_enabled 0
@ -46,7 +48,7 @@
 %endif

 # Controls what ever we fail on failed tests
-%ifarch %{golang_arches}
+%ifarch %{ix86} x86_64 %{arm} aarch64 %{power64}
 %global fail_on_tests 1
 %else
 %global fail_on_tests 0
@ -80,13 +82,16 @@
 %ifarch ppc64le
 %global gohostarch  ppc64le
 %endif
+%ifarch s390x
+%global gohostarch  s390x
+%endif

-%global go_api 1.6
-%global go_version 1.6.2
+%global go_api 1.7
+%global go_version 1.7rc2

 Name:           golang
-Version:        1.6.2
-Release:        1%{?dist}
+Version:        1.7
+Release:        0.0.rc2%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -105,7 +110,7 @@ BuildRequires:  hostname
 BuildRequires:  net-tools
 %endif
 # for tests
-BuildRequires:  pcre-devel, glibc-static
+BuildRequires:  pcre-devel, glibc-static, perl

 Provides:       go = %{version}-%{release}
 Requires:       %{name}-bin = %{version}-%{release}
@ -139,7 +144,7 @@ Obsoletes:      %{name}-vim < 1.4
 Obsoletes:      emacs-%{name} < 1.4

 # These are the only RHEL/Fedora architectures that we compile this package for
-ExclusiveArch:  %{golang_arches}
+ExclusiveArch:  %{golang_arches} s390x

 Source100:      golang-gdbinit

@ -237,16 +242,16 @@ Summary:        Golang shared object libraries
 %setup -q -n go

 # increase verbosity of build
-%patch0 -p1
+%patch0 -p1 -b .verbose

 # remove the P224 curve
-%patch1 -p1
+%patch1 -p1 -b .curve

 # use the arch dependent path in the bootstrap
-%patch212 -p1
+%patch212 -p1 -b .bootstrap

 # disable TestGdbPython
-%patch213 -p1
+%patch213 -p1 -b .gdb

 %patch215 -p1

@ -332,8 +337,20 @@ pushd $RPM_BUILD_ROOT%{goroot}
    find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list

 %if %{shared}
-    find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
-    find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
+    mkdir -p %{buildroot}/%{_libdir}/
+    mkdir -p %{buildroot}/%{golibdir}/
+    for file in $(find .  -iname "*.so" ); do
+        chmod 755 $file
+        mv  $file %{buildroot}/%{golibdir}
+        pushd $(dirname $file)
+        ln -fs %{golibdir}/$(basename $file) $(basename $file)
+        popd
+        echo "%%{goroot}/$file" >> $shared_list
+        echo "%%{golibdir}/$(basename $file)" >> $shared_list
+    done
+    
+	find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
+	find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
 %endif

    find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
@ -454,6 +471,13 @@ fi
 %endif

 %changelog
+* Tue Jul 19 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.0.rc2
+- rebase to 1.7rc2
+- added s390x build
+- improved shared lib packaging
+- Resolves: bz1357602 - CVE-2016-5386
+- Resolves: bz1342090, bz1342090
+
 * Tue Apr 26 2016 Jakub Čajka <jcajka@redhat.com> - 1.6.2-1
 - rebase to 1.6.2
 - Resolves: bz1329206 - golang-1.6.2.src is available
--- a/2
+++ b/2
@ -1 +1 @@
-d1b50fa98d9a71eeee829051411e6207  go1.6.2.src.tar.gz
+c5cd29076e50111d299c2411ded5b427  go1.7rc2.src.tar.gz