Resolves bz1292640, rebase to pre-release 1.6

bootstrap for PowerPC
fix rpmlint errors/warning
This commit is contained in:
Jakub Čajka 2016-01-28 13:19:10 +01:00
parent 672b8a1217
commit d40cd88359
8 changed files with 55 additions and 463 deletions

1
.gitignore vendored
View File

@ -27,3 +27,4 @@
/go1.5.2.src.tar.gz
/Mark.Twain-Tom.Sawyer.txt.bz2
/go1.5.3.src.tar.gz
/go1.6rc1.src.tar.gz

View File

@ -1,55 +0,0 @@
From a0ea93dea5f5741addc8c96b7ed037d0e359e33f Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Fri, 27 Nov 2015 13:50:36 -0800
Subject: [PATCH] crypto/x509: permit serial numbers to be negative.
Some software that produces certificates doesn't encode integers
correctly and, about half the time, ends up producing certificates with
serial numbers that are actually negative.
This buggy software, sadly, appears to be common enough that we should
let these errors pass. This change allows a Certificate.SerialNumber to
be negative.
Fixes #8265.
Change-Id: Ief35dae23988fb6d5e2873e3c521366fb03c6af4
Reviewed-on: https://go-review.googlesource.com/17247
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
src/crypto/x509/x509.go | 4 ----
src/crypto/x509/x509_test.go | 6 +++++-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index bbc63241..126432d 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -909,10 +909,6 @@ func parseCertificate(in *certificate) (*Certificate, error) {
return nil, err
}
- if in.TBSCertificate.SerialNumber.Sign() < 0 {
- return nil, errors.New("x509: negative serial number")
- }
-
out.Version = in.TBSCertificate.Version + 1
out.SerialNumber = in.TBSCertificate.SerialNumber
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index 61b1773..2c01ec7 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -343,7 +343,11 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
for _, test := range tests {
commonName := "test.example.com"
template := Certificate{
- SerialNumber: big.NewInt(1),
+ // SerialNumber is negative to ensure that negative
+ // values are parsed. This is due to the prevalence of
+ // buggy code that produces certificates with negative
+ // serial numbers.
+ SerialNumber: big.NewInt(-1),
Subject: pkix.Name{
CommonName: commonName,
Organization: []string{"Σ Acme Co"},

View File

@ -1,13 +0,0 @@
diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index 60d2734..b16540f 100644
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@@ -89,7 +89,7 @@ func kernelVersion(t *testing.T) (int, int) {
return major, minor
}
-func TestCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
+func testCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
if os.Getuid() == 0 {
t.Skip("skipping unprivileged user only test")
}

View File

@ -1,8 +1,7 @@
diff --git a/src/cmd/dist/buildtool.go b/src/cmd/dist/buildtool.go
index be54ac4..6744fbdc 100644
--- a/src/cmd/dist/buildtool.go
+++ b/src/cmd/dist/buildtool.go
@@ -108,12 +108,20 @@ func bootstrapBuildTools() {
diff -up go/src/cmd/dist/buildtool.go.bootstrap go/src/cmd/dist/buildtool.go
--- go/src/cmd/dist/buildtool.go.bootstrap 2015-11-12 06:19:58.000000000 +0100
+++ go/src/cmd/dist/buildtool.go 2015-11-13 09:54:58.796721027 +0100
@@ -106,12 +106,20 @@ func bootstrapBuildTools() {
os.Setenv("GOBIN", "")
os.Setenv("GOOS", "")
@ -25,11 +24,10 @@ index be54ac4..6744fbdc 100644
// Copy binaries into tool binary directory.
for _, name := range bootstrapDirs {
diff --git a/src/make.bash b/src/make.bash
index f17648a..77f463c 100755
--- a/src/make.bash
+++ b/src/make.bash
@@ -113,12 +113,17 @@ echo '##### Building Go bootstrap tool.'
diff -up go/src/make.bash.bootstrap go/src/make.bash
--- go/src/make.bash.bootstrap 2015-11-13 09:54:58.797721031 +0100
+++ go/src/make.bash 2015-11-13 10:11:11.633552619 +0100
@@ -113,8 +113,15 @@ echo '##### Building Go bootstrap tool.'
echo cmd/dist
export GOROOT="$(cd .. && pwd)"
GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4}
@ -45,9 +43,5 @@ index f17648a..77f463c 100755
+ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
+ echo "ERROR: or $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
exit 1
fi
-rm -f cmd/dist/dist
-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
# -e doesn't propagate out of eval, so check success by hand.
eval $(./cmd/dist/dist env -p || echo FAIL=true)

View File

@ -1,309 +0,0 @@
commit a3156aaa121446c4136927f8c2139fefe05ba82c
Author: Brad Fitzpatrick <bradfitz@golang.org>
Date: Tue Sep 29 14:26:48 2015 -0700
net/http/httptest: change Server to use http.Server.ConnState for accounting
With this CL, httptest.Server now uses connection-level accounting of
outstanding requests instead of ServeHTTP-level accounting. This is
more robust and results in a non-racy shutdown.
This is much easier now that net/http.Server has the ConnState hook.
Fixes #12789
Fixes #12781
Change-Id: I098cf334a6494316acb66cd07df90766df41764b
Reviewed-on: https://go-review.googlesource.com/15151
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
diff --git a/src/net/http/httptest/server.go b/src/net/http/httptest/server.go
index 96eb0ef..e4f680f 100644
--- a/src/net/http/httptest/server.go
+++ b/src/net/http/httptest/server.go
@@ -7,13 +7,17 @@
package httptest
import (
+ "bytes"
"crypto/tls"
"flag"
"fmt"
+ "log"
"net"
"net/http"
"os"
+ "runtime"
"sync"
+ "time"
)
// A Server is an HTTP server listening on a system-chosen port on the
@@ -34,24 +38,10 @@ type Server struct {
// wg counts the number of outstanding HTTP requests on this server.
// Close blocks until all requests are finished.
wg sync.WaitGroup
-}
-
-// historyListener keeps track of all connections that it's ever
-// accepted.
-type historyListener struct {
- net.Listener
- sync.Mutex // protects history
- history []net.Conn
-}
-func (hs *historyListener) Accept() (c net.Conn, err error) {
- c, err = hs.Listener.Accept()
- if err == nil {
- hs.Lock()
- hs.history = append(hs.history, c)
- hs.Unlock()
- }
- return
+ mu sync.Mutex // guards closed and conns
+ closed bool
+ conns map[net.Conn]http.ConnState // except terminal states
}
func newLocalListener() net.Listener {
@@ -103,10 +93,9 @@ func (s *Server) Start() {
if s.URL != "" {
panic("Server already started")
}
- s.Listener = &historyListener{Listener: s.Listener}
s.URL = "http://" + s.Listener.Addr().String()
- s.wrapHandler()
- go s.Config.Serve(s.Listener)
+ s.wrap()
+ s.goServe()
if *serve != "" {
fmt.Fprintln(os.Stderr, "httptest: serving on", s.URL)
select {}
@@ -134,23 +123,10 @@ func (s *Server) StartTLS() {
if len(s.TLS.Certificates) == 0 {
s.TLS.Certificates = []tls.Certificate{cert}
}
- tlsListener := tls.NewListener(s.Listener, s.TLS)
-
- s.Listener = &historyListener{Listener: tlsListener}
+ s.Listener = tls.NewListener(s.Listener, s.TLS)
s.URL = "https://" + s.Listener.Addr().String()
- s.wrapHandler()
- go s.Config.Serve(s.Listener)
-}
-
-func (s *Server) wrapHandler() {
- h := s.Config.Handler
- if h == nil {
- h = http.DefaultServeMux
- }
- s.Config.Handler = &waitGroupHandler{
- s: s,
- h: h,
- }
+ s.wrap()
+ s.goServe()
}
// NewTLSServer starts and returns a new Server using TLS.
@@ -161,43 +137,139 @@ func NewTLSServer(handler http.Handler) *Server {
return ts
}
+type closeIdleTransport interface {
+ CloseIdleConnections()
+}
+
// Close shuts down the server and blocks until all outstanding
// requests on this server have completed.
func (s *Server) Close() {
- s.Listener.Close()
- s.wg.Wait()
- s.CloseClientConnections()
- if t, ok := http.DefaultTransport.(*http.Transport); ok {
+ s.mu.Lock()
+ if !s.closed {
+ s.closed = true
+ s.Listener.Close()
+ s.Config.SetKeepAlivesEnabled(false)
+ for c, st := range s.conns {
+ if st == http.StateIdle {
+ s.closeConn(c)
+ }
+ }
+ // If this server doesn't shut down in 5 seconds, tell the user why.
+ t := time.AfterFunc(5*time.Second, s.logCloseHangDebugInfo)
+ defer t.Stop()
+ }
+ s.mu.Unlock()
+
+ // Not part of httptest.Server's correctness, but assume most
+ // users of httptest.Server will be using the standard
+ // transport, so help them out and close any idle connections for them.
+ if t, ok := http.DefaultTransport.(closeIdleTransport); ok {
t.CloseIdleConnections()
}
+
+ s.wg.Wait()
}
-// CloseClientConnections closes any currently open HTTP connections
-// to the test Server.
+func (s *Server) logCloseHangDebugInfo() {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+ var buf bytes.Buffer
+ buf.WriteString("httptest.Server blocked in Close after 5 seconds, waiting for connections:\n")
+ for c, st := range s.conns {
+ fmt.Fprintf(&buf, " %T %p %v in state %v\n", c, c, c.RemoteAddr(), st)
+ }
+ log.Print(buf.String())
+}
+
+// CloseClientConnections closes any open HTTP connections to the test Server.
func (s *Server) CloseClientConnections() {
- hl, ok := s.Listener.(*historyListener)
- if !ok {
- return
+ s.mu.Lock()
+ defer s.mu.Unlock()
+ for c := range s.conns {
+ s.closeConn(c)
}
- hl.Lock()
- for _, conn := range hl.history {
- conn.Close()
+}
+
+func (s *Server) goServe() {
+ s.wg.Add(1)
+ go func() {
+ defer s.wg.Done()
+ s.Config.Serve(s.Listener)
+ }()
+}
+
+// wrap installs the connection state-tracking hook to know which
+// connections are idle.
+func (s *Server) wrap() {
+ oldHook := s.Config.ConnState
+ s.Config.ConnState = func(c net.Conn, cs http.ConnState) {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+ switch cs {
+ case http.StateNew:
+ s.wg.Add(1)
+ if _, exists := s.conns[c]; exists {
+ panic("invalid state transition")
+ }
+ if s.conns == nil {
+ s.conns = make(map[net.Conn]http.ConnState)
+ }
+ s.conns[c] = cs
+ if s.closed {
+ // Probably just a socket-late-binding dial from
+ // the default transport that lost the race (and
+ // thus this connection is now idle and will
+ // never be used).
+ s.closeConn(c)
+ }
+ case http.StateActive:
+ if oldState, ok := s.conns[c]; ok {
+ if oldState != http.StateNew && oldState != http.StateIdle {
+ panic("invalid state transition")
+ }
+ s.conns[c] = cs
+ }
+ case http.StateIdle:
+ if oldState, ok := s.conns[c]; ok {
+ if oldState != http.StateActive {
+ panic("invalid state transition")
+ }
+ s.conns[c] = cs
+ }
+ if s.closed {
+ s.closeConn(c)
+ }
+ case http.StateHijacked, http.StateClosed:
+ s.forgetConn(c)
+ }
+ if oldHook != nil {
+ oldHook(c, cs)
+ }
}
- hl.Unlock()
}
-// waitGroupHandler wraps a handler, incrementing and decrementing a
-// sync.WaitGroup on each request, to enable Server.Close to block
-// until outstanding requests are finished.
-type waitGroupHandler struct {
- s *Server
- h http.Handler // non-nil
+// closeConn closes c. Except on plan9, which is special. See comment below.
+// s.mu must be held.
+func (s *Server) closeConn(c net.Conn) {
+ if runtime.GOOS == "plan9" {
+ // Go's Plan 9 net package isn't great at unblocking reads when
+ // their underlying TCP connections are closed. Don't trust
+ // that that the ConnState state machine will get to
+ // StateClosed. Instead, just go there directly. Plan 9 may leak
+ // resources if the syscall doesn't end up returning. Oh well.
+ s.forgetConn(c)
+ }
+ go c.Close()
}
-func (h *waitGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
- h.s.wg.Add(1)
- defer h.s.wg.Done() // a defer, in case ServeHTTP below panics
- h.h.ServeHTTP(w, r)
+// forgetConn removes c from the set of tracked conns and decrements it from the
+// waitgroup, unless it was previously removed.
+// s.mu must be held.
+func (s *Server) forgetConn(c net.Conn) {
+ if _, ok := s.conns[c]; ok {
+ delete(s.conns, c)
+ s.wg.Done()
+ }
}
// localhostCert is a PEM-encoded TLS cert with SAN IPs
diff --git a/src/net/http/httptest/server_test.go b/src/net/http/httptest/server_test.go
index 500a9f0..90901ce 100644
--- a/src/net/http/httptest/server_test.go
+++ b/src/net/http/httptest/server_test.go
@@ -27,3 +27,30 @@ func TestServer(t *testing.T) {
t.Errorf("got %q, want hello", string(got))
}
}
+
+// Issue 12781
+func TestGetAfterClose(t *testing.T) {
+ ts := NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ w.Write([]byte("hello"))
+ }))
+
+ res, err := http.Get(ts.URL)
+ if err != nil {
+ t.Fatal(err)
+ }
+ got, err := ioutil.ReadAll(res.Body)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if string(got) != "hello" {
+ t.Fatalf("got %q, want hello", string(got))
+ }
+
+ ts.Close()
+
+ res, err = http.Get(ts.URL)
+ if err == nil {
+ body, _ := ioutil.ReadAll(res.Body)
+ t.Fatalf("Unexected response after close: %v, %v, %s", res.Status, res.Header, body)
+ }
+}

View File

@ -24,15 +24,15 @@
# Golang build options.
# Buid golang using external/internal(close to cgo disabled) linking.
%ifarch %{golang_arches}
# Build golang using external/internal(close to cgo disabled) linking.
%ifarch %{golang_arches} %{power64}
%global external_linker 1
%else
%global external_linker 0
%endif
# Build golang with cgo enabled/disabled(later equals more or less to internal linking).
%ifarch %{golang_arches}
%ifarch %{golang_arches} %{power64}
%global cgo_enabled 1
%else
%global cgo_enabled 0
@ -44,19 +44,16 @@
%else
%global golang_bootstrap 0
%endif
# boostrap(with internal linking) using gcc-go fails due to bug in tests(https://github.com/golang/go/issues/12629)
# make check not to fail due to it
# Controls what ever we fails on failed tests
%ifarch %{golang_arches}
# Controls what ever we fail on failed tests
%ifarch %{golang_arches} %{power64}
%global fail_on_tests 1
%else
%global fail_on_tests 0
%endif
# TODO get more support for shared objects
# Build golang shared objects for stdlib
%ifarch x86_64
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
%global shared 1
%else
%global shared 0
@ -84,20 +81,17 @@
%global gohostarch ppc64le
%endif
%global go_api 1.5
%global go_version 1.5.3
%global go_api 1.6
%global go_version 1.6
Name: golang
Version: 1.5.3
Release: 1%{?dist}
Version: 1.6
Release: 0.1.rc1%{?dist}
Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain
URL: http://golang.org/
# pre-processed by source.sh to make Mark.Twain-Tom.Sawyer.txt free again
Source0: https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz
# original removed by source.sh, replace by version from golang master branch with license scrubbed
Source1: Mark.Twain-Tom.Sawyer.txt.bz2
Source0: https://storage.googleapis.com/golang/go1.6rc1.src.tar.gz
# The compiler is written in Go. Needs go(1.4+) compiler for build.
%if !%{golang_bootstrap}
@ -114,7 +108,7 @@ BuildRequires: net-tools
BuildRequires: pcre-devel, glibc-static
Provides: go = %{version}-%{release}
Requires: %{name}-bin
Requires: %{name}-bin = %{version}-%{release}
Requires: %{name}-src = %{version}-%{release}
Requires: go-srpm-macros
@ -122,10 +116,6 @@ Patch0: golang-1.2-verbose-build.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1038683
Patch1: golang-1.2-remove-ECC-p224.patch
# Accept x509 certs with negative serial
# https://bugzilla.redhat.com/show_bug.cgi?id=1290543
# https://github.com/golang/go/issues/8265
Patch2: bz1290543.patch
# use the arch dependent path in the bootstrap
Patch212: golang-1.5-bootstrap-binary-path.patch
@ -134,17 +124,10 @@ Patch212: golang-1.5-bootstrap-binary-path.patch
# https://github.com/golang/go/issues/11214
Patch213: go1.5beta1-disable-TestGdbPython.patch
# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
# this is not possible in the limitied build chroot
Patch214: go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that
# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
Patch215: ./go1.5-zoneinfo_testing_only.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1271709
Patch216: ./golang-1.5.1-a3156aaa12.patch
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@ -156,7 +139,7 @@ Obsoletes: %{name}-vim < 1.4
Obsoletes: emacs-%{name} < 1.4
# These are the only RHEL/Fedora architectures that we compile this package for
ExclusiveArch: %{golang_arches}
ExclusiveArch: %{golang_arches} %{power64}
Source100: golang-gdbinit
Source101: golang-prelink.conf
@ -260,23 +243,14 @@ Summary: Golang shared object libraries
# remove the P224 curve
%patch1 -p1
%patch2 -p1
# use the arch dependent path in the bootstrap
%patch212 -p1
# disable TestGdbPython
%patch213 -p1
# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
%patch214 -p1
%patch215 -p1
%patch216 -p1
cp %{SOURCE1} "$(pwd)/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2"
%build
# print out system information
uname -a
@ -376,7 +350,7 @@ popd
rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile
# put binaries to bindir, linked to the arch we're building,
# leave the arch independent pieces in %{goroot}
# leave the arch independent pieces in {goroot}
mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}
ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/go
ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/gofmt
@ -416,6 +390,10 @@ export GO_LDFLAGS="-linkmode internal"
%if !%{cgo_enabled} || !%{external_linker}
export CGO_ENABLED=0
%endif
# make sure to not timeout
export GO_TEST_TIMEOUT_SCALE=2
%if %{fail_on_tests}
./run.bash --no-rebuild -v -v -v -k
%else
@ -485,6 +463,11 @@ fi
%endif
%changelog
* Thu Jan 28 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-0.1.rc1
- Resolves bz1292640, rebase to pre-release 1.6
- bootstrap for PowerPC
- fix rpmlint errors/warning
* Thu Jan 14 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.3-1
- rebase to 1.5.3
- resolves bz1293451, CVE-2015-8618
@ -709,7 +692,7 @@ fi
- include sub-packages for compiler toolchains, for all golang supported architectures
* Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
- provide a system rpm macros. Starting with %gopath
- provide a system rpm macros. Starting with gopath
* Tue Mar 04 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
- Update to latest upstream

View File

@ -1,8 +0,0 @@
#! /bin/bash
tar -xzf $1
cat ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt |tail -n +25 | head -n 8465 > ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new
mv ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt
rm -f ./go/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2
rm $1
tar -czf $1 ./go
rm -rf ./go

View File

@ -1,2 +1 @@
5c07bee28b57345e67c4dfa4074b83e8 go1.5.3.src.tar.gz
95da7ca97a8b8f5955fb7eb329784489 Mark.Twain-Tom.Sawyer.txt.bz2
fa18b0a0036159902f8178513bbc6022 go1.6rc1.src.tar.gz