Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
Jakub Čajka | 029fcc33fa | |
Jakub Čajka | 2bde97f8e2 | |
Jakub Čajka | 28634a4d32 | |
Jakub Čajka | d476528d36 | |
Jakub Čajka | d332d245fc |
|
@ -27,71 +27,4 @@
|
|||
/go1.5.2.src.tar.gz
|
||||
/Mark.Twain-Tom.Sawyer.txt.bz2
|
||||
/go1.5.3.src.tar.gz
|
||||
/go1.6rc1.src.tar.gz
|
||||
/go1.6.src.tar.gz
|
||||
/go1.6.1.src.tar.gz
|
||||
/go1.6.2.src.tar.gz
|
||||
/go1.7rc2.src.tar.gz
|
||||
/go1.7rc5.src.tar.gz
|
||||
/go1.7.src.tar.gz
|
||||
/go1.7.1.src.tar.gz
|
||||
/go1.7.3.src.tar.gz
|
||||
/go1.7.4.src.tar.gz
|
||||
/go1.8rc3.src.tar.gz
|
||||
/go1.8.src.tar.gz
|
||||
/go1.8.1.src.tar.gz
|
||||
/go1.8.3.src.tar.gz
|
||||
/go1.9beta2.src.tar.gz
|
||||
/go1.9.src.tar.gz
|
||||
/go1.9.1.src.tar.gz
|
||||
/go1.9.2.src.tar.gz
|
||||
/go1.10beta1.src.tar.gz
|
||||
/go1.10beta2.src.tar.gz
|
||||
/go1.10rc1.src.tar.gz
|
||||
/go1.10rc2.src.tar.gz
|
||||
/go1.10.src.tar.gz
|
||||
/go1.10.1.src.tar.gz
|
||||
/go1.10.2.src.tar.gz
|
||||
/go1.10.3.src.tar.gz
|
||||
/go1.11beta1.src.tar.gz
|
||||
/go1.11beta2.src.tar.gz
|
||||
/go1.11beta3.src.tar.gz
|
||||
/go1.11rc1.src.tar.gz
|
||||
/go1.11rc2.src.tar.gz
|
||||
/go1.11.src.tar.gz
|
||||
/go1.11.1.src.tar.gz
|
||||
/go1.11.2.src.tar.gz
|
||||
/go1.11.4.src.tar.gz
|
||||
/go1.12beta2.src.tar.gz
|
||||
/go1.12rc1.src.tar.gz
|
||||
/go1.12.src.tar.gz
|
||||
/go1.12.1.src.tar.gz
|
||||
/go1.12.2.src.tar.gz
|
||||
/go1.12.5.src.tar.gz
|
||||
/go1.12.6.src.tar.gz
|
||||
/go1.12.7.src.tar.gz
|
||||
/go1.13beta1.src.tar.gz
|
||||
/go1.13rc1.src.tar.gz
|
||||
/go1.13rc2.src.tar.gz
|
||||
/go1.13.src.tar.gz
|
||||
/go1.13.1.src.tar.gz
|
||||
/go1.13.3.src.tar.gz
|
||||
/go1.13.4.src.tar.gz
|
||||
/go1.13.5.src.tar.gz
|
||||
/go1.13.6.src.tar.gz
|
||||
/go1.14beta1.src.tar.gz
|
||||
/go1.14rc1.src.tar.gz
|
||||
/go1.14.src.tar.gz
|
||||
/go1.14.2.src.tar.gz
|
||||
/go1.14.3.src.tar.gz
|
||||
/go1.14.4.src.tar.gz
|
||||
/go1.14.6.src.tar.gz
|
||||
/go1.15beta1.src.tar.gz
|
||||
/go1.15rc1.src.tar.gz
|
||||
/go1.15rc2.src.tar.gz
|
||||
/go1.15.src.tar.gz
|
||||
/go1.15.1.src.tar.gz
|
||||
/go1.15.2.src.tar.gz
|
||||
/go1.15.3.src.tar.gz
|
||||
/go1.15.4.src.tar.gz
|
||||
/go1.15.5.src.tar.gz
|
||||
/go1.5.4.src.tar.gz
|
||||
|
|
|
@ -1,88 +0,0 @@
|
|||
From edce31a2904846ae74e3c011f2cf5fddc963459e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
|
||||
Date: Thu, 22 Mar 2018 12:07:32 +0100
|
||||
Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the
|
||||
internal test suite
|
||||
|
||||
---
|
||||
src/time/internal_test.go | 7 +++++--
|
||||
src/time/zoneinfo_test.go | 3 ++-
|
||||
src/time/zoneinfo_unix.go | 2 --
|
||||
3 files changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/time/internal_test.go b/src/time/internal_test.go
|
||||
index 76d5524124..e81ace5f64 100644
|
||||
--- a/src/time/internal_test.go
|
||||
+++ b/src/time/internal_test.go
|
||||
@@ -4,13 +4,15 @@
|
||||
|
||||
package time
|
||||
|
||||
+import "runtime"
|
||||
+
|
||||
func init() {
|
||||
// force US/Pacific for time zone tests
|
||||
ForceUSPacificForTesting()
|
||||
}
|
||||
|
||||
func initTestingZone() {
|
||||
- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
|
||||
+ z, err := loadLocation("America/Los_Angeles", zoneSources)
|
||||
if err != nil {
|
||||
panic("cannot load America/Los_Angeles for testing: " + err.Error())
|
||||
}
|
||||
@@ -21,8 +23,9 @@ func initTestingZone() {
|
||||
var OrigZoneSources = zoneSources
|
||||
|
||||
func forceZipFileForTesting(zipOnly bool) {
|
||||
- zoneSources = make([]string, len(OrigZoneSources))
|
||||
+ zoneSources = make([]string, len(OrigZoneSources)+1)
|
||||
copy(zoneSources, OrigZoneSources)
|
||||
+ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
|
||||
if zipOnly {
|
||||
zoneSources = zoneSources[len(zoneSources)-1:]
|
||||
}
|
||||
diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
|
||||
index 7a55d4f618..6063ca1195 100644
|
||||
--- a/src/time/zoneinfo_test.go
|
||||
+++ b/src/time/zoneinfo_test.go
|
||||
@@ -8,6 +8,7 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
"reflect"
|
||||
+ "runtime"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
|
||||
+ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
|
||||
index 88313aa0ed..d9596115ef 100644
|
||||
--- a/src/time/zoneinfo_unix.go
|
||||
+++ b/src/time/zoneinfo_unix.go
|
||||
@@ -12,7 +12,6 @@
|
||||
package time
|
||||
|
||||
import (
|
||||
- "runtime"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
@@ -22,7 +21,6 @@ var zoneSources = []string{
|
||||
"/usr/share/zoneinfo/",
|
||||
"/usr/share/lib/zoneinfo/",
|
||||
"/usr/lib/locale/TZ/",
|
||||
- runtime.GOROOT() + "/lib/time/zoneinfo.zip",
|
||||
}
|
||||
|
||||
func initLocal() {
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
From 817407fc2d6a861e65086388766f58082d38bc0b Mon Sep 17 00:00:00 2001
|
||||
From: Michael Munday <munday@ca.ibm.com>
|
||||
Date: Tue, 17 Jan 2017 11:33:38 -0500
|
||||
Subject: [PATCH 2/3] syscall: expose IfInfomsg.X__ifi_pad on s390x
|
||||
|
||||
Exposing this field on s390x improves compatibility with the other
|
||||
linux architectures, all of which already expose it.
|
||||
|
||||
Fixes #18628 and updates #18632.
|
||||
|
||||
Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5
|
||||
---
|
||||
src/syscall/ztypes_linux_s390x.go | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go
|
||||
index 63c4a83b19..b5894255df 100644
|
||||
--- a/src/syscall/ztypes_linux_s390x.go
|
||||
+++ b/src/syscall/ztypes_linux_s390x.go
|
||||
@@ -449,12 +449,12 @@ type RtAttr struct {
|
||||
}
|
||||
|
||||
type IfInfomsg struct {
|
||||
- Family uint8
|
||||
- _ uint8
|
||||
- Type uint16
|
||||
- Index int32
|
||||
- Flags uint32
|
||||
- Change uint32
|
||||
+ Family uint8
|
||||
+ X__ifi_pad uint8
|
||||
+ Type uint16
|
||||
+ Index int32
|
||||
+ Flags uint32
|
||||
+ Change uint32
|
||||
}
|
||||
|
||||
type IfAddrmsg struct {
|
||||
--
|
||||
2.14.3
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
From b38cd2374c2395f5a77802ef8ea3d7ac5b8a86ad Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
|
||||
Date: Mon, 27 May 2019 15:12:53 +0200
|
||||
Subject: [PATCH 3/3] cmd/go: disable Google's proxy and sumdb
|
||||
|
||||
---
|
||||
src/cmd/go/internal/cfg/cfg.go | 10 +++++-----
|
||||
src/cmd/go/testdata/script/mod_sumdb_golang.txt | 6 +++---
|
||||
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
|
||||
index 61dc6bdda6..e8658dc56c 100644
|
||||
--- a/src/cmd/go/internal/cfg/cfg.go
|
||||
+++ b/src/cmd/go/internal/cfg/cfg.go
|
||||
@@ -245,11 +245,11 @@ var (
|
||||
GOPPC64 = envOr("GOPPC64", fmt.Sprintf("%s%d", "power", objabi.GOPPC64))
|
||||
GOWASM = envOr("GOWASM", fmt.Sprint(objabi.GOWASM))
|
||||
|
||||
- GOPROXY = envOr("GOPROXY", "https://proxy.golang.org,direct")
|
||||
- GOSUMDB = envOr("GOSUMDB", "sum.golang.org")
|
||||
- GOPRIVATE = Getenv("GOPRIVATE")
|
||||
- GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
|
||||
- GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
|
||||
+ GOPROXY = envOr("GOPROXY", "direct")
|
||||
+ GOSUMDB = envOr("GOSUMDB", "off")
|
||||
+ GOPRIVATE = Getenv("GOPRIVATE")
|
||||
+ GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
|
||||
+ GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
|
||||
GOINSECURE = Getenv("GOINSECURE")
|
||||
)
|
||||
|
||||
diff --git a/src/cmd/go/testdata/script/mod_sumdb_golang.txt b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
|
||||
index 40a07fc7e9..50436e32d7 100644
|
||||
--- a/src/cmd/go/testdata/script/mod_sumdb_golang.txt
|
||||
+++ b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
|
||||
@@ -2,12 +2,12 @@
|
||||
env GOPROXY=
|
||||
env GOSUMDB=
|
||||
go env GOPROXY
|
||||
-stdout '^https://proxy.golang.org,direct$'
|
||||
+stdout '^direct$'
|
||||
go env GOSUMDB
|
||||
-stdout '^sum.golang.org$'
|
||||
+stdout '^off$'
|
||||
env GOPROXY=https://proxy.golang.org
|
||||
go env GOSUMDB
|
||||
-stdout '^sum.golang.org$'
|
||||
+stdout '^off$'
|
||||
|
||||
# download direct from github
|
||||
[!net] skip
|
||||
--
|
||||
2.21.0
|
||||
|
|
@ -0,0 +1,180 @@
|
|||
From a357d15e9ee36a1232ae071d9968c4cf10a672b4 Mon Sep 17 00:00:00 2001
|
||||
From: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
Date: Mon, 18 Jul 2016 06:05:24 +0000
|
||||
Subject: [PATCH] [release-branch.go1.6] net/http, net/http/cgi: fix for CGI +
|
||||
HTTP_PROXY security issue
|
||||
|
||||
Because,
|
||||
|
||||
* The CGI spec defines that incoming request header "Foo: Bar" maps to
|
||||
environment variable HTTP_FOO == "Bar". (see RFC 3875 4.1.18)
|
||||
|
||||
* The HTTP_PROXY environment variable is conventionally used to configure
|
||||
the HTTP proxy for HTTP clients (and is respected by default for
|
||||
Go's net/http.Client and Transport)
|
||||
|
||||
That means Go programs running in a CGI environment (as a child
|
||||
process under a CGI host) are vulnerable to an incoming request
|
||||
containing "Proxy: attacker.com:1234", setting HTTP_PROXY, and
|
||||
changing where Go by default proxies all outbound HTTP requests.
|
||||
|
||||
This is CVE-2016-5386, aka https://httpoxy.org/
|
||||
|
||||
Fixes #16405
|
||||
|
||||
Change-Id: I6f68ade85421b4807785799f6d98a8b077e871f0
|
||||
Reviewed-on: https://go-review.googlesource.com/25010
|
||||
Run-TryBot: Chris Broadfoot <cbro@golang.org>
|
||||
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
||||
Reviewed-by: Chris Broadfoot <cbro@golang.org>
|
||||
Reviewed-on: https://go-review.googlesource.com/25012
|
||||
---
|
||||
src/net/http/cgi/host.go | 4 ++++
|
||||
src/net/http/cgi/host_test.go | 37 ++++++++++++++++++++++++++++++++++---
|
||||
src/net/http/transport.go | 3 +++
|
||||
src/net/http/transport_test.go | 14 +++++++++++++-
|
||||
4 files changed, 54 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/net/http/cgi/host.go b/src/net/http/cgi/host.go
|
||||
index 9b4d875..3f1600b 100644
|
||||
--- a/src/net/http/cgi/host.go
|
||||
+++ b/src/net/http/cgi/host.go
|
||||
@@ -145,6 +145,10 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
|
||||
for k, v := range req.Header {
|
||||
k = strings.Map(upperCaseAndUnderscore, k)
|
||||
+ if k == "PROXY" {
|
||||
+ // See Issue 16405
|
||||
+ continue
|
||||
+ }
|
||||
joinStr := ", "
|
||||
if k == "COOKIE" {
|
||||
joinStr = "; "
|
||||
diff --git a/src/net/http/cgi/host_test.go b/src/net/http/cgi/host_test.go
|
||||
index 3327764..2783fe1 100644
|
||||
--- a/src/net/http/cgi/host_test.go
|
||||
+++ b/src/net/http/cgi/host_test.go
|
||||
@@ -34,15 +34,18 @@ func newRequest(httpreq string) *http.Request {
|
||||
return req
|
||||
}
|
||||
|
||||
-func runCgiTest(t *testing.T, h *Handler, httpreq string, expectedMap map[string]string) *httptest.ResponseRecorder {
|
||||
+func runCgiTest(t *testing.T, h *Handler,
|
||||
+ httpreq string,
|
||||
+ expectedMap map[string]string, checks ...func(reqInfo map[string]string)) *httptest.ResponseRecorder {
|
||||
rw := httptest.NewRecorder()
|
||||
req := newRequest(httpreq)
|
||||
h.ServeHTTP(rw, req)
|
||||
- runResponseChecks(t, rw, expectedMap)
|
||||
+ runResponseChecks(t, rw, expectedMap, checks...)
|
||||
return rw
|
||||
}
|
||||
|
||||
-func runResponseChecks(t *testing.T, rw *httptest.ResponseRecorder, expectedMap map[string]string) {
|
||||
+func runResponseChecks(t *testing.T, rw *httptest.ResponseRecorder,
|
||||
+ expectedMap map[string]string, checks ...func(reqInfo map[string]string)) {
|
||||
// Make a map to hold the test map that the CGI returns.
|
||||
m := make(map[string]string)
|
||||
m["_body"] = rw.Body.String()
|
||||
@@ -80,6 +83,9 @@ readlines:
|
||||
t.Errorf("for key %q got %q; expected %q", key, got, expected)
|
||||
}
|
||||
}
|
||||
+ for _, check := range checks {
|
||||
+ check(m)
|
||||
+ }
|
||||
}
|
||||
|
||||
var cgiTested, cgiWorks bool
|
||||
@@ -235,6 +241,31 @@ func TestDupHeaders(t *testing.T) {
|
||||
expectedMap)
|
||||
}
|
||||
|
||||
+// Issue 16405: CGI+http.Transport differing uses of HTTP_PROXY.
|
||||
+// Verify we don't set the HTTP_PROXY environment variable.
|
||||
+// Hope nobody was depending on it. It's not a known header, though.
|
||||
+func TestDropProxyHeader(t *testing.T) {
|
||||
+ check(t)
|
||||
+ h := &Handler{
|
||||
+ Path: "testdata/test.cgi",
|
||||
+ }
|
||||
+ expectedMap := map[string]string{
|
||||
+ "env-REQUEST_URI": "/myscript/bar?a=b",
|
||||
+ "env-SCRIPT_FILENAME": "testdata/test.cgi",
|
||||
+ "env-HTTP_X_FOO": "a",
|
||||
+ }
|
||||
+ runCgiTest(t, h, "GET /myscript/bar?a=b HTTP/1.0\n"+
|
||||
+ "X-Foo: a\n"+
|
||||
+ "Proxy: should_be_stripped\n"+
|
||||
+ "Host: example.com\n\n",
|
||||
+ expectedMap,
|
||||
+ func(reqInfo map[string]string) {
|
||||
+ if v, ok := reqInfo["env-HTTP_PROXY"]; ok {
|
||||
+ t.Errorf("HTTP_PROXY = %q; should be absent", v)
|
||||
+ }
|
||||
+ })
|
||||
+}
|
||||
+
|
||||
func TestPathInfoNoRoot(t *testing.T) {
|
||||
check(t)
|
||||
h := &Handler{
|
||||
diff --git a/src/net/http/transport.go b/src/net/http/transport.go
|
||||
index 1e3ea11..794b786 100644
|
||||
--- a/src/net/http/transport.go
|
||||
+++ b/src/net/http/transport.go
|
||||
@@ -216,6 +216,9 @@ func ProxyFromEnvironment(req *Request) (*url.URL, error) {
|
||||
}
|
||||
if proxy == "" {
|
||||
proxy = httpProxyEnv.Get()
|
||||
+ if proxy != "" && os.Getenv("REQUEST_METHOD") != "" {
|
||||
+ return nil, errors.New("net/http: refusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxy")
|
||||
+ }
|
||||
}
|
||||
if proxy == "" {
|
||||
return nil, nil
|
||||
diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
|
||||
index d9da078..381432e 100644
|
||||
--- a/src/net/http/transport_test.go
|
||||
+++ b/src/net/http/transport_test.go
|
||||
@@ -1985,7 +1985,8 @@ type proxyFromEnvTest struct {
|
||||
|
||||
env string // HTTP_PROXY
|
||||
httpsenv string // HTTPS_PROXY
|
||||
- noenv string // NO_RPXY
|
||||
+ noenv string // NO_PROXY
|
||||
+ reqmeth string // REQUEST_METHOD
|
||||
|
||||
want string
|
||||
wanterr error
|
||||
@@ -2009,6 +2010,10 @@ func (t proxyFromEnvTest) String() string {
|
||||
space()
|
||||
fmt.Fprintf(&buf, "no_proxy=%q", t.noenv)
|
||||
}
|
||||
+ if t.reqmeth != "" {
|
||||
+ space()
|
||||
+ fmt.Fprintf(&buf, "request_method=%q", t.reqmeth)
|
||||
+ }
|
||||
req := "http://example.com"
|
||||
if t.req != "" {
|
||||
req = t.req
|
||||
@@ -2032,6 +2037,12 @@ var proxyFromEnvTests = []proxyFromEnvTest{
|
||||
{req: "https://secure.tld/", env: "http.proxy.tld", httpsenv: "secure.proxy.tld", want: "http://secure.proxy.tld"},
|
||||
{req: "https://secure.tld/", env: "http.proxy.tld", httpsenv: "https://secure.proxy.tld", want: "https://secure.proxy.tld"},
|
||||
|
||||
+ // Issue 16405: don't use HTTP_PROXY in a CGI environment,
|
||||
+ // where HTTP_PROXY can be attacker-controlled.
|
||||
+ {env: "http://10.1.2.3:8080", reqmeth: "POST",
|
||||
+ want: "<nil>",
|
||||
+ wanterr: errors.New("net/http: refusing to use HTTP_PROXY value in CGI environment; see golang.org/s/cgihttpproxy")},
|
||||
+
|
||||
{want: "<nil>"},
|
||||
|
||||
{noenv: "example.com", req: "http://example.com/", env: "proxy", want: "<nil>"},
|
||||
@@ -2047,6 +2058,7 @@ func TestProxyFromEnvironment(t *testing.T) {
|
||||
os.Setenv("HTTP_PROXY", tt.env)
|
||||
os.Setenv("HTTPS_PROXY", tt.httpsenv)
|
||||
os.Setenv("NO_PROXY", tt.noenv)
|
||||
+ os.Setenv("REQUEST_METHOD", tt.reqmeth)
|
||||
ResetCachedEnvironment()
|
||||
reqURL := tt.req
|
||||
if reqURL == "" {
|
|
@ -0,0 +1,55 @@
|
|||
From a0ea93dea5f5741addc8c96b7ed037d0e359e33f Mon Sep 17 00:00:00 2001
|
||||
From: Adam Langley <agl@golang.org>
|
||||
Date: Fri, 27 Nov 2015 13:50:36 -0800
|
||||
Subject: [PATCH] crypto/x509: permit serial numbers to be negative.
|
||||
|
||||
Some software that produces certificates doesn't encode integers
|
||||
correctly and, about half the time, ends up producing certificates with
|
||||
serial numbers that are actually negative.
|
||||
|
||||
This buggy software, sadly, appears to be common enough that we should
|
||||
let these errors pass. This change allows a Certificate.SerialNumber to
|
||||
be negative.
|
||||
|
||||
Fixes #8265.
|
||||
|
||||
Change-Id: Ief35dae23988fb6d5e2873e3c521366fb03c6af4
|
||||
Reviewed-on: https://go-review.googlesource.com/17247
|
||||
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
---
|
||||
src/crypto/x509/x509.go | 4 ----
|
||||
src/crypto/x509/x509_test.go | 6 +++++-
|
||||
2 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
|
||||
index bbc63241..126432d 100644
|
||||
--- a/src/crypto/x509/x509.go
|
||||
+++ b/src/crypto/x509/x509.go
|
||||
@@ -909,10 +909,6 @@ func parseCertificate(in *certificate) (*Certificate, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
- if in.TBSCertificate.SerialNumber.Sign() < 0 {
|
||||
- return nil, errors.New("x509: negative serial number")
|
||||
- }
|
||||
-
|
||||
out.Version = in.TBSCertificate.Version + 1
|
||||
out.SerialNumber = in.TBSCertificate.SerialNumber
|
||||
|
||||
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
|
||||
index 61b1773..2c01ec7 100644
|
||||
--- a/src/crypto/x509/x509_test.go
|
||||
+++ b/src/crypto/x509/x509_test.go
|
||||
@@ -343,7 +343,11 @@ func TestCreateSelfSignedCertificate(t *testing.T) {
|
||||
for _, test := range tests {
|
||||
commonName := "test.example.com"
|
||||
template := Certificate{
|
||||
- SerialNumber: big.NewInt(1),
|
||||
+ // SerialNumber is negative to ensure that negative
|
||||
+ // values are parsed. This is due to the prevalence of
|
||||
+ // buggy code that produces certificates with negative
|
||||
+ // serial numbers.
|
||||
+ SerialNumber: big.NewInt(-1),
|
||||
Subject: pkix.Name{
|
||||
CommonName: commonName,
|
||||
Organization: []string{"Σ Acme Co"},
|
|
@ -0,0 +1,459 @@
|
|||
From 7a75a55cc44b92836f342e9eeb0f5b1ce20821eb Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Smith <quentin@golang.org>
|
||||
Date: Wed, 30 Nov 2016 15:16:37 -0500
|
||||
Subject: [PATCH 3/4] [release-branch.go1.6] crypto/x509: read Darwin trust
|
||||
settings for root CAs
|
||||
|
||||
Darwin separately stores bits indicating whether a root certificate
|
||||
should be trusted; this changes Go to read and use those when
|
||||
initializing SystemCertPool.
|
||||
|
||||
Unfortunately, the trust API is very slow. To avoid a delay of up to
|
||||
0.5s in initializing the system cert pool, we assume that
|
||||
the trust settings found in kSecTrustSettingsDomainSystem will always
|
||||
indicate trust. (That is, all root certs Apple distributes are trusted.)
|
||||
This is not guaranteed by the API but is true in practice.
|
||||
|
||||
In the non-cgo codepath, we do not have that benefit, so we must check
|
||||
the trust status of every certificate. This causes about 0.5s of delay
|
||||
in initializing the SystemCertPool.
|
||||
|
||||
On OS X 10.11 and older, the "security" command requires a certificate
|
||||
to be provided in a file and not on stdin, so the non-cgo codepath
|
||||
creates temporary files for each certificate, further slowing initialization.
|
||||
|
||||
Updates #18141.
|
||||
|
||||
Change-Id: If681c514047afe5e1a68de6c9d40ceabbce54755
|
||||
Reviewed-on: https://go-review.googlesource.com/33721
|
||||
Run-TryBot: Quentin Smith <quentin@golang.org>
|
||||
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
||||
Reviewed-by: Russ Cox <rsc@golang.org>
|
||||
Reviewed-on: https://go-review.googlesource.com/33728
|
||||
---
|
||||
src/crypto/x509/cert_pool.go | 15 +++
|
||||
src/crypto/x509/root_cgo_darwin.go | 184 +++++++++++++++++++++++++++++++++---
|
||||
src/crypto/x509/root_darwin.go | 114 +++++++++++++++++++++-
|
||||
src/crypto/x509/root_darwin_test.go | 1 +
|
||||
4 files changed, 296 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/x509/cert_pool.go b/src/crypto/x509/cert_pool.go
|
||||
index 2362e84..dc88ad4 100644
|
||||
--- a/src/crypto/x509/cert_pool.go
|
||||
+++ b/src/crypto/x509/cert_pool.go
|
||||
@@ -52,6 +52,21 @@ func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int, errCer
|
||||
return
|
||||
}
|
||||
|
||||
+func (s *CertPool) contains(cert *Certificate) bool {
|
||||
+ if s == nil {
|
||||
+ return false
|
||||
+ }
|
||||
+
|
||||
+ candidates := s.byName[string(cert.RawSubject)]
|
||||
+ for _, c := range candidates {
|
||||
+ if s.certs[c].Equal(cert) {
|
||||
+ return true
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return false
|
||||
+}
|
||||
+
|
||||
// AddCert adds a certificate to a pool.
|
||||
func (s *CertPool) AddCert(cert *Certificate) {
|
||||
if cert == nil {
|
||||
diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
|
||||
index bf4a5cd..ee94dad 100644
|
||||
--- a/src/crypto/x509/root_cgo_darwin.go
|
||||
+++ b/src/crypto/x509/root_cgo_darwin.go
|
||||
@@ -7,30 +7,28 @@
|
||||
package x509
|
||||
|
||||
/*
|
||||
-#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1060
|
||||
+#cgo CFLAGS: -mmacosx-version-min=10.6 -D__MAC_OS_X_VERSION_MAX_ALLOWED=1080
|
||||
#cgo LDFLAGS: -framework CoreFoundation -framework Security
|
||||
|
||||
+#include <errno.h>
|
||||
+#include <sys/sysctl.h>
|
||||
+
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
#include <Security/Security.h>
|
||||
|
||||
-// FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
|
||||
-//
|
||||
-// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
|
||||
-// certificates of the system. On failure, the function returns -1.
|
||||
-//
|
||||
-// Note: The CFDataRef returned in pemRoots must be released (using CFRelease) after
|
||||
-// we've consumed its content.
|
||||
-int FetchPEMRoots(CFDataRef *pemRoots) {
|
||||
+// FetchPEMRoots_MountainLion is the version of FetchPEMRoots from Go 1.6
|
||||
+// which still works on OS X 10.8 (Mountain Lion).
|
||||
+// It lacks support for admin & user cert domains.
|
||||
+// See golang.org/issue/16473
|
||||
+int FetchPEMRoots_MountainLion(CFDataRef *pemRoots) {
|
||||
if (pemRoots == NULL) {
|
||||
return -1;
|
||||
}
|
||||
-
|
||||
CFArrayRef certs = NULL;
|
||||
OSStatus err = SecTrustCopyAnchorCertificates(&certs);
|
||||
if (err != noErr) {
|
||||
return -1;
|
||||
}
|
||||
-
|
||||
CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
int i, ncerts = CFArrayGetCount(certs);
|
||||
for (i = 0; i < ncerts; i++) {
|
||||
@@ -39,7 +37,6 @@ int FetchPEMRoots(CFDataRef *pemRoots) {
|
||||
if (cert == NULL) {
|
||||
continue;
|
||||
}
|
||||
-
|
||||
// Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
|
||||
// Once we support weak imports via cgo we should prefer that, and fall back to this
|
||||
// for older systems.
|
||||
@@ -47,16 +44,157 @@ int FetchPEMRoots(CFDataRef *pemRoots) {
|
||||
if (err != noErr) {
|
||||
continue;
|
||||
}
|
||||
-
|
||||
if (data != NULL) {
|
||||
CFDataAppendBytes(combinedData, CFDataGetBytePtr(data), CFDataGetLength(data));
|
||||
CFRelease(data);
|
||||
}
|
||||
}
|
||||
-
|
||||
CFRelease(certs);
|
||||
+ *pemRoots = combinedData;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+// useOldCode reports whether the running machine is OS X 10.8 Mountain Lion
|
||||
+// or older. We only support Mountain Lion and higher, but we'll at least try our
|
||||
+// best on older machines and continue to use the old code path.
|
||||
+//
|
||||
+// See golang.org/issue/16473
|
||||
+int useOldCode() {
|
||||
+ char str[256];
|
||||
+ size_t size = sizeof(str);
|
||||
+ memset(str, 0, size);
|
||||
+ sysctlbyname("kern.osrelease", str, &size, NULL, 0);
|
||||
+ // OS X 10.8 is osrelease "12.*", 10.7 is 11.*, 10.6 is 10.*.
|
||||
+ // We never supported things before that.
|
||||
+ return memcmp(str, "12.", 3) == 0 || memcmp(str, "11.", 3) == 0 || memcmp(str, "10.", 3) == 0;
|
||||
+}
|
||||
|
||||
+// FetchPEMRoots fetches the system's list of trusted X.509 root certificates.
|
||||
+//
|
||||
+// On success it returns 0 and fills pemRoots with a CFDataRef that contains the extracted root
|
||||
+// certificates of the system. On failure, the function returns -1.
|
||||
+// Additionally, it fills untrustedPemRoots with certs that must be removed from pemRoots.
|
||||
+//
|
||||
+// Note: The CFDataRef returned in pemRoots and untrustedPemRoots must
|
||||
+// be released (using CFRelease) after we've consumed its content.
|
||||
+int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
|
||||
+ if (useOldCode()) {
|
||||
+ return FetchPEMRoots_MountainLion(pemRoots);
|
||||
+ }
|
||||
+
|
||||
+ // Get certificates from all domains, not just System, this lets
|
||||
+ // the user add CAs to their "login" keychain, and Admins to add
|
||||
+ // to the "System" keychain
|
||||
+ SecTrustSettingsDomain domains[] = { kSecTrustSettingsDomainSystem,
|
||||
+ kSecTrustSettingsDomainAdmin,
|
||||
+ kSecTrustSettingsDomainUser };
|
||||
+
|
||||
+ int numDomains = sizeof(domains)/sizeof(SecTrustSettingsDomain);
|
||||
+ if (pemRoots == NULL) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ // kSecTrustSettingsResult is defined as CFSTR("kSecTrustSettingsResult"),
|
||||
+ // but the Go linker's internal linking mode can't handle CFSTR relocations.
|
||||
+ // Create our own dynamic string instead and release it below.
|
||||
+ CFStringRef policy = CFStringCreateWithCString(NULL, "kSecTrustSettingsResult", kCFStringEncodingUTF8);
|
||||
+
|
||||
+ CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
+ CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
|
||||
+ for (int i = 0; i < numDomains; i++) {
|
||||
+ CFArrayRef certs = NULL;
|
||||
+ OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs);
|
||||
+ if (err != noErr) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ CFIndex numCerts = CFArrayGetCount(certs);
|
||||
+ for (int j = 0; j < numCerts; j++) {
|
||||
+ CFDataRef data = NULL;
|
||||
+ CFErrorRef errRef = NULL;
|
||||
+ CFArrayRef trustSettings = NULL;
|
||||
+ SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(certs, j);
|
||||
+ if (cert == NULL) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ // We only want trusted certs.
|
||||
+ int untrusted = 0;
|
||||
+ if (i != 0) {
|
||||
+ // Certs found in the system domain are always trusted. If the user
|
||||
+ // configures "Never Trust" on such a cert, it will also be found in the
|
||||
+ // admin or user domain, causing it to be added to untrustedPemRoots. The
|
||||
+ // Go code will then clean this up.
|
||||
+
|
||||
+ // Trust may be stored in any of the domains. According to Apple's
|
||||
+ // SecTrustServer.c, "user trust settings overrule admin trust settings",
|
||||
+ // so take the last trust settings array we find.
|
||||
+ // Skip the system domain since it is always trusted.
|
||||
+ for (int k = 1; k < numDomains; k++) {
|
||||
+ CFArrayRef domainTrustSettings = NULL;
|
||||
+ err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings);
|
||||
+ if (err == errSecSuccess && domainTrustSettings != NULL) {
|
||||
+ if (trustSettings) {
|
||||
+ CFRelease(trustSettings);
|
||||
+ }
|
||||
+ trustSettings = domainTrustSettings;
|
||||
+ }
|
||||
+ }
|
||||
+ if (trustSettings == NULL) {
|
||||
+ // "this certificate must be verified to a known trusted certificate"; aka not a root.
|
||||
+ continue;
|
||||
+ }
|
||||
+ for (CFIndex k = 0; k < CFArrayGetCount(trustSettings); k++) {
|
||||
+ CFNumberRef cfNum;
|
||||
+ CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, k);
|
||||
+ if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){
|
||||
+ SInt32 result = 0;
|
||||
+ CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result);
|
||||
+ // TODO: The rest of the dictionary specifies conditions for evaluation.
|
||||
+ if (result == kSecTrustSettingsResultDeny) {
|
||||
+ untrusted = 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ CFRelease(trustSettings);
|
||||
+ }
|
||||
+ // We only want to add Root CAs, so make sure Subject and Issuer Name match
|
||||
+ CFDataRef subjectName = SecCertificateCopyNormalizedSubjectContent(cert, &errRef);
|
||||
+ if (errRef != NULL) {
|
||||
+ CFRelease(errRef);
|
||||
+ continue;
|
||||
+ }
|
||||
+ CFDataRef issuerName = SecCertificateCopyNormalizedIssuerContent(cert, &errRef);
|
||||
+ if (errRef != NULL) {
|
||||
+ CFRelease(subjectName);
|
||||
+ CFRelease(errRef);
|
||||
+ continue;
|
||||
+ }
|
||||
+ Boolean equal = CFEqual(subjectName, issuerName);
|
||||
+ CFRelease(subjectName);
|
||||
+ CFRelease(issuerName);
|
||||
+ if (!equal) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ // Note: SecKeychainItemExport is deprecated as of 10.7 in favor of SecItemExport.
|
||||
+ // Once we support weak imports via cgo we should prefer that, and fall back to this
|
||||
+ // for older systems.
|
||||
+ err = SecKeychainItemExport(cert, kSecFormatX509Cert, kSecItemPemArmour, NULL, &data);
|
||||
+ if (err != noErr) {
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ if (data != NULL) {
|
||||
+ CFMutableDataRef appendTo = untrusted ? combinedUntrustedData : combinedData;
|
||||
+ CFDataAppendBytes(appendTo, CFDataGetBytePtr(data), CFDataGetLength(data));
|
||||
+ CFRelease(data);
|
||||
+ }
|
||||
+ }
|
||||
+ CFRelease(certs);
|
||||
+ }
|
||||
+ CFRelease(policy);
|
||||
*pemRoots = combinedData;
|
||||
+ *untrustedPemRoots = combinedUntrustedData;
|
||||
return 0;
|
||||
}
|
||||
*/
|
||||
@@ -67,7 +205,8 @@ func initSystemRoots() {
|
||||
roots := NewCertPool()
|
||||
|
||||
var data C.CFDataRef = nil
|
||||
- err := C.FetchPEMRoots(&data)
|
||||
+ var untrustedData C.CFDataRef = nil
|
||||
+ err := C.FetchPEMRoots(&data, &untrustedData)
|
||||
if err == -1 {
|
||||
return
|
||||
}
|
||||
@@ -75,5 +214,20 @@ func initSystemRoots() {
|
||||
defer C.CFRelease(C.CFTypeRef(data))
|
||||
buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
|
||||
roots.AppendCertsFromPEM(buf)
|
||||
+ if untrustedData == nil {
|
||||
+ systemRoots = roots
|
||||
+ return
|
||||
+ }
|
||||
+ defer C.CFRelease(C.CFTypeRef(untrustedData))
|
||||
+ buf = C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(untrustedData)), C.int(C.CFDataGetLength(untrustedData)))
|
||||
+ untrustedRoots := NewCertPool()
|
||||
+ untrustedRoots.AppendCertsFromPEM(buf)
|
||||
+
|
||||
+ trustedRoots := NewCertPool()
|
||||
+ for _, c := range roots.certs {
|
||||
+ if !untrustedRoots.contains(c) {
|
||||
+ trustedRoots.AddCert(c)
|
||||
+ }
|
||||
+ }
|
||||
systemRoots = roots
|
||||
}
|
||||
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
|
||||
index 78de56c..59b303d 100644
|
||||
--- a/src/crypto/x509/root_darwin.go
|
||||
+++ b/src/crypto/x509/root_darwin.go
|
||||
@@ -6,12 +6,27 @@
|
||||
|
||||
package x509
|
||||
|
||||
-import "os/exec"
|
||||
+import (
|
||||
+ "bytes"
|
||||
+ "encoding/pem"
|
||||
+ "fmt"
|
||||
+ "io/ioutil"
|
||||
+ "os"
|
||||
+ "os/exec"
|
||||
+ "strconv"
|
||||
+ "sync"
|
||||
+ "syscall"
|
||||
+)
|
||||
|
||||
func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
+// This code is only used when compiling without cgo.
|
||||
+// It is here, instead of root_nocgo_darwin.go, so that tests can check it
|
||||
+// even if the tests are run with cgo enabled.
|
||||
+// The linker will not include these unused functions in binaries built with cgo enabled.
|
||||
+
|
||||
func execSecurityRoots() (*CertPool, error) {
|
||||
cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain")
|
||||
data, err := cmd.Output()
|
||||
@@ -19,7 +34,100 @@ func execSecurityRoots() (*CertPool, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
- roots := NewCertPool()
|
||||
- roots.AppendCertsFromPEM(data)
|
||||
+ var (
|
||||
+ mu sync.Mutex
|
||||
+ roots = NewCertPool()
|
||||
+ )
|
||||
+ add := func(cert *Certificate) {
|
||||
+ mu.Lock()
|
||||
+ defer mu.Unlock()
|
||||
+ roots.AddCert(cert)
|
||||
+ }
|
||||
+ blockCh := make(chan *pem.Block)
|
||||
+ var wg sync.WaitGroup
|
||||
+ for i := 0; i < 4; i++ {
|
||||
+ wg.Add(1)
|
||||
+ go func() {
|
||||
+ defer wg.Done()
|
||||
+ for block := range blockCh {
|
||||
+ verifyCertWithSystem(block, add)
|
||||
+ }
|
||||
+ }()
|
||||
+ }
|
||||
+ for len(data) > 0 {
|
||||
+ var block *pem.Block
|
||||
+ block, data = pem.Decode(data)
|
||||
+ if block == nil {
|
||||
+ break
|
||||
+ }
|
||||
+ if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
|
||||
+ continue
|
||||
+ }
|
||||
+ blockCh <- block
|
||||
+ }
|
||||
+ close(blockCh)
|
||||
+ wg.Wait()
|
||||
return roots, nil
|
||||
}
|
||||
+
|
||||
+func verifyCertWithSystem(block *pem.Block, add func(*Certificate)) {
|
||||
+ data := pem.EncodeToMemory(block)
|
||||
+ var cmd *exec.Cmd
|
||||
+ if needsTmpFiles() {
|
||||
+ f, err := ioutil.TempFile("", "cert")
|
||||
+ if err != nil {
|
||||
+ fmt.Fprintf(os.Stderr, "can't create temporary file for cert: %v", err)
|
||||
+ return
|
||||
+ }
|
||||
+ defer os.Remove(f.Name())
|
||||
+ if _, err := f.Write(data); err != nil {
|
||||
+ fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
|
||||
+ return
|
||||
+ }
|
||||
+ if err := f.Close(); err != nil {
|
||||
+ fmt.Fprintf(os.Stderr, "can't write temporary file for cert: %v", err)
|
||||
+ return
|
||||
+ }
|
||||
+ cmd = exec.Command("/usr/bin/security", "verify-cert", "-c", f.Name(), "-l")
|
||||
+ } else {
|
||||
+ cmd = exec.Command("/usr/bin/security", "verify-cert", "-c", "/dev/stdin", "-l")
|
||||
+ cmd.Stdin = bytes.NewReader(data)
|
||||
+ }
|
||||
+ if cmd.Run() == nil {
|
||||
+ // Non-zero exit means untrusted
|
||||
+ cert, err := ParseCertificate(block.Bytes)
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+
|
||||
+ add(cert)
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+var versionCache struct {
|
||||
+ sync.Once
|
||||
+ major int
|
||||
+}
|
||||
+
|
||||
+// needsTmpFiles reports whether the OS is <= 10.11 (which requires real
|
||||
+// files as arguments to the security command).
|
||||
+func needsTmpFiles() bool {
|
||||
+ versionCache.Do(func() {
|
||||
+ release, err := syscall.Sysctl("kern.osrelease")
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+ for i, c := range release {
|
||||
+ if c == '.' {
|
||||
+ release = release[:i]
|
||||
+ break
|
||||
+ }
|
||||
+ }
|
||||
+ major, err := strconv.Atoi(release)
|
||||
+ if err != nil {
|
||||
+ return
|
||||
+ }
|
||||
+ versionCache.major = major
|
||||
+ })
|
||||
+ return versionCache.major <= 15
|
||||
+}
|
||||
diff --git a/src/crypto/x509/root_darwin_test.go b/src/crypto/x509/root_darwin_test.go
|
||||
index cc6d23c..38f314b 100644
|
||||
--- a/src/crypto/x509/root_darwin_test.go
|
||||
+++ b/src/crypto/x509/root_darwin_test.go
|
||||
@@ -29,6 +29,7 @@ func TestSystemRoots(t *testing.T) {
|
||||
// On Mavericks, there are 212 bundled certs; require only
|
||||
// 150 here, since this is just a sanity check, and the
|
||||
// exact number will vary over time.
|
||||
+ t.Logf("got %d roots", len(tt.certs))
|
||||
if want, have := 150, len(tt.certs); have < want {
|
||||
t.Fatalf("want at least %d system roots, have %d", want, have)
|
||||
}
|
||||
--
|
||||
2.5.5
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// +build rpm_crashtraceback
|
||||
|
||||
package runtime
|
||||
|
||||
func init() {
|
||||
setTraceback("crash")
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
|
||||
index ed9502d..c2569e7 100644
|
||||
--- a/src/time/zoneinfo_unix.go
|
||||
+++ b/src/time/zoneinfo_unix.go
|
||||
@@ -32,14 +32,14 @@ var zoneDirs = []string{
|
||||
"/usr/share/zoneinfo/",
|
||||
"/usr/share/lib/zoneinfo/",
|
||||
"/usr/lib/locale/TZ/",
|
||||
- runtime.GOROOT() + "/lib/time/zoneinfo.zip",
|
||||
}
|
||||
|
||||
var origZoneDirs = zoneDirs
|
||||
|
||||
func forceZipFileForTesting(zipOnly bool) {
|
||||
- zoneDirs = make([]string, len(origZoneDirs))
|
||||
+ zoneDirs = make([]string, len(origZoneDirs)+1)
|
||||
copy(zoneDirs, origZoneDirs)
|
||||
+ zoneDirs = append(zoneDirs, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
|
||||
if zipOnly {
|
||||
for i := 0; i < len(zoneDirs)-1; i++ {
|
||||
zoneDirs[i] = "/XXXNOEXIST"
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/runtime/runtime-gdb_test.go b/src/runtime/runtime-gdb_test.go
|
||||
index f4014b2..2c09441 100644
|
||||
--- a/src/runtime/runtime-gdb_test.go
|
||||
+++ b/src/runtime/runtime-gdb_test.go
|
||||
@@ -38,7 +38,7 @@ func main() {
|
||||
}
|
||||
`
|
||||
|
||||
-func TestGdbPython(t *testing.T) {
|
||||
+func testGdbPython(t *testing.T) {
|
||||
if runtime.GOOS == "darwin" {
|
||||
t.Skip("gdb does not work on darwin")
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
|
||||
index 60d2734..b16540f 100644
|
||||
--- a/src/syscall/exec_linux_test.go
|
||||
+++ b/src/syscall/exec_linux_test.go
|
||||
@@ -89,7 +89,7 @@ func kernelVersion(t *testing.T) (int, int) {
|
||||
return major, minor
|
||||
}
|
||||
|
||||
-func TestCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
|
||||
+func testCloneNEWUSERAndRemapNoRootDisableSetgroups(t *testing.T) {
|
||||
if os.Getuid() == 0 {
|
||||
t.Skip("skipping unprivileged user only test")
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
Index: go/src/make.bash
|
||||
===================================================================
|
||||
--- go.orig/src/make.bash
|
||||
+++ go/src/make.bash
|
||||
@@ -153,12 +153,12 @@ if [ "$GOHOSTARCH" != "$GOARCH" -o "$GOHOSTOS" != "$GOOS" ]; then
|
||||
# CC_FOR_TARGET is recorded as the default compiler for the go tool. When building for the host, however,
|
||||
# use the host compiler, CC, from `cmd/dist/dist env` instead.
|
||||
CC=$CC GOOS=$GOHOSTOS GOARCH=$GOHOSTARCH \
|
||||
- "$GOTOOLDIR"/go_bootstrap install -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v std cmd
|
||||
+ "$GOTOOLDIR"/go_bootstrap install -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v -x std cmd
|
||||
echo
|
||||
fi
|
||||
|
||||
echo "##### Building packages and commands for $GOOS/$GOARCH."
|
||||
-CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v std cmd
|
||||
+CC=$CC_FOR_TARGET "$GOTOOLDIR"/go_bootstrap install $GO_FLAGS -gcflags "$GO_GCFLAGS" -ldflags "$GO_LDFLAGS" -v -x std cmd
|
||||
echo
|
||||
|
||||
rm -f "$GOTOOLDIR"/go_bootstrap
|
|
@ -0,0 +1,53 @@
|
|||
diff --git a/src/cmd/dist/buildtool.go b/src/cmd/dist/buildtool.go
|
||||
index be54ac4..6744fbdc 100644
|
||||
--- a/src/cmd/dist/buildtool.go
|
||||
+++ b/src/cmd/dist/buildtool.go
|
||||
@@ -108,12 +108,20 @@ func bootstrapBuildTools() {
|
||||
os.Setenv("GOBIN", "")
|
||||
|
||||
os.Setenv("GOOS", "")
|
||||
- os.Setenv("GOHOSTOS", "")
|
||||
os.Setenv("GOARCH", "")
|
||||
+
|
||||
+ hostos := os.Getenv("GOHOSTOS")
|
||||
+ hostarch := os.Getenv("GOHOSTARCH")
|
||||
+ os.Setenv("GOHOSTOS", "")
|
||||
os.Setenv("GOHOSTARCH", "")
|
||||
|
||||
+ bingopath := pathf("%s/bin/%s_%s/go", goroot_bootstrap, hostos, hostarch)
|
||||
+ if _, err := os.Stat(bingopath); os.IsNotExist(err) {
|
||||
+ bingopath = pathf("%s/bin/go", goroot_bootstrap)
|
||||
+ }
|
||||
+
|
||||
// Run Go 1.4 to build binaries.
|
||||
- run(workspace, ShowOutput|CheckExit, pathf("%s/bin/go", goroot_bootstrap), "install", "-v", "bootstrap/...")
|
||||
+ run(workspace, ShowOutput|CheckExit, bingopath, "install", "-v", "bootstrap/...")
|
||||
|
||||
// Copy binaries into tool binary directory.
|
||||
for _, name := range bootstrapDirs {
|
||||
diff --git a/src/make.bash b/src/make.bash
|
||||
index f17648a..77f463c 100755
|
||||
--- a/src/make.bash
|
||||
+++ b/src/make.bash
|
||||
@@ -113,12 +113,17 @@ echo '##### Building Go bootstrap tool.'
|
||||
echo cmd/dist
|
||||
export GOROOT="$(cd .. && pwd)"
|
||||
GOROOT_BOOTSTRAP=${GOROOT_BOOTSTRAP:-$HOME/go1.4}
|
||||
-if [ ! -x "$GOROOT_BOOTSTRAP/bin/go" ]; then
|
||||
- echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/go." >&2
|
||||
+if [ -x "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" ]; then
|
||||
+ rm -f cmd/dist/dist
|
||||
+ GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go" build -o cmd/dist/dist ./cmd/dist
|
||||
+elif [ -x "$GOROOT_BOOTSTRAP/bin/go" ]; then
|
||||
+ rm -f cmd/dist/dist
|
||||
+ GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
|
||||
+else
|
||||
+ echo "ERROR: Cannot find $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
|
||||
+ echo "ERROR: or $GOROOT_BOOTSTRAP/bin/${GOHOSTOS}_${GOHOSTARCH}/go." >&2
|
||||
echo "Set \$GOROOT_BOOTSTRAP to a working Go tree >= Go 1.4." >&2
|
||||
fi
|
||||
-rm -f cmd/dist/dist
|
||||
-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
|
||||
|
||||
# -e doesn't propagate out of eval, so check success by hand.
|
||||
eval $(./cmd/dist/dist env -p || echo FAIL=true)
|
|
@ -0,0 +1,309 @@
|
|||
commit a3156aaa121446c4136927f8c2139fefe05ba82c
|
||||
Author: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
Date: Tue Sep 29 14:26:48 2015 -0700
|
||||
|
||||
net/http/httptest: change Server to use http.Server.ConnState for accounting
|
||||
|
||||
With this CL, httptest.Server now uses connection-level accounting of
|
||||
outstanding requests instead of ServeHTTP-level accounting. This is
|
||||
more robust and results in a non-racy shutdown.
|
||||
|
||||
This is much easier now that net/http.Server has the ConnState hook.
|
||||
|
||||
Fixes #12789
|
||||
Fixes #12781
|
||||
|
||||
Change-Id: I098cf334a6494316acb66cd07df90766df41764b
|
||||
Reviewed-on: https://go-review.googlesource.com/15151
|
||||
Reviewed-by: Andrew Gerrand <adg@golang.org>
|
||||
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
||||
|
||||
diff --git a/src/net/http/httptest/server.go b/src/net/http/httptest/server.go
|
||||
index 96eb0ef..e4f680f 100644
|
||||
--- a/src/net/http/httptest/server.go
|
||||
+++ b/src/net/http/httptest/server.go
|
||||
@@ -7,13 +7,17 @@
|
||||
package httptest
|
||||
|
||||
import (
|
||||
+ "bytes"
|
||||
"crypto/tls"
|
||||
"flag"
|
||||
"fmt"
|
||||
+ "log"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
+ "runtime"
|
||||
"sync"
|
||||
+ "time"
|
||||
)
|
||||
|
||||
// A Server is an HTTP server listening on a system-chosen port on the
|
||||
@@ -34,24 +38,10 @@ type Server struct {
|
||||
// wg counts the number of outstanding HTTP requests on this server.
|
||||
// Close blocks until all requests are finished.
|
||||
wg sync.WaitGroup
|
||||
-}
|
||||
-
|
||||
-// historyListener keeps track of all connections that it's ever
|
||||
-// accepted.
|
||||
-type historyListener struct {
|
||||
- net.Listener
|
||||
- sync.Mutex // protects history
|
||||
- history []net.Conn
|
||||
-}
|
||||
|
||||
-func (hs *historyListener) Accept() (c net.Conn, err error) {
|
||||
- c, err = hs.Listener.Accept()
|
||||
- if err == nil {
|
||||
- hs.Lock()
|
||||
- hs.history = append(hs.history, c)
|
||||
- hs.Unlock()
|
||||
- }
|
||||
- return
|
||||
+ mu sync.Mutex // guards closed and conns
|
||||
+ closed bool
|
||||
+ conns map[net.Conn]http.ConnState // except terminal states
|
||||
}
|
||||
|
||||
func newLocalListener() net.Listener {
|
||||
@@ -103,10 +93,9 @@ func (s *Server) Start() {
|
||||
if s.URL != "" {
|
||||
panic("Server already started")
|
||||
}
|
||||
- s.Listener = &historyListener{Listener: s.Listener}
|
||||
s.URL = "http://" + s.Listener.Addr().String()
|
||||
- s.wrapHandler()
|
||||
- go s.Config.Serve(s.Listener)
|
||||
+ s.wrap()
|
||||
+ s.goServe()
|
||||
if *serve != "" {
|
||||
fmt.Fprintln(os.Stderr, "httptest: serving on", s.URL)
|
||||
select {}
|
||||
@@ -134,23 +123,10 @@ func (s *Server) StartTLS() {
|
||||
if len(s.TLS.Certificates) == 0 {
|
||||
s.TLS.Certificates = []tls.Certificate{cert}
|
||||
}
|
||||
- tlsListener := tls.NewListener(s.Listener, s.TLS)
|
||||
-
|
||||
- s.Listener = &historyListener{Listener: tlsListener}
|
||||
+ s.Listener = tls.NewListener(s.Listener, s.TLS)
|
||||
s.URL = "https://" + s.Listener.Addr().String()
|
||||
- s.wrapHandler()
|
||||
- go s.Config.Serve(s.Listener)
|
||||
-}
|
||||
-
|
||||
-func (s *Server) wrapHandler() {
|
||||
- h := s.Config.Handler
|
||||
- if h == nil {
|
||||
- h = http.DefaultServeMux
|
||||
- }
|
||||
- s.Config.Handler = &waitGroupHandler{
|
||||
- s: s,
|
||||
- h: h,
|
||||
- }
|
||||
+ s.wrap()
|
||||
+ s.goServe()
|
||||
}
|
||||
|
||||
// NewTLSServer starts and returns a new Server using TLS.
|
||||
@@ -161,43 +137,139 @@ func NewTLSServer(handler http.Handler) *Server {
|
||||
return ts
|
||||
}
|
||||
|
||||
+type closeIdleTransport interface {
|
||||
+ CloseIdleConnections()
|
||||
+}
|
||||
+
|
||||
// Close shuts down the server and blocks until all outstanding
|
||||
// requests on this server have completed.
|
||||
func (s *Server) Close() {
|
||||
- s.Listener.Close()
|
||||
- s.wg.Wait()
|
||||
- s.CloseClientConnections()
|
||||
- if t, ok := http.DefaultTransport.(*http.Transport); ok {
|
||||
+ s.mu.Lock()
|
||||
+ if !s.closed {
|
||||
+ s.closed = true
|
||||
+ s.Listener.Close()
|
||||
+ s.Config.SetKeepAlivesEnabled(false)
|
||||
+ for c, st := range s.conns {
|
||||
+ if st == http.StateIdle {
|
||||
+ s.closeConn(c)
|
||||
+ }
|
||||
+ }
|
||||
+ // If this server doesn't shut down in 5 seconds, tell the user why.
|
||||
+ t := time.AfterFunc(5*time.Second, s.logCloseHangDebugInfo)
|
||||
+ defer t.Stop()
|
||||
+ }
|
||||
+ s.mu.Unlock()
|
||||
+
|
||||
+ // Not part of httptest.Server's correctness, but assume most
|
||||
+ // users of httptest.Server will be using the standard
|
||||
+ // transport, so help them out and close any idle connections for them.
|
||||
+ if t, ok := http.DefaultTransport.(closeIdleTransport); ok {
|
||||
t.CloseIdleConnections()
|
||||
}
|
||||
+
|
||||
+ s.wg.Wait()
|
||||
}
|
||||
|
||||
-// CloseClientConnections closes any currently open HTTP connections
|
||||
-// to the test Server.
|
||||
+func (s *Server) logCloseHangDebugInfo() {
|
||||
+ s.mu.Lock()
|
||||
+ defer s.mu.Unlock()
|
||||
+ var buf bytes.Buffer
|
||||
+ buf.WriteString("httptest.Server blocked in Close after 5 seconds, waiting for connections:\n")
|
||||
+ for c, st := range s.conns {
|
||||
+ fmt.Fprintf(&buf, " %T %p %v in state %v\n", c, c, c.RemoteAddr(), st)
|
||||
+ }
|
||||
+ log.Print(buf.String())
|
||||
+}
|
||||
+
|
||||
+// CloseClientConnections closes any open HTTP connections to the test Server.
|
||||
func (s *Server) CloseClientConnections() {
|
||||
- hl, ok := s.Listener.(*historyListener)
|
||||
- if !ok {
|
||||
- return
|
||||
+ s.mu.Lock()
|
||||
+ defer s.mu.Unlock()
|
||||
+ for c := range s.conns {
|
||||
+ s.closeConn(c)
|
||||
}
|
||||
- hl.Lock()
|
||||
- for _, conn := range hl.history {
|
||||
- conn.Close()
|
||||
+}
|
||||
+
|
||||
+func (s *Server) goServe() {
|
||||
+ s.wg.Add(1)
|
||||
+ go func() {
|
||||
+ defer s.wg.Done()
|
||||
+ s.Config.Serve(s.Listener)
|
||||
+ }()
|
||||
+}
|
||||
+
|
||||
+// wrap installs the connection state-tracking hook to know which
|
||||
+// connections are idle.
|
||||
+func (s *Server) wrap() {
|
||||
+ oldHook := s.Config.ConnState
|
||||
+ s.Config.ConnState = func(c net.Conn, cs http.ConnState) {
|
||||
+ s.mu.Lock()
|
||||
+ defer s.mu.Unlock()
|
||||
+ switch cs {
|
||||
+ case http.StateNew:
|
||||
+ s.wg.Add(1)
|
||||
+ if _, exists := s.conns[c]; exists {
|
||||
+ panic("invalid state transition")
|
||||
+ }
|
||||
+ if s.conns == nil {
|
||||
+ s.conns = make(map[net.Conn]http.ConnState)
|
||||
+ }
|
||||
+ s.conns[c] = cs
|
||||
+ if s.closed {
|
||||
+ // Probably just a socket-late-binding dial from
|
||||
+ // the default transport that lost the race (and
|
||||
+ // thus this connection is now idle and will
|
||||
+ // never be used).
|
||||
+ s.closeConn(c)
|
||||
+ }
|
||||
+ case http.StateActive:
|
||||
+ if oldState, ok := s.conns[c]; ok {
|
||||
+ if oldState != http.StateNew && oldState != http.StateIdle {
|
||||
+ panic("invalid state transition")
|
||||
+ }
|
||||
+ s.conns[c] = cs
|
||||
+ }
|
||||
+ case http.StateIdle:
|
||||
+ if oldState, ok := s.conns[c]; ok {
|
||||
+ if oldState != http.StateActive {
|
||||
+ panic("invalid state transition")
|
||||
+ }
|
||||
+ s.conns[c] = cs
|
||||
+ }
|
||||
+ if s.closed {
|
||||
+ s.closeConn(c)
|
||||
+ }
|
||||
+ case http.StateHijacked, http.StateClosed:
|
||||
+ s.forgetConn(c)
|
||||
+ }
|
||||
+ if oldHook != nil {
|
||||
+ oldHook(c, cs)
|
||||
+ }
|
||||
}
|
||||
- hl.Unlock()
|
||||
}
|
||||
|
||||
-// waitGroupHandler wraps a handler, incrementing and decrementing a
|
||||
-// sync.WaitGroup on each request, to enable Server.Close to block
|
||||
-// until outstanding requests are finished.
|
||||
-type waitGroupHandler struct {
|
||||
- s *Server
|
||||
- h http.Handler // non-nil
|
||||
+// closeConn closes c. Except on plan9, which is special. See comment below.
|
||||
+// s.mu must be held.
|
||||
+func (s *Server) closeConn(c net.Conn) {
|
||||
+ if runtime.GOOS == "plan9" {
|
||||
+ // Go's Plan 9 net package isn't great at unblocking reads when
|
||||
+ // their underlying TCP connections are closed. Don't trust
|
||||
+ // that that the ConnState state machine will get to
|
||||
+ // StateClosed. Instead, just go there directly. Plan 9 may leak
|
||||
+ // resources if the syscall doesn't end up returning. Oh well.
|
||||
+ s.forgetConn(c)
|
||||
+ }
|
||||
+ go c.Close()
|
||||
}
|
||||
|
||||
-func (h *waitGroupHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
- h.s.wg.Add(1)
|
||||
- defer h.s.wg.Done() // a defer, in case ServeHTTP below panics
|
||||
- h.h.ServeHTTP(w, r)
|
||||
+// forgetConn removes c from the set of tracked conns and decrements it from the
|
||||
+// waitgroup, unless it was previously removed.
|
||||
+// s.mu must be held.
|
||||
+func (s *Server) forgetConn(c net.Conn) {
|
||||
+ if _, ok := s.conns[c]; ok {
|
||||
+ delete(s.conns, c)
|
||||
+ s.wg.Done()
|
||||
+ }
|
||||
}
|
||||
|
||||
// localhostCert is a PEM-encoded TLS cert with SAN IPs
|
||||
diff --git a/src/net/http/httptest/server_test.go b/src/net/http/httptest/server_test.go
|
||||
index 500a9f0..90901ce 100644
|
||||
--- a/src/net/http/httptest/server_test.go
|
||||
+++ b/src/net/http/httptest/server_test.go
|
||||
@@ -27,3 +27,30 @@ func TestServer(t *testing.T) {
|
||||
t.Errorf("got %q, want hello", string(got))
|
||||
}
|
||||
}
|
||||
+
|
||||
+// Issue 12781
|
||||
+func TestGetAfterClose(t *testing.T) {
|
||||
+ ts := NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
+ w.Write([]byte("hello"))
|
||||
+ }))
|
||||
+
|
||||
+ res, err := http.Get(ts.URL)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ got, err := ioutil.ReadAll(res.Body)
|
||||
+ if err != nil {
|
||||
+ t.Fatal(err)
|
||||
+ }
|
||||
+ if string(got) != "hello" {
|
||||
+ t.Fatalf("got %q, want hello", string(got))
|
||||
+ }
|
||||
+
|
||||
+ ts.Close()
|
||||
+
|
||||
+ res, err = http.Get(ts.URL)
|
||||
+ if err == nil {
|
||||
+ body, _ := ioutil.ReadAll(res.Body)
|
||||
+ t.Fatalf("Unexected response after close: %v, %v, %s", res.Status, res.Header, body)
|
||||
+ }
|
||||
+}
|
740
golang.spec
740
golang.spec
|
@ -1,12 +1,3 @@
|
|||
%bcond_with bootstrap
|
||||
# temporalily ignore test failures
|
||||
# due to https://github.com/golang/go/issues/39466
|
||||
%ifarch aarch64
|
||||
%bcond_without ignore_tests
|
||||
%else
|
||||
%bcond_with ignore_tests
|
||||
%endif
|
||||
|
||||
# build ids are not currently generated:
|
||||
# https://code.google.com/p/go/issues/detail?id=5238
|
||||
#
|
||||
|
@ -31,55 +22,46 @@
|
|||
%global __spec_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot \
|
||||
/usr/lib/rpm/brp-compress
|
||||
|
||||
%global golibdir %{_libdir}/golang
|
||||
|
||||
# This macro may not always be defined, ensure it is
|
||||
%{!?gopath: %global gopath %{_datadir}/gocode}
|
||||
|
||||
# Golang build options.
|
||||
|
||||
# Build golang using external/internal(close to cgo disabled) linking.
|
||||
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
|
||||
# Buid golang using external/internal(close to cgo disabled) linking.
|
||||
%ifarch %{golang_arches}
|
||||
%global external_linker 1
|
||||
%else
|
||||
%global external_linker 0
|
||||
%endif
|
||||
|
||||
# Build golang with cgo enabled/disabled(later equals more or less to internal linking).
|
||||
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
|
||||
%ifarch %{golang_arches}
|
||||
%global cgo_enabled 1
|
||||
%else
|
||||
%global cgo_enabled 0
|
||||
%endif
|
||||
|
||||
# Use golang/gcc-go as bootstrap compiler
|
||||
%if %{with bootstrap}
|
||||
%global golang_bootstrap 0
|
||||
%else
|
||||
%ifarch %{golang_arches}
|
||||
%global golang_bootstrap 1
|
||||
%endif
|
||||
|
||||
# Controls what ever we fail on failed tests
|
||||
%if %{with ignore_tests}
|
||||
%global fail_on_tests 0
|
||||
%else
|
||||
%global golang_bootstrap 0
|
||||
%endif
|
||||
# boostrap(with internal linking) using gcc-go fails due to bug in tests(https://github.com/golang/go/issues/12629)
|
||||
# make check not to fail due to it
|
||||
|
||||
# Controls what ever we fails on failed tests
|
||||
%ifarch x86_64 %{ix86} aarch64
|
||||
%global fail_on_tests 1
|
||||
%else
|
||||
%global fail_on_tests 0
|
||||
%endif
|
||||
|
||||
# TODO get more support for shared objects
|
||||
# Build golang shared objects for stdlib
|
||||
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
|
||||
%ifarch x86_64
|
||||
%global shared 1
|
||||
%else
|
||||
%global shared 0
|
||||
%endif
|
||||
|
||||
# Pre build std lib with -race enabled
|
||||
%ifarch x86_64
|
||||
%global race 1
|
||||
%else
|
||||
%global race 0
|
||||
%endif
|
||||
|
||||
# Fedora GOROOT
|
||||
%global goroot /usr/lib/%{name}
|
||||
|
||||
|
@ -101,23 +83,21 @@
|
|||
%ifarch ppc64le
|
||||
%global gohostarch ppc64le
|
||||
%endif
|
||||
%ifarch s390x
|
||||
%global gohostarch s390x
|
||||
%endif
|
||||
|
||||
%global go_api 1.15
|
||||
%global go_version 1.15.5
|
||||
%global go_api 1.5
|
||||
%global go_version 1.5.4
|
||||
|
||||
Name: golang
|
||||
Version: 1.15.5
|
||||
Release: 1%{?dist}
|
||||
Version: 1.5.4
|
||||
Release: 5%{?dist}
|
||||
Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
URL: http://golang.org/
|
||||
# pre-processed by source.sh to make Mark.Twain-Tom.Sawyer.txt free again
|
||||
Source0: https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz
|
||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||
Source1: fedora.go
|
||||
# original removed by source.sh, replace by version from golang master branch with license scrubbed
|
||||
Source1: Mark.Twain-Tom.Sawyer.txt.bz2
|
||||
|
||||
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
||||
%if !%{golang_bootstrap}
|
||||
|
@ -131,112 +111,42 @@ BuildRequires: hostname
|
|||
BuildRequires: net-tools
|
||||
%endif
|
||||
# for tests
|
||||
BuildRequires: pcre-devel, glibc-static, perl-interpreter, procps-ng
|
||||
BuildRequires: pcre-devel, glibc-static
|
||||
|
||||
Provides: go = %{version}-%{release}
|
||||
|
||||
# Bundled/Vendored provides generated by
|
||||
# go list -f {{.ImportPath}} ./src/vendor/... | sed "s:_$PWD/src/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):" && go list -f {{.ImportPath}} ./src/cmd/vendor/... | sed "s:_$PWD/src/cmd/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):"
|
||||
Provides: bundled(golang(golang.org/x/crypto/chacha20))
|
||||
Provides: bundled(golang(golang.org/x/crypto/chacha20poly1305))
|
||||
Provides: bundled(golang(golang.org/x/crypto/cryptobyte))
|
||||
Provides: bundled(golang(golang.org/x/crypto/cryptobyte/asn1))
|
||||
Provides: bundled(golang(golang.org/x/crypto/curve25519))
|
||||
Provides: bundled(golang(golang.org/x/crypto/hkdf))
|
||||
Provides: bundled(golang(golang.org/x/crypto/internal/subtle))
|
||||
Provides: bundled(golang(golang.org/x/crypto/poly1305))
|
||||
Provides: bundled(golang(golang.org/x/net/dns/dnsmessage))
|
||||
Provides: bundled(golang(golang.org/x/net/http/httpguts))
|
||||
Provides: bundled(golang(golang.org/x/net/http/httpproxy))
|
||||
Provides: bundled(golang(golang.org/x/net/http2/hpack))
|
||||
Provides: bundled(golang(golang.org/x/net/idna))
|
||||
Provides: bundled(golang(golang.org/x/net/nettest))
|
||||
Provides: bundled(golang(golang.org/x/sys/cpu))
|
||||
Provides: bundled(golang(golang.org/x/text/secure/bidirule))
|
||||
Provides: bundled(golang(golang.org/x/text/transform))
|
||||
Provides: bundled(golang(golang.org/x/text/unicode/bidi))
|
||||
Provides: bundled(golang(golang.org/x/text/unicode/norm))
|
||||
Provides: bundled(golang(github.com/google/pprof/driver))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/binutils))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/driver))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/elfexec))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/graph))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/measurement))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/plugin))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/report))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/symbolizer))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/symbolz))
|
||||
Provides: bundled(golang(github.com/google/pprof/internal/transport))
|
||||
Provides: bundled(golang(github.com/google/pprof/profile))
|
||||
Provides: bundled(golang(github.com/google/pprof/third.party/d3))
|
||||
Provides: bundled(golang(github.com/google/pprof/third.party/d3flamegraph))
|
||||
Provides: bundled(golang(github.com/google/pprof/third.party/svgpan))
|
||||
Provides: bundled(golang(github.com/ianlancetaylor/demangle))
|
||||
Provides: bundled(golang(golang.org/x/arch/arm/armasm))
|
||||
Provides: bundled(golang(golang.org/x/arch/arm64/arm64asm))
|
||||
Provides: bundled(golang(golang.org/x/arch/ppc64/ppc64asm))
|
||||
Provides: bundled(golang(golang.org/x/arch/x86/x86asm))
|
||||
Provides: bundled(golang(golang.org/x/crypto/ed25519))
|
||||
Provides: bundled(golang(golang.org/x/crypto/ed25519/internal/edwards25519))
|
||||
Provides: bundled(golang(golang.org/x/crypto/ssh/terminal))
|
||||
Provides: bundled(golang(golang.org/x/mod/internal/lazyregexp))
|
||||
Provides: bundled(golang(golang.org/x/mod/modfile))
|
||||
Provides: bundled(golang(golang.org/x/mod/module))
|
||||
Provides: bundled(golang(golang.org/x/mod/semver))
|
||||
Provides: bundled(golang(golang.org/x/mod/sumdb))
|
||||
Provides: bundled(golang(golang.org/x/mod/sumdb/dirhash))
|
||||
Provides: bundled(golang(golang.org/x/mod/sumdb/note))
|
||||
Provides: bundled(golang(golang.org/x/mod/sumdb/tlog))
|
||||
Provides: bundled(golang(golang.org/x/mod/zip))
|
||||
Provides: bundled(golang(golang.org/x/sys/internal/unsafeheader))
|
||||
Provides: bundled(golang(golang.org/x/sys/unix))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/analysisflags))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/facts))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/asmdecl))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/assign))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/atomic))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/bools))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/buildtag))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/cgocall))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/composite))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/copylock))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ctrlflow))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/errorsas))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/httpresponse))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ifaceassert))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/inspect))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/internal/analysisutil))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/loopclosure))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/lostcancel))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/nilfunc))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/printf))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/shift))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stdmethods))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stringintconv))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/structtag))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/tests))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unmarshal))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unreachable))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unsafeptr))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unusedresult))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/analysis/unitchecker))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/ast/astutil))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/ast/inspector))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/cfg))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/types/objectpath))
|
||||
Provides: bundled(golang(golang.org/x/tools/go/types/typeutil))
|
||||
Provides: bundled(golang(golang.org/x/tools/internal/analysisinternal))
|
||||
Provides: bundled(golang(golang.org/x/xerrors))
|
||||
Provides: bundled(golang(golang.org/x/xerrors/internal))
|
||||
|
||||
Requires: %{name}-bin = %{version}-%{release}
|
||||
Requires: %{name}-bin
|
||||
Requires: %{name}-src = %{version}-%{release}
|
||||
Requires: go-srpm-macros
|
||||
|
||||
Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
|
||||
Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
|
||||
Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
|
||||
Patch0: golang-1.2-verbose-build.patch
|
||||
|
||||
# Accept x509 certs with negative serial
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1290543
|
||||
# https://github.com/golang/go/issues/8265
|
||||
Patch2: bz1290543.patch
|
||||
Patch3: CVE-2016-5386.patch
|
||||
|
||||
# use the arch dependent path in the bootstrap
|
||||
Patch212: golang-1.5-bootstrap-binary-path.patch
|
||||
|
||||
# disable TestGdbPython
|
||||
# https://github.com/golang/go/issues/11214
|
||||
Patch213: go1.5beta1-disable-TestGdbPython.patch
|
||||
|
||||
# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
|
||||
# this is not possible in the limitied build chroot
|
||||
Patch214: go1.5beta2-disable-TestCloneNEWUSERAndRemapNoRootDisableSetgroups.patch
|
||||
|
||||
# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that
|
||||
# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests.
|
||||
Patch215: ./go1.5-zoneinfo_testing_only.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1271709
|
||||
Patch216: ./golang-1.5.1-a3156aaa12.patch
|
||||
|
||||
# Backpor security fixes from 1.6.4
|
||||
Patch217: httpmultipart.patch
|
||||
Patch218: darwinx509trust.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
|
@ -289,8 +199,6 @@ BuildArch: noarch
|
|||
|
||||
%package bin
|
||||
Summary: Golang core compiler tools
|
||||
# Some distributions refer to this package by this name
|
||||
Provides: %{name}-go = %{version}-%{release}
|
||||
Requires: go = %{version}-%{release}
|
||||
# Pre-go1.5, all arches had to be bootstrapped individually, before usable, and
|
||||
# env variables to compile for the target os-arch.
|
||||
|
@ -321,17 +229,12 @@ Obsoletes: golang-vet < 0-12.1
|
|||
Obsoletes: golang-cover < 0-12.1
|
||||
|
||||
Requires(post): %{_sbindir}/update-alternatives
|
||||
Requires(preun): %{_sbindir}/update-alternatives
|
||||
Requires(postun): %{_sbindir}/update-alternatives
|
||||
|
||||
# We strip the meta dependency, but go does require glibc.
|
||||
# This is an odd issue, still looking for a better fix.
|
||||
Requires: glibc
|
||||
Requires: gcc
|
||||
%if 0%{?rhel} && 0%{?rhel} < 8
|
||||
Requires: git, subversion, mercurial
|
||||
%else
|
||||
Recommends: git, subversion, mercurial
|
||||
%endif
|
||||
%description bin
|
||||
%{summary}
|
||||
|
||||
|
@ -353,20 +256,33 @@ Summary: Golang shared object libraries
|
|||
%{summary}.
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
%package race
|
||||
Summary: Golang std library with -race enabled
|
||||
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description race
|
||||
%{summary}
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n go
|
||||
%setup -q -n go
|
||||
|
||||
cp %{SOURCE1} ./src/runtime/
|
||||
# increase verbosity of build
|
||||
%patch0 -p1
|
||||
|
||||
%patch2 -p1
|
||||
|
||||
%patch3 -p1 -b .httpoxy
|
||||
|
||||
# use the arch dependent path in the bootstrap
|
||||
%patch212 -p1
|
||||
|
||||
# disable TestGdbPython
|
||||
%patch213 -p1
|
||||
|
||||
# disable TestCloneNEWUSERAndRemapNoRootDisableSetgroups
|
||||
%patch214 -p1
|
||||
|
||||
%patch215 -p1
|
||||
|
||||
%patch216 -p1
|
||||
|
||||
%patch217 -p1
|
||||
%patch218 -p1
|
||||
|
||||
cp %{SOURCE1} "$(pwd)/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2"
|
||||
|
||||
%build
|
||||
# print out system information
|
||||
|
@ -401,22 +317,16 @@ export GO_LDFLAGS="-linkmode internal"
|
|||
%if !%{cgo_enabled}
|
||||
export CGO_ENABLED=0
|
||||
%endif
|
||||
./make.bash --no-clean -v
|
||||
./make.bash --no-clean
|
||||
popd
|
||||
|
||||
# build shared std lib
|
||||
%if %{shared}
|
||||
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared -v -x std
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -race -v -x std
|
||||
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared std
|
||||
%endif
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
# remove GC build cache
|
||||
rm -rf pkg/obj/go-build/*
|
||||
|
||||
# create the top level directories
|
||||
mkdir -p $RPM_BUILD_ROOT%{_bindir}
|
||||
|
@ -437,63 +347,43 @@ cwd=$(pwd)
|
|||
src_list=$cwd/go-src.list
|
||||
pkg_list=$cwd/go-pkg.list
|
||||
shared_list=$cwd/go-shared.list
|
||||
race_list=$cwd/go-race.list
|
||||
misc_list=$cwd/go-misc.list
|
||||
docs_list=$cwd/go-docs.list
|
||||
tests_list=$cwd/go-tests.list
|
||||
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
|
||||
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list
|
||||
pushd $RPM_BUILD_ROOT%{goroot}
|
||||
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
|
||||
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $src_list
|
||||
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
|
||||
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list
|
||||
|
||||
find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list
|
||||
find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%{goroot}/%p\n' >> $pkg_list
|
||||
find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list
|
||||
find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -printf '%{goroot}/%p\n' >> $pkg_list
|
||||
|
||||
find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list
|
||||
find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list
|
||||
find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list
|
||||
find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list
|
||||
|
||||
find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list
|
||||
find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list
|
||||
find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list
|
||||
find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list
|
||||
|
||||
%if %{shared}
|
||||
mkdir -p %{buildroot}/%{_libdir}/
|
||||
mkdir -p %{buildroot}/%{golibdir}/
|
||||
for file in $(find . -iname "*.so" ); do
|
||||
chmod 755 $file
|
||||
mv $file %{buildroot}/%{golibdir}
|
||||
pushd $(dirname $file)
|
||||
ln -fs %{golibdir}/$(basename $file) $(basename $file)
|
||||
popd
|
||||
echo "%%{goroot}/$file" >> $shared_list
|
||||
echo "%%{golibdir}/$(basename $file)" >> $shared_list
|
||||
done
|
||||
|
||||
find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
|
||||
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
|
||||
find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
|
||||
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
|
||||
find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
|
||||
find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
|
||||
|
||||
%endif
|
||||
|
||||
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $tests_list
|
||||
# this is only the zoneinfo.zip
|
||||
find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $tests_list
|
||||
# this is only the zoneinfo.zip
|
||||
find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||
find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||
popd
|
||||
|
||||
# remove the doc Makefile
|
||||
rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile
|
||||
|
||||
# put binaries to bindir, linked to the arch we're building,
|
||||
# leave the arch independent pieces in {goroot}
|
||||
# leave the arch independent pieces in %{goroot}
|
||||
mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}
|
||||
ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/go
|
||||
ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/gofmt
|
||||
|
@ -528,12 +418,6 @@ export GO_LDFLAGS="-linkmode internal"
|
|||
%if !%{cgo_enabled} || !%{external_linker}
|
||||
export CGO_ENABLED=0
|
||||
%endif
|
||||
# workaround for https://github.com/golang/go/issues/39466 until it gests fixed
|
||||
# Commented until the patch is ready, this work around suggested in the link avobe
|
||||
# doesn't work properly
|
||||
#ifarch aarch64
|
||||
#export CGO_CFLAGS="-mno-outline-atomics"
|
||||
#endif
|
||||
|
||||
# make sure to not timeout
|
||||
export GO_TEST_TIMEOUT_SCALE=2
|
||||
|
@ -548,28 +432,30 @@ cd ..
|
|||
|
||||
%post bin
|
||||
%{_sbindir}/update-alternatives --install %{_bindir}/go \
|
||||
go %{goroot}/bin/go 90 \
|
||||
--slave %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt
|
||||
go %{goroot}/bin/go 90 \
|
||||
--slave %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt
|
||||
|
||||
%preun bin
|
||||
if [ $1 = 0 ]; then
|
||||
%{_sbindir}/update-alternatives --remove go %{goroot}/bin/go
|
||||
%{_sbindir}/update-alternatives --remove go %{goroot}/bin/go
|
||||
fi
|
||||
|
||||
|
||||
%files
|
||||
%license LICENSE PATENTS
|
||||
%doc AUTHORS CONTRIBUTORS
|
||||
%doc AUTHORS CONTRIBUTORS LICENSE PATENTS
|
||||
# VERSION has to be present in the GOROOT, for `go install std` to work
|
||||
%doc %{goroot}/VERSION
|
||||
%dir %{goroot}/doc
|
||||
%doc %{goroot}/doc/*
|
||||
|
||||
# go files
|
||||
%dir %{goroot}
|
||||
%{goroot}/api/
|
||||
%{goroot}/lib/time/
|
||||
%{goroot}/favicon.ico
|
||||
%{goroot}/robots.txt
|
||||
%exclude %{goroot}/bin/
|
||||
%exclude %{goroot}/pkg/
|
||||
%exclude %{goroot}/src/
|
||||
%exclude %{goroot}/doc/
|
||||
%exclude %{goroot}/misc/
|
||||
%{goroot}/*
|
||||
|
||||
# ensure directory ownership, so they are cleaned up if empty
|
||||
%dir %{gopath}
|
||||
|
@ -585,405 +471,41 @@ fi
|
|||
# gdbinit (for gdb debugging)
|
||||
%{_sysconfdir}/gdbinit.d
|
||||
|
||||
%files src -f go-src.list
|
||||
%files -f go-src.list src
|
||||
|
||||
%files docs -f go-docs.list
|
||||
%files -f go-docs.list docs
|
||||
|
||||
%files misc -f go-misc.list
|
||||
%files -f go-misc.list misc
|
||||
|
||||
%files tests -f go-tests.list
|
||||
%files -f go-tests.list tests
|
||||
|
||||
%files bin -f go-pkg.list
|
||||
%files -f go-pkg.list bin
|
||||
%{_bindir}/go
|
||||
%{_bindir}/gofmt
|
||||
%{goroot}/bin/linux_%{gohostarch}/go
|
||||
%{goroot}/bin/linux_%{gohostarch}/gofmt
|
||||
|
||||
%if %{shared}
|
||||
%files shared -f go-shared.list
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
%files race -f go-race.list
|
||||
%files -f go-shared.list shared
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Nov 13 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.5-1
|
||||
- Rebase to go1.15.5
|
||||
- Security fix for CVE-2020-28362, CVE-2020-28367 and CVE-2020-28366
|
||||
- Resolves: BZ#1897342, BZ#1897636, BZ#1897644, BZ#1897647
|
||||
* Tue Dec 06 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-5
|
||||
- Resolves: BZ#1401987
|
||||
|
||||
* Fri Nov 06 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.4-1
|
||||
- Rebase to go1.15.4
|
||||
- Resolves: BZ#1895189
|
||||
* Fri Nov 18 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-4
|
||||
- re-enable p224 curve (see BZ#1038683)
|
||||
|
||||
* Thu Oct 15 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.3-1
|
||||
- Rebase to go1.15.3
|
||||
- Resolves: BZ#1888443
|
||||
|
||||
* Thu Sep 10 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.2-1
|
||||
- Rebase to go1.15.2
|
||||
- Resolves: BZ#1877565
|
||||
|
||||
* Thu Sep 03 2020 Jakub Čajka <jcajka@redhat.com> - 1.15.1-1
|
||||
- Rebase to go1.15.1
|
||||
- Security fix for CVE-2020-24553
|
||||
- Resolves: BZ#1874858, BZ#1866892
|
||||
|
||||
* Wed Aug 12 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-1
|
||||
- Rebase to go1.15 proper
|
||||
- Resolves: BZ#1859241, BZ#1866892
|
||||
|
||||
* Mon Aug 10 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.rc2.0
|
||||
- Rebase to go1.15rc1
|
||||
- Security fix for CVE-2020-16845
|
||||
- Resolves: BZ#1867101
|
||||
- Related: BZ#1859241
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.15-0.rc1.0.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jul 27 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.rc1.0
|
||||
- Rebase to go1.15rc1
|
||||
- Related: BZ#1859241
|
||||
|
||||
* Mon Jul 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.15-0.beta1.0
|
||||
- Rebase to go1.15beta1
|
||||
|
||||
* Mon Jul 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14.6-1
|
||||
- Rebase to go1.14.6
|
||||
- Security fix for CVE-2020-14040 and CVE-2020-15586
|
||||
- Resolves: BZ#1842708, BZ#1856957, BZ#1853653
|
||||
|
||||
* Tue Jun 30 2020 Alejandro Sáez <asm@redhat.com> - 1.14.4-1
|
||||
- Rebase to go1.14.4
|
||||
- Add patch that fixes: https://golang.org/issue/39991
|
||||
- Related: BZ#1842708
|
||||
|
||||
* Mon May 18 2020 Álex Sáez <asm@redhat.com> - 1.14.3-1
|
||||
- Rebase to go1.14.3
|
||||
- Resolves: BZ#1836015
|
||||
|
||||
* Mon Apr 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14.2-1
|
||||
- Rebase to go1.14.2
|
||||
- Resolves: BZ#1815282
|
||||
|
||||
* Wed Feb 26 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-1
|
||||
- Rebase to go1.14 proper
|
||||
- Resolves: BZ#1792475
|
||||
|
||||
* Thu Feb 06 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-0.rc1.0
|
||||
- Rebase to go1.14.rc1
|
||||
- Related: BZ#1792475
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.14-0.beta1.0.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 20 2020 Jakub Čajka <jcajka@redhat.com> - 1.14-0.beta1.0
|
||||
- Rebase to go1.14beta1
|
||||
- Resolves: BZ#1792475
|
||||
|
||||
* Mon Jan 13 2020 Jakub Čajka <jcajka@redhat.com> - 1.13.6-1
|
||||
- Rebase to go1.13.6
|
||||
|
||||
* Thu Dec 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.5-1
|
||||
- Rebase to go1.13.5
|
||||
|
||||
* Tue Nov 26 2019 Neal Gompa <ngompa@datto.com> - 1.13.4-2
|
||||
- Small fixes to the spec and tighten up the file list
|
||||
|
||||
* Fri Nov 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.4-1
|
||||
- Rebase to go1.13.4
|
||||
- Resolves BZ#1767673
|
||||
|
||||
* Sat Oct 19 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.3-1
|
||||
- Rebase to go1.13.3
|
||||
- Fix for CVE-2019-17596
|
||||
- Resolves: BZ#1755639, BZ#1763312
|
||||
|
||||
* Fri Sep 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.13.1-1
|
||||
- Rebase to go1.13.1
|
||||
- Fix for CVE-2019-16276
|
||||
- Resolves: BZ#1755970
|
||||
|
||||
* Thu Sep 05 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-2
|
||||
- Back to go1.13 tls1.3 behavior
|
||||
|
||||
* Wed Sep 04 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-1
|
||||
- Rebase to go1.13
|
||||
|
||||
* Fri Aug 30 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc2.1
|
||||
- Rebase to go1.13rc2
|
||||
- Do not enable tls1.3 by default
|
||||
- Related: BZ#1737471
|
||||
|
||||
* Wed Aug 28 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc1.2
|
||||
- Actually fix CVE-2019-9514 and CVE-2019-9512
|
||||
- Related: BZ#1741816, BZ#1741827
|
||||
|
||||
* Mon Aug 26 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc1.1
|
||||
- Rebase to 1.13rc1
|
||||
- Fix for CVE-2019-14809, CVE-2019-9514 and CVE-2019-9512
|
||||
- Resolves: BZ#1741816, BZ#1741827 and BZ#1743131
|
||||
|
||||
* Thu Aug 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2.2
|
||||
- Fix ICE affecting aarch64
|
||||
- Resolves: BZ#1735290
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.13-0.beta1.2.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Wed Jul 24 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2
|
||||
- De-configure sumdb and go proxy
|
||||
|
||||
* Wed Jul 24 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.1
|
||||
- Rebase to 1.13beta1
|
||||
- Related: BZ#1732118
|
||||
|
||||
* Tue Jul 09 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.7-1
|
||||
- Rebase to 1.12.7
|
||||
- Resolves: BZ#1728056
|
||||
|
||||
* Wed Jun 12 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.6-1
|
||||
- Rebase to 1.12.6
|
||||
- Resolves: BZ#1719483
|
||||
|
||||
* Tue May 07 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.5-1
|
||||
- Rebase to 1.12.5
|
||||
- Resolves: BZ#1707187
|
||||
|
||||
* Mon Apr 08 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.2-1
|
||||
- Rebase to 1.12.2
|
||||
- Resolves: BZ#1688996
|
||||
|
||||
* Mon Apr 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.1-2
|
||||
- Fix up change log, respective CVE has been fixed in go1.12rc1
|
||||
|
||||
* Fri Mar 15 2019 Jakub Čajka <jcajka@redhat.com> - 1.12.1-1
|
||||
- Rebase to 1.12.1
|
||||
- Fix requirement for %%preun (instead of %%postun) scriptlet thanks to Tim Landscheidt
|
||||
- Use weak deps for SCM deps
|
||||
|
||||
* Wed Feb 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-1
|
||||
- Rebase to go1.12 proper
|
||||
- Resolves: BZ#1680040
|
||||
|
||||
* Mon Feb 18 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.rc1.1
|
||||
- Rebase to go1.12rc1
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.12-0.beta2.2.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Sun Jan 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.2
|
||||
- Fix for CVE-2019-6486
|
||||
- Resolves: BZ#1668973
|
||||
|
||||
* Fri Jan 11 2019 Jakub Čajka <jcajka@redhat.com> - 1.12-0.beta2.1
|
||||
- Rebase to go1.12beta2
|
||||
|
||||
* Wed Jan 02 2019 Jakub Čajka <jcajka@redhat.com> - 1.11.4-1
|
||||
- Rebase to go1.11.4
|
||||
- Fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873
|
||||
- Resolves: BZ#1659290, BZ#1659289, BZ#1659288
|
||||
|
||||
* Mon Nov 05 2018 Jakub Čajka <jcajka@redhat.com> - 1.11.2-1
|
||||
- Rebase to go1.11.2
|
||||
|
||||
* Thu Oct 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.11.1-1
|
||||
- Rebase to go1.11.1
|
||||
|
||||
* Mon Aug 27 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-1
|
||||
- Rebase to go1.11 release
|
||||
|
||||
* Thu Aug 23 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.rc2.1
|
||||
- Rebase to go1.11rc2
|
||||
- Reduce size of bin package
|
||||
|
||||
* Tue Aug 14 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.rc1.1
|
||||
- Rebase to go1.11rc1
|
||||
|
||||
* Mon Aug 06 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta3.1
|
||||
- Rebase to go1.11beta3
|
||||
|
||||
* Fri Jul 27 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta2.2
|
||||
- Turn on back DWARF compression by default
|
||||
- Use less memory on 32bit targets during build
|
||||
- Resolves: BZ#1607270
|
||||
- Related: BZ#1602096
|
||||
|
||||
* Fri Jul 20 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta2.1
|
||||
- Rebase to 1.11beta2
|
||||
|
||||
* Wed Jul 18 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta1.2
|
||||
- Turn off DWARF compression by default as it is not supported by rpm/debuginfo
|
||||
- Related: BZ#1602096
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.11-0.beta1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Jul 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.11-0.beta1.1
|
||||
* Rebase to 1.11beta1
|
||||
|
||||
* Fri Jun 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.3-1
|
||||
- Rebase to 1.10.3
|
||||
|
||||
* Wed May 02 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.2-1
|
||||
- Rebase to 1.10.2
|
||||
|
||||
* Wed Apr 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.1-1
|
||||
- Rebase to 1.10.1
|
||||
- Resolves: BZ#1562270
|
||||
|
||||
* Sat Mar 03 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-2
|
||||
- Fix CVE-2018-7187
|
||||
- Resolves: BZ#1546386, BZ#1546388
|
||||
|
||||
* Wed Feb 21 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-1
|
||||
- Rebase to 1.10
|
||||
|
||||
* Thu Feb 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.rc2.1
|
||||
- Rebase to 1.10rc2
|
||||
- Fix CVE-2018-6574
|
||||
- Resolves: BZ#1543561, BZ#1543562
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Fri Jan 26 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.rc1.1
|
||||
- Rebase to 1.10rc1
|
||||
|
||||
* Fri Jan 12 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.beta2.1
|
||||
- Rebase to 1.10beta2
|
||||
|
||||
* Mon Jan 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-0.beta1.1
|
||||
- Rebase to 1.10beta1
|
||||
- Drop verbose patch as most of it is now implemented by bootstrap tool and is easily toggled by passing -v flag to make.bash
|
||||
|
||||
* Thu Oct 26 2017 Jakub Čajka <jcajka@redhat.com> - 1.9.2-1
|
||||
- Rebase to 1.9.2
|
||||
- execute correctly pie tests
|
||||
- allow to ignore tests via bcond
|
||||
- reduce size of golang package
|
||||
|
||||
* Fri Oct 06 2017 Jakub Čajka <jcajka@redhat.com> - 1.9.1-1
|
||||
- fix CVE-2017-15041 and CVE-2017-15042
|
||||
|
||||
* Fri Sep 15 2017 Jakub Čajka <jcajka@redhat.com> - 1.9-1
|
||||
- bump to the relased version
|
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-0.beta2.1.2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-0.beta2.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Tue Jul 11 2017 Jakub Čajka <jcajka@redhat.com> - 1.9-0.beta2.1
|
||||
- bump to beta2
|
||||
|
||||
* Thu May 25 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.3-1
|
||||
- bump to 1.8.3
|
||||
- fix for CVE-2017-8932
|
||||
- make possible to use 31bit OID in ASN1
|
||||
- Resolves: BZ#1454978, BZ#1455191
|
||||
|
||||
* Fri Apr 21 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-2
|
||||
- fix uint64 constant codegen on s390x
|
||||
- Resolves: BZ#1441078
|
||||
|
||||
* Tue Apr 11 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-1
|
||||
- bump to Go 1.8.1
|
||||
- Resolves: BZ#1440345
|
||||
|
||||
* Fri Feb 24 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-2
|
||||
- avoid possibly stale packages due to chacha test file not being test file
|
||||
|
||||
* Fri Feb 17 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-1
|
||||
- bump to released version
|
||||
- Resolves: BZ#1423637
|
||||
- Related: BZ#1411242
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8-0.rc3.2.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Fri Jan 27 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-0.rc3.2
|
||||
- make possible to override default traceback level at build time
|
||||
- add sub-package race containing std lib built with -race enabled
|
||||
- Related: BZ#1411242
|
||||
|
||||
* Fri Jan 27 2017 Jakub Čajka <jcajka@redhat.com> - 1.8-0.rc3.1
|
||||
- rebase to go1.8rc3
|
||||
- Resolves: BZ#1411242
|
||||
|
||||
* Fri Jan 20 2017 Jakub Čajka <jcajka@redhat.com> - 1.7.4-2
|
||||
- Resolves: BZ#1404679
|
||||
- expose IfInfomsg.X__ifi_pad on s390x
|
||||
|
||||
* Fri Dec 02 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.4-1
|
||||
- Bump to 1.7.4
|
||||
- Resolves: BZ#1400732
|
||||
|
||||
* Thu Nov 17 2016 Tom Callaway <spot@fedoraproject.org> - 1.7.3-2
|
||||
- re-enable the NIST P-224 curve
|
||||
|
||||
* Thu Oct 20 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.3-1
|
||||
- Resolves: BZ#1387067 - golang-1.7.3 is available
|
||||
- added fix for tests failing with latest tzdata
|
||||
|
||||
* Fri Sep 23 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.1-2
|
||||
- fix link failure due to relocation overflows on PPC64X
|
||||
|
||||
* Thu Sep 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.7.1-1
|
||||
- rebase to 1.7.1
|
||||
- Resolves: BZ#1374103
|
||||
|
||||
* Tue Aug 23 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-1
|
||||
- update to released version
|
||||
- related: BZ#1342090, BZ#1357394
|
||||
|
||||
* Mon Aug 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.3.rc5
|
||||
- Obsolete golang-vet and golang-cover from golang-googlecode-tools package
|
||||
vet/cover binaries are provided by golang-bin rpm (thanks to jchaloup)
|
||||
- clean up exclusive arch after s390x boostrap
|
||||
* Mon Aug 08 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-3
|
||||
-Obsolete golang-vet and golang-cover from golang-googlecode-tools package
|
||||
vet/cover binaries are provided by golang-bin rpm(thanks to jchaloup)
|
||||
- resolves: #1268206
|
||||
|
||||
* Wed Aug 03 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.2.rc5
|
||||
- rebase to go1.7rc5
|
||||
- Resolves: BZ#1342090
|
||||
|
||||
* Thu Jul 21 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7-0.1.rc2
|
||||
- https://fedoraproject.org/wiki/Changes/golang1.7
|
||||
|
||||
* Tue Jul 19 2016 Jakub Čajka <jcajka@redhat.com> - 1.7-0.0.rc2
|
||||
- rebase to 1.7rc2
|
||||
- added s390x build
|
||||
- improved shared lib packaging
|
||||
* Tue Jul 19 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-2
|
||||
- Resolves: bz1357602 - CVE-2016-5386
|
||||
- Resolves: bz1342090, bz1342090
|
||||
|
||||
* Tue Apr 26 2016 Jakub Čajka <jcajka@redhat.com> - 1.6.2-1
|
||||
- rebase to 1.6.2
|
||||
- Resolves: bz1329206 - golang-1.6.2.src is available
|
||||
|
||||
* Wed Apr 13 2016 Jakub Čajka <jcajka@redhat.com> - 1.6.1-1
|
||||
- rebase to 1.6.1
|
||||
- Resolves: bz1324344 - CVE-2016-3959
|
||||
- Resolves: bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used
|
||||
- Resolves: bz1326366 - wrong epoll_event struct for ppc64le/ppc64
|
||||
|
||||
* Mon Feb 22 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-1
|
||||
- Resolves: bz1304701 - rebase to go1.6 release
|
||||
- Resolves: bz1304591 - fix possible stack miss-alignment in callCgoMmap
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-0.3.rc1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Fri Jan 29 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-0.2.rc1
|
||||
- disabled cgo and external linking on ppc64
|
||||
|
||||
* Thu Jan 28 2016 Jakub Čajka <jcajka@redhat.com> - 1.6-0.1.rc1
|
||||
- Resolves bz1292640, rebase to pre-release 1.6
|
||||
- bootstrap for PowerPC
|
||||
- fix rpmlint errors/warning
|
||||
* Wed Apr 13 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.4-1
|
||||
- rebase to 1.5.4
|
||||
- resolves bz1324344 - CVE-2016-3959
|
||||
- resolves bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used
|
||||
|
||||
* Thu Jan 14 2016 Jakub Čajka <jcajka@redhat.com> - 1.5.3-1
|
||||
- rebase to 1.5.3
|
||||
|
@ -1209,7 +731,7 @@ fi
|
|||
- include sub-packages for compiler toolchains, for all golang supported architectures
|
||||
|
||||
* Wed Mar 26 2014 Vincent Batts <vbatts@fedoraproject.org> 1.2.1-2
|
||||
- provide a system rpm macros. Starting with gopath
|
||||
- provide a system rpm macros. Starting with %gopath
|
||||
|
||||
* Tue Mar 04 2014 Adam Miller <maxamillion@fedoraproject.org> 1.2.1-1
|
||||
- Update to latest upstream
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
From f0fa13b346c1be50aae0eb4349a7c09bdc5826fc Mon Sep 17 00:00:00 2001
|
||||
From: Michael Fraenkel <michael.fraenkel@gmail.com>
|
||||
Date: Wed, 5 Oct 2016 11:27:34 -0400
|
||||
Subject: [PATCH 1/4] [release-branch.go1.6] net/http: multipart ReadForm close
|
||||
file after copy
|
||||
|
||||
Always close the file regardless of whether the copy succeeds or fails.
|
||||
Pass along the close error if the copy succeeds
|
||||
|
||||
Updates #16296
|
||||
|
||||
Change-Id: Ib394655b91d25750f029f17b3846d985f673fb50
|
||||
Reviewed-on: https://go-review.googlesource.com/30410
|
||||
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
||||
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
||||
Reviewed-on: https://go-review.googlesource.com/33640
|
||||
Reviewed-by: Chris Broadfoot <cbro@golang.org>
|
||||
---
|
||||
src/mime/multipart/formdata.go | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go
|
||||
index eee53fc..806b460 100644
|
||||
--- a/src/mime/multipart/formdata.go
|
||||
+++ b/src/mime/multipart/formdata.go
|
||||
@@ -75,8 +75,10 @@ func (r *Reader) ReadForm(maxMemory int64) (f *Form, err error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
- defer file.Close()
|
||||
_, err = io.Copy(file, io.MultiReader(&b, p))
|
||||
+ if cerr := file.Close(); err == nil {
|
||||
+ err = cerr
|
||||
+ }
|
||||
if err != nil {
|
||||
os.Remove(file.Name())
|
||||
return nil, err
|
||||
--
|
||||
2.5.5
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#! /bin/bash
|
||||
tar -xzf $1
|
||||
cat ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt |tail -n +25 | head -n 8465 > ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new
|
||||
mv ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt.new ./go/src/compress/testdata/Mark.Twain-Tom.Sawyer.txt
|
||||
rm -f ./go/src/compress/bzip2/testdata/Mark.Twain-Tom.Sawyer.txt.bz2
|
||||
rm $1
|
||||
tar -czf $1 ./go
|
||||
rm -rf ./go
|
3
sources
3
sources
|
@ -1 +1,2 @@
|
|||
SHA512 (go1.15.5.src.tar.gz) = 8e1d71f628d364b949b1e124af8950a563bbe9d9ae73b94c66af6ce029f67c26e2654556c0c118d0bc8566af52a7e9ed736b4667bbef7ccdab2bd338c43e6eb4
|
||||
549b4d4755323cc4944e292530a2d8bd go1.5.4.src.tar.gz
|
||||
95da7ca97a8b8f5955fb7eb329784489 Mark.Twain-Tom.Sawyer.txt.bz2
|
||||
|
|
Loading…
Reference in New Issue