Resolves: BZ#1401987

re-enable p224 curve (see BZ#1038683)
Obsolete golang-vet and golang-cover from golang-googlecode-tools package vet/cover binaries are provided by golang-bin rpm(thanks to jchaloup)
2016-12-06 16:43:52 +01:00 · 2016-11-18 14:07:50 +01:00 · 2016-08-08 12:47:51 +02:00 · 2016-07-20 09:25:28 +02:00 · 2016-04-14 10:01:16 +02:00
18 changed files with 1305 additions and 868 deletions
--- a/.gitignore
+++ b/.gitignore
@ -27,71 +27,4 @@
 /go1.5.2.src.tar.gz
 /Mark.Twain-Tom.Sawyer.txt.bz2
 /go1.5.3.src.tar.gz
-/go1.6rc1.src.tar.gz
-/go1.6.src.tar.gz
-/go1.6.1.src.tar.gz
-/go1.6.2.src.tar.gz
-/go1.7rc2.src.tar.gz
-/go1.7rc5.src.tar.gz
-/go1.7.src.tar.gz
-/go1.7.1.src.tar.gz
-/go1.7.3.src.tar.gz
-/go1.7.4.src.tar.gz
-/go1.8rc3.src.tar.gz
-/go1.8.src.tar.gz
-/go1.8.1.src.tar.gz
-/go1.8.3.src.tar.gz
-/go1.9beta2.src.tar.gz
-/go1.9.src.tar.gz
-/go1.9.1.src.tar.gz
-/go1.9.2.src.tar.gz
-/go1.10beta1.src.tar.gz
-/go1.10beta2.src.tar.gz
-/go1.10rc1.src.tar.gz
-/go1.10rc2.src.tar.gz
-/go1.10.src.tar.gz
-/go1.10.1.src.tar.gz
-/go1.10.2.src.tar.gz
-/go1.10.3.src.tar.gz
-/go1.11beta1.src.tar.gz
-/go1.11beta2.src.tar.gz
-/go1.11beta3.src.tar.gz
-/go1.11rc1.src.tar.gz
-/go1.11rc2.src.tar.gz
-/go1.11.src.tar.gz
-/go1.11.1.src.tar.gz
-/go1.11.2.src.tar.gz
-/go1.11.4.src.tar.gz
-/go1.12beta2.src.tar.gz
-/go1.12rc1.src.tar.gz
-/go1.12.src.tar.gz
-/go1.12.1.src.tar.gz
-/go1.12.2.src.tar.gz
-/go1.12.5.src.tar.gz
-/go1.12.6.src.tar.gz
-/go1.12.7.src.tar.gz
-/go1.13beta1.src.tar.gz
-/go1.13rc1.src.tar.gz
-/go1.13rc2.src.tar.gz
-/go1.13.src.tar.gz
-/go1.13.1.src.tar.gz
-/go1.13.3.src.tar.gz
-/go1.13.4.src.tar.gz
-/go1.13.5.src.tar.gz
-/go1.13.6.src.tar.gz
-/go1.14beta1.src.tar.gz
-/go1.14rc1.src.tar.gz
-/go1.14.src.tar.gz
-/go1.14.2.src.tar.gz
-/go1.14.3.src.tar.gz
-/go1.14.4.src.tar.gz
-/go1.14.6.src.tar.gz
-/go1.15beta1.src.tar.gz
-/go1.15rc1.src.tar.gz
-/go1.15rc2.src.tar.gz
-/go1.15.src.tar.gz
-/go1.15.1.src.tar.gz
-/go1.15.2.src.tar.gz
-/go1.15.3.src.tar.gz
-/go1.15.4.src.tar.gz
-/go1.15.5.src.tar.gz
+/go1.5.4.src.tar.gz
--- a/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
+++ b/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
@ -1,88 +0,0 @@
-From edce31a2904846ae74e3c011f2cf5fddc963459e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
-Date: Thu, 22 Mar 2018 12:07:32 +0100
-Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the
- internal test suite
-
---
- src/time/internal_test.go | 7 +++++--
- src/time/zoneinfo_test.go | 3 ++-
- src/time/zoneinfo_unix.go | 2 --
- 3 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/src/time/internal_test.go b/src/time/internal_test.go
-index 76d5524124..e81ace5f64 100644
--- a/src/time/internal_test.go
-+++ b/src/time/internal_test.go
-@@ -4,13 +4,15 @@
- 
- package time
- 
-+import "runtime"
-+
- func init() {
- 	// force US/Pacific for time zone tests
- 	ForceUSPacificForTesting()
- }
- 
- func initTestingZone() {
-	z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
-+	z, err := loadLocation("America/Los_Angeles", zoneSources)
- 	if err != nil {
- 		panic("cannot load America/Los_Angeles for testing: " + err.Error())
- 	}
-@@ -21,8 +23,9 @@ func initTestingZone() {
- var OrigZoneSources = zoneSources
- 
- func forceZipFileForTesting(zipOnly bool) {
-	zoneSources = make([]string, len(OrigZoneSources))
-+	zoneSources = make([]string, len(OrigZoneSources)+1)
- 	copy(zoneSources, OrigZoneSources)
-+	zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if zipOnly {
- 		zoneSources = zoneSources[len(zoneSources)-1:]
- 	}
-diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
-index 7a55d4f618..6063ca1195 100644
--- a/src/time/zoneinfo_test.go
-+++ b/src/time/zoneinfo_test.go
-@@ -8,6 +8,7 @@ import (
- 	"fmt"
- 	"os"
- 	"reflect"
-+	"runtime"
- 	"testing"
- 	"time"
- )
-@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
- 		t.Fatal(err)
- 	}
- 
-	tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
-+	tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if err != nil {
- 		t.Fatal(err)
- 	}
-diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
-index 88313aa0ed..d9596115ef 100644
--- a/src/time/zoneinfo_unix.go
-+++ b/src/time/zoneinfo_unix.go
-@@ -12,7 +12,6 @@
- package time
- 
- import (
-	"runtime"
- 	"syscall"
- )
- 
-@@ -22,7 +21,6 @@ var zoneSources = []string{
- 	"/usr/share/zoneinfo/",
- 	"/usr/share/lib/zoneinfo/",
- 	"/usr/lib/locale/TZ/",
-	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
- }
- 
- func initLocal() {
-- 
-2.14.3
-
--- a/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
+++ b/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
@ -1,41 +0,0 @@
-From 817407fc2d6a861e65086388766f58082d38bc0b Mon Sep 17 00:00:00 2001
-From: Michael Munday <munday@ca.ibm.com>
-Date: Tue, 17 Jan 2017 11:33:38 -0500
-Subject: [PATCH 2/3] syscall: expose IfInfomsg.X__ifi_pad on s390x
-
-Exposing this field on s390x improves compatibility with the other
-linux architectures, all of which already expose it.
-
-Fixes #18628 and updates #18632.
-
-Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5
---
- src/syscall/ztypes_linux_s390x.go | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go
-index 63c4a83b19..b5894255df 100644
--- a/src/syscall/ztypes_linux_s390x.go
-+++ b/src/syscall/ztypes_linux_s390x.go
-@@ -449,12 +449,12 @@ type RtAttr struct {
- }
- 
- type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-+	Family     uint8
-+	X__ifi_pad uint8
-+	Type       uint16
-+	Index      int32
-+	Flags      uint32
-+	Change     uint32
- }
- 
- type IfAddrmsg struct {
-- 
-2.14.3
-
--- a/0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
+++ b/0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
@ -1,54 +0,0 @@
-From b38cd2374c2395f5a77802ef8ea3d7ac5b8a86ad Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
-Date: Mon, 27 May 2019 15:12:53 +0200
-Subject: [PATCH 3/3] cmd/go: disable Google's proxy and sumdb
-
---
- src/cmd/go/internal/cfg/cfg.go                  | 10 +++++-----
- src/cmd/go/testdata/script/mod_sumdb_golang.txt |  6 +++---
- 2 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
-index 61dc6bdda6..e8658dc56c 100644
--- a/src/cmd/go/internal/cfg/cfg.go
-+++ b/src/cmd/go/internal/cfg/cfg.go
-@@ -245,11 +245,11 @@ var (
- 	GOPPC64  = envOr("GOPPC64", fmt.Sprintf("%s%d", "power", objabi.GOPPC64))
- 	GOWASM   = envOr("GOWASM", fmt.Sprint(objabi.GOWASM))
- 
-	GOPROXY    = envOr("GOPROXY", "https://proxy.golang.org,direct")
-	GOSUMDB    = envOr("GOSUMDB", "sum.golang.org")
-	GOPRIVATE  = Getenv("GOPRIVATE")
-	GONOPROXY  = envOr("GONOPROXY", GOPRIVATE)
-	GONOSUMDB  = envOr("GONOSUMDB", GOPRIVATE)
-+	GOPROXY   = envOr("GOPROXY", "direct")
-+	GOSUMDB   = envOr("GOSUMDB", "off")
-+	GOPRIVATE = Getenv("GOPRIVATE")
-+	GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
-+	GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
- 	GOINSECURE = Getenv("GOINSECURE")
- )
- 
-diff --git a/src/cmd/go/testdata/script/mod_sumdb_golang.txt b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
-index 40a07fc7e9..50436e32d7 100644
--- a/src/cmd/go/testdata/script/mod_sumdb_golang.txt
-+++ b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
-@@ -2,12 +2,12 @@
- env GOPROXY=
- env GOSUMDB=
- go env GOPROXY
-stdout '^https://proxy.golang.org,direct$'
-+stdout '^direct$'
- go env GOSUMDB
-stdout '^sum.golang.org$'
-+stdout '^off$'
- env GOPROXY=https://proxy.golang.org
- go env GOSUMDB
-stdout '^sum.golang.org$'
-+stdout '^off$'
- 
- # download direct from github
- [!net] skip
-- 
-2.21.0
-
--- a/CVE-2016-5386.patch
+++ b/CVE-2016-5386.patch
@ -0,0 +1,180 @@
+From a357d15e9ee36a1232ae071d9968c4cf10a672b4 Mon Sep 17 00:00:00 2001
+From: Brad Fitzpatrick <bradfitz@golang.org>
+Date: Mon, 18 Jul 2016 06:05:24 +0000
+Subject: [PATCH] [release-branch.go1.6] net/http, net/http/cgi: fix for CGI +
+ HTTP_PROXY security issue
+
+Because,
+
+* The CGI spec defines that incoming request header "Foo: Bar" maps to
+  environment variable HTTP_FOO == "Bar". (see RFC 3875 4.1.18)
+
+* The HTTP_PROXY environment variable is conventionally used to configure
+  the HTTP proxy for HTTP clients (and is respected by default for
+  Go's net/http.Client and Transport)
+
+That means Go programs running in a CGI environment (as a child
+process under a CGI host) are vulnerable to an incoming request
+containing "Proxy: attacker.com:1234", setting HTTP_PROXY, and
+changing where Go by default proxies all outbound HTTP requests.
+
+This is CVE-2016-5386, aka https://httpoxy.org/
+
+Fixes #16405
+
+Change-Id: I6f68ade85421b4807785799f6d98a8b077e871f0
+Reviewed-on: https://go-review.googlesource.com/25010
+Run-TryBot: Chris Broadfoot <cbro@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Chris Broadfoot <cbro@golang.org>
+Reviewed-on: https://go-review.googlesource.com/25012
+---
+ src/net/http/cgi/host.go       |  4 ++++
+ src/net/http/cgi/host_test.go  | 37 ++++++++++++++++++++++++++++++++++---
+ src/net/http/transport.go      |  3 +++
+ src/net/http/transport_test.go | 14 +++++++++++++-
+ 4 files changed, 54 insertions(+), 4 deletions(-)
+
+diff --git a/src/net/http/cgi/host.go b/src/net/http/cgi/host.go
+index 9b4d875..3f1600b 100644
+--- a/src/net/http/cgi/host.go
+++ b/src/net/http/cgi/host.go
+@@ -145,6 +145,10 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+ 
+ 	for k, v := range req.Header {
+ 		k = strings.Map(upperCaseAndUnderscore, k)
+		if k == "PROXY" {
+			// See Issue 16405
+			continue
+		}
+ 		joinStr := ", "
+ 		if k == "COOKIE" {
+ 			joinStr = "; "
+diff --git a/src/net/http/cgi/host_test.go b/src/net/http/cgi/host_test.go
+index 3327764..2783fe1 100644
+--- a/src/net/http/cgi/host_test.go
+++ b/src/net/http/cgi/host_test.go
+@@ -34,15 +34,18 @@ func newRequest(httpreq string) *http.Request {
+ 	return req
+ }
+ 
+-func runCgiTest(t *testing.T, h *Handler, httpreq string, expectedMap map[string]string) *httptest.ResponseRecorder {
+func runCgiTest(t *testing.T, h *Handler,
+	httpreq string,
+	expectedMap map[string]string, checks ...func(reqInfo map[string]string)) *httptest.ResponseRecorder {
+ 	rw := httptest.NewRecorder()
+ 	req := newRequest(httpreq)
+ 	h.ServeHTTP(rw, req)
+-	runResponseChecks(t, rw, expectedMap)
+	runResponseChecks(t, rw, expectedMap, checks...)
+ 	return rw
+ }
+ 
+-func runResponseChecks(t *testing.T, rw *httptest.ResponseRecorder, expectedMap map[string]string) {
+func runResponseChecks(t *testing.T, rw *httptest.ResponseRecorder,
+	expectedMap map[string]string, checks ...func(reqInfo map[string]string)) {
+ 	// Make a map to hold the test map that the CGI returns.
+ 	m := make(map[string]string)
+ 	m["_body"] = rw.Body.String()
+@@ -80,6 +83,9 @@ readlines:
+ 			t.Errorf("for key %q got %q; expected %q", key, got, expected)
+ 		}
+ 	}
+	for _, check := range checks {
+		check(m)
+	}
+ }
+ 
+ var cgiTested, cgiWorks bool
+@@ -235,6 +241,31 @@ func TestDupHeaders(t *testing.T) {
+ 		expectedMap)
+ }
+ 
+// Issue 16405: CGI+http.Transport differing uses of HTTP_PROXY.
+// Verify we don't set the HTTP_PROXY environment variable.
+// Hope nobody was depending on it. It's not a known header, though.
+func TestDropProxyHeader(t *testing.T) {
+	check(t)
+	h := &Handler{
+		Path: "testdata/test.cgi",
+	}
+	expectedMap := map[string]string{
+		"env-REQUEST_URI":     "/myscript/bar?a=b",
+		"env-SCRIPT_FILENAME": "testdata/test.cgi",
+		"env-HTTP_X_FOO":      "a",
+	}
+	runCgiTest(t, h, "GET /myscript/bar?a=b HTTP/1.0\n"+
+		"X-Foo: a\n"+
+		"Proxy: should_be_stripped\n"+
+		"Host: example.com\n\n",
+		expectedMap,
+		func(reqInfo map[string]string) {
+			if v, ok := reqInfo["env-HTTP_PROXY"]; ok {
+				t.Errorf("HTTP_PROXY = %q; should be absent", v)
+			}
+		})
+}
+
+ func TestPathInfoNoRoot(t *testing.T) {
+ 	check(t)
+ 	h := &Handler{
+diff --git a/src/net/http/transport.go b/src/net/http/transport.go
+index 1e3ea11..794b786 100644
+--- a/src/net/http/transport.go
+++ b/src/net/http/transport.go
+@@ -216,6 +216,9 @@ func ProxyFromEnvironment(req *Request) (*url.URL, error) {
+ 	}
+ 	if proxy == "" {
+ 		proxy = httpProxyEnv.Get()
+		if proxy != "" && os.Getenv("REQUEST_METHOD") != "" {
+			return nil, errors.New("net/http: refusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxy")
+		}
+ 	}
+ 	if proxy == "" {
+ 		return nil, nil
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index d9da078..381432e 100644
+--- a/src/net/http/transport_test.go
+++ b/src/net/http/transport_test.go
+@@ -1985,7 +1985,8 @@ type proxyFromEnvTest struct {
+ 
+ 	env      string // HTTP_PROXY
+ 	httpsenv string // HTTPS_PROXY
+-	noenv    string // NO_RPXY
+	noenv    string // NO_PROXY
+	reqmeth  string // REQUEST_METHOD
+ 
+ 	want    string
+ 	wanterr error
+@@ -2009,6 +2010,10 @@ func (t proxyFromEnvTest) String() string {
+ 		space()
+ 		fmt.Fprintf(&buf, "no_proxy=%q", t.noenv)
+ 	}
+	if t.reqmeth != "" {
+		space()
+		fmt.Fprintf(&buf, "request_method=%q", t.reqmeth)
+	}
+ 	req := "http://example.com"
+ 	if t.req != "" {
+ 		req = t.req
+@@ -2032,6 +2037,12 @@ var proxyFromEnvTests = []proxyFromEnvTest{
+ 	{req: "https://secure.tld/", env: "http.proxy.tld", httpsenv: "secure.proxy.tld", want: "http://secure.proxy.tld"},
+ 	{req: "https://secure.tld/", env: "http.proxy.tld", httpsenv: "https://secure.proxy.tld", want: "https://secure.proxy.tld"},
+ 
+	// Issue 16405: don't use HTTP_PROXY in a CGI environment,
+	// where HTTP_PROXY can be attacker-controlled.
+	{env: "http://10.1.2.3:8080", reqmeth: "POST",
+		want:    "<nil>",
+		wanterr: errors.New("net/http: refusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxy")},
+
+ 	{want: "<nil>"},
+ 
+ 	{noenv: "example.com", req: "http://example.com/", env: "proxy", want: "<nil>"},
+@@ -2047,6 +2058,7 @@ func TestProxyFromEnvironment(t *testing.T) {
+ 		os.Setenv("HTTP_PROXY", tt.env)
+ 		os.Setenv("HTTPS_PROXY", tt.httpsenv)
+ 		os.Setenv("NO_PROXY", tt.noenv)
+		os.Setenv("REQUEST_METHOD", tt.reqmeth)
+ 		ResetCachedEnvironment()
+ 		reqURL := tt.req
+ 		if reqURL == "" {
--- a/bz1290543.patch
+++ b/bz1290543.patch
@ -0,0 +1,55 @@
+From a0ea93dea5f5741addc8c96b7ed037d0e359e33f Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@golang.org>
+Date: Fri, 27 Nov 2015 13:50:36 -0800
+Subject: [PATCH] crypto/x509: permit serial numbers to be negative.
+
+Some software that produces certificates doesn't encode integers
+correctly and, about half the time, ends up producing certificates with
+serial numbers that are actually negative.
+
+This buggy software, sadly, appears to be common enough that we should
+let these errors pass. This change allows a Certificate.SerialNumber to
+be negative.
+
+Fixes #8265.
+
+Change-Id: Ief35dae23988fb6d5e2873e3c521366fb03c6af4
+Reviewed-on: https://go-review.googlesource.com/17247
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+---
+ src/crypto/x509/x509.go      | 4 ----
+ src/crypto/x509/x509_test.go | 6 +++++-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
+index bbc63241..126432d 100644
+--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
+@@ -909,10 +909,6 @@ func parseCertificate(in *certificate) (*Certificate, error) {
+ 		return nil, err
+ 	}
+ 
+-	if in.TBSCertificate.SerialNumber.Sign() < 0 {
+-		return nil, errors.New("x509: negative serial number")
+-	}
+-
+ 	out.Version = in.TBSCertificate.Version + 1
+ 	out.SerialNumber = in.TBSCertificate.SerialNumber
+ 
+diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
+index 61b1773..2c01ec7 100644
+--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
+@@ -343,7 +343,11 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
+ 	for _, test := range tests {
+ 		commonName := "test.example.com"
+ 		template := Certificate{
+-			SerialNumber: big.NewInt(1),
+			// SerialNumber is negative to ensure that negative
+			// values are parsed. This is due to the prevalence of
+			// buggy code that produces certificates with negative
+			// serial numbers.
+			SerialNumber: big.NewInt(-1),
+ 			Subject: pkix.Name{
+ 				CommonName:   commonName,
+ 				Organization: []string{"Σ Acme Co"},
--- a/darwinx509trust.patch
+++ b/darwinx509trust.patch
@ -0,0 +1,459 @@
+From 7a75a55cc44b92836f342e9eeb0f5b1ce20821eb Mon Sep 17 00:00:00 2001
+From: Quentin Smith <quentin@golang.org>
+Date: Wed, 30 Nov 2016 15:16:37 -0500
+Subject: [PATCH 3/4] [release-branch.go1.6] crypto/x509: read Darwin trust
+ settings for root CAs
+
+Darwin separately stores bits indicating whether a root certificate
+should be trusted; this changes Go to read and use those when
+initializing SystemCertPool.
+
+Unfortunately, the trust API is very slow. To avoid a delay of up to
+0.5s in initializing the system cert pool, we assume that
+the trust settings found in kSecTrustSettingsDomainSystem will always
+indicate trust. (That is, all root certs Apple distributes are trusted.)
+This is not guaranteed by the API but is true in practice.
+
+In the non-cgo codepath, we do not have that benefit, so we must check
+the trust status of every certificate. This causes about 0.5s of delay
+in initializing the SystemCertPool.
+
+On OS X 10.11 and older, the "security" command requires a certificate
+to be provided in a file and not on stdin, so the non-cgo codepath
+creates temporary files for each certificate, further slowing initialization.
+
+Updates #18141.
+
+Change-Id: If681c514047afe5e1a68de6c9d40ceabbce54755
+Reviewed-on: https://go-review.googlesource.com/33721
+Run-TryBot: Quentin Smith <quentin@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Russ Cox <rsc@golang.org>
+Reviewed-on: https://go-review.googlesource.com/33728
+---
+ src/crypto/x509/cert_pool.go        |  15 +++
+ src/crypto/x509/root_cgo_darwin.go  | 184 +++++++++++++++++++++++++++++++++---
+ src/crypto/x509/root_darwin.go      | 114 +++++++++++++++++++++-
+ src/crypto/x509/root_darwin_test.go |   1 +
+ 4 files changed, 296 insertions(+), 18 deletions(-)
+
+diff --git a/src/crypto/x509/cert_pool.go b/src/crypto/x509/cert_pool.go
+index 2362e84..dc88ad4 100644
+--- a/src/crypto/x509/cert_pool.go
+++ b/src/crypto/x509/cert_pool.go
+@@ -52,6 +52,21 @@ func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int, errCer
+ 	return
+ }
+ 
+func (s *CertPool) contains(cert *Certificate) bool {
+	if s == nil {
+		return false
+	}
+
+	candidates := s.byName[string(cert.RawSubject)]
+	for _, c := range candidates {
+		if s.certs[c].Equal(cert) {
+			return true
+		}
+	}
+
+	return false
+}
+
+ // AddCert adds a certificate to a pool.
+ func (s *CertPool) AddCert(cert *Certificate) {
+ 	if cert == nil {
+diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
+index bf4a5cd..ee94dad 100644
+--- a/src/crypto/x509/root_cgo_darwin.go
+++ b/src/crypto/x509/root_cgo_darwin.go
+@@ -7,30 +7,28 @@
+ package x509
+ 
+ /*
+-#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
+#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
+ #cgo LDFLAGS: -framework CoreFoundation -framework Security
+ 
+#include <errno.h>
+#include <sys/sysctl.h>
+
+ #include <CoreFoundation/CoreFoundation.h>
+ #include <Security/Security.h>
+ 
+-// FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
+-//
+-// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
+-// certificates of the system. On failure, the function returns -1.
+-//
+-// Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
+-// we've consumed its content.
+-int FetchPEMRoots(CFDataRef *pemRoots) {
+// FetchPEMRoots_MountainLion is the version of FetchPEMRoots from Go 1.6
+// which still works on OS X 10.8 (Mountain Lion).
+// It lacks support for admin & user cert domains.
+// See golang.org/issue/16473
+int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) {
+ 	if (pemRoots == NULL) {
+ 		return -1;
+ 	}
+-
+ 	CFArrayRef certs = NULL;
+ 	OSStatus err = SecTrustCopyAnchorCertificates(&certs);
+ 	if (err != noErr) {
+ 		return -1;
+ 	}
+-
+ 	CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
+ 	int i, ncerts = CFArrayGetCount(certs);
+ 	for (i = 0; i < ncerts; i++) {
+@@ -39,7 +37,6 @@ int FetchPEMRoots(CFDataRef *pemRoots) {
+ 		if (cert == NULL) {
+ 			continue;
+ 		}
+-
+ 		// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
+ 		// Once we support weak imports via cgo we should prefer that, and fall back to this
+ 		// for older systems.
+@@ -47,16 +44,157 @@ int FetchPEMRoots(CFDataRef *pemRoots) {
+ 		if (err != noErr) {
+ 			continue;
+ 		}
+-
+ 		if (data != NULL) {
+ 			CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
+ 			CFRelease(data);
+ 		}
+ 	}
+-
+ 	CFRelease(certs);
+	*pemRoots = combinedData;
+	return 0;
+}
+
+// useOldCode reports whether the running machine is OS X 10.8 Mountain Lion
+// or older. We only support Mountain Lion and higher, but we'll at least try our
+// best on older machines and continue to use the old code path.
+//
+// See golang.org/issue/16473
+int useOldCode() {
+	char str[256];
+	size_t size = sizeof(str);
+	memset(str, 0, size);
+	sysctlbyname("kern.osrelease", str, &size, NULL, 0);
+	// OS X 10.8 is osrelease "12.*", 10.7 is 11.*, 10.6 is 10.*.
+	// We never supported things before that.
+	return memcmp(str, "12.", 3) == 0 || memcmp(str, "11.", 3) == 0 || memcmp(str, "10.", 3) == 0;
+}
+ 
+// FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
+//
+// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
+// certificates of the system. On failure, the function returns -1.
+// Additionally, it fills untrustedPemRoots with certs that must be removed from pemRoots.
+//
+// Note: The CFDataRef returned in pemRoots and untrustedPemRoots must
+// be released (using CFRelease) after we've consumed its content.
+int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
+	if (useOldCode()) {
+		return FetchPEMRoots_MountainLion(pemRoots);
+	}
+
+	// Get certificates from all domains, not just System, this lets
+	// the user add CAs to their "login" keychain, and Admins to add
+	// to the "System" keychain
+	SecTrustSettingsDomain domains[] = { kSecTrustSettingsDomainSystem,
+					     kSecTrustSettingsDomainAdmin,
+					     kSecTrustSettingsDomainUser };
+
+	int numDomains = sizeof(domains)/sizeof(SecTrustSettingsDomain);
+	if (pemRoots == NULL) {
+		return -1;
+	}
+
+	// kSecTrustSettingsResult is defined as CFSTR("kSecTrustSettingsResult"),
+	// but the Go linker's internal linking mode can't handle CFSTR relocations.
+	// Create our own dynamic string instead and release it below.
+	CFStringRef policy = CFStringCreateWithCString(NULL, "kSecTrustSettingsResult", kCFStringEncodingUTF8);
+
+	CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
+	CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
+	for (int i = 0; i < numDomains; i++) {
+		CFArrayRef certs = NULL;
+		OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs);
+		if (err != noErr) {
+			continue;
+		}
+
+		CFIndex numCerts = CFArrayGetCount(certs);
+		for (int j = 0; j < numCerts; j++) {
+			CFDataRef data = NULL;
+			CFErrorRef errRef = NULL;
+			CFArrayRef trustSettings = NULL;
+			SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, j);
+			if (cert == NULL) {
+				continue;
+			}
+			// We only want trusted certs.
+			int untrusted = 0;
+			if (i != 0) {
+				// Certs found in the system domain are always trusted. If the user
+				// configures "Never Trust" on such a cert, it will also be found in the
+				// admin or user domain, causing it to be added to untrustedPemRoots. The
+				// Go code will then clean this up.
+
+				// Trust may be stored in any of the domains. According to Apple's
+				// SecTrustServer.c, "user trust settings overrule admin trust settings",
+				// so take the last trust settings array we find.
+				// Skip the system domain since it is always trusted.
+				for (int k = 1; k < numDomains; k++) {
+					CFArrayRef domainTrustSettings = NULL;
+					err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings);
+					if (err == errSecSuccess && domainTrustSettings != NULL) {
+						if (trustSettings) {
+							CFRelease(trustSettings);
+						}
+						trustSettings = domainTrustSettings;
+					}
+				}
+				if (trustSettings == NULL) {
+					// "this certificate must be verified to a known trusted certificate"; aka not a root.
+					continue;
+				}
+				for (CFIndex k = 0; k < CFArrayGetCount(trustSettings); k++) {
+					CFNumberRef cfNum;
+					CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, k);
+					if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){
+						SInt32 result = 0;
+						CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result);
+						// TODO: The rest of the dictionary specifies conditions for evaluation.
+						if (result == kSecTrustSettingsResultDeny) {
+							untrusted = 1;
+						}
+					}
+				}
+				CFRelease(trustSettings);
+			}
+			// We only want to add Root CAs, so make sure Subject and Issuer Name match
+			CFDataRef subjectName = SecCertificateCopyNormalizedSubjectContent(cert, &errRef);
+			if (errRef != NULL) {
+				CFRelease(errRef);
+				continue;
+			}
+			CFDataRef issuerName = SecCertificateCopyNormalizedIssuerContent(cert, &errRef);
+			if (errRef != NULL) {
+				CFRelease(subjectName);
+				CFRelease(errRef);
+				continue;
+			}
+			Boolean equal = CFEqual(subjectName, issuerName);
+			CFRelease(subjectName);
+			CFRelease(issuerName);
+			if (!equal) {
+				continue;
+			}
+
+			// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
+			// Once we support weak imports via cgo we should prefer that, and fall back to this
+			// for older systems.
+			err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
+			if (err != noErr) {
+				continue;
+			}
+
+			if (data != NULL) {
+				CFMutableDataRef appendTo = untrusted ? combinedUntrustedData : combinedData;
+				CFDataAppendBytes(appendTo, CFDataGetBytePtr(data), CFDataGetLength(data));
+				CFRelease(data);
+			}
+		}
+		CFRelease(certs);
+	}
+	CFRelease(policy);
+ 	*pemRoots = combinedData;
+	*untrustedPemRoots = combinedUntrustedData;
+ 	return 0;
+ }
+ */
+@@ -67,7 +205,8 @@ func initSystemRoots() {
+ 	roots := NewCertPool()
+ 
+ 	var data C.CFDataRef = nil
+-	err := C.FetchPEMRoots(&data)
+	var untrustedData C.CFDataRef = nil
+	err := C.FetchPEMRoots(&data, &untrustedData)
+ 	if err == -1 {
+ 		return
+ 	}
+@@ -75,5 +214,20 @@ func initSystemRoots() {
+ 	defer C.CFRelease(C.CFTypeRef(data))
+ 	buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
+ 	roots.AppendCertsFromPEM(buf)
+	if untrustedData == nil {
+		systemRoots = roots
+		return
+	}
+	defer C.CFRelease(C.CFTypeRef(untrustedData))
+	buf = C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(untrustedData)), C.int(C.CFDataGetLength(untrustedData)))
+	untrustedRoots := NewCertPool()
+	untrustedRoots.AppendCertsFromPEM(buf)
+
+	trustedRoots := NewCertPool()
+	for _, c := range roots.certs {
+		if !untrustedRoots.contains(c) {
+			trustedRoots.AddCert(c)
+		}
+	}
+ 	systemRoots = roots
+ }
+diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
+index 78de56c..59b303d 100644
+--- a/src/crypto/x509/root_darwin.go
+++ b/src/crypto/x509/root_darwin.go
+@@ -6,12 +6,27 @@
+ 
+ package x509
+ 
+-import "os/exec"
+import (
+	"bytes"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strconv"
+	"sync"
+	"syscall"
+)
+ 
+ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
+ 	return nil, nil
+ }
+ 
+// This code is only used when compiling without cgo.
+// It is here, instead of root_nocgo_darwin.go, so that tests can check it
+// even if the tests are run with cgo enabled.
+// The linker will not include these unused functions in binaries built with cgo enabled.
+
+ func execSecurityRoots() (*CertPool, error) {
+ 	cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
+ 	data, err := cmd.Output()
+@@ -19,7 +34,100 @@ func execSecurityRoots() (*CertPool, error) {
+ 		return nil, err
+ 	}
+ 
+-	roots := NewCertPool()
+-	roots.AppendCertsFromPEM(data)
+	var (
+		mu    sync.Mutex
+		roots = NewCertPool()
+	)
+	add := func(cert *Certificate) {
+		mu.Lock()
+		defer mu.Unlock()
+		roots.AddCert(cert)
+	}
+	blockCh := make(chan *pem.Block)
+	var wg sync.WaitGroup
+	for i := 0; i < 4; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			for block := range blockCh {
+				verifyCertWithSystem(block, add)
+			}
+		}()
+	}
+	for len(data) > 0 {
+		var block *pem.Block
+		block, data = pem.Decode(data)
+		if block == nil {
+			break
+		}
+		if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
+			continue
+		}
+		blockCh <- block
+	}
+	close(blockCh)
+	wg.Wait()
+ 	return roots, nil
+ }
+
+func verifyCertWithSystem(block *pem.Block, add func(*Certificate)) {
+	data := pem.EncodeToMemory(block)
+	var cmd *exec.Cmd
+	if needsTmpFiles() {
+		f, err := ioutil.TempFile("", "cert")
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "can't create temporary file for cert: %v", err)
+			return
+		}
+		defer os.Remove(f.Name())
+		if _, err := f.Write(data); err != nil {
+			fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
+			return
+		}
+		if err := f.Close(); err != nil {
+			fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
+			return
+		}
+		cmd = exec.Command("/usr/bin/security", "verify-cert", "-c", f.Name(), "-l")
+	} else {
+		cmd = exec.Command("/usr/bin/security", "verify-cert", "-c", "/dev/stdin", "-l")
+		cmd.Stdin = bytes.NewReader(data)
+	}
+	if cmd.Run() == nil {
+		// Non-zero exit means untrusted
+		cert, err := ParseCertificate(block.Bytes)
+		if err != nil {
+			return
+		}
+
+		add(cert)
+	}
+}
+
+var versionCache struct {
+	sync.Once
+	major int
+}
+
+// needsTmpFiles reports whether the OS is <= 10.11 (which requires real
+// files as arguments to the security command).
+func needsTmpFiles() bool {
+	versionCache.Do(func() {
+		release, err := syscall.Sysctl("kern.osrelease")
+		if err != nil {
+			return
+		}
+		for i, c := range release {
+			if c == '.' {
+				release = release[:i]
+				break
+			}
+		}
+		major, err := strconv.Atoi(release)
+		if err != nil {
+			return
+		}
+		versionCache.major = major
+	})
+	return versionCache.major <= 15
+}
+diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
+index cc6d23c..38f314b 100644
+--- a/src/crypto/x509/root_darwin_test.go
+++ b/src/crypto/x509/root_darwin_test.go
+@@ -29,6 +29,7 @@ func TestSystemRoots(t *testing.T) {
+ 		// On Mavericks, there are 212 bundled certs; require only
+ 		// 150 here, since this is just a sanity check, and the
+ 		// exact number will vary over time.
+		t.Logf("got %d roots", len(tt.certs))
+ 		if want, have := 150, len(tt.certs); have < want {
+ 			t.Fatalf("want at least %d system roots, have %d", want, have)
+ 		}
+-- 
+2.5.5
+
--- a/fedora.go
+++ b/fedora.go
@ -1,7 +0,0 @@
-// +build rpm_crashtraceback
-
-package runtime
-
-func init() {
-	setTraceback("crash")
-}
--- a/go1.5-zoneinfo_testing_only.patch
+++ b/go1.5-zoneinfo_testing_only.patch
@ -0,0 +1,21 @@
+diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
+index ed9502d..c2569e7 100644
+--- a/src/time/zoneinfo_unix.go
+++ b/src/time/zoneinfo_unix.go
+@@ -32,14 +32,14 @@ var zoneDirs = []string{
+ 	"/usr/share/zoneinfo/",
+ 	"/usr/share/lib/zoneinfo/",
+ 	"/usr/lib/locale/TZ/",
+-	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
+ }
+ 
+ var origZoneDirs = zoneDirs
+ 
+ func forceZipFileForTesting(zipOnly bool) {
+-	zoneDirs = make([]string, len(origZoneDirs))
+	zoneDirs = make([]string, len(origZoneDirs)+1)
+ 	copy(zoneDirs, origZoneDirs)
+	zoneDirs = append(zoneDirs, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
+ 	if zipOnly {
+ 		for i := 0; i < len(zoneDirs)-1; i++ {
+ 			zoneDirs[i] = "/XXXNOEXIST"
--- a/go1.5beta1-disable-TestGdbPython.patch
+++ b/go1.5beta1-disable-TestGdbPython.patch
@ -0,0 +1,13 @@
+diff --git a/src/runtime/runtime-gdb_test.go b/src/runtime/runtime-gdb_test.go
+index f4014b2..2c09441 100644
+--- a/src/runtime/runtime-gdb_test.go
+++ b/src/runtime/runtime-gdb_test.go
+@@ -38,7 +38,7 @@ func main() {
+ }
+ `
+ 
+-func TestGdbPython(t *testing.T) {
+func testGdbPython(t *testing.T) {
+ 	if runtime.GOOS == "darwin" {
+ 		t.Skip("gdb does not work on darwin")
+ 	}
--- a/go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
+++ b/go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
@ -0,0 +1,13 @@
+diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
+index 60d2734..b16540f 100644
+--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
+@@ -89,7 +89,7 @@ func kernelVersion(t *testing.T) (int, int) {
+ 	return major, minor
+ }
+ 
+-func TestCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
+func testCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
+ 	if os.Getuid() == 0 {
+ 		t.Skip("skipping unprivileged user only test")
+ 	}
--- a/golang-1.2-verbose-build.patch
+++ b/golang-1.2-verbose-build.patch
@ -0,0 +1,19 @@
+Index: go/src/make.bash
+===================================================================
+--- go.orig/src/make.bash
+++ go/src/make.bash
+@@ -153,12 +153,12 @@ if [ "$GOHOSTARCH" != "$GOARCH" -o "$GOHOSTOS" != "$GOOS" ]; then
+ 	# CC_FOR_TARGET is recorded as the default compiler for the go tool. When building for the host, however,
+ 	# use the host compiler, CC, from `cmd/dist/dist env` instead.
+ 	CC=$CC GOOS=$GOHOSTOS GOARCH=$GOHOSTARCH \
+-		"$GOTOOLDIR"/go_bootstrap install -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v std cmd
+		"$GOTOOLDIR"/go_bootstrap install -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v -x std cmd
+ 	echo
+ fi
+ 
+ echo "##### Building packages and commands for $GOOS/$GOARCH."
+-CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v std cmd
+CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v -x std cmd
+ echo
+ 
+ rm -f "$GOTOOLDIR"/go_bootstrap
--- a/golang-1.5-bootstrap-binary-path.patch
+++ b/golang-1.5-bootstrap-binary-path.patch
@ -0,0 +1,53 @@
+diff --git a/src/cmd/dist/buildtool.go b/src/cmd/dist/buildtool.go
+index be54ac4..6744fbdc 100644
+--- a/src/cmd/dist/buildtool.go
+++ b/src/cmd/dist/buildtool.go
+@@ -108,12 +108,20 @@ func bootstrapBuildTools() {
+ 	os.Setenv("GOBIN", "")
+ 
+ 	os.Setenv("GOOS", "")
+-	os.Setenv("GOHOSTOS", "")
+ 	os.Setenv("GOARCH", "")
+
+	hostos := os.Getenv("GOHOSTOS")
+	hostarch := os.Getenv("GOHOSTARCH")
+	os.Setenv("GOHOSTOS", "")
+ 	os.Setenv("GOHOSTARCH", "")
+ 
+	bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch)
+	if _, err := os.Stat(bingopath); os.IsNotExist(err) {
+		bingopath = pathf("%s/bin/go", goroot_bootstrap)
+	}
+
+ 	// Run Go 1.4 to build binaries.
+-	run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-v", "bootstrap/...")
+	run(workspace, ShowOutput|CheckExit, bingopath, "install", "-v", "bootstrap/...")
+ 
+ 	// Copy binaries into tool binary directory.
+ 	for _, name := range bootstrapDirs {
+diff --git a/src/make.bash b/src/make.bash
+index f17648a..77f463c 100755
+--- a/src/make.bash
+++ b/src/make.bash
+@@ -113,12 +113,17 @@ echo '##### Building Go bootstrap tool.'
+ echo cmd/dist
+ export GOROOT="$(cd .. && pwd)"
+ GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4}
+-if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then
+-	echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2
+if [ -x "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" ]; then
+	rm -f cmd/dist/dist
+	GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" build -o cmd/dist/dist ./cmd/dist
+elif [ -x "$GOROOT_BOOTSTRAP/bin/go" ]; then
+	rm -f cmd/dist/dist
+	GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
+else
+	echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
+	echo "ERROR: or $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
+ 	echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
+ fi
+-rm -f cmd/dist/dist
+-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
+ 
+ # -e doesn't propagate out of eval, so check success by hand.
+ eval $(./cmd/dist/dist env -p || echo FAIL=true)
--- a/golang-1.5.1-a3156aaa12.patch
+++ b/golang-1.5.1-a3156aaa12.patch
@ -0,0 +1,309 @@
+commit a3156aaa121446c4136927f8c2139fefe05ba82c
+Author: Brad Fitzpatrick <bradfitz@golang.org>
+Date:   Tue Sep 29 14:26:48 2015 -0700
+
+    net/http/httptest: change Server to use http.Server.ConnState for accounting
+    
+    With this CL, httptest.Server now uses connection-level accounting of
+    outstanding requests instead of ServeHTTP-level accounting. This is
+    more robust and results in a non-racy shutdown.
+    
+    This is much easier now that net/http.Server has the ConnState hook.
+    
+    Fixes #12789
+    Fixes #12781
+    
+    Change-Id: I098cf334a6494316acb66cd07df90766df41764b
+    Reviewed-on: https://go-review.googlesource.com/15151
+    Reviewed-by: Andrew Gerrand <adg@golang.org>
+    Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+    TryBot-Result: Gobot Gobot <gobot@golang.org>
+
+diff --git a/src/net/http/httptest/server.go b/src/net/http/httptest/server.go
+index 96eb0ef..e4f680f 100644
+--- a/src/net/http/httptest/server.go
+++ b/src/net/http/httptest/server.go
+@@ -7,13 +7,17 @@
+ package httptest
+ 
+ import (
+	"bytes"
+ 	"crypto/tls"
+ 	"flag"
+ 	"fmt"
+	"log"
+ 	"net"
+ 	"net/http"
+ 	"os"
+	"runtime"
+ 	"sync"
+	"time"
+ )
+ 
+ // A Server is an HTTP server listening on a system-chosen port on the
+@@ -34,24 +38,10 @@ type Server struct {
+ 	// wg counts the number of outstanding HTTP requests on this server.
+ 	// Close blocks until all requests are finished.
+ 	wg sync.WaitGroup
+-}
+-
+-// historyListener keeps track of all connections that it's ever
+-// accepted.
+-type historyListener struct {
+-	net.Listener
+-	sync.Mutex // protects history
+-	history    []net.Conn
+-}
+ 
+-func (hs *historyListener) Accept() (c net.Conn, err error) {
+-	c, err = hs.Listener.Accept()
+-	if err == nil {
+-		hs.Lock()
+-		hs.history = append(hs.history, c)
+-		hs.Unlock()
+-	}
+-	return
+	mu     sync.Mutex // guards closed and conns
+	closed bool
+	conns  map[net.Conn]http.ConnState // except terminal states
+ }
+ 
+ func newLocalListener() net.Listener {
+@@ -103,10 +93,9 @@ func (s *Server) Start() {
+ 	if s.URL != "" {
+ 		panic("Server already started")
+ 	}
+-	s.Listener = &historyListener{Listener: s.Listener}
+ 	s.URL = "http://" + s.Listener.Addr().String()
+-	s.wrapHandler()
+-	go s.Config.Serve(s.Listener)
+	s.wrap()
+	s.goServe()
+ 	if *serve != "" {
+ 		fmt.Fprintln(os.Stderr, "httptest: serving on", s.URL)
+ 		select {}
+@@ -134,23 +123,10 @@ func (s *Server) StartTLS() {
+ 	if len(s.TLS.Certificates) == 0 {
+ 		s.TLS.Certificates = []tls.Certificate{cert}
+ 	}
+-	tlsListener := tls.NewListener(s.Listener, s.TLS)
+-
+-	s.Listener = &historyListener{Listener: tlsListener}
+	s.Listener = tls.NewListener(s.Listener, s.TLS)
+ 	s.URL = "https://" + s.Listener.Addr().String()
+-	s.wrapHandler()
+-	go s.Config.Serve(s.Listener)
+-}
+-
+-func (s *Server) wrapHandler() {
+-	h := s.Config.Handler
+-	if h == nil {
+-		h = http.DefaultServeMux
+-	}
+-	s.Config.Handler = &waitGroupHandler{
+-		s: s,
+-		h: h,
+-	}
+	s.wrap()
+	s.goServe()
+ }
+ 
+ // NewTLSServer starts and returns a new Server using TLS.
+@@ -161,43 +137,139 @@ func NewTLSServer(handler http.Handler) *Server {
+ 	return ts
+ }
+ 
+type closeIdleTransport interface {
+	CloseIdleConnections()
+}
+
+ // Close shuts down the server and blocks until all outstanding
+ // requests on this server have completed.
+ func (s *Server) Close() {
+-	s.Listener.Close()
+-	s.wg.Wait()
+-	s.CloseClientConnections()
+-	if t, ok := http.DefaultTransport.(*http.Transport); ok {
+	s.mu.Lock()
+	if !s.closed {
+		s.closed = true
+		s.Listener.Close()
+		s.Config.SetKeepAlivesEnabled(false)
+		for c, st := range s.conns {
+			if st == http.StateIdle {
+				s.closeConn(c)
+			}
+		}
+		// If this server doesn't shut down in 5 seconds, tell the user why.
+		t := time.AfterFunc(5*time.Second, s.logCloseHangDebugInfo)
+		defer t.Stop()
+	}
+	s.mu.Unlock()
+
+	// Not part of httptest.Server's correctness, but assume most
+	// users of httptest.Server will be using the standard
+	// transport, so help them out and close any idle connections for them.
+	if t, ok := http.DefaultTransport.(closeIdleTransport); ok {
+ 		t.CloseIdleConnections()
+ 	}
+
+	s.wg.Wait()
+ }
+ 
+-// CloseClientConnections closes any currently open HTTP connections
+-// to the test Server.
+func (s *Server) logCloseHangDebugInfo() {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	var buf bytes.Buffer
+	buf.WriteString("httptest.Server blocked in Close after 5 seconds, waiting for connections:\n")
+	for c, st := range s.conns {
+		fmt.Fprintf(&buf, "  %T %p %v in state %v\n", c, c, c.RemoteAddr(), st)
+	}
+	log.Print(buf.String())
+}
+
+// CloseClientConnections closes any open HTTP connections to the test Server.
+ func (s *Server) CloseClientConnections() {
+-	hl, ok := s.Listener.(*historyListener)
+-	if !ok {
+-		return
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	for c := range s.conns {
+		s.closeConn(c)
+ 	}
+-	hl.Lock()
+-	for _, conn := range hl.history {
+-		conn.Close()
+}
+
+func (s *Server) goServe() {
+	s.wg.Add(1)
+	go func() {
+		defer s.wg.Done()
+		s.Config.Serve(s.Listener)
+	}()
+}
+
+// wrap installs the connection state-tracking hook to know which
+// connections are idle.
+func (s *Server) wrap() {
+	oldHook := s.Config.ConnState
+	s.Config.ConnState = func(c net.Conn, cs http.ConnState) {
+		s.mu.Lock()
+		defer s.mu.Unlock()
+		switch cs {
+		case http.StateNew:
+			s.wg.Add(1)
+			if _, exists := s.conns[c]; exists {
+				panic("invalid state transition")
+			}
+			if s.conns == nil {
+				s.conns = make(map[net.Conn]http.ConnState)
+			}
+			s.conns[c] = cs
+			if s.closed {
+				// Probably just a socket-late-binding dial from
+				// the default transport that lost the race (and
+				// thus this connection is now idle and will
+				// never be used).
+				s.closeConn(c)
+			}
+		case http.StateActive:
+			if oldState, ok := s.conns[c]; ok {
+				if oldState != http.StateNew && oldState != http.StateIdle {
+					panic("invalid state transition")
+				}
+				s.conns[c] = cs
+			}
+		case http.StateIdle:
+			if oldState, ok := s.conns[c]; ok {
+				if oldState != http.StateActive {
+					panic("invalid state transition")
+				}
+				s.conns[c] = cs
+			}
+			if s.closed {
+				s.closeConn(c)
+			}
+		case http.StateHijacked, http.StateClosed:
+			s.forgetConn(c)
+		}
+		if oldHook != nil {
+			oldHook(c, cs)
+		}
+ 	}
+-	hl.Unlock()
+ }
+ 
+-// waitGroupHandler wraps a handler, incrementing and decrementing a
+-// sync.WaitGroup on each request, to enable Server.Close to block
+-// until outstanding requests are finished.
+-type waitGroupHandler struct {
+-	s *Server
+-	h http.Handler // non-nil
+// closeConn closes c. Except on plan9, which is special. See comment below.
+// s.mu must be held.
+func (s *Server) closeConn(c net.Conn) {
+	if runtime.GOOS == "plan9" {
+		// Go's Plan 9 net package isn't great at unblocking reads when
+		// their underlying TCP connections are closed.  Don't trust
+		// that that the ConnState state machine will get to
+		// StateClosed. Instead, just go there directly. Plan 9 may leak
+		// resources if the syscall doesn't end up returning. Oh well.
+		s.forgetConn(c)
+	}
+	go c.Close()
+ }
+ 
+-func (h *waitGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+-	h.s.wg.Add(1)
+-	defer h.s.wg.Done() // a defer, in case ServeHTTP below panics
+-	h.h.ServeHTTP(w, r)
+// forgetConn removes c from the set of tracked conns and decrements it from the
+// waitgroup, unless it was previously removed.
+// s.mu must be held.
+func (s *Server) forgetConn(c net.Conn) {
+	if _, ok := s.conns[c]; ok {
+		delete(s.conns, c)
+		s.wg.Done()
+	}
+ }
+ 
+ // localhostCert is a PEM-encoded TLS cert with SAN IPs
+diff --git a/src/net/http/httptest/server_test.go b/src/net/http/httptest/server_test.go
+index 500a9f0..90901ce 100644
+--- a/src/net/http/httptest/server_test.go
+++ b/src/net/http/httptest/server_test.go
+@@ -27,3 +27,30 @@ func TestServer(t *testing.T) {
+ 		t.Errorf("got %q, want hello", string(got))
+ 	}
+ }
+
+// Issue 12781
+func TestGetAfterClose(t *testing.T) {
+	ts := NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("hello"))
+	}))
+
+	res, err := http.Get(ts.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	got, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(got) != "hello" {
+		t.Fatalf("got %q, want hello", string(got))
+	}
+
+	ts.Close()
+
+	res, err = http.Get(ts.URL)
+	if err == nil {
+		body, _ := ioutil.ReadAll(res.Body)
+		t.Fatalf("Unexected response after close: %v, %v, %s", res.Status, res.Header, body)
+	}
+}
--- a/golang.spec
+++ b/golang.spec
@ -1,12 +1,3 @@
-%bcond_with bootstrap
-# temporalily ignore test failures
-# due to https://github.com/golang/go/issues/39466
-%ifarch aarch64
-%bcond_without ignore_tests
-%else
-%bcond_with ignore_tests
-%endif
-
 # build ids are not currently generated:
 # https://code.google.com/p/go/issues/detail?id=5238
 #
@ -31,55 +22,46 @@
 %global __spec_install_post /usr/lib/rpm/check-rpaths   /usr/lib/rpm/check-buildroot  \
  /usr/lib/rpm/brp-compress

-%global golibdir %{_libdir}/golang
-
-# This macro may not always be defined, ensure it is
-%{!?gopath: %global gopath %{_datadir}/gocode}
-
 # Golang build options.

-# Build golang using external/internal(close to cgo disabled) linking.
-%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
+# Buid golang using external/internal(close to cgo disabled) linking.
+%ifarch %{golang_arches}
 %global external_linker 1
 %else
 %global external_linker 0
 %endif

 # Build golang with cgo enabled/disabled(later equals more or less to internal linking).
-%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
+%ifarch %{golang_arches}
 %global cgo_enabled 1
 %else
 %global cgo_enabled 0
 %endif

 # Use golang/gcc-go as bootstrap compiler
-%if %{with bootstrap}
-%global golang_bootstrap 0
-%else
+%ifarch %{golang_arches}
 %global golang_bootstrap 1
-%endif
-
-# Controls what ever we fail on failed tests
-%if %{with ignore_tests}
-%global fail_on_tests 0
 %else
+%global golang_bootstrap 0
+%endif
+# boostrap(with internal linking) using gcc-go fails due to bug in tests(https://github.com/golang/go/issues/12629)
+# make check not to fail due to it
+
+# Controls what ever we fails on failed tests
+%ifarch x86_64 %{ix86} aarch64
 %global fail_on_tests 1
+%else
+%global fail_on_tests 0
 %endif

+# TODO get more support for shared objects
 # Build golang shared objects for stdlib
-%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
+%ifarch x86_64
 %global shared 1
 %else
 %global shared 0
 %endif

-# Pre build std lib with -race enabled
-%ifarch x86_64
-%global race 1
-%else
-%global race 0
-%endif
-
 # Fedora GOROOT
 %global goroot          /usr/lib/%{name}

@ -101,23 +83,21 @@
 %ifarch ppc64le
 %global gohostarch  ppc64le
 %endif
-%ifarch s390x
-%global gohostarch  s390x
-%endif

-%global go_api 1.15
-%global go_version 1.15.5
+%global go_api 1.5
+%global go_version 1.5.4

 Name:           golang
-Version:        1.15.5
-Release:        1%{?dist}
+Version:        1.5.4
+Release:        5%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
 URL:            http://golang.org/
+# pre-processed by source.sh to make Mark.Twain-Tom.Sawyer.txt free again
 Source0:        https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz
-# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
-Source1:        fedora.go
+# original removed by source.sh, replace by version from golang master branch with license scrubbed
+Source1:        Mark.Twain-Tom.Sawyer.txt.bz2

 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 %if !%{golang_bootstrap}
@ -131,112 +111,42 @@ BuildRequires:  hostname
 BuildRequires:  net-tools
 %endif
 # for tests
-BuildRequires:  pcre-devel, glibc-static, perl-interpreter, procps-ng
+BuildRequires:  pcre-devel, glibc-static

 Provides:       go = %{version}-%{release}
-
-# Bundled/Vendored provides generated by
-# go list -f {{.ImportPath}} ./src/vendor/... | sed "s:_$PWD/src/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):" && go list -f {{.ImportPath}} ./src/cmd/vendor/... | sed "s:_$PWD/src/cmd/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):"
-Provides: bundled(golang(golang.org/x/crypto/chacha20))
-Provides: bundled(golang(golang.org/x/crypto/chacha20poly1305))
-Provides: bundled(golang(golang.org/x/crypto/cryptobyte))
-Provides: bundled(golang(golang.org/x/crypto/cryptobyte/asn1))
-Provides: bundled(golang(golang.org/x/crypto/curve25519))
-Provides: bundled(golang(golang.org/x/crypto/hkdf))
-Provides: bundled(golang(golang.org/x/crypto/internal/subtle))
-Provides: bundled(golang(golang.org/x/crypto/poly1305))
-Provides: bundled(golang(golang.org/x/net/dns/dnsmessage))
-Provides: bundled(golang(golang.org/x/net/http/httpguts))
-Provides: bundled(golang(golang.org/x/net/http/httpproxy))
-Provides: bundled(golang(golang.org/x/net/http2/hpack))
-Provides: bundled(golang(golang.org/x/net/idna))
-Provides: bundled(golang(golang.org/x/net/nettest))
-Provides: bundled(golang(golang.org/x/sys/cpu))
-Provides: bundled(golang(golang.org/x/text/secure/bidirule))
-Provides: bundled(golang(golang.org/x/text/transform))
-Provides: bundled(golang(golang.org/x/text/unicode/bidi))
-Provides: bundled(golang(golang.org/x/text/unicode/norm))
-Provides: bundled(golang(github.com/google/pprof/driver))
-Provides: bundled(golang(github.com/google/pprof/internal/binutils))
-Provides: bundled(golang(github.com/google/pprof/internal/driver))
-Provides: bundled(golang(github.com/google/pprof/internal/elfexec))
-Provides: bundled(golang(github.com/google/pprof/internal/graph))
-Provides: bundled(golang(github.com/google/pprof/internal/measurement))
-Provides: bundled(golang(github.com/google/pprof/internal/plugin))
-Provides: bundled(golang(github.com/google/pprof/internal/report))
-Provides: bundled(golang(github.com/google/pprof/internal/symbolizer))
-Provides: bundled(golang(github.com/google/pprof/internal/symbolz))
-Provides: bundled(golang(github.com/google/pprof/internal/transport))
-Provides: bundled(golang(github.com/google/pprof/profile))
-Provides: bundled(golang(github.com/google/pprof/third.party/d3))
-Provides: bundled(golang(github.com/google/pprof/third.party/d3flamegraph))
-Provides: bundled(golang(github.com/google/pprof/third.party/svgpan))
-Provides: bundled(golang(github.com/ianlancetaylor/demangle))
-Provides: bundled(golang(golang.org/x/arch/arm/armasm))
-Provides: bundled(golang(golang.org/x/arch/arm64/arm64asm))
-Provides: bundled(golang(golang.org/x/arch/ppc64/ppc64asm))
-Provides: bundled(golang(golang.org/x/arch/x86/x86asm))
-Provides: bundled(golang(golang.org/x/crypto/ed25519))
-Provides: bundled(golang(golang.org/x/crypto/ed25519/internal/edwards25519))
-Provides: bundled(golang(golang.org/x/crypto/ssh/terminal))
-Provides: bundled(golang(golang.org/x/mod/internal/lazyregexp))
-Provides: bundled(golang(golang.org/x/mod/modfile))
-Provides: bundled(golang(golang.org/x/mod/module))
-Provides: bundled(golang(golang.org/x/mod/semver))
-Provides: bundled(golang(golang.org/x/mod/sumdb))
-Provides: bundled(golang(golang.org/x/mod/sumdb/dirhash))
-Provides: bundled(golang(golang.org/x/mod/sumdb/note))
-Provides: bundled(golang(golang.org/x/mod/sumdb/tlog))
-Provides: bundled(golang(golang.org/x/mod/zip))
-Provides: bundled(golang(golang.org/x/sys/internal/unsafeheader))
-Provides: bundled(golang(golang.org/x/sys/unix))
-Provides: bundled(golang(golang.org/x/tools/go/analysis))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/analysisflags))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/facts))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/asmdecl))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/assign))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/atomic))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/bools))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/buildtag))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/cgocall))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/composite))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/copylock))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ctrlflow))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/errorsas))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/httpresponse))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ifaceassert))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/inspect))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/internal/analysisutil))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/loopclosure))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/lostcancel))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/nilfunc))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/printf))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/shift))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stdmethods))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stringintconv))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/structtag))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/tests))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unmarshal))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unreachable))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unsafeptr))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unusedresult))
-Provides: bundled(golang(golang.org/x/tools/go/analysis/unitchecker))
-Provides: bundled(golang(golang.org/x/tools/go/ast/astutil))
-Provides: bundled(golang(golang.org/x/tools/go/ast/inspector))
-Provides: bundled(golang(golang.org/x/tools/go/cfg))
-Provides: bundled(golang(golang.org/x/tools/go/types/objectpath))
-Provides: bundled(golang(golang.org/x/tools/go/types/typeutil))
-Provides: bundled(golang(golang.org/x/tools/internal/analysisinternal))
-Provides: bundled(golang(golang.org/x/xerrors))
-Provides: bundled(golang(golang.org/x/xerrors/internal))
-
-Requires:       %{name}-bin = %{version}-%{release}
+Requires:       %{name}-bin
 Requires:       %{name}-src = %{version}-%{release}
 Requires:       go-srpm-macros

-Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
-Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
-Patch3:       0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
+Patch0:         golang-1.2-verbose-build.patch
+
+# Accept x509 certs with negative serial
+# https://bugzilla.redhat.com/show_bug.cgi?id=1290543
+# https://github.com/golang/go/issues/8265
+Patch2:         bz1290543.patch
+Patch3:         CVE-2016-5386.patch
+
+# use the arch dependent path in the bootstrap
+Patch212:       golang-1.5-bootstrap-binary-path.patch
+
+# disable TestGdbPython
+# https://github.com/golang/go/issues/11214
+Patch213:       go1.5beta1-disable-TestGdbPython.patch
+
+# disable  TestCloneNEWUSERAndRemapNoRootDisableSetgroups
+# this is not possible in the limitied build chroot
+Patch214:       go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
+
+# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that 
+# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
+Patch215:       ./go1.5-zoneinfo_testing_only.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1271709
+Patch216:       ./golang-1.5.1-a3156aaa12.patch
+
+# Backpor security fixes from 1.6.4
+Patch217:       httpmultipart.patch
+Patch218:       darwinx509trust.patch

 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -289,8 +199,6 @@ BuildArch:      noarch

 %package        bin
 Summary:        Golang core compiler tools
-# Some distributions refer to this package by this name
-Provides:       %{name}-go = %{version}-%{release}
 Requires:       go = %{version}-%{release}
 # Pre-go1.5, all arches had to be bootstrapped individually, before usable, and
 # env variables to compile for the target os-arch.
@ -321,17 +229,12 @@ Obsoletes:      golang-vet < 0-12.1
 Obsoletes:      golang-cover < 0-12.1

 Requires(post): %{_sbindir}/update-alternatives
-Requires(preun): %{_sbindir}/update-alternatives
+Requires(postun): %{_sbindir}/update-alternatives

 # We strip the meta dependency, but go does require glibc.
 # This is an odd issue, still looking for a better fix.
 Requires:       glibc
 Requires:       gcc
-%if 0%{?rhel} && 0%{?rhel} < 8
-Requires:       git, subversion, mercurial
-%else
-Recommends:     git, subversion, mercurial
-%endif
 %description    bin
 %{summary}

@ -353,20 +256,33 @@ Summary:        Golang shared object libraries
 %{summary}.
 %endif

-%if %{race}
-%package        race
-Summary:        Golang std library with -race enabled
-
-Requires:       %{name} = %{version}-%{release}
-
-%description    race
-%{summary}
-%endif
-
 %prep
-%autosetup -p1 -n go
+%setup -q -n go

-cp %{SOURCE1} ./src/runtime/
+# increase verbosity of build
+%patch0 -p1
+
+%patch2 -p1
+
+%patch3 -p1 -b .httpoxy
+
+# use the arch dependent path in the bootstrap
+%patch212 -p1
+
+# disable TestGdbPython
+%patch213 -p1
+
+# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
+%patch214 -p1
+
+%patch215 -p1
+
+%patch216 -p1
+
+%patch217 -p1
+%patch218 -p1
+
+cp %{SOURCE1} "$(pwd)/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2"

 %build
 # print out system information
@ -401,22 +317,16 @@ export GO_LDFLAGS="-linkmode internal"
 %if !%{cgo_enabled}
 export CGO_ENABLED=0
 %endif
-./make.bash --no-clean -v
+./make.bash --no-clean
 popd

 # build shared std lib
 %if %{shared}
-GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared -v -x std
-%endif
-
-%if %{race}
-GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -race -v -x std
+GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared std
 %endif

 %install
 rm -rf $RPM_BUILD_ROOT
-# remove GC build cache
-rm -rf pkg/obj/go-build/*

 # create the top level directories
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
@ -437,63 +347,43 @@ cwd=$(pwd)
 src_list=$cwd/go-src.list
 pkg_list=$cwd/go-pkg.list
 shared_list=$cwd/go-shared.list
-race_list=$cwd/go-race.list
 misc_list=$cwd/go-misc.list
 docs_list=$cwd/go-docs.list
 tests_list=$cwd/go-tests.list
-rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
-touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
+rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
+touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
 pushd $RPM_BUILD_ROOT%{goroot}
-    find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
-    find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $src_list
+	find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
+	find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list

-    find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list
-    find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%{goroot}/%p\n' >> $pkg_list
+	find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list
+	find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -printf '%{goroot}/%p\n' >> $pkg_list

-    find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list
-    find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list
+	find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list
+	find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list

-    find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list
-    find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list
+	find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list
+	find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list

 %if %{shared}
-    mkdir -p %{buildroot}/%{_libdir}/
-    mkdir -p %{buildroot}/%{golibdir}/
-    for file in $(find .  -iname "*.so" ); do
-        chmod 755 $file
-        mv  $file %{buildroot}/%{golibdir}
-        pushd $(dirname $file)
-        ln -fs %{golibdir}/$(basename $file) $(basename $file)
-        popd
-        echo "%%{goroot}/$file" >> $shared_list
-        echo "%%{golibdir}/$(basename $file)" >> $shared_list
-    done
-    
-    find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
-    find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
+	find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
+	find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
 %endif

-%if %{race}
-
-    find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
-    find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
-
-%endif
-
-    find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
-    find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
-    find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
-    find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $tests_list
-    # this is only the zoneinfo.zip
-    find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
-    find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
+	find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
+	find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
+	find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
+	find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $tests_list
+	# this is only the zoneinfo.zip
+	find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
+	find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
 popd

 # remove the doc Makefile
 rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile

 # put binaries to bindir, linked to the arch we're building,
-# leave the arch independent pieces in {goroot}
+# leave the arch independent pieces in %{goroot}
 mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}
 ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/go
 ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/gofmt
@ -528,12 +418,6 @@ export GO_LDFLAGS="-linkmode internal"
 %if !%{cgo_enabled} || !%{external_linker}
 export CGO_ENABLED=0
 %endif
-# workaround for https://github.com/golang/go/issues/39466 until it gests fixed
-# Commented until the patch is ready, this work around suggested in the link avobe
-# doesn't work properly
-#ifarch aarch64
-#export CGO_CFLAGS="-mno-outline-atomics"
-#endif

 # make sure to not timeout
 export GO_TEST_TIMEOUT_SCALE=2
@ -548,28 +432,30 @@ cd ..

 %post bin
 %{_sbindir}/update-alternatives --install %{_bindir}/go \
-    go %{goroot}/bin/go 90 \
-    --slave %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt
+	go %{goroot}/bin/go 90 \
+	--slave %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt

 %preun bin
 if [ $1 = 0 ]; then
-    %{_sbindir}/update-alternatives --remove go %{goroot}/bin/go
+	%{_sbindir}/update-alternatives --remove go %{goroot}/bin/go
 fi


 %files
-%license LICENSE PATENTS
-%doc AUTHORS CONTRIBUTORS
+%doc AUTHORS CONTRIBUTORS LICENSE PATENTS
 # VERSION has to be present in the GOROOT, for `go install std` to work
 %doc %{goroot}/VERSION
 %dir %{goroot}/doc
+%doc %{goroot}/doc/*

 # go files
 %dir %{goroot}
-%{goroot}/api/
-%{goroot}/lib/time/
-%{goroot}/favicon.ico
-%{goroot}/robots.txt
+%exclude %{goroot}/bin/
+%exclude %{goroot}/pkg/
+%exclude %{goroot}/src/
+%exclude %{goroot}/doc/
+%exclude %{goroot}/misc/
+%{goroot}/*

 # ensure directory ownership, so they are cleaned up if empty
 %dir %{gopath}
@ -585,405 +471,41 @@ fi
 # gdbinit (for gdb debugging)
 %{_sysconfdir}/gdbinit.d

-%files src -f go-src.list
+%files -f go-src.list src

-%files docs -f go-docs.list
+%files -f go-docs.list docs

-%files misc -f go-misc.list
+%files -f go-misc.list misc

-%files tests -f go-tests.list
+%files -f go-tests.list tests

-%files bin -f go-pkg.list
+%files -f go-pkg.list bin
 %{_bindir}/go
 %{_bindir}/gofmt
-%{goroot}/bin/linux_%{gohostarch}/go
-%{goroot}/bin/linux_%{gohostarch}/gofmt

 %if %{shared}
-%files shared -f go-shared.list
-%endif
-
-%if %{race}
-%files race -f go-race.list
+%files -f go-shared.list shared
 %endif

 %changelog
-* Fri Nov 13 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.5-1
- Rebase to go1.15.5
- Security fix for CVE-2020-28362, CVE-2020-28367 and CVE-2020-28366
- Resolves: BZ#1897342, BZ#1897636, BZ#1897644, BZ#1897647
+* Tue Dec 06 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-5
+- Resolves: BZ#1401987

-* Fri Nov 06 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.4-1
- Rebase to go1.15.4
- Resolves: BZ#1895189
+* Fri Nov 18 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-4
+- re-enable p224 curve (see BZ#1038683)

-* Thu Oct 15 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.3-1
- Rebase to go1.15.3
- Resolves: BZ#1888443
-
-* Thu Sep 10 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.2-1
- Rebase to go1.15.2
- Resolves: BZ#1877565
-
-* Thu Sep 03 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.1-1
- Rebase to go1.15.1
- Security fix for CVE-2020-24553
- Resolves: BZ#1874858, BZ#1866892
-
-* Wed Aug 12 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-1
- Rebase to go1.15 proper
- Resolves: BZ#1859241, BZ#1866892
-
-* Mon Aug 10 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.rc2.0
- Rebase to go1.15rc1
- Security fix for CVE-2020-16845
- Resolves: BZ#1867101
- Related: BZ#1859241
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.15-0.rc1.0.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jul 27 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.rc1.0
- Rebase to go1.15rc1
- Related: BZ#1859241
-
-* Mon Jul 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.beta1.0
- Rebase to go1.15beta1
-
-* Mon Jul 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14.6-1
- Rebase to go1.14.6
- Security fix for CVE-2020-14040 and CVE-2020-15586
- Resolves: BZ#1842708, BZ#1856957, BZ#1853653
-
-* Tue Jun 30 2020 Alejandro Sáez <asm@redhat.com> - 1.14.4-1
- Rebase to go1.14.4
- Add patch that fixes: https://golang.org/issue/39991
- Related: BZ#1842708
-
-* Mon May 18 2020 Álex Sáez <asm@redhat.com> - 1.14.3-1
- Rebase to go1.14.3
- Resolves: BZ#1836015
-
-* Mon Apr 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14.2-1
- Rebase to go1.14.2
- Resolves: BZ#1815282
-
-* Wed Feb 26 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-1
- Rebase to go1.14 proper
- Resolves: BZ#1792475
-
-* Thu Feb 06 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-0.rc1.0
- Rebase to go1.14.rc1
- Related: BZ#1792475
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.14-0.beta1.0.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Jan 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-0.beta1.0
- Rebase to go1.14beta1
- Resolves: BZ#1792475
-
-* Mon Jan 13 2020 Jakub Čajka <jcajka@redhat.com> - 1.13.6-1
- Rebase to go1.13.6
-
-* Thu Dec 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.5-1
- Rebase to go1.13.5
-
-* Tue Nov 26 2019 Neal Gompa <ngompa@datto.com> - 1.13.4-2
- Small fixes to the spec and tighten up the file list
-
-* Fri Nov 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.4-1
- Rebase to go1.13.4
- Resolves BZ#1767673
-
-* Sat Oct 19 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.3-1
- Rebase to go1.13.3
- Fix for CVE-2019-17596
- Resolves: BZ#1755639, BZ#1763312
-
-* Fri Sep 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.1-1
- Rebase to go1.13.1
- Fix for CVE-2019-16276
- Resolves: BZ#1755970
-
-* Thu Sep 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-2
- Back to go1.13 tls1.3 behavior
-
-* Wed Sep 04 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-1
- Rebase to go1.13
-
-* Fri Aug 30 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc2.1
- Rebase to go1.13rc2
- Do not enable tls1.3 by default
- Related: BZ#1737471
-
-* Wed Aug 28 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc1.2
- Actually fix CVE-2019-9514 and CVE-2019-9512
- Related: BZ#1741816, BZ#1741827
-
-* Mon Aug 26 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc1.1
- Rebase to 1.13rc1
- Fix for CVE-2019-14809, CVE-2019-9514 and CVE-2019-9512
- Resolves: BZ#1741816, BZ#1741827 and BZ#1743131
-
-* Thu Aug 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2.2
- Fix ICE affecting aarch64
- Resolves: BZ#1735290
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.13-0.beta1.2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Wed Jul 24 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2
- De-configure sumdb and go proxy
-
-* Wed Jul 24 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.1
- Rebase to 1.13beta1
- Related: BZ#1732118
-
-* Tue Jul 09 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.7-1
- Rebase to 1.12.7
- Resolves: BZ#1728056
-
-* Wed Jun 12 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.6-1
- Rebase to 1.12.6
- Resolves: BZ#1719483
-
-* Tue May 07 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.5-1
- Rebase to 1.12.5
- Resolves: BZ#1707187
-
-* Mon Apr 08 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.2-1
- Rebase to 1.12.2
- Resolves: BZ#1688996
-
-* Mon Apr 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.1-2
- Fix up change log, respective CVE has been fixed in go1.12rc1
-
-* Fri Mar 15 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.1-1
- Rebase to 1.12.1
- Fix requirement for %%preun (instead of %%postun) scriptlet thanks to Tim Landscheidt
- Use weak deps for SCM deps
-
-* Wed Feb 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-1
- Rebase to go1.12 proper
- Resolves:  BZ#1680040
-
-* Mon Feb 18 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.rc1.1
- Rebase to go1.12rc1
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.12-0.beta2.2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Sun Jan 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.2
- Fix for CVE-2019-6486
- Resolves: BZ#1668973
-
-* Fri Jan 11 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.1
- Rebase to go1.12beta2
-
-* Wed Jan 02 2019 Jakub Čajka <jcajka@redhat.com> - 1.11.4-1
- Rebase to go1.11.4
- Fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873
- Resolves: BZ#1659290, BZ#1659289, BZ#1659288
-
-* Mon Nov 05 2018 Jakub Čajka <jcajka@redhat.com> - 1.11.2-1
- Rebase to go1.11.2
-
-* Thu Oct 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.11.1-1
- Rebase to go1.11.1
-
-* Mon Aug 27 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-1
- Rebase to go1.11 release
-
-* Thu Aug 23 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.rc2.1
- Rebase to go1.11rc2
- Reduce size of bin package
-
-* Tue Aug 14 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.rc1.1
- Rebase to go1.11rc1
-
-* Mon Aug 06 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta3.1
- Rebase to go1.11beta3
-
-* Fri Jul 27 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta2.2
- Turn on back DWARF compression by default
- Use less memory on 32bit targets during build
- Resolves: BZ#1607270
- Related: BZ#1602096
-
-* Fri Jul 20 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta2.1
- Rebase to 1.11beta2
-
-* Wed Jul 18 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta1.2
- Turn off DWARF compression by default as it is not supported by rpm/debuginfo
- Related: BZ#1602096
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-0.beta1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jul 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta1.1
-* Rebase to 1.11beta1
-
-* Fri Jun 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.3-1
- Rebase to 1.10.3
-
-* Wed May 02 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.2-1
- Rebase to 1.10.2
-
-* Wed Apr 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.1-1
- Rebase to 1.10.1
- Resolves: BZ#1562270
-
-* Sat Mar 03 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-2
- Fix CVE-2018-7187
- Resolves: BZ#1546386, BZ#1546388
-
-* Wed Feb 21 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-1
- Rebase to 1.10
-
-* Thu Feb 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.rc2.1
- Rebase to 1.10rc2
- Fix CVE-2018-6574
- Resolves: BZ#1543561, BZ#1543562
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Fri Jan 26 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.rc1.1
- Rebase to 1.10rc1
-
-* Fri Jan 12 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.beta2.1
- Rebase to 1.10beta2
-
-* Mon Jan 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.beta1.1
- Rebase to 1.10beta1
- Drop verbose patch as most of it is now implemented by bootstrap tool and is easily toggled by passing -v flag to make.bash
-
-* Thu Oct 26 2017 Jakub Čajka <jcajka@redhat.com> - 1.9.2-1
- Rebase to 1.9.2
- execute correctly pie tests
- allow to ignore tests via bcond
- reduce size of golang package
-
-* Fri Oct 06 2017 Jakub Čajka <jcajka@redhat.com> - 1.9.1-1
- fix CVE-2017-15041 and CVE-2017-15042
-
-* Fri Sep 15 2017 Jakub Čajka <jcajka@redhat.com> - 1.9-1
- bump to the relased version
-
-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-0.beta2.1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-0.beta2.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Tue Jul 11 2017 Jakub Čajka <jcajka@redhat.com> - 1.9-0.beta2.1
- bump to beta2
-
-* Thu May 25 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.3-1
- bump to 1.8.3
- fix for CVE-2017-8932
- make possible to use 31bit OID in ASN1
- Resolves: BZ#1454978, BZ#1455191
-
-* Fri Apr 21 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-2
- fix uint64 constant codegen on s390x
- Resolves: BZ#1441078
-
-* Tue Apr 11 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-1
- bump to Go 1.8.1
- Resolves: BZ#1440345
-
-* Fri Feb 24 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-2
- avoid possibly stale packages due to chacha test file not being test file
-
-* Fri Feb 17 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-1
- bump to released version
- Resolves: BZ#1423637
- Related: BZ#1411242
-
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8-0.rc3.2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Jan 27 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-0.rc3.2
- make possible to override default traceback level at build time
- add sub-package race containing std lib built with -race enabled
- Related: BZ#1411242
-
-* Fri Jan 27 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-0.rc3.1
- rebase to go1.8rc3
- Resolves: BZ#1411242
-
-* Fri Jan 20 2017 Jakub Čajka <jcajka@redhat.com> - 1.7.4-2
- Resolves: BZ#1404679
- expose IfInfomsg.X__ifi_pad on s390x
-
-* Fri Dec 02 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.4-1
- Bump to 1.7.4
- Resolves: BZ#1400732
-
-* Thu Nov 17 2016 Tom Callaway <spot@fedoraproject.org> - 1.7.3-2
- re-enable the NIST P-224 curve
-
-* Thu Oct 20 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.3-1
- Resolves: BZ#1387067 - golang-1.7.3 is available
- added fix for tests failing with latest tzdata
-
-* Fri Sep 23 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.1-2
- fix link failure due to relocation overflows on PPC64X
-
-* Thu Sep 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.1-1
- rebase to 1.7.1
- Resolves: BZ#1374103
-
-* Tue Aug 23 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-1
- update to released version
- related: BZ#1342090, BZ#1357394
-
-* Mon Aug 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.3.rc5
- Obsolete golang-vet and golang-cover from golang-googlecode-tools package
-  vet/cover binaries are provided by golang-bin rpm (thanks to jchaloup)
- clean up exclusive arch after s390x boostrap
+* Mon Aug 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-3
+-Obsolete golang-vet and golang-cover from golang-googlecode-tools package
+vet/cover binaries are provided by golang-bin rpm(thanks to jchaloup)
 - resolves: #1268206

-* Wed Aug 03 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.2.rc5
- rebase to go1.7rc5
- Resolves: BZ#1342090
-
-* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7-0.1.rc2
- https://fedoraproject.org/wiki/Changes/golang1.7
-
-* Tue Jul 19 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.0.rc2
- rebase to 1.7rc2
- added s390x build
- improved shared lib packaging
+* Tue Jul 19 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-2
 - Resolves: bz1357602 - CVE-2016-5386
- Resolves: bz1342090, bz1342090

-* Tue Apr 26 2016 Jakub Čajka <jcajka@redhat.com> - 1.6.2-1
- rebase to 1.6.2
- Resolves: bz1329206 - golang-1.6.2.src is available
-
-* Wed Apr 13 2016 Jakub Čajka <jcajka@redhat.com> - 1.6.1-1
- rebase to 1.6.1
- Resolves: bz1324344 - CVE-2016-3959
- Resolves: bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used
- Resolves: bz1326366 - wrong epoll_event struct for ppc64le/ppc64
-
-* Mon Feb 22 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-1
- Resolves: bz1304701 - rebase to go1.6 release
- Resolves: bz1304591 - fix possible stack miss-alignment in callCgoMmap
-
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-0.3.rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Jan 29 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-0.2.rc1
- disabled cgo and external linking on ppc64
-
-* Thu Jan 28 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-0.1.rc1
- Resolves bz1292640, rebase to pre-release 1.6
- bootstrap for PowerPC
- fix rpmlint errors/warning
+* Wed Apr 13 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-1
+- rebase to 1.5.4
+- resolves bz1324344 - CVE-2016-3959
+- resolves bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used

 * Thu Jan 14 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.3-1
 - rebase to 1.5.3
@ -1209,7 +731,7 @@ fi
 - include sub-packages for compiler toolchains, for all golang supported architectures

 * Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
- provide a system rpm macros. Starting with gopath
+- provide a system rpm macros. Starting with %gopath

 * Tue Mar 04 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
 - Update to latest upstream
--- a/httpmultipart.patch
+++ b/httpmultipart.patch
@ -0,0 +1,41 @@
+From f0fa13b346c1be50aae0eb4349a7c09bdc5826fc Mon Sep 17 00:00:00 2001
+From: Michael Fraenkel <michael.fraenkel@gmail.com>
+Date: Wed, 5 Oct 2016 11:27:34 -0400
+Subject: [PATCH 1/4] [release-branch.go1.6] net/http: multipart ReadForm close
+ file after copy
+
+Always close the file regardless of whether the copy succeeds or fails.
+Pass along the close error if the copy succeeds
+
+Updates #16296
+
+Change-Id: Ib394655b91d25750f029f17b3846d985f673fb50
+Reviewed-on: https://go-review.googlesource.com/30410
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-on: https://go-review.googlesource.com/33640
+Reviewed-by: Chris Broadfoot <cbro@golang.org>
+---
+ src/mime/multipart/formdata.go | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go
+index eee53fc..806b460 100644
+--- a/src/mime/multipart/formdata.go
+++ b/src/mime/multipart/formdata.go
+@@ -75,8 +75,10 @@ func (r *Reader) ReadForm(maxMemory int64) (f *Form, err error) {
+ 			if err != nil {
+ 				return nil, err
+ 			}
+-			defer file.Close()
+ 			_, err = io.Copy(file, io.MultiReader(&b, p))
+			if cerr := file.Close(); err == nil {
+				err = cerr
+			}
+ 			if err != nil {
+ 				os.Remove(file.Name())
+ 				return nil, err
+-- 
+2.5.5
+
--- a/source.sh
+++ b/source.sh
@ -0,0 +1,8 @@
+#! /bin/bash
+tar -xzf $1
+cat ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt |tail -n +25 | head -n 8465 > ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new
+mv ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt
+rm -f ./go/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2
+rm $1
+tar -czf $1 ./go
+rm -rf ./go
--- a/3
+++ b/3
@ -1 +1,2 @@
-SHA512 (go1.15.5.src.tar.gz) = 8e1d71f628d364b949b1e124af8950a563bbe9d9ae73b94c66af6ce029f67c26e2654556c0c118d0bc8566af52a7e9ed736b4667bbef7ccdab2bd338c43e6eb4
+549b4d4755323cc4944e292530a2d8bd  go1.5.4.src.tar.gz
+95da7ca97a8b8f5955fb7eb329784489  Mark.Twain-Tom.Sawyer.txt.bz2
Author	SHA1	Message	Date
Jakub Čajka	029fcc33fa	Resolves: BZ#1401987	2016-12-06 16:43:52 +01:00
Jakub Čajka	2bde97f8e2	re-enable p224 curve (see BZ#1038683)	2016-11-18 14:07:50 +01:00
Jakub Čajka	28634a4d32	Obsolete golang-vet and golang-cover from golang-googlecode-tools package vet/cover binaries are provided by golang-bin rpm(thanks to jchaloup)	2016-08-08 12:47:51 +02:00
Jakub Čajka	d476528d36	Resolves: bz1357602 - CVE-2016-5386	2016-07-20 09:25:28 +02:00
Jakub Čajka	d332d245fc	rebase to 1.5.4 resolves bz1324344 - CVE-2016-3959 resolves bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used	2016-04-14 10:01:16 +02:00