rebase to go1.7.1

Resolves: BZ#1293449 - CVE-2015-8618, BZ#1357601 - CVE-2016-5386, BZ#1324345 - CVE-2016-3959, BZ#1376555
2016-09-23 15:27:32 +02:00 · 2016-09-23 15:27:32 +02:00 · fd042bef95
parent 27c6fb3111
commit fd042bef95
6 changed files with 108 additions and 89 deletions
--- a/.gitignore
+++ b/.gitignore
@ -24,3 +24,4 @@
 /go1.5rc1.src.tar.gz
 /go1.5.src.tar.gz
 /go1.5.1.src.tar.gz
+/go1.7.1.src.tar.gz
--- a/go1.5beta1-disable-TestGdbPython.patch
+++ b/go1.5beta1-disable-TestGdbPython.patch
@ -1,13 +1,12 @@
-diff --git a/src/runtime/runtime-gdb_test.go b/src/runtime/runtime-gdb_test.go
-index f4014b2..2c09441 100644
--- a/src/runtime/runtime-gdb_test.go
-+++ b/src/runtime/runtime-gdb_test.go
-@@ -38,7 +38,7 @@ func main() {
+diff -up go/src/runtime/runtime-gdb_test.go.gdb go/src/runtime/runtime-gdb_test.go
+--- go/src/runtime/runtime-gdb_test.go.gdb	2016-04-28 10:31:13.005689813 +0200
+++ go/src/runtime/runtime-gdb_test.go	2016-04-28 10:32:12.202935125 +0200
+@@ -72,7 +72,7 @@ func main() {
 }
 `
 
 -func TestGdbPython(t *testing.T) {
 +func testGdbPython(t *testing.T) {
- 	if runtime.GOOS == "darwin" {
- 		t.Skip("gdb does not work on darwin")
- 	}
+ 	checkGdbEnvironment(t)
+ 	checkGdbVersion(t)
+ 	checkGdbPython(t)
--- a/golang-1.2-remove-ECC-p224.patch
+++ b/golang-1.2-remove-ECC-p224.patch
@ -1,9 +1,3 @@
-commit f8eb1e50541c8a9e55545d7470dbeab96073a632
-Author: Vincent Batts <vbatts@hashbangbash.com>
-Date:   Thu Jul 16 11:38:45 2015 -0400
-
-    p224
-
 diff --git a/api/go1.txt b/api/go1.txt
 index 5e3dea5..1a1ee83 100644
 --- a/api/go1.txt
@ -17,7 +11,7 @@ index 5e3dea5..1a1ee83 100644
 pkg crypto/elliptic, func P384() Curve
 pkg crypto/elliptic, func P521() Curve
 diff --git a/src/crypto/ecdsa/ecdsa_test.go b/src/crypto/ecdsa/ecdsa_test.go
-index 169944d..c653464 100644
+index fc25fd7..356e617 100644
 --- a/src/crypto/ecdsa/ecdsa_test.go
 +++ b/src/crypto/ecdsa/ecdsa_test.go
@@ -33,11 +33,10 @@ func testKeyGeneration(t *testing.T, c elliptic.Curve, tag string) {
@ -33,7 +27,7 @@ index 169944d..c653464 100644
 	testKeyGeneration(t, elliptic.P384(), "p384")
 	testKeyGeneration(t, elliptic.P521(), "p521")
 }
-@@ -63,11 +62,10 @@ func testSignAndVerify(t *testing.T, c elliptic.Curve, tag string) {
+@@ -98,11 +97,10 @@ func testSignAndVerify(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestSignAndVerify(t *testing.T) {
@ -46,7 +40,7 @@ index 169944d..c653464 100644
 	testSignAndVerify(t, elliptic.P384(), "p384")
 	testSignAndVerify(t, elliptic.P521(), "p521")
 }
-@@ -100,11 +98,10 @@ func testNonceSafety(t *testing.T, c elliptic.Curve, tag string) {
+@@ -135,11 +133,10 @@ func testNonceSafety(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestNonceSafety(t *testing.T) {
@ -59,7 +53,7 @@ index 169944d..c653464 100644
 	testNonceSafety(t, elliptic.P384(), "p384")
 	testNonceSafety(t, elliptic.P521(), "p521")
 }
-@@ -135,11 +132,10 @@ func testINDCCA(t *testing.T, c elliptic.Curve, tag string) {
+@@ -170,11 +167,10 @@ func testINDCCA(t *testing.T, c elliptic.Curve, tag string) {
 }
 
 func TestINDCCA(t *testing.T) {
@ -72,7 +66,7 @@ index 169944d..c653464 100644
 	testINDCCA(t, elliptic.P384(), "p384")
 	testINDCCA(t, elliptic.P521(), "p521")
 }
-@@ -201,8 +197,6 @@ func TestVectors(t *testing.T) {
+@@ -236,8 +232,6 @@ func TestVectors(t *testing.T) {
 			parts := strings.SplitN(line, ",", 2)
 
 			switch parts[0] {
@ -81,6 +75,14 @@ index 169944d..c653464 100644
 			case "P-256":
 				pub.Curve = elliptic.P256()
 			case "P-384":
+@@ -314,7 +308,6 @@ func testNegativeInputs(t *testing.T, curve elliptic.Curve, tag string) {
+ }
+ 
+ func TestNegativeInputs(t *testing.T) {
+-	testNegativeInputs(t, elliptic.P224(), "p224")
+ 	testNegativeInputs(t, elliptic.P256(), "p256")
+ 	testNegativeInputs(t, elliptic.P384(), "p384")
+ 	testNegativeInputs(t, elliptic.P521(), "p521")
 diff --git a/src/crypto/elliptic/bottombits.go b/src/crypto/elliptic/bottombits.go
 new file mode 100644
 index 0000000..4544722
@ -92,10 +94,10 @@ index 0000000..4544722
 +const bottom28Bits = 0xfffffff
 +const two31m3 = 1<<31 - 1<<3
 diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
-index f3b84e1..ca0b7cf 100644
+index c02df45..f713ad7 100644
 --- a/src/crypto/elliptic/elliptic.go
 +++ b/src/crypto/elliptic/elliptic.go
-@@ -331,7 +331,6 @@ var p384 *CurveParams
+@@ -338,7 +338,6 @@ var p384 *CurveParams
 var p521 *CurveParams
 
 func initAll() {
@ -104,7 +106,7 @@ index f3b84e1..ca0b7cf 100644
 	initP384()
 	initP521()
 diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
-index 7e27913..e0034fc 100644
+index 7f3f1a2..833668e 100644
 --- a/src/crypto/elliptic/elliptic_test.go
 +++ b/src/crypto/elliptic/elliptic_test.go
@@ -6,27 +6,25 @@ package elliptic
@ -240,7 +242,7 @@ index 7e27913..e0034fc 100644
 	k, _ := new(big.Int).SetString(e.k, 10)
 	b.StartTimer()
 	for i := 0; i < b.N; i++ {
-@@ -442,14 +393,14 @@ func BenchmarkBaseMultP256(b *testing.B) {
+@@ -454,14 +405,14 @@ func BenchmarkScalarMultP256(b *testing.B) {
 }
 
 func TestMarshal(t *testing.T) {
@ -259,7 +261,7 @@ index 7e27913..e0034fc 100644
 	if xx == nil {
 		t.Error("failed to unmarshal")
 		return
-@@ -459,13 +410,3 @@ func TestMarshal(t *testing.T) {
+@@ -471,13 +422,3 @@ func TestMarshal(t *testing.T) {
 		return
 	}
 }
@ -275,11 +277,11 @@ index 7e27913..e0034fc 100644
 -}
 diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
 deleted file mode 100644
-index 2d3fac7..0000000
+index de266ca..0000000
 --- a/src/crypto/elliptic/p224.go
 +++ /dev/null
@@ -1,765 +0,0 @@
-// Copyright 2012 The Go Authors.  All rights reserved.
+-// Copyright 2012 The Go Authors. All rights reserved.
 -// Use of this source code is governed by a BSD-style
 -// license that can be found in the LICENSE file.
 -
@ -1046,11 +1048,11 @@ index 2d3fac7..0000000
 -}
 diff --git a/src/crypto/elliptic/p224_test.go b/src/crypto/elliptic/p224_test.go
 deleted file mode 100644
-index 4b26d16..0000000
+index 8b4fa04..0000000
 --- a/src/crypto/elliptic/p224_test.go
 +++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2012 The Go Authors.  All rights reserved.
+-// Copyright 2012 The Go Authors. All rights reserved.
 -// Use of this source code is governed by a BSD-style
 -// license that can be found in the LICENSE file.
 -
@ -1120,10 +1122,10 @@ index 83f9916..dea8589 100644
 		priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	case "P384":
 diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
-index be6c013..428053a 100644
+index 9e6d67d..580831e 100644
 --- a/src/crypto/x509/x509.go
 +++ b/src/crypto/x509/x509.go
-@@ -308,9 +308,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
+@@ -340,9 +340,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
 
 // RFC 5480, 2.1.1.1. Named Curve
 //
@ -1133,7 +1135,7 @@ index be6c013..428053a 100644
 // secp256r1 OBJECT IDENTIFIER ::= {
 //   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
 //   prime(1) 7 }
-@@ -323,7 +320,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
+@@ -355,7 +352,6 @@ func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm
 //
 // NB: secp256r1 is equivalent to prime256v1
 var (
@ -1141,7 +1143,7 @@ index be6c013..428053a 100644
 	oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
 	oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
 	oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
-@@ -331,8 +327,6 @@ var (
+@@ -363,8 +359,6 @@ var (
 
 func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
 	switch {
@ -1150,7 +1152,7 @@ index be6c013..428053a 100644
 	case oid.Equal(oidNamedCurveP256):
 		return elliptic.P256()
 	case oid.Equal(oidNamedCurveP384):
-@@ -345,8 +339,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
+@@ -377,8 +371,6 @@ func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
 
 func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) {
 	switch curve {
@ -1159,7 +1161,7 @@ index be6c013..428053a 100644
 	case elliptic.P256():
 		return oidNamedCurveP256, true
 	case elliptic.P384():
-@@ -1466,7 +1458,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgori
+@@ -1508,7 +1500,7 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgori
 		pubType = ECDSA
 
 		switch pub.Curve {
--- a/golang-1.5-bootstrap-binary-path.patch
+++ b/golang-1.5-bootstrap-binary-path.patch
@ -1,17 +1,16 @@
-diff --git a/src/cmd/dist/buildtool.go b/src/cmd/dist/buildtool.go
-index be54ac4..6744fbdc 100644
--- a/src/cmd/dist/buildtool.go
-+++ b/src/cmd/dist/buildtool.go
-@@ -108,12 +108,20 @@ func bootstrapBuildTools() {
+diff -up go/src/cmd/dist/buildtool.go.bootstrap go/src/cmd/dist/buildtool.go
+--- go/src/cmd/dist/buildtool.go.bootstrap	2016-06-06 14:26:37.638374670 +0200
+++ go/src/cmd/dist/buildtool.go	2016-06-06 14:30:33.873262307 +0200
+@@ -111,15 +111,23 @@ func bootstrapBuildTools() {
+ 	defer os.Setenv("GOBIN", os.Getenv("GOBIN"))
 	os.Setenv("GOBIN", "")
 
- 	os.Setenv("GOOS", "")
-	os.Setenv("GOHOSTOS", "")
- 	os.Setenv("GOARCH", "")
-+
 +	hostos := os.Getenv("GOHOSTOS")
 +	hostarch := os.Getenv("GOHOSTARCH")
-+	os.Setenv("GOHOSTOS", "")
+
+ 	os.Setenv("GOOS", "")
+ 	os.Setenv("GOHOSTOS", "")
+ 	os.Setenv("GOARCH", "")
 	os.Setenv("GOHOSTARCH", "")
 
 +	bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch)
@ -19,17 +18,18 @@ index be54ac4..6744fbdc 100644
 +		bingopath = pathf("%s/bin/go", goroot_bootstrap)
 +	}
 +
- 	// Run Go 1.4 to build binaries.
-	run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-v", "bootstrap/...")
-+	run(workspace, ShowOutput|CheckExit, bingopath, "install", "-v", "bootstrap/...")
+ 	// Run Go 1.4 to build binaries. Use -gcflags=-l to disable inlining to
+ 	// workaround bugs in Go 1.4's compiler. See discussion thread:
+ 	// https://groups.google.com/d/msg/golang-dev/Ss7mCKsvk8w/Gsq7VYI0AwAJ
+-	run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-gcflags=-l", "-v", "bootstrap/...")
+	run(workspace, ShowOutput|CheckExit, bingopath, "install", "-gcflags=-l", "-v", "bootstrap/...")
 
 	// Copy binaries into tool binary directory.
 	for _, name := range bootstrapDirs {
-diff --git a/src/make.bash b/src/make.bash
-index f17648a..77f463c 100755
--- a/src/make.bash
-+++ b/src/make.bash
-@@ -113,12 +113,17 @@ echo '##### Building Go bootstrap tool.'
+diff -up go/src/make.bash.bootstrap go/src/make.bash
+--- go/src/make.bash.bootstrap	2016-06-06 14:26:37.628374633 +0200
+++ go/src/make.bash	2016-06-06 14:26:37.638374670 +0200
+@@ -118,8 +118,15 @@ echo '##### Building Go bootstrap tool.'
 echo cmd/dist
 export GOROOT="$(cd .. && pwd)"
 GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4}
@ -45,6 +45,11 @@ index f17648a..77f463c 100755
 +	echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
 +	echo "ERROR: or $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
 	echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
+ 	exit 1
+ fi
+@@ -128,8 +135,6 @@ if [ "$GOROOT_BOOTSTRAP" == "$GOROOT" ];
+ 	echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
+ 	exit 1
 fi
 -rm -f cmd/dist/dist
 -GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
--- a/golang.spec
+++ b/golang.spec
@ -29,6 +29,7 @@
 %global goroot          /usr/lib/%{name}
 %global gopath          %{_datadir}/gocode
 %global go_arches       %{ix86} x86_64 %{arm} aarch64
+%global golibdir        %{_libdir}/golang
 %ifarch x86_64
 %global gohostarch  amd64
 %endif
@ -42,30 +43,29 @@
 %global gohostarch  arm64
 %endif

-%global go_api 1.5
-%global go_version 1.5.1
+%global go_api 1.7
+%global go_version 1.7.1

 Name:           golang
-Version:        1.5.1
+Version:        1.7.1
 Release:        1%{?dist}
 Summary:        The Go Programming Language
-
-License:        BSD
+# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
+License:        BSD and Public Domain
 URL:            http://golang.org/
 Source0:        https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz

 # go1.5 bootstrapping. The compiler is written in golang.
 BuildRequires:  golang > 1.4
-BuildRequires:  pcre-devel
+BuildRequires:  pcre-devel, glibc-static, perl
 %if 0%{?rhel} > 6 || 0%{?fedora} > 0
 BuildRequires:  hostname
 %else
 BuildRequires:  net-tools
 %endif
-# use the arch dependent path in the bootstrap
-Patch212:       golang-1.5-bootstrap-binary-path.patch

 Provides:       go = %{version}-%{release}
+Provides:       go-srpm-macros
 Requires:       %{name}-bin
 Requires:       %{name}-src = %{version}-%{release}

@ -74,21 +74,17 @@ Patch0:         golang-1.2-verbose-build.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1038683
 Patch1:         golang-1.2-remove-ECC-p224.patch

+# use the arch dependent path in the bootstrap
+Patch212:       golang-1.5-bootstrap-binary-path.patch
+
 # disable TestGdbPython
 # https://github.com/golang/go/issues/11214
 Patch213:       go1.5beta1-disable-TestGdbPython.patch

-# disable  TestCloneNEWUSERAndRemapNoRootDisableSetgroups
-# this is not possible in the limitied build chroot
-Patch214:       go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
-
 # we had been just removing the zoneinfo.zip, but that caused tests to fail for users that 
 # later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
 Patch215:       ./go1.5-zoneinfo_testing_only.patch

-# https://bugzilla.redhat.com/show_bug.cgi?id=1271709
-Patch216:       ./golang-1.5.1-a3156aaa12.patch
-
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4

@ -168,6 +164,9 @@ Obsoletes:      %{name}-pkg-netbsd-arm < 1.4.99
 Obsoletes:      %{name}-pkg-openbsd-386 < 1.4.99
 Obsoletes:      %{name}-pkg-openbsd-amd64 < 1.4.99

+Obsoletes:      golang-vet < 0-12.1
+Obsoletes:      golang-cover < 0-12.1
+
 Requires(post): %{_sbindir}/update-alternatives
 Requires(postun): %{_sbindir}/update-alternatives

@ -200,23 +199,26 @@ Summary:        Golang shared object libraries
 %setup -q -n go

 # increase verbosity of build
-%patch0 -p1
+%patch0 -p1 -b .verbose

 # remove the P224 curve
-%patch1 -p1
+%patch1 -p1 -b .curve

 # use the arch dependent path in the bootstrap
-%patch212 -p1
+%patch212 -p1 -b .bootstrap

 # disable TestGdbPython
-%patch213 -p1
+%patch213 -p1 -b .gdb

-# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
-%patch214 -p1
+%patch215 -p1

-%patch216 -p1

 %build
+# print out system information
+uname -a
+cat /proc/cpuinfo
+cat /proc/meminfo
+
 # go1.5 bootstrapping. The compiler is written in golang.
 export GOROOT_BOOTSTRAP=%{goroot}

@ -288,6 +290,18 @@ pushd $RPM_BUILD_ROOT%{goroot}
 	find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list

 %ifarch x86_64
+    mkdir -p %{buildroot}/%{_libdir}/
+    mkdir -p %{buildroot}/%{golibdir}/
+    for file in $(find .  -iname "*.so" ); do
+        chmod 755 $file
+        mv  $file %{buildroot}/%{golibdir}
+        pushd $(dirname $file)
+        ln -fs %{golibdir}/$(basename $file) $(basename $file)
+        popd
+        echo "%%{goroot}/$file" >> $shared_list
+        echo "%%{golibdir}/$(basename $file)" >> $shared_list
+    done
+    
 	find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
 	find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
 %endif
@ -305,7 +319,7 @@ popd
 rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile

 # put binaries to bindir, linked to the arch we're building,
-# leave the arch independent pieces in %{goroot}
+# leave the arch independent pieces in {goroot}
 mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}
 ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/go
 ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/gofmt
@ -345,22 +359,15 @@ cp -av %{SOURCE102} $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.golang
 export GOROOT=$(pwd -P)
 export PATH="$GOROOT"/bin:"$PATH"
 cd src
-# skip using CGO for test. causes a SIGABRT on fc21 (bz1086900)
-# until this test/issue is fixed
-# https://bugzilla.redhat.com/show_bug.cgi?id=1086900
-# CGO for test, which fails in i686 on fc21 inside mock/chroot (bz1087621)
-# https://bugzilla.redhat.com/show_bug.cgi?id=1087621

-# not using our 'gcc' since the CFLAGS fails crash_cgo_test.go due to unused variables
-# https://code.google.com/p/go/issues/detail?id=6883
+export CC="gcc"
+export CFLAGS="$RPM_OPT_FLAGS"
+export LDFLAGS="$RPM_LD_FLAGS"

-# XXX reenable. likely go1.5beta2 https://github.com/golang/go/commit/9adf684686bad7c6319080d0b1da8308a77b08c9
-#CGO_ENABLED=0 ./run.bash --no-rebuild
+# make sure to not timeout
+export GO_TEST_TIMEOUT_SCALE=2

-CC="gcc" \
-CFLAGS="$RPM_OPT_FLAGS" \
-LDFLAGS="$RPM_LD_FLAGS" \
-./run.bash --no-rebuild -v -k
+./run.bash --no-rebuild -v -v -v -k
 cd ..


@ -432,6 +439,11 @@ fi
 %endif

 %changelog
+* Fri Sep 16 2016 Jakub Čajka <jcajka@fedoraproject.org> - 1.7.1-1
+- rebase to go1.7.1
+- Resolves: BZ#1293449 - CVE-2015-8618, BZ#1357601 - CVE-2016-5386,
+BZ#1324345 - CVE-2016-3959, BZ#1376555
+
 * Mon Oct 19 2015 Vincent Batts <vbatts@fedoraproject.org> - 1.5.1-1
 - bz1271709 include patch from upstream fix

--- a/2
+++ b/2
@ -1 +1 @@
-4adfbdfca523cc1c229be8a321f3602f  go1.5.1.src.tar.gz
+433e2158e5c28fe24b11622df393cc46  go1.7.1.src.tar.gz