commit c29de2f6328b573f9c98d0ef5633e51da3d107e3 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 10:41:22 2019 -0400 Package init diff --git a/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch b/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch new file mode 100644 index 0000000..422ca2b --- /dev/null +++ b/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch @@ -0,0 +1,88 @@ +From edce31a2904846ae74e3c011f2cf5fddc963459e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jakub=20=C4=8Cajka?= +Date: Thu, 22 Mar 2018 12:07:32 +0100 +Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the + internal test suite + +--- + src/time/internal_test.go | 7 +++++-- + src/time/zoneinfo_test.go | 3 ++- + src/time/zoneinfo_unix.go | 2 -- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/time/internal_test.go b/src/time/internal_test.go +index 76d5524124..e81ace5f64 100644 +--- a/src/time/internal_test.go ++++ b/src/time/internal_test.go +@@ -4,13 +4,15 @@ + + package time + ++import "runtime" ++ + func init() { + // force US/Pacific for time zone tests + ForceUSPacificForTesting() + } + + func initTestingZone() { +- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:]) ++ z, err := loadLocation("America/Los_Angeles", zoneSources) + if err != nil { + panic("cannot load America/Los_Angeles for testing: " + err.Error()) + } +@@ -21,8 +23,9 @@ func initTestingZone() { + var OrigZoneSources = zoneSources + + func forceZipFileForTesting(zipOnly bool) { +- zoneSources = make([]string, len(OrigZoneSources)) ++ zoneSources = make([]string, len(OrigZoneSources)+1) + copy(zoneSources, OrigZoneSources) ++ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if zipOnly { + zoneSources = zoneSources[len(zoneSources)-1:] + } +diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go +index 7a55d4f618..6063ca1195 100644 +--- a/src/time/zoneinfo_test.go ++++ b/src/time/zoneinfo_test.go +@@ -8,6 +8,7 @@ import ( + "fmt" + "os" + "reflect" ++ "runtime" + "testing" + "time" + ) +@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testing.T) { + t.Fatal(err) + } + +- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1]) ++ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if err != nil { + t.Fatal(err) + } +diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go +index 88313aa0ed..d9596115ef 100644 +--- a/src/time/zoneinfo_unix.go ++++ b/src/time/zoneinfo_unix.go +@@ -12,7 +12,6 @@ + package time + + import ( +- "runtime" + "syscall" + ) + +@@ -22,7 +21,6 @@ var zoneSources = []string{ + "/usr/share/zoneinfo/", + "/usr/share/lib/zoneinfo/", + "/usr/lib/locale/TZ/", +- runtime.GOROOT() + "/lib/time/zoneinfo.zip", + } + + func initLocal() { +-- +2.14.3 + diff --git a/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch b/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch new file mode 100644 index 0000000..072440d --- /dev/null +++ b/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch @@ -0,0 +1,41 @@ +From 817407fc2d6a861e65086388766f58082d38bc0b Mon Sep 17 00:00:00 2001 +From: Michael Munday +Date: Tue, 17 Jan 2017 11:33:38 -0500 +Subject: [PATCH 2/3] syscall: expose IfInfomsg.X__ifi_pad on s390x + +Exposing this field on s390x improves compatibility with the other +linux architectures, all of which already expose it. + +Fixes #18628 and updates #18632. + +Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5 +--- + src/syscall/ztypes_linux_s390x.go | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go +index 63c4a83b19..b5894255df 100644 +--- a/src/syscall/ztypes_linux_s390x.go ++++ b/src/syscall/ztypes_linux_s390x.go +@@ -449,12 +449,12 @@ type RtAttr struct { + } + + type IfInfomsg struct { +- Family uint8 +- _ uint8 +- Type uint16 +- Index int32 +- Flags uint32 +- Change uint32 ++ Family uint8 ++ X__ifi_pad uint8 ++ Type uint16 ++ Index int32 ++ Flags uint32 ++ Change uint32 + } + + type IfAddrmsg struct { +-- +2.14.3 + diff --git a/0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch b/0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch new file mode 100644 index 0000000..ca5631e --- /dev/null +++ b/0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch @@ -0,0 +1,44 @@ +From 867a07a179ebcb40143c76403f7f232b90812059 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Tue, 22 Jan 2019 16:02:41 -0500 +Subject: [PATCH] [release-branch.go1.11-security] crypto/elliptic: reduce + subtraction term to prevent long busy loop + +If beta8 is unusually large, the addition loop might take a very long +time to bring x3-beta8 back positive. + +This would lead to a DoS vulnerability in the implementation of the +P-521 and P-384 elliptic curves that may let an attacker craft inputs +to ScalarMult that consume excessive amounts of CPU. + +This fixes CVE-2019-6486. + +Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a +Reviewed-on: https://team-review.git.corp.google.com/c/399777 +Reviewed-by: Adam Langley +Reviewed-by: Julie Qiu +(cherry picked from commit 746d6abe2dfb9ce7609f8e1e1a8dcb7e221f423e) +Reviewed-on: https://team-review.git.corp.google.com/c/401142 +Reviewed-by: Filippo Valsorda +--- + src/crypto/elliptic/elliptic.go | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go +index 4fc2b5e521..c84657c5e3 100644 +--- a/src/crypto/elliptic/elliptic.go ++++ b/src/crypto/elliptic/elliptic.go +@@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, + + x3 := new(big.Int).Mul(alpha, alpha) + beta8 := new(big.Int).Lsh(beta, 3) ++ beta8.Mod(beta8, curve.P) + x3.Sub(x3, beta8) +- for x3.Sign() == -1 { ++ if x3.Sign() == -1 { + x3.Add(x3, curve.P) + } + x3.Mod(x3, curve.P) +-- +2.17.1 + diff --git a/0004-fix-CVE-2019-9512-9514.patch b/0004-fix-CVE-2019-9512-9514.patch new file mode 100644 index 0000000..1909085 --- /dev/null +++ b/0004-fix-CVE-2019-9512-9514.patch @@ -0,0 +1,173 @@ +From e152b01a468a1c18a290bf9aec52ccea7693c7f2 Mon Sep 17 00:00:00 2001 +From: Filippo Valsorda +Date: Mon, 12 Aug 2019 16:59:30 -0400 +Subject: [PATCH] [release-branch.go1.11-security] net/http: update bundled + http2 to import security fix + +Apply the following unpublished golang.org/x/net commit. + + commit b1cc14aba47abf96f96818003fa4caad3a4b4e86 + Author: Filippo Valsorda + Date: Sun Aug 11 02:12:18 2019 -0400 + + [release-branch.go1.11] http2: limit number of control frames in server send queue + + An attacker could cause servers to queue an unlimited number of PING + ACKs or RST_STREAM frames by soliciting them and not reading them, until + the program runs out of memory. + + Limit control frames in the queue to a few thousands (matching the limit + imposed by other vendors) by counting as they enter and exit the scheduler, + so the protection will work with any WriteScheduler. + + Once the limit is exceeded, close the connection, as we have no way to + communicate with the peer. + + Change-Id: I842968fc6ed3eac654b497ade8cea86f7267886b + Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/525552 + Reviewed-by: Brad Fitzpatrick + (cherry picked from commit 589ad6cc5321fb68a90370348a241a5da0a2cc80) + Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526070 + Reviewed-by: Dmitri Shuralyov + +Fixes CVE-2019-9512 and CVE-2019-9514 +Updates #33606 + +Change-Id: Iecedf1cc63ec7a1cd75661ec591d91ebc911cc64 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526072 +Reviewed-by: Dmitri Shuralyov +--- + src/net/http/h2_bundle.go | 54 +++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 45 insertions(+), 9 deletions(-) + +diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go +index 2cd2b86..6182495 100644 +--- a/src/net/http/h2_bundle.go ++++ b/src/net/http/h2_bundle.go +@@ -3835,10 +3835,11 @@ func (p *http2pipe) Done() <-chan struct{} { + } + + const ( +- http2prefaceTimeout = 10 * time.Second +- http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway +- http2handlerChunkWriteSize = 4 << 10 +- http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? ++ http2prefaceTimeout = 10 * time.Second ++ http2firstSettingsTimeout = 2 * time.Second // should be in-flight with preface anyway ++ http2handlerChunkWriteSize = 4 << 10 ++ http2defaultMaxStreams = 250 // TODO: make this 100 as the GFE seems to? ++ http2maxQueuedControlFrames = 10000 + ) + + var ( +@@ -3946,6 +3947,15 @@ func (s *http2Server) maxConcurrentStreams() uint32 { + return http2defaultMaxStreams + } + ++// maxQueuedControlFrames is the maximum number of control frames like ++// SETTINGS, PING and RST_STREAM that will be queued for writing before ++// the connection is closed to prevent memory exhaustion attacks. ++func (s *http2Server) maxQueuedControlFrames() int { ++ // TODO: if anybody asks, add a Server field, and remember to define the ++ // behavior of negative values. ++ return http2maxQueuedControlFrames ++} ++ + type http2serverInternalState struct { + mu sync.Mutex + activeConns map[*http2serverConn]struct{} +@@ -4254,6 +4264,7 @@ type http2serverConn struct { + sawFirstSettings bool // got the initial SETTINGS frame after the preface + needToSendSettingsAck bool + unackedSettings int // how many SETTINGS have we sent without ACKs? ++ queuedControlFrames int // control frames in the writeSched queue + clientMaxStreams uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit) + advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client + curClientStreams uint32 // number of open streams initiated by the client +@@ -4644,6 +4655,14 @@ func (sc *http2serverConn) serve() { + } + } + ++ // If the peer is causing us to generate a lot of control frames, ++ // but not reading them from us, assume they are trying to make us ++ // run out of memory. ++ if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() { ++ sc.vlogf("http2: too many control frames in send queue, closing connection") ++ return ++ } ++ + // Start the shutdown timer after sending a GOAWAY. When sending GOAWAY + // with no error code (graceful shutdown), don't start the timer until + // all open streams have been completed. +@@ -4845,6 +4864,14 @@ func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) { + } + + if !ignoreWrite { ++ if wr.isControl() { ++ sc.queuedControlFrames++ ++ // For extra safety, detect wraparounds, which should not happen, ++ // and pull the plug. ++ if sc.queuedControlFrames < 0 { ++ sc.conn.Close() ++ } ++ } + sc.writeSched.Push(wr) + } + sc.scheduleFrameWrite() +@@ -4962,10 +4989,8 @@ func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) { + // If a frame is already being written, nothing happens. This will be called again + // when the frame is done being written. + // +-// If a frame isn't being written we need to send one, the best frame +-// to send is selected, preferring first things that aren't +-// stream-specific (e.g. ACKing settings), and then finding the +-// highest priority stream. ++// If a frame isn't being written and we need to send one, the best frame ++// to send is selected by writeSched. + // + // If a frame isn't being written and there's nothing else to send, we + // flush the write buffer. +@@ -4993,6 +5018,9 @@ func (sc *http2serverConn) scheduleFrameWrite() { + } + if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo { + if wr, ok := sc.writeSched.Pop(); ok { ++ if wr.isControl() { ++ sc.queuedControlFrames-- ++ } + sc.startFrameWrite(wr) + continue + } +@@ -5285,6 +5313,8 @@ func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error { + if err := f.ForeachSetting(sc.processSetting); err != nil { + return err + } ++ // TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be ++ // acknowledged individually, even if multiple are received before the ACK. + sc.needToSendSettingsAck = true + sc.scheduleFrameWrite() + return nil +@@ -9476,7 +9506,7 @@ type http2WriteScheduler interface { + + // Pop dequeues the next frame to write. Returns false if no frames can + // be written. Frames with a given wr.StreamID() are Pop'd in the same +- // order they are Push'd. ++ // order they are Push'd. No frames should be discarded except by CloseStream. + Pop() (wr http2FrameWriteRequest, ok bool) + } + +@@ -9520,6 +9550,12 @@ func (wr http2FrameWriteRequest) StreamID() uint32 { + return wr.stream.id + } + ++// isControl reports whether wr is a control frame for MaxQueuedControlFrames ++// purposes. That includes non-stream frames and RST_STREAM frames. ++func (wr http2FrameWriteRequest) isControl() bool { ++ return wr.stream == nil ++} ++ + // DataSize returns the number of flow control bytes that must be consumed + // to write this entire frame. This is 0 for non-DATA frames. + func (wr http2FrameWriteRequest) DataSize() int { +-- +1.9.4 + diff --git a/go1.11.src.tar.gz b/go1.11.src.tar.gz new file mode 100644 index 0000000..c097235 Binary files /dev/null and b/go1.11.src.tar.gz differ diff --git a/golang-gdbinit b/golang-gdbinit new file mode 100644 index 0000000..ecddca6 --- /dev/null +++ b/golang-gdbinit @@ -0,0 +1 @@ +add-auto-load-safe-path /usr/lib/golang/src/runtime/runtime-gdb.py diff --git a/golang.spec b/golang.spec new file mode 100644 index 0000000..151331c --- /dev/null +++ b/golang.spec @@ -0,0 +1,482 @@ +%bcond_with bootstrap +# temporalily ignore test failures +%ifarch x86_64 aarch64 +%bcond_without ignore_tests +%else +%bcond_with ignore_tests +%endif + +# build ids are not currently generated: +# https://code.google.com/p/go/issues/detail?id=5238 +# +# also, debuginfo extraction currently fails with +# "Failed to write file: invalid section alignment" +%global debug_package %{nil} + +# we are shipping the full contents of src in the data subpackage, which +# contains binary-like things (ELF data for tests, etc) +%global _binaries_in_noarch_packages_terminate_build 0 + +# Do not check any files in doc or src for requires +%global __requires_exclude_from ^(%{_datadir}|/usr/lib)/%{name}/(doc|src)/.*$ + +# Don't alter timestamps of especially the .a files (or else go will rebuild later) +# Actually, don't strip at all since we are not even building debug packages and this corrupts the dwarf testdata +%global __strip /bin/true + +# rpmbuild magic to keep from having meta dependency on libc.so.6 +%define _use_internal_dependency_generator 0 +%define __find_requires %{nil} +%global __spec_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot \ + /usr/lib/rpm/brp-compress + +%global golibdir %{_libdir}/golang + +# Golang build options. + +# Build golang using external/internal(close to cgo disabled) linking. +%ifarch x86_64 aarch64 +%global external_linker 1 +%else +%global external_linker 0 +%endif + +# Build golang with cgo enabled/disabled(later equals more or less to internal linking). +%ifarch x86_64 aarch64 +%global cgo_enabled 1 +%else +%global cgo_enabled 0 +%endif + +# Use golang/gcc-go as bootstrap compiler +%if %{with bootstrap} +%global golang_bootstrap 0 +%else +%global golang_bootstrap 1 +%endif + +# Controls what ever we fail on failed tests +%if %{with ignore_tests} +%global fail_on_tests 0 +%else +%global fail_on_tests 1 +%endif + +# Build golang shared objects for stdlib +%ifarch x86_64 aarch64 +%global shared 1 +%else +%global shared 0 +%endif + +# Pre build std lib with -race enabled +%ifarch x86_64 +%global race 1 +%else +%global race 0 +%endif + +%global goroot /usr/lib/%{name} + +%ifarch x86_64 +%global gohostarch amd64 +%endif +%ifarch aarch64 +%global gohostarch arm64 +%endif + +%global go_api 1.11 +%global go_version 1.11 + +Name: golang +Version: 1.11 +Release: 4 +Summary: The Go Programming Language +# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain +License: BSD and Public Domain +URL: http://golang.org/ +Source0: https://storage.googleapis.com/golang/go%{go_version}.src.tar.gz +# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback + +# The compiler is written in Go. Needs go(1.4+) compiler for build. +%if !%{golang_bootstrap} +BuildRequires: gcc-go >= 5 +%else +BuildRequires: golang > 1.4 +%endif +BuildRequires: hostname +# for tests +BuildRequires: pcre-devel, glibc-static, perl-interpreter, procps-ng + +Provides: go = %{version}-%{release} +Requires: %{name}-devel = %{version}-%{release} +# Pre-go1.5, all arches had to be bootstrapped individually, before usable, and +# env variables to compile for the target os-arch. +# Now the host compiler needs only the GOOS and GOARCH environment variables +# set to compile for the target os-arch. +Obsoletes: %{name}-pkg-bin-linux-386 < 1.4.99 +Obsoletes: %{name}-pkg-bin-linux-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-bin-linux-arm < 1.4.99 +Obsoletes: %{name}-pkg-linux-386 < 1.4.99 +Obsoletes: %{name}-pkg-linux-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-linux-arm < 1.4.99 +Obsoletes: %{name}-pkg-darwin-386 < 1.4.99 +Obsoletes: %{name}-pkg-darwin-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-windows-386 < 1.4.99 +Obsoletes: %{name}-pkg-windows-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-plan9-386 < 1.4.99 +Obsoletes: %{name}-pkg-plan9-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-freebsd-386 < 1.4.99 +Obsoletes: %{name}-pkg-freebsd-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-freebsd-arm < 1.4.99 +Obsoletes: %{name}-pkg-netbsd-386 < 1.4.99 +Obsoletes: %{name}-pkg-netbsd-amd64 < 1.4.99 +Obsoletes: %{name}-pkg-netbsd-arm < 1.4.99 +Obsoletes: %{name}-pkg-openbsd-386 < 1.4.99 +Obsoletes: %{name}-pkg-openbsd-amd64 < 1.4.99 + +Obsoletes: golang-vet < 0-12.1 +Obsoletes: golang-cover < 0-12.1 + +Requires(post): %{_sbindir}/update-alternatives +Requires(postun): %{_sbindir}/update-alternatives + +# We strip the meta dependency, but go does require glibc. +# This is an odd issue, still looking for a better fix. +Requires: glibc +Requires: gcc +Requires: git, subversion, mercurial + + + +# Bundled/Vendored provides generated by +# go list -f {{.ImportPath}} ./src/vendor/... | sed "s:_$PWD/src/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):" && go list -f {{.ImportPath}} ./src/cmd/vendor/... | sed "s:_$PWD/src/cmd/vendor/::g;s:_:.:;s:.*:Provides\: bundled(golang(&)):" +Provides: bundled(golang(golang.org/x/crypto/chacha20poly1305)) +Provides: bundled(golang(golang.org/x/crypto/cryptobyte)) +Provides: bundled(golang(golang.org/x/crypto/cryptobyte/asn1)) +Provides: bundled(golang(golang.org/x/crypto/curve25519)) +Provides: bundled(golang(golang.org/x/crypto/internal/chacha20)) +Provides: bundled(golang(golang.org/x/crypto/poly1305)) +Provides: bundled(golang(golang.org/x/net/dns/dnsmessage)) +Provides: bundled(golang(golang.org/x/net/http/httpguts)) +Provides: bundled(golang(golang.org/x/net/http/httpproxy)) +Provides: bundled(golang(golang.org/x/net/http2/hpack)) +Provides: bundled(golang(golang.org/x/net/idna)) +Provides: bundled(golang(golang.org/x/net/internal/nettest)) +Provides: bundled(golang(golang.org/x/net/nettest)) +Provides: bundled(golang(golang.org/x/text/secure)) +Provides: bundled(golang(golang.org/x/text/secure/bidirule)) +Provides: bundled(golang(golang.org/x/text/transform)) +Provides: bundled(golang(golang.org/x/text/unicode)) +Provides: bundled(golang(golang.org/x/text/unicode/bidi)) +Provides: bundled(golang(golang.org/x/text/unicode/norm)) +Provides: bundled(golang(github.com/google/pprof/driver)) +Provides: bundled(golang(github.com/google/pprof/internal/binutils)) +Provides: bundled(golang(github.com/google/pprof/internal/driver)) +Provides: bundled(golang(github.com/google/pprof/internal/elfexec)) +Provides: bundled(golang(github.com/google/pprof/internal/graph)) +Provides: bundled(golang(github.com/google/pprof/internal/measurement)) +Provides: bundled(golang(github.com/google/pprof/internal/plugin)) +Provides: bundled(golang(github.com/google/pprof/internal/proftest)) +Provides: bundled(golang(github.com/google/pprof/internal/report)) +Provides: bundled(golang(github.com/google/pprof/internal/symbolizer)) +Provides: bundled(golang(github.com/google/pprof/internal/symbolz)) +Provides: bundled(golang(github.com/google/pprof/profile)) +Provides: bundled(golang(github.com/google/pprof/third.party/d3)) +Provides: bundled(golang(github.com/google/pprof/third.party/d3flamegraph)) +Provides: bundled(golang(github.com/google/pprof/third.party/svgpan)) +Provides: bundled(golang(github.com/ianlancetaylor/demangle)) +Provides: bundled(golang(golang.org/x/arch/arm/armasm)) +Provides: bundled(golang(golang.org/x/arch/arm64/arm64asm)) +Provides: bundled(golang(golang.org/x/arch/ppc64/ppc64asm)) +Provides: bundled(golang(golang.org/x/arch/x86/x86asm)) +Provides: bundled(golang(golang.org/x/crypto/ssh/terminal)) +Provides: bundled(golang(golang.org/x/sys/unix)) +Provides: bundled(golang(golang.org/x/sys/windows)) +Provides: bundled(golang(golang.org/x/sys/windows/registry)) +Provides: %{name}-bin = %{version}-%{release} +Obsoletes: %{name}-bin +Obsoletes: %{name}-shared +Requires: go-srpm-macros + +Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch +Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch +Patch3: 0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch +Patch4: 0004-fix-CVE-2019-9512-9514.patch + +# Having documentation separate was broken +Obsoletes: %{name}-docs + +# RPM can't handle symlink -> dir with subpackages, so merge back +Obsoletes: %{name}-data < 1.1.1-4 + +# go1.4 deprecates a few packages +Obsoletes: %{name}-vim < 1.4 +Obsoletes: emacs-%{name} < 1.4 + +ExclusiveArch: %{golang_arches} + +Source100: golang-gdbinit + +%description +%{summary}. + +%package help +Summary: Golang compiler helps and manual docs +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +Provides: %{name}-docs = %{version}-%{release} +Obsoletes: %{name}-docs +Provides: %{name}-shared = %{version}-%{release} +Obsoletes: %{name}-shared + + +%description help +%{summary}. + +%package devel +Summary: Golang compiler devel +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +Provides: %{name}-src = %{version}-%{release} +Obsoletes: %{name}-src +Provides: %{name}-tests = %{version}-%{release} +Obsoletes: %{name}-tests +Provides: %{name}-misc = %{version}-%{release} +Obsoletes: %{name}-misc +Obsoletes: %{name}-race = %{version}-%{release} + +%description devel +%{summary}. + +# Workaround old RPM bug of symlink-replaced-with-dir failure +%pretrans -p +for _,d in pairs({"api", "doc", "include", "lib", "src"}) do + path = "%{goroot}/" .. d + if posix.stat(path, "type") == "link" then + os.remove(path) + posix.mkdir(path) + end +end + +%prep +%autosetup -n go -p1 + +%build +# print out system information +uname -a +cat /proc/cpuinfo +cat /proc/meminfo + +# bootstrap compiler GOROOT +%if !%{golang_bootstrap} +export GOROOT_BOOTSTRAP=/ +%else +export GOROOT_BOOTSTRAP=%{goroot} +%endif + +# set up final install location +export GOROOT_FINAL=%{goroot} + +export GOHOSTOS=linux +export GOHOSTARCH=%{gohostarch} + +pushd src +# use our gcc options for this build, but store gcc as default for compiler +export CFLAGS="$RPM_OPT_FLAGS" +export LDFLAGS="$RPM_LD_FLAGS" +export CC="gcc" +export CC_FOR_TARGET="gcc" +export GOOS=linux +export GOARCH=%{gohostarch} +%if !%{external_linker} +export GO_LDFLAGS="-linkmode internal" +%endif +%if !%{cgo_enabled} +export CGO_ENABLED=0 +%endif + +%ifarch aarch64 +export GO_LDFLAGS="-s -w" +%endif + +./make.bash --no-clean -v +popd + +# build shared std lib +%if %{shared} +GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared -v -x std +%endif + +%if %{race} +GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -race -v -x std +%endif + +%install +rm -rf $RPM_BUILD_ROOT +# remove GC build cache +rm -rf pkg/obj/go-build/* + +# create the top level directories +mkdir -p $RPM_BUILD_ROOT%{_bindir} +mkdir -p $RPM_BUILD_ROOT%{goroot} + +# install everything into libdir (until symlink problems are fixed) +# https://code.google.com/p/go/issues/detail?id=5830 +cp -apv api bin doc favicon.ico lib pkg robots.txt src misc test VERSION \ + $RPM_BUILD_ROOT%{goroot} + +# bz1099206 +find $RPM_BUILD_ROOT%{goroot}/src -exec touch -r $RPM_BUILD_ROOT%{goroot}/VERSION "{}" \; +# and level out all the built archives +touch $RPM_BUILD_ROOT%{goroot}/pkg +find $RPM_BUILD_ROOT%{goroot}/pkg -exec touch -r $RPM_BUILD_ROOT%{goroot}/pkg "{}" \; +# generate the spec file ownership of this source tree and packages +cwd=$(pwd) +src_list=$cwd/go-src.list +pkg_list=$cwd/go-pkg.list +shared_list=$cwd/go-shared.list +race_list=$cwd/go-race.list +misc_list=$cwd/go-misc.list +docs_list=$cwd/go-docs.list +tests_list=$cwd/go-tests.list +rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +pushd $RPM_BUILD_ROOT%{goroot} + find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list + find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $src_list + + find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list + find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%{goroot}/%p\n' >> $pkg_list + + find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list + find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list + + find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list + find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list + +%if %{shared} + mkdir -p %{buildroot}/%{_libdir}/ + mkdir -p %{buildroot}/%{golibdir}/ + for file in $(find . -iname "*.so" ); do + chmod 755 $file + mv $file %{buildroot}/%{golibdir} + pushd $(dirname $file) + ln -fs %{golibdir}/$(basename $file) $(basename $file) + popd + echo "%%{goroot}/$file" >> $shared_list + echo "%%{golibdir}/$(basename $file)" >> $shared_list + done + + find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list + find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list +%endif + +%if %{race} + + find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list + find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list + +%endif + + find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list + find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $tests_list + # this is only the zoneinfo.zip + find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list +popd + +# remove the doc Makefile +rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile + +# put binaries to bindir, linked to the arch we're building, +# leave the arch independent pieces in {goroot} +mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch} +ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/go +ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch}/gofmt + +# ensure these exist and are owned +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/github.com +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/bitbucket.org +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/code.google.com/p +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/golang.org/x + +# gdbinit +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d +cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb + +%check +export GOROOT=$(pwd -P) +export PATH="$GOROOT"/bin:"$PATH" +cd src + +export CC="gcc" +export CFLAGS="$RPM_OPT_FLAGS" +export LDFLAGS="$RPM_LD_FLAGS" +%if !%{external_linker} +export GO_LDFLAGS="-linkmode internal" +%endif +%if !%{cgo_enabled} || !%{external_linker} +export CGO_ENABLED=0 +%endif + +# make sure to not timeout +export GO_TEST_TIMEOUT_SCALE=2 + +%if %{fail_on_tests} +# ./run.bash --no-rebuild -v -v -v -k +echo tests ignored +%else +./run.bash --no-rebuild -v -v -v -k || : +%endif +cd .. + + +%post +%{_sbindir}/update-alternatives --install %{_bindir}/go \ + go %{goroot}/bin/go 90 \ + --slave %{_bindir}/gofmt gofmt %{goroot}/bin/gofmt + +%preun +if [ $1 = 0 ]; then + %{_sbindir}/update-alternatives --remove go %{goroot}/bin/go +fi + + +%files -f go-pkg.list +%doc AUTHORS CONTRIBUTORS LICENSE PATENTS +# VERSION has to be present in the GOROOT, for `go install std` to work +%doc %{goroot}/VERSION +%dir %{goroot}/doc +%doc %{goroot}/doc/* + +# go files +%dir %{goroot} +%exclude %{goroot}/src/ +%exclude %{goroot}/doc/ +%exclude %{goroot}/misc/ +%exclude %{goroot}/test/ +%{goroot}/* + +# ensure directory ownership, so they are cleaned up if empty +%dir %{gopath} +%dir %{gopath}/src +%dir %{gopath}/src/github.com/ +%dir %{gopath}/src/bitbucket.org/ +%dir %{gopath}/src/code.google.com/ +%dir %{gopath}/src/code.google.com/p/ +%dir %{gopath}/src/golang.org +%dir %{gopath}/src/golang.org/x + +# gdbinit (for gdb debugging) +%{_sysconfdir}/gdbinit.d + +%files help -f go-docs.list -f go-shared.list + +%files devel -f go-tests.list -f go-misc.list -f go-src.list + +%changelog +* Tue Sep 03 2019 leizhongkai - 1.11-1 +- backport fix CVE-2019-9512 and CVE-2019-9514