Backport of patch

Resolves: rhbz#2093092
Adds 0006-fix-CVE-2022-29526.patch

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -95,3 +95,19 @@
 /go1.15.3.src.tar.gz
 /go1.15.4.src.tar.gz
 /go1.15.5.src.tar.gz
+/go1.15.6.src.tar.gz
+/go1.16beta1.src.tar.gz
+/go1.16rc1.src.tar.gz
+/go1.16.src.tar.gz
+/go1.16.3.src.tar.gz
+/go1.16.4.src.tar.gz
+/go1.16.5.src.tar.gz
+/go1.16.6.src.tar.gz
+/go1.17rc2.src.tar.gz
+/go1.16.8.src.tar.gz
+/go1.16.10.src.tar.gz
+/go1.16.11.src.tar.gz
+/go1.16.12.src.tar.gz
+/go1.16.13.src.tar.gz
+/go1.16.14.src.tar.gz
+/go1.16.15.src.tar.gz

0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch

@@ -1,6 +1,6 @@
-From edce31a2904846ae74e3c011f2cf5fddc963459e Mon Sep 17 00:00:00 2001
+From f3d446b60a082308ec5aaa2fdc36e31f566081bb Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
-Date: Thu, 22 Mar 2018 12:07:32 +0100
+Date: Thu, 22 Mar 2018 11:49:09 +0100
 Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the
  internal test suite
 
@@ -11,7 +11,7 @@ Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the
  3 files changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/src/time/internal_test.go b/src/time/internal_test.go
-index 76d5524124..e81ace5f64 100644
+index 35ce69b228..1cea04ed7e 100644
 --- a/src/time/internal_test.go
 +++ b/src/time/internal_test.go
 @@ -4,13 +4,15 @@
@@ -43,10 +43,10 @@ index 76d5524124..e81ace5f64 100644
  		zoneSources = zoneSources[len(zoneSources)-1:]
  	}
 diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
-index 7a55d4f618..6063ca1195 100644
+index 277b68f798..be2aa6c687 100644
 --- a/src/time/zoneinfo_test.go
 +++ b/src/time/zoneinfo_test.go
-@@ -8,6 +8,7 @@ import (
+@@ -9,6 +9,7 @@ import (
  	"fmt"
  	"os"
  	"reflect"
@@ -54,7 +54,7 @@ index 7a55d4f618..6063ca1195 100644
  	"testing"
  	"time"
  )
-@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
+@@ -139,7 +140,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
  		t.Fatal(err)
  	}
  
@@ -64,7 +64,7 @@ index 7a55d4f618..6063ca1195 100644
  		t.Fatal(err)
  	}
 diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
-index 88313aa0ed..d9596115ef 100644
+index d2465eef65..b8c934c9a9 100644
 --- a/src/time/zoneinfo_unix.go
 +++ b/src/time/zoneinfo_unix.go
 @@ -12,7 +12,6 @@
@@ -84,5 +84,5 @@ index 88313aa0ed..d9596115ef 100644
  
  func initLocal() {
 -- 
-2.14.3
+2.26.2
 

0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch

@@ -1,4 +1,4 @@
-From 817407fc2d6a861e65086388766f58082d38bc0b Mon Sep 17 00:00:00 2001
+From 67a4711d09c6595c17f32470c15bf471c287777d Mon Sep 17 00:00:00 2001
 From: Michael Munday <munday@ca.ibm.com>
 Date: Tue, 17 Jan 2017 11:33:38 -0500
 Subject: [PATCH 2/3] syscall: expose IfInfomsg.X__ifi_pad on s390x
@@ -14,7 +14,7 @@ Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5
  1 file changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go
-index 63c4a83b19..b5894255df 100644
+index 91f5ceff20..59a8b1fccd 100644
 --- a/src/syscall/ztypes_linux_s390x.go
 +++ b/src/syscall/ztypes_linux_s390x.go
 @@ -449,12 +449,12 @@ type RtAttr struct {
@@ -37,5 +37,5 @@ index 63c4a83b19..b5894255df 100644
  
  type IfAddrmsg struct {
 -- 
-2.14.3
+2.26.2
 

0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch

@@ -1,4 +1,4 @@
-From b38cd2374c2395f5a77802ef8ea3d7ac5b8a86ad Mon Sep 17 00:00:00 2001
+From fa250374b727439159bc9f203b854bb5df00186f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
 Date: Mon, 27 May 2019 15:12:53 +0200
 Subject: [PATCH 3/3] cmd/go: disable Google's proxy and sumdb
@@ -9,10 +9,10 @@ Subject: [PATCH 3/3] cmd/go: disable Google's proxy and sumdb
  2 files changed, 8 insertions(+), 8 deletions(-)
 
 diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
-index 61dc6bdda6..e8658dc56c 100644
+index 9bc48132ae..d5be72473f 100644
 --- a/src/cmd/go/internal/cfg/cfg.go
 +++ b/src/cmd/go/internal/cfg/cfg.go
-@@ -245,11 +245,11 @@ var (
+@@ -262,11 +262,11 @@ var (
  	GOPPC64  = envOr("GOPPC64", fmt.Sprintf("%s%d", "power", objabi.GOPPC64))
  	GOWASM   = envOr("GOWASM", fmt.Sprint(objabi.GOWASM))
  
@@ -27,10 +27,10 @@ index 61dc6bdda6..e8658dc56c 100644
 +	GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
 +	GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
  	GOINSECURE = Getenv("GOINSECURE")
+ 	GOVCS      = Getenv("GOVCS")
  )
- 
 diff --git a/src/cmd/go/testdata/script/mod_sumdb_golang.txt b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
-index 40a07fc7e9..50436e32d7 100644
+index cc0b0da474..b50689e209 100644
 --- a/src/cmd/go/testdata/script/mod_sumdb_golang.txt
 +++ b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
 @@ -2,12 +2,12 @@
@@ -47,8 +47,8 @@ index 40a07fc7e9..50436e32d7 100644
 -stdout '^sum.golang.org$'
 +stdout '^off$'
  
- # download direct from github
+ # Download direct from github.
  [!net] skip
 -- 
-2.21.0
+2.26.2
 

0004-fix-CVE-2022-24675.patch

@@ -0,0 +1,291 @@
+From 2116d60993e90d3f9b963c979f4bf1d116af03ff Mon Sep 17 00:00:00 2001
+From: Julie Qiu <julie@golang.org>
+Date: Tue, 01 Mar 2022 10:19:38 -0600
+Subject: [PATCH] [release-branch.go1.17] encoding/pem: fix stack overflow in Decode
+
+Previously, Decode called decodeError, a recursive function that was
+prone to stack overflows when given a large PEM file containing errors.
+
+Credit to Juho Nurminen of Mattermost who reported the error.
+
+Fixes CVE-2022-24675
+Updates #51853
+Fixes #52036
+
+Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Filippo Valsorda <valsorda@google.com>
+(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/399816
+Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Cherry Mui <cherryyz@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+---
+
+diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go
+index a7272da..1bee1c1 100644
+--- a/src/encoding/pem/pem.go
++++ b/src/encoding/pem/pem.go
+@@ -87,123 +87,97 @@
+ 	// pemStart begins with a newline. However, at the very beginning of
+ 	// the byte array, we'll accept the start string without it.
+ 	rest = data
+-	if bytes.HasPrefix(data, pemStart[1:]) {
+-		rest = rest[len(pemStart)-1 : len(data)]
+-	} else if i := bytes.Index(data, pemStart); i >= 0 {
+-		rest = rest[i+len(pemStart) : len(data)]
+-	} else {
+-		return nil, data
+-	}
+-
+-	typeLine, rest := getLine(rest)
+-	if !bytes.HasSuffix(typeLine, pemEndOfLine) {
+-		return decodeError(data, rest)
+-	}
+-	typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)]
+-
+-	p = &Block{
+-		Headers: make(map[string]string),
+-		Type:    string(typeLine),
+-	}
+-
+ 	for {
+-		// This loop terminates because getLine's second result is
+-		// always smaller than its argument.
+-		if len(rest) == 0 {
++		if bytes.HasPrefix(rest, pemStart[1:]) {
++			rest = rest[len(pemStart)-1:]
++		} else if i := bytes.Index(rest, pemStart); i >= 0 {
++			rest = rest[i+len(pemStart) : len(rest)]
++		} else {
+ 			return nil, data
+ 		}
+-		line, next := getLine(rest)
+ 
+-		i := bytes.IndexByte(line, ':')
+-		if i == -1 {
+-			break
++		var typeLine []byte
++		typeLine, rest = getLine(rest)
++		if !bytes.HasSuffix(typeLine, pemEndOfLine) {
++			continue
++		}
++		typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)]
++
++		p = &Block{
++			Headers: make(map[string]string),
++			Type:    string(typeLine),
+ 		}
+ 
+-		// TODO(agl): need to cope with values that spread across lines.
+-		key, val := line[:i], line[i+1:]
+-		key = bytes.TrimSpace(key)
+-		val = bytes.TrimSpace(val)
+-		p.Headers[string(key)] = string(val)
+-		rest = next
++		for {
++			// This loop terminates because getLine's second result is
++			// always smaller than its argument.
++			if len(rest) == 0 {
++				return nil, data
++			}
++			line, next := getLine(rest)
++
++			i := bytes.IndexByte(line, ':')
++			if i == -1 {
++				break
++			}
++
++			// TODO(agl): need to cope with values that spread across lines.
++			key, val := line[:i], line[i+1:]
++			key = bytes.TrimSpace(key)
++			val = bytes.TrimSpace(val)
++			p.Headers[string(key)] = string(val)
++			rest = next
++		}
++
++		var endIndex, endTrailerIndex int
++
++		// If there were no headers, the END line might occur
++		// immediately, without a leading newline.
++		if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) {
++			endIndex = 0
++			endTrailerIndex = len(pemEnd) - 1
++		} else {
++			endIndex = bytes.Index(rest, pemEnd)
++			endTrailerIndex = endIndex + len(pemEnd)
++		}
++
++		if endIndex < 0 {
++			continue
++		}
++
++		// After the "-----" of the ending line, there should be the same type
++		// and then a final five dashes.
++		endTrailer := rest[endTrailerIndex:]
++		endTrailerLen := len(typeLine) + len(pemEndOfLine)
++		if len(endTrailer) < endTrailerLen {
++			continue
++		}
++
++		restOfEndLine := endTrailer[endTrailerLen:]
++		endTrailer = endTrailer[:endTrailerLen]
++		if !bytes.HasPrefix(endTrailer, typeLine) ||
++			!bytes.HasSuffix(endTrailer, pemEndOfLine) {
++			continue
++		}
++
++		// The line must end with only whitespace.
++		if s, _ := getLine(restOfEndLine); len(s) != 0 {
++			continue
++		}
++
++		base64Data := removeSpacesAndTabs(rest[:endIndex])
++		p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data)))
++		n, err := base64.StdEncoding.Decode(p.Bytes, base64Data)
++		if err != nil {
++			continue
++		}
++		p.Bytes = p.Bytes[:n]
++
++		// the -1 is because we might have only matched pemEnd without the
++		// leading newline if the PEM block was empty.
++		_, rest = getLine(rest[endIndex+len(pemEnd)-1:])
++		return p, rest
+ 	}
+-
+-	var endIndex, endTrailerIndex int
+-
+-	// If there were no headers, the END line might occur
+-	// immediately, without a leading newline.
+-	if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) {
+-		endIndex = 0
+-		endTrailerIndex = len(pemEnd) - 1
+-	} else {
+-		endIndex = bytes.Index(rest, pemEnd)
+-		endTrailerIndex = endIndex + len(pemEnd)
+-	}
+-
+-	if endIndex < 0 {
+-		return decodeError(data, rest)
+-	}
+-
+-	// After the "-----" of the ending line, there should be the same type
+-	// and then a final five dashes.
+-	endTrailer := rest[endTrailerIndex:]
+-	endTrailerLen := len(typeLine) + len(pemEndOfLine)
+-	if len(endTrailer) < endTrailerLen {
+-		return decodeError(data, rest)
+-	}
+-
+-	restOfEndLine := endTrailer[endTrailerLen:]
+-	endTrailer = endTrailer[:endTrailerLen]
+-	if !bytes.HasPrefix(endTrailer, typeLine) ||
+-		!bytes.HasSuffix(endTrailer, pemEndOfLine) {
+-		return decodeError(data, rest)
+-	}
+-
+-	// The line must end with only whitespace.
+-	if s, _ := getLine(restOfEndLine); len(s) != 0 {
+-		return decodeError(data, rest)
+-	}
+-
+-	base64Data := removeSpacesAndTabs(rest[:endIndex])
+-	p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data)))
+-	n, err := base64.StdEncoding.Decode(p.Bytes, base64Data)
+-	if err != nil {
+-		return decodeError(data, rest)
+-	}
+-	p.Bytes = p.Bytes[:n]
+-
+-	// the -1 is because we might have only matched pemEnd without the
+-	// leading newline if the PEM block was empty.
+-	_, rest = getLine(rest[endIndex+len(pemEnd)-1:])
+-
+-	return
+-}
+-
+-func decodeError(data, rest []byte) (*Block, []byte) {
+-	// If we get here then we have rejected a likely looking, but
+-	// ultimately invalid PEM block. We need to start over from a new
+-	// position. We have consumed the preamble line and will have consumed
+-	// any lines which could be header lines. However, a valid preamble
+-	// line is not a valid header line, therefore we cannot have consumed
+-	// the preamble line for the any subsequent block. Thus, we will always
+-	// find any valid block, no matter what bytes precede it.
+-	//
+-	// For example, if the input is
+-	//
+-	//    -----BEGIN MALFORMED BLOCK-----
+-	//    junk that may look like header lines
+-	//   or data lines, but no END line
+-	//
+-	//    -----BEGIN ACTUAL BLOCK-----
+-	//    realdata
+-	//    -----END ACTUAL BLOCK-----
+-	//
+-	// we've failed to parse using the first BEGIN line
+-	// and now will try again, using the second BEGIN line.
+-	p, rest := Decode(rest)
+-	if p == nil {
+-		rest = data
+-	}
+-	return p, rest
+ }
+ 
+ const pemLineLength = 64
+diff --git a/src/encoding/pem/pem_test.go b/src/encoding/pem/pem_test.go
+index b2b6b15..c94b5ca 100644
+--- a/src/encoding/pem/pem_test.go
++++ b/src/encoding/pem/pem_test.go
+@@ -107,6 +107,12 @@
+ dGVzdA==
+ -----ENDBAR-----`
+ 
++const pemMissingEndLine = `
++-----BEGIN FOO-----
++Header: 1`
++
++var pemRepeatingBegin = strings.Repeat("-----BEGIN \n", 10)
++
+ var badPEMTests = []struct {
+ 	name  string
+ 	input string
+@@ -131,14 +137,34 @@
+ 		"missing ending space",
+ 		pemMissingEndingSpace,
+ 	},
++	{
++		"repeating begin",
++		pemRepeatingBegin,
++	},
++	{
++		"missing end line",
++		pemMissingEndLine,
++	},
+ }
+ 
+ func TestBadDecode(t *testing.T) {
+ 	for _, test := range badPEMTests {
+-		result, _ := Decode([]byte(test.input))
++		result, rest := Decode([]byte(test.input))
+ 		if result != nil {
+ 			t.Errorf("unexpected success while parsing %q", test.name)
+ 		}
++		if string(rest) != test.input {
++			t.Errorf("unexpected rest: %q; want = %q", rest, test.input)
++		}
++	}
++}
++
++func TestCVE202224675(t *testing.T) {
++	// Prior to CVE-2022-24675, this input would cause a stack overflow.
++	input := []byte(strings.Repeat("-----BEGIN \n", 10000000))
++	result, rest := Decode(input)
++	if result != nil || !reflect.DeepEqual(rest, input) {
++		t.Errorf("Encode of %#v decoded as %#v", input, rest)
+ 	}
+ }
+ 

0005-fix-CVE-2022-28327.patch

@@ -0,0 +1,320 @@
+From 28ffc15c56ac0edccb5b0147ff942127720ca083 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Wed, 8 Jun 2022 19:27:19 +0200
+Subject: [PATCH] Backport CVE-2022-28327 fix from go1.17
+
+---
+ src/crypto/elliptic/elliptic_test.go |  92 ---------------
+ src/crypto/elliptic/p256.go          |   2 +-
+ src/crypto/elliptic/p256_test.go     | 169 +++++++++++++++++++++++++++
+ 3 files changed, 170 insertions(+), 93 deletions(-)
+ create mode 100644 src/crypto/elliptic/p256_test.go
+
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index bb16b0d163..516a321273 100644
+--- a/src/crypto/elliptic/elliptic_test.go
++++ b/src/crypto/elliptic/elliptic_test.go
+@@ -301,29 +301,6 @@ var p224BaseMultTests = []baseMultTest{
+ 	},
+ }
+ 
+-type scalarMultTest struct {
+-	k          string
+-	xIn, yIn   string
+-	xOut, yOut string
+-}
+-
+-var p256MultTests = []scalarMultTest{
+-	{
+-		"2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737",
+-		"023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea",
+-		"f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad",
+-		"4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3",
+-		"a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0",
+-	},
+-	{
+-		"313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd",
+-		"cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06",
+-		"a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031",
+-		"831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991",
+-		"93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684",
+-	},
+-}
+-
+ func TestBaseMult(t *testing.T) {
+ 	p224 := P224()
+ 	for i, e := range p224BaseMultTests {
+@@ -359,65 +336,6 @@ func TestGenericBaseMult(t *testing.T) {
+ 	}
+ }
+ 
+-func TestP256BaseMult(t *testing.T) {
+-	p256 := P256()
+-	p256Generic := p256.Params()
+-
+-	scalars := make([]*big.Int, 0, len(p224BaseMultTests)+1)
+-	for _, e := range p224BaseMultTests {
+-		k, _ := new(big.Int).SetString(e.k, 10)
+-		scalars = append(scalars, k)
+-	}
+-	k := new(big.Int).SetInt64(1)
+-	k.Lsh(k, 500)
+-	scalars = append(scalars, k)
+-
+-	for i, k := range scalars {
+-		x, y := p256.ScalarBaseMult(k.Bytes())
+-		x2, y2 := p256Generic.ScalarBaseMult(k.Bytes())
+-		if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 {
+-			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2)
+-		}
+-
+-		if testing.Short() && i > 5 {
+-			break
+-		}
+-	}
+-}
+-
+-func TestP256Mult(t *testing.T) {
+-	p256 := P256()
+-	p256Generic := p256.Params()
+-
+-	for i, e := range p224BaseMultTests {
+-		x, _ := new(big.Int).SetString(e.x, 16)
+-		y, _ := new(big.Int).SetString(e.y, 16)
+-		k, _ := new(big.Int).SetString(e.k, 10)
+-
+-		xx, yy := p256.ScalarMult(x, y, k.Bytes())
+-		xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes())
+-		if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 {
+-			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2)
+-		}
+-		if testing.Short() && i > 5 {
+-			break
+-		}
+-	}
+-
+-	for i, e := range p256MultTests {
+-		x, _ := new(big.Int).SetString(e.xIn, 16)
+-		y, _ := new(big.Int).SetString(e.yIn, 16)
+-		k, _ := new(big.Int).SetString(e.k, 16)
+-		expectedX, _ := new(big.Int).SetString(e.xOut, 16)
+-		expectedY, _ := new(big.Int).SetString(e.yOut, 16)
+-
+-		xx, yy := p256.ScalarMult(x, y, k.Bytes())
+-		if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
+-			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY)
+-		}
+-	}
+-}
+-
+ func testInfinity(t *testing.T, curve Curve) {
+ 	_, x, y, _ := GenerateKey(curve, rand.Reader)
+ 	x, y = curve.ScalarMult(x, y, curve.Params().N.Bytes())
+@@ -477,16 +395,6 @@ func TestInfinity(t *testing.T) {
+ 	}
+ }
+ 
+-type synthCombinedMult struct {
+-	Curve
+-}
+-
+-func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) {
+-	x1, y1 := s.ScalarBaseMult(baseScalar)
+-	x2, y2 := s.ScalarMult(bigX, bigY, scalar)
+-	return s.Add(x1, y1, x2, y2)
+-}
+-
+ func TestCombinedMult(t *testing.T) {
+ 	type combinedMult interface {
+ 		Curve
+diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
+index c23e414156..787e3e7444 100644
+--- a/src/crypto/elliptic/p256.go
++++ b/src/crypto/elliptic/p256.go
+@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
+ 	n := new(big.Int).SetBytes(in)
+ 	var scalarBytes []byte
+ 
+-	if n.Cmp(p256Params.N) >= 0 {
++	if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
+ 		n.Mod(n, p256Params.N)
+ 		scalarBytes = n.Bytes()
+ 	} else {
+diff --git a/src/crypto/elliptic/p256_test.go b/src/crypto/elliptic/p256_test.go
+new file mode 100644
+index 0000000000..694186df81
+--- /dev/null
++++ b/src/crypto/elliptic/p256_test.go
+@@ -0,0 +1,169 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package elliptic
++
++import (
++	"math/big"
++	"testing"
++)
++
++type scalarMultTest struct {
++	k          string
++	xIn, yIn   string
++	xOut, yOut string
++}
++
++var p256MultTests = []scalarMultTest{
++	{
++		"2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737",
++		"023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea",
++		"f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad",
++		"4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3",
++		"a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0",
++	},
++	{
++		"313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd",
++		"cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06",
++		"a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031",
++		"831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991",
++		"93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684",
++	},
++}
++
++func TestP256BaseMult(t *testing.T) {
++	p256 := P256()
++	p256Generic := p256.Params()
++
++	scalars := make([]*big.Int, 0, len(p224BaseMultTests)+1)
++	for _, e := range p224BaseMultTests {
++		k, _ := new(big.Int).SetString(e.k, 10)
++		scalars = append(scalars, k)
++	}
++	k := new(big.Int).SetInt64(1)
++	k.Lsh(k, 500)
++	scalars = append(scalars, k)
++
++	for i, k := range scalars {
++		x, y := p256.ScalarBaseMult(k.Bytes())
++		x2, y2 := p256Generic.ScalarBaseMult(k.Bytes())
++		if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 {
++			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2)
++		}
++
++		if testing.Short() && i > 5 {
++			break
++		}
++	}
++}
++
++func TestP256Mult(t *testing.T) {
++	p256 := P256()
++	p256Generic := p256.Params()
++
++	for i, e := range p224BaseMultTests {
++		x, _ := new(big.Int).SetString(e.x, 16)
++		y, _ := new(big.Int).SetString(e.y, 16)
++		k, _ := new(big.Int).SetString(e.k, 10)
++
++		xx, yy := p256.ScalarMult(x, y, k.Bytes())
++		xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes())
++		if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 {
++			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2)
++		}
++		if testing.Short() && i > 5 {
++			break
++		}
++	}
++
++	for i, e := range p256MultTests {
++		x, _ := new(big.Int).SetString(e.xIn, 16)
++		y, _ := new(big.Int).SetString(e.yIn, 16)
++		k, _ := new(big.Int).SetString(e.k, 16)
++		expectedX, _ := new(big.Int).SetString(e.xOut, 16)
++		expectedY, _ := new(big.Int).SetString(e.yOut, 16)
++
++		xx, yy := p256.ScalarMult(x, y, k.Bytes())
++		if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
++			t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY)
++		}
++	}
++}
++
++type synthCombinedMult struct {
++	Curve
++}
++
++func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int) {
++	x1, y1 := s.ScalarBaseMult(baseScalar)
++	x2, y2 := s.ScalarMult(bigX, bigY, scalar)
++	return s.Add(x1, y1, x2, y2)
++}
++
++func TestP256CombinedMult(t *testing.T) {
++	type combinedMult interface {
++		Curve
++		CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int)
++	}
++
++	p256, ok := P256().(combinedMult)
++	if !ok {
++		p256 = &synthCombinedMult{P256()}
++	}
++
++	gx := p256.Params().Gx
++	gy := p256.Params().Gy
++
++	zero := make([]byte, 32)
++	one := make([]byte, 32)
++	one[31] = 1
++	two := make([]byte, 32)
++	two[31] = 2
++
++	// 0×G + 0×G = ∞
++	x, y := p256.CombinedMult(gx, gy, zero, zero)
++	if x.Sign() != 0 || y.Sign() != 0 {
++		t.Errorf("0×G + 0×G = (%d, %d), should be ∞", x, y)
++	}
++
++	// 1×G + 0×G = G
++	x, y = p256.CombinedMult(gx, gy, one, zero)
++	if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
++		t.Errorf("1×G + 0×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
++	}
++
++	// 0×G + 1×G = G
++	x, y = p256.CombinedMult(gx, gy, zero, one)
++	if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
++		t.Errorf("0×G + 1×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
++	}
++
++	// 1×G + 1×G = 2×G
++	x, y = p256.CombinedMult(gx, gy, one, one)
++	ggx, ggy := p256.ScalarBaseMult(two)
++	if x.Cmp(ggx) != 0 || y.Cmp(ggy) != 0 {
++		t.Errorf("1×G + 1×G = (%d, %d), should be (%d, %d)", x, y, ggx, ggy)
++	}
++
++	minusOne := new(big.Int).Sub(p256.Params().N, big.NewInt(1))
++	// 1×G + (-1)×G = ∞
++	x, y = p256.CombinedMult(gx, gy, one, minusOne.Bytes())
++	if x.Sign() != 0 || y.Sign() != 0 {
++		t.Errorf("1×G + (-1)×G = (%d, %d), should be ∞", x, y)
++	}
++}
++
++func TestIssue52075(t *testing.T) {
++	Gx, Gy := P256().Params().Gx, P256().Params().Gy
++	scalar := make([]byte, 33)
++	scalar[32] = 1
++	x, y := P256().ScalarBaseMult(scalar)
++	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
++		t.Errorf("unexpected output (%v,%v)", x, y)
++	}
++	x, y = P256().ScalarMult(Gx, Gy, scalar)
++	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
++		t.Errorf("unexpected output (%v,%v)", x, y)
++	}
++}
+-- 
+2.35.3
+

0006-fix-CVE-2022-29526.patch

@@ -0,0 +1,25 @@
+From 4115e1e9943e7627e7028a7343b2db6280a9fe0f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Fri, 1 Jul 2022 17:07:06 +0200
+Subject: [PATCH] Backport of CVE-2022-29526 from go1.17
+
+---
+ src/syscall/syscall_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
+index 3041f6f8fc..b2cc53e5c0 100644
+--- a/src/syscall/syscall_linux.go
++++ b/src/syscall/syscall_linux.go
+@@ -106,7 +106,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ 			gid = Getgid()
+ 		}
+ 
+-		if uint32(gid) == st.Gid || isGroupMember(gid) {
++		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
+ 			fmode = (st.Mode >> 3) & 7
+ 		} else {
+ 			fmode = st.Mode & 7
+-- 
+2.35.3
+

bundled-deps.sh

@@ -0,0 +1,23 @@
+#! /bin/bash
+# Copyright (C) 2021 Jakub Čajka jcajka@redhat.com
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+provides=""
+for bundle in $(find -name modules.txt); do
+provides="$provides\n$(cat "$bundle" | grep "^# " | grep -v "# explicit" | sed -r s/"^#.* => "// | sed -r "s/# //" | sed -r "s:(.*) v(.*):Provides\: bundled(golang(\1)) = \2:")"
+done
+#TODO replace - with . in version per packaging guidelines
+echo -e "$provides" | sort -u

gating.yaml

@@ -0,0 +1,19 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

golang.spec

@@ -1,7 +1,7 @@
 %bcond_with bootstrap
 # temporalily ignore test failures
 # due to https://github.com/golang/go/issues/39466
-%ifarch aarch64
+%ifarch aarch64 %{arm}
 %bcond_without ignore_tests
 %else
 %bcond_with ignore_tests
@@ -59,13 +59,6 @@
 %global golang_bootstrap 1
 %endif
 
-# Controls what ever we fail on failed tests
-%if %{with ignore_tests}
-%global fail_on_tests 0
-%else
-%global fail_on_tests 1
-%endif
-
 # Build golang shared objects for stdlib
 %ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
 %global shared 1
@@ -105,12 +98,15 @@
 %global gohostarch  s390x
 %endif
 
-%global go_api 1.15
-%global go_version 1.15.5
+%global go_api 1.16
+%global go_version %{go_api}.15
+
+# For rpmdev-bumpspec and releng automation
+%global baserelease 3
 
 Name:           golang
-Version:        1.15.5
-Release:        1%{?dist}
+Version:        %{go_version}
+Release:        %{baserelease}%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@@ -135,100 +131,18 @@ BuildRequires:  pcre-devel, glibc-static, perl-interpreter, procps-ng
 
 Provides:       go = %{version}-%{release}
 
-# Bundled/Vendored provides generated by
-# go list -f {{.ImportPath}} ./src/vendor/... | sed "s:_$PWD/src/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):" && go list -f {{.ImportPath}} ./src/cmd/vendor/... | sed "s:_$PWD/src/cmd/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):"
-Provides: bundled(golang(golang.org/x/crypto/chacha20))
-Provides: bundled(golang(golang.org/x/crypto/chacha20poly1305))
-Provides: bundled(golang(golang.org/x/crypto/cryptobyte))
-Provides: bundled(golang(golang.org/x/crypto/cryptobyte/asn1))
-Provides: bundled(golang(golang.org/x/crypto/curve25519))
-Provides: bundled(golang(golang.org/x/crypto/hkdf))
-Provides: bundled(golang(golang.org/x/crypto/internal/subtle))
-Provides: bundled(golang(golang.org/x/crypto/poly1305))
-Provides: bundled(golang(golang.org/x/net/dns/dnsmessage))
-Provides: bundled(golang(golang.org/x/net/http/httpguts))
-Provides: bundled(golang(golang.org/x/net/http/httpproxy))
-Provides: bundled(golang(golang.org/x/net/http2/hpack))
-Provides: bundled(golang(golang.org/x/net/idna))
-Provides: bundled(golang(golang.org/x/net/nettest))
-Provides: bundled(golang(golang.org/x/sys/cpu))
-Provides: bundled(golang(golang.org/x/text/secure/bidirule))
-Provides: bundled(golang(golang.org/x/text/transform))
-Provides: bundled(golang(golang.org/x/text/unicode/bidi))
-Provides: bundled(golang(golang.org/x/text/unicode/norm))
-Provides: bundled(golang(github.com/google/pprof/driver))
-Provides: bundled(golang(github.com/google/pprof/internal/binutils))
-Provides: bundled(golang(github.com/google/pprof/internal/driver))
-Provides: bundled(golang(github.com/google/pprof/internal/elfexec))
-Provides: bundled(golang(github.com/google/pprof/internal/graph))
-Provides: bundled(golang(github.com/google/pprof/internal/measurement))
-Provides: bundled(golang(github.com/google/pprof/internal/plugin))
-Provides: bundled(golang(github.com/google/pprof/internal/report))
-Provides: bundled(golang(github.com/google/pprof/internal/symbolizer))
-Provides: bundled(golang(github.com/google/pprof/internal/symbolz))
-Provides: bundled(golang(github.com/google/pprof/internal/transport))
-Provides: bundled(golang(github.com/google/pprof/profile))
-Provides: bundled(golang(github.com/google/pprof/third.party/d3))
-Provides: bundled(golang(github.com/google/pprof/third.party/d3flamegraph))
-Provides: bundled(golang(github.com/google/pprof/third.party/svgpan))
-Provides: bundled(golang(github.com/ianlancetaylor/demangle))
-Provides: bundled(golang(golang.org/x/arch/arm/armasm))
-Provides: bundled(golang(golang.org/x/arch/arm64/arm64asm))
-Provides: bundled(golang(golang.org/x/arch/ppc64/ppc64asm))
-Provides: bundled(golang(golang.org/x/arch/x86/x86asm))
-Provides: bundled(golang(golang.org/x/crypto/ed25519))
-Provides: bundled(golang(golang.org/x/crypto/ed25519/internal/edwards25519))
-Provides: bundled(golang(golang.org/x/crypto/ssh/terminal))
-Provides: bundled(golang(golang.org/x/mod/internal/lazyregexp))
-Provides: bundled(golang(golang.org/x/mod/modfile))
-Provides: bundled(golang(golang.org/x/mod/module))
-Provides: bundled(golang(golang.org/x/mod/semver))
-Provides: bundled(golang(golang.org/x/mod/sumdb))
-Provides: bundled(golang(golang.org/x/mod/sumdb/dirhash))
-Provides: bundled(golang(golang.org/x/mod/sumdb/note))
-Provides: bundled(golang(golang.org/x/mod/sumdb/tlog))
-Provides: bundled(golang(golang.org/x/mod/zip))
-Provides: bundled(golang(golang.org/x/sys/internal/unsafeheader))
-Provides: bundled(golang(golang.org/x/sys/unix))
-Provides: bundled(golang(golang.org/x/tools/go/analysis))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/analysisflags))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/facts))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/asmdecl))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/assign))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/atomic))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/bools))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/buildtag))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/cgocall))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/composite))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/copylock))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ctrlflow))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/errorsas))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/httpresponse))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ifaceassert))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/inspect))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/internal/analysisutil))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/loopclosure))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/lostcancel))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/nilfunc))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/printf))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/shift))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stdmethods))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stringintconv))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/structtag))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/tests))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unmarshal))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unreachable))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unsafeptr))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unusedresult))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/unitchecker))
-Provides: bundled(golang(golang.org/x/tools/go/ast/astutil))
-Provides: bundled(golang(golang.org/x/tools/go/ast/inspector))
-Provides: bundled(golang(golang.org/x/tools/go/cfg))
-Provides: bundled(golang(golang.org/x/tools/go/types/objectpath))
-Provides: bundled(golang(golang.org/x/tools/go/types/typeutil))
-Provides: bundled(golang(golang.org/x/tools/internal/analysisinternal))
-Provides: bundled(golang(golang.org/x/xerrors))
-Provides: bundled(golang(golang.org/x/xerrors/internal))
+# Bundled/Vendored provides generated by bundled-deps.sh based on the in tree module data
+# - in version filed substituted with . per versioning guidelines
+Provides: bundled(golang(github.com/google/pprof)) = 0.0.0.20201203190320.1bf35d6f28c2
+Provides: bundled(golang(github.com/ianlancetaylor/demangle)) = 0.0.0.20200824232613.28f6c0f3b639
+Provides: bundled(golang(golang.org/x/arch)) = 0.0.0.20201008161808.52c3e6f60cff
+Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0.20201016220609.9e8e0b390897
+Provides: bundled(golang(golang.org/x/mod)) = 0.4.2.0.20210325185522.dbbbf8a3c6ea
+Provides: bundled(golang(golang.org/x/net)) = 0.0.0.20220106012026.aa5a62bac9b2
+Provides: bundled(golang(golang.org/x/sys)) = 0.0.0.20201204225414.ed752295db88
+Provides: bundled(golang(golang.org/x/text)) = 0.3.4
+Provides: bundled(golang(golang.org/x/tools)) = 0.0.0.20210107193943.4ed967dd8eff
+Provides: bundled(golang(golang.org/x/xerrors)) = 0.0.0.20200804184101.5ec99f83aff1
 
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
@@ -238,6 +152,24 @@ Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
 Patch3:       0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
 
+# The issue: https://github.com/golang/go/issues/51853
+# Fixed in: go1.19
+# Backported by upstream to go1.18.1 and Go1.17.9
+# Patch: https://go-review.googlesource.com/c/go/+/399816/
+Patch4:       0004-fix-CVE-2022-24675.patch
+
+# The issue: https://github.com/golang/go/issues/52075
+# Fixed in: go1.19
+# Backported by upstream to go1.18
+# Patch: https://go-review.googlesource.com/c/go/+/397135/
+Patch5:       0005-fix-CVE-2022-28327.patch
+
+# The issue: https://github.com/golang/go/issues/52313
+# Fixed in: go1.19
+# Backported by upstream to go1.18.2 and go1.17.10
+# Patch: https://go-review.googlesource.com/c/go/+/401078/
+Patch6:       0006-fix-CVE-2022-29526.patch
+
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
 
@@ -529,7 +461,7 @@ export GO_LDFLAGS="-linkmode internal"
 export CGO_ENABLED=0
 %endif
 # workaround for https://github.com/golang/go/issues/39466 until it gests fixed
-# Commented until the patch is ready, this work around suggested in the link avobe
+# Commented until the patch is ready, this workaround suggested in the link above
 # doesn't work properly
 #ifarch aarch64
 #export CGO_CFLAGS="-mno-outline-atomics"
@@ -538,11 +470,7 @@ export CGO_ENABLED=0
 # make sure to not timeout
 export GO_TEST_TIMEOUT_SCALE=2
 
-%if %{fail_on_tests}
-./run.bash --no-rebuild -v -v -v -k
-%else
-./run.bash --no-rebuild -v -v -v -k || :
-%endif
+./run.bash --no-rebuild -v -v -v -k %{?with_ignore_tests: || :}
 cd ..
 
 
@@ -608,6 +536,104 @@ fi
 %endif
 
 %changelog
+* Fri Jul 01 2022 Alejandro Sáez <asm@redhat.com> - 1.16.15-3
+- Backport of patch.
+- Resolves: rhbz#2093092
+- Adds 0006-fix-CVE-2022-29526.patch
+
+* Wed Jun 08 2022 Alejandro Sáez <asm@redhat.com> - 1.16.15-2
+- Backport of patches.
+- Skip tests for arm
+- Adds 0004-fix-CVE-2022-24675.patch
+- Resolves: rhbz#2080125
+- Adds 0005-fix-CVE-2022-28327.patch
+- Resolves: rhbz#2079826
+
+* Thu Mar 10 2022 Alejandro Sáez <asm@redhat.com> - 1.16.15-1
+- Update to go1.16.15
+
+* Fri Feb 11 2022 Alejandro Sáez <asm@redhat.com> - 1.16.14-1
+- Update to go1.16.14
+
+* Fri Jan 07 2022 Alejandro Sáez <asm@redhat.com> - 1.16.13-1
+- Update to go1.16.13
+
+* Tue Dec 21 2021 Alejandro Sáez <asm@redhat.com> - 1.16.12-1
+- Update to go1.16.12
+- Resolves: rhbz#2030810
+- Resolves: rhbz#2030804
+
+* Tue Dec 07 2021 Alejandro Sáez <asm@redhat.com> - 1.16.11-1
+- Update to go1.16.11
+- Related: rhbz#2020739
+- Related: rhbz#2020728
+- Related: rhbz#2014923
+- Related: rhbz#2006045
+
+* Fri Nov 12 2021 Alejandro Sáez <asm@redhat.com> - 1.16.10-1
+- Update to go1.16.10
+
+* Mon Sep 13 2021 Alejandro Sáez <asm@redhat.com> - 1.16.8-2
+- Fix patch
+
+* Fri Sep 10 2021 Alejandro Sáez <asm@redhat.com> - 1.16.8-1
+- Update to go1.16.8
+- Remove patch: ppc64le-vdso-fix.patch
+- Related: rhbz#1937911
+- Related: rhbz#1999415
+
+* Thu Jul 29 2021 Jakub Čajka <jcajka@redhat.com> - 1.16.6-2
+- fix crash in VDSO calls on ppc64le with new kernels
+
+* Wed Jul 14 2021 Mike Rochefort <mroche@fedoraproject.org> - 1.16.6-1
+- Update to go1.16.6
+- Security fix for CVE-2021-34558
+- Resolves: BZ#1983597
+
+* Mon Jun 21 2021 Mike Rochefort <mroche@fedoraproject.org> - 1.16.5-1
+- Update to go1.16.5
+- Security fix for CVE-2021-33195
+- Security fix for CVE-2021-33196
+- Security fix for CVE-2021-33197
+- Fix OOM with large exponents in Rat.SetString gh#45910
+
+* Thu May 13 2021 Jakub Čajka <jcajka@redhat.com> - 1.16.4-2
+- Fix linker issue on ppc64le breaking kube 1.21 build
+
+* Mon May 10 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
+- Update to go1.16.4
+- Security fix for CVE-2021-31525 
+- Resolves: rhbz#1958343
+
+* Fri Apr 09 2021 Alejandro Sáez <asm@redhat.com> - 1.16.3-1
+- Update to go1.16.3
+- Resolves: rhbz#1945768
+
+* Tue Mar 23 2021 Alejandro Sáez <asm@redhat.com> - 1.16-2
+- Update to go1.16.2
+- Resolves: rhbz#1937435
+
+* Thu Feb 18 2021 Jakub Čajka <jcajka@redhat.com> - 1.16-1
+- Update to go1.16
+- Improved bundled provides
+- Resolves: BZ#1913835
+
+* Sun Jan 31 2021 Neal Gompa <ngompa13@gmail.com> - 1.16-0.rc1.1
+- Update to go1.16rc1
+- Related: BZ#1913835
+- Resolves: BZ#1922617
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-0.beta1.1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 15 2021 Jakub Čajka <jcajka@redhat.com> - 1.16-0.beta1.1
+- Update to go1.16beta1
+- Related: BZ#1913835
+
+* Fri Dec 04 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.6-1
+- Rebase to go1.15.6
+- Resolves: BZ#1904238
+
 * Fri Nov 13 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.5-1
 - Rebase to go1.15.5
 - Security fix for CVE-2020-28362, CVE-2020-28367 and CVE-2020-28366

plans/ci.fmf

@@ -0,0 +1,6 @@
+summary: CI Gating Plan
+discover:
+    how: fmf
+    directory: tests
+execute:
+    how: beakerlib

sources

@@ -1 +1 @@
-SHA512 (go1.15.5.src.tar.gz) = 8e1d71f628d364b949b1e124af8950a563bbe9d9ae73b94c66af6ce029f67c26e2654556c0c118d0bc8566af52a7e9ed736b4667bbef7ccdab2bd338c43e6eb4
+SHA512 (go1.16.15.src.tar.gz) = 5b7fd234e6eb3db173ec536ac599a8c640eb4b0e8abeb16f7728efb6d7c927c41a7e8631505ba6983f565f0470a37458e60d8df33089f7ab773c250b44413e66

tests/Sanity/basic-smoke/Makefile

@@ -0,0 +1,64 @@
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Makefile of /tools/golang/Sanity/basic-smoke
+#   Description: basic smoke test for go
+#   Author: Edjunior Machado <emachado@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2019 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+export TEST=/tools/golang/Sanity/basic-smoke
+export TESTVERSION=1.0
+
+BUILT_FILES=
+
+FILES=$(METADATA) runtest.sh Makefile PURPOSE
+
+.PHONY: all install download clean
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	test -x runtest.sh || chmod a+x runtest.sh
+
+clean:
+	rm -f *~ $(BUILT_FILES)
+
+
+include /usr/share/rhts/lib/rhts-make.include
+
+$(METADATA): Makefile
+	@echo "Owner:           Edjunior Machado <emachado@redhat.com>" > $(METADATA)
+	@echo "Name:            $(TEST)" >> $(METADATA)
+	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
+	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
+	@echo "Description:     basic smoke test for go" >> $(METADATA)
+	@echo "Type:            Sanity" >> $(METADATA)
+	@echo "TestTime:        5m" >> $(METADATA)
+	@echo "RunFor:          golang" >> $(METADATA)
+	@echo "Requires:        golang" >> $(METADATA)
+	@echo "Priority:        Normal" >> $(METADATA)
+	@echo "License:         GPLv2+" >> $(METADATA)
+	@echo "Confidential:    no" >> $(METADATA)
+	@echo "Destructive:     no" >> $(METADATA)
+	@echo "Releases:        -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
+	@echo "Architectures:   s390x x86_64 ppc64le aarch64" >> $(METADATA)
+
+	rhts-lint $(METADATA)

tests/Sanity/basic-smoke/PURPOSE

@@ -0,0 +1,3 @@
+PURPOSE of /tools/golang/Sanity/basic-smoke
+Description: basic smoke test for go
+Author: Edjunior Machado <emachado@redhat.com>

tests/Sanity/basic-smoke/main.fmf

@@ -0,0 +1,13 @@
+summary: basic smoke test for go
+description: ''
+contact:
+- Edjunior Machado <emachado@redhat.com>
+component:
+- golang
+test: ./runtest.sh
+framework: beakerlib
+recommend:
+- golang
+duration: 5m
+extra-summary: /tools/golang/Sanity/basic-smoke
+extra-task: /tools/golang/Sanity/basic-smoke

tests/Sanity/basic-smoke/runtest.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /tools/golang/Sanity/basic-smoke
+#   Description: basic smoke test for go
+#   Author: Edjunior Machado <emachado@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2019 Red Hat, Inc.
+#
+#   This program is free software: you can redistribute it and/or
+#   modify it under the terms of the GNU General Public License as
+#   published by the Free Software Foundation, either version 2 of
+#   the License, or (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE.  See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see http://www.gnu.org/licenses/.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include Beaker environment
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+PACKAGE="$(rpm -qf $(which go))"
+
+# Conserve the non-zero return value through the pipe
+set -o pipefail
+
+rlJournalStart
+    rlPhaseStartSetup
+        rlAssertRpm $PACKAGE
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+    rlPhaseEnd
+
+    rlPhaseStartTest
+        cat << EOF > $TmpDir/hello.go
+package main
+import "fmt"
+func main() {
+    fmt.Println("hello world")
+}
+EOF
+        rlAssertExists "$TmpDir/hello.go"
+
+        rlRun "go run $TmpDir/hello.go |& tee $TmpDir/go-run-hello.out" 0 "Testing 'go run'"
+        rlAssertNotDiffer <(echo 'hello world') go-run-hello.out
+
+        rlRun "go build -o $TmpDir/hello $TmpDir/hello.go" 0 "Testing 'go build'"
+        rlAssertExists "hello"
+
+        rlRun "$TmpDir/hello |& tee $TmpDir/hello.out" 0 "Running binary"
+        rlAssertNotDiffer <(echo 'hello world') hello.out
+    rlPhaseEnd
+
+    rlPhaseStartCleanup
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    rlPhaseEnd
+rlJournalPrintText
+rlJournalEnd