The package rpms/golang.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/golang.git/commit/?id=ce2a039e09a....
Change:
+%ifarch aarch64 %{arm}
Thanks.
Full change:
============
commit ce2a039e09ad04dfc6bedf0a27a06576044b4a06
Author: Alejandro Sáez <asm(a)redhat.com>
Date: Wed Jun 8 18:14:05 2022 +0200
Backport of patches
Co-authored-by: Maxwell G <gotmax(a)e.email>
Skip tests for arm
Adds 0004-fix-CVE-2022-24675.patch
Resolves: rhbz#2080125
Adds 0005-fix-CVE-2022-28327.patch
Resolves: rhbz#2079826
diff --git a/0004-fix-CVE-2022-24675.patch b/0004-fix-CVE-2022-24675.patch
new file mode 100644
index 0000000..7706200
--- /dev/null
+++ b/0004-fix-CVE-2022-24675.patch
@@ -0,0 +1,291 @@
+From 2116d60993e90d3f9b963c979f4bf1d116af03ff Mon Sep 17 00:00:00 2001
+From: Julie Qiu <julie(a)golang.org>
+Date: Tue, 01 Mar 2022 10:19:38 -0600
+Subject: [PATCH] [release-branch.go1.17] encoding/pem: fix stack overflow in Decode
+
+Previously, Decode called decodeError, a recursive function that was
+prone to stack overflows when given a large PEM file containing errors.
+
+Credit to Juho Nurminen of Mattermost who reported the error.
+
+Fixes CVE-2022-24675
+Updates #51853
+Fixes #52036
+
+Change-Id: Iffe768be53c8ddc0036fea0671d290f8f797692c
+Reviewed-on:
https://team-review.git.corp.google.com/c/golang/go-private/+/1391157
+Reviewed-by: Damien Neil <dneil(a)google.com>
+Reviewed-by: Filippo Valsorda <valsorda(a)google.com>
+(cherry picked from commit 794ea5e828010e8b68493b2fc6d2963263195a02)
+Reviewed-on:
https://go-review.googlesource.com/c/go/+/399816
+Run-TryBot: Dmitri Shuralyov <dmitshur(a)golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur(a)google.com>
+Reviewed-by: Cherry Mui <cherryyz(a)google.com>
+TryBot-Result: Gopher Robot <gobot(a)golang.org>
+---
+
+diff --git a/src/encoding/pem/pem.go b/src/encoding/pem/pem.go
+index a7272da..1bee1c1 100644
+--- a/src/encoding/pem/pem.go
++++ b/src/encoding/pem/pem.go
+@@ -87,123 +87,97 @@
+ // pemStart begins with a newline. However, at the very beginning of
+ // the byte array, we'll accept the start string without it.
+ rest = data
+- if bytes.HasPrefix(data, pemStart[1:]) {
+- rest = rest[len(pemStart)-1 : len(data)]
+- } else if i := bytes.Index(data, pemStart); i >= 0 {
+- rest = rest[i+len(pemStart) : len(data)]
+- } else {
+- return nil, data
+- }
+-
+- typeLine, rest := getLine(rest)
+- if !bytes.HasSuffix(typeLine, pemEndOfLine) {
+- return decodeError(data, rest)
+- }
+- typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)]
+-
+- p = &Block{
+- Headers: make(map[string]string),
+- Type: string(typeLine),
+- }
+-
+ for {
+- // This loop terminates because getLine's second result is
+- // always smaller than its argument.
+- if len(rest) == 0 {
++ if bytes.HasPrefix(rest, pemStart[1:]) {
++ rest = rest[len(pemStart)-1:]
++ } else if i := bytes.Index(rest, pemStart); i >= 0 {
++ rest = rest[i+len(pemStart) : len(rest)]
++ } else {
+ return nil, data
+ }
+- line, next := getLine(rest)
+
+- i := bytes.IndexByte(line, ':')
+- if i == -1 {
+- break
++ var typeLine []byte
++ typeLine, rest = getLine(rest)
++ if !bytes.HasSuffix(typeLine, pemEndOfLine) {
++ continue
++ }
++ typeLine = typeLine[0 : len(typeLine)-len(pemEndOfLine)]
++
++ p = &Block{
++ Headers: make(map[string]string),
++ Type: string(typeLine),
+ }
+
+- // TODO(agl): need to cope with values that spread across lines.
+- key, val := line[:i], line[i+1:]
+- key = bytes.TrimSpace(key)
+- val = bytes.TrimSpace(val)
+- p.Headers[string(key)] = string(val)
+- rest = next
++ for {
++ // This loop terminates because getLine's second result is
++ // always smaller than its argument.
++ if len(rest) == 0 {
++ return nil, data
++ }
++ line, next := getLine(rest)
++
++ i := bytes.IndexByte(line, ':')
++ if i == -1 {
++ break
++ }
++
++ // TODO(agl): need to cope with values that spread across lines.
++ key, val := line[:i], line[i+1:]
++ key = bytes.TrimSpace(key)
++ val = bytes.TrimSpace(val)
++ p.Headers[string(key)] = string(val)
++ rest = next
++ }
++
++ var endIndex, endTrailerIndex int
++
++ // If there were no headers, the END line might occur
++ // immediately, without a leading newline.
++ if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) {
++ endIndex = 0
++ endTrailerIndex = len(pemEnd) - 1
++ } else {
++ endIndex = bytes.Index(rest, pemEnd)
++ endTrailerIndex = endIndex + len(pemEnd)
++ }
++
++ if endIndex < 0 {
++ continue
++ }
++
++ // After the "-----" of the ending line, there should be the same type
++ // and then a final five dashes.
++ endTrailer := rest[endTrailerIndex:]
++ endTrailerLen := len(typeLine) + len(pemEndOfLine)
++ if len(endTrailer) < endTrailerLen {
++ continue
++ }
++
++ restOfEndLine := endTrailer[endTrailerLen:]
++ endTrailer = endTrailer[:endTrailerLen]
++ if !bytes.HasPrefix(endTrailer, typeLine) ||
++ !bytes.HasSuffix(endTrailer, pemEndOfLine) {
++ continue
++ }
++
++ // The line must end with only whitespace.
++ if s, _ := getLine(restOfEndLine); len(s) != 0 {
++ continue
++ }
++
++ base64Data := removeSpacesAndTabs(rest[:endIndex])
++ p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data)))
++ n, err := base64.StdEncoding.Decode(p.Bytes, base64Data)
++ if err != nil {
++ continue
++ }
++ p.Bytes = p.Bytes[:n]
++
++ // the -1 is because we might have only matched pemEnd without the
++ // leading newline if the PEM block was empty.
++ _, rest = getLine(rest[endIndex+len(pemEnd)-1:])
++ return p, rest
+ }
+-
+- var endIndex, endTrailerIndex int
+-
+- // If there were no headers, the END line might occur
+- // immediately, without a leading newline.
+- if len(p.Headers) == 0 && bytes.HasPrefix(rest, pemEnd[1:]) {
+- endIndex = 0
+- endTrailerIndex = len(pemEnd) - 1
+- } else {
+- endIndex = bytes.Index(rest, pemEnd)
+- endTrailerIndex = endIndex + len(pemEnd)
+- }
+-
+- if endIndex < 0 {
+- return decodeError(data, rest)
+- }
+-
+- // After the "-----" of the ending line, there should be the same type
+- // and then a final five dashes.
+- endTrailer := rest[endTrailerIndex:]
+- endTrailerLen := len(typeLine) + len(pemEndOfLine)
+- if len(endTrailer) < endTrailerLen {
+- return decodeError(data, rest)
+- }
+-
+- restOfEndLine := endTrailer[endTrailerLen:]
+- endTrailer = endTrailer[:endTrailerLen]
+- if !bytes.HasPrefix(endTrailer, typeLine) ||
+- !bytes.HasSuffix(endTrailer, pemEndOfLine) {
+- return decodeError(data, rest)
+- }
+-
+- // The line must end with only whitespace.
+- if s, _ := getLine(restOfEndLine); len(s) != 0 {
+- return decodeError(data, rest)
+- }
+-
+- base64Data := removeSpacesAndTabs(rest[:endIndex])
+- p.Bytes = make([]byte, base64.StdEncoding.DecodedLen(len(base64Data)))
+- n, err := base64.StdEncoding.Decode(p.Bytes, base64Data)
+- if err != nil {
+- return decodeError(data, rest)
+- }
+- p.Bytes = p.Bytes[:n]
+-
+- // the -1 is because we might have only matched pemEnd without the
+- // leading newline if the PEM block was empty.
+- _, rest = getLine(rest[endIndex+len(pemEnd)-1:])
+-
+- return
+-}
+-
+-func decodeError(data, rest []byte) (*Block, []byte) {
+- // If we get here then we have rejected a likely looking, but
+- // ultimately invalid PEM block. We need to start over from a new
+- // position. We have consumed the preamble line and will have consumed
+- // any lines which could be header lines. However, a valid preamble
+- // line is not a valid header line, therefore we cannot have consumed
+- // the preamble line for the any subsequent block. Thus, we will always
+- // find any valid block, no matter what bytes precede it.
+- //
+- // For example, if the input is
+- //
+- // -----BEGIN MALFORMED BLOCK-----
+- // junk that may look like header lines
+- // or data lines, but no END line
+- //
+- // -----BEGIN ACTUAL BLOCK-----
+- // realdata
+- // -----END ACTUAL BLOCK-----
+- //
+- // we've failed to parse using the first BEGIN line
+- // and now will try again, using the second BEGIN line.
+- p, rest := Decode(rest)
+- if p == nil {
+- rest = data
+- }
+- return p, rest
+ }
+
+ const pemLineLength = 64
+diff --git a/src/encoding/pem/pem_test.go b/src/encoding/pem/pem_test.go
+index b2b6b15..c94b5ca 100644
+--- a/src/encoding/pem/pem_test.go
++++ b/src/encoding/pem/pem_test.go
+@@ -107,6 +107,12 @@
+ dGVzdA==
+ -----ENDBAR-----`
+
++const pemMissingEndLine = `
++-----BEGIN FOO-----
++Header: 1`
++
++var pemRepeatingBegin = strings.Repeat("-----BEGIN \n", 10)
++
+ var badPEMTests = []struct {
+ name string
+ input string
+@@ -131,14 +137,34 @@
+ "missing ending space",
+ pemMissingEndingSpace,
+ },
++ {
++ "repeating begin",
++ pemRepeatingBegin,
++ },
++ {
++ "missing end line",
++ pemMissingEndLine,
++ },
+ }
+
+ func TestBadDecode(t *testing.T) {
+ for _, test := range badPEMTests {
+- result, _ := Decode([]byte(test.input))
++ result, rest := Decode([]byte(test.input))
+ if result != nil {
+ t.Errorf("unexpected success while parsing %q", test.name)
+ }
++ if string(rest) != test.input {
++ t.Errorf("unexpected rest: %q; want = %q", rest, test.input)
++ }
++ }
++}
++
++func TestCVE202224675(t *testing.T) {
++ // Prior to CVE-2022-24675, this input would cause a stack overflow.
++ input := []byte(strings.Repeat("-----BEGIN \n", 10000000))
++ result, rest := Decode(input)
++ if result != nil || !reflect.DeepEqual(rest, input) {
++ t.Errorf("Encode of %#v decoded as %#v", input, rest)
+ }
+ }
+
diff --git a/0005-fix-CVE-2022-28327.patch b/0005-fix-CVE-2022-28327.patch
new file mode 100644
index 0000000..b4e8a0d
--- /dev/null
+++ b/0005-fix-CVE-2022-28327.patch
@@ -0,0 +1,320 @@
+From 28ffc15c56ac0edccb5b0147ff942127720ca083 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm(a)redhat.com>
+Date: Wed, 8 Jun 2022 19:27:19 +0200
+Subject: [PATCH] Backport CVE-2022-28327 fix from go1.17
+
+---
+ src/crypto/elliptic/elliptic_test.go | 92 ---------------
+ src/crypto/elliptic/p256.go | 2 +-
+ src/crypto/elliptic/p256_test.go | 169 +++++++++++++++++++++++++++
+ 3 files changed, 170 insertions(+), 93 deletions(-)
+ create mode 100644 src/crypto/elliptic/p256_test.go
+
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index bb16b0d163..516a321273 100644
+--- a/src/crypto/elliptic/elliptic_test.go
++++ b/src/crypto/elliptic/elliptic_test.go
+@@ -301,29 +301,6 @@ var p224BaseMultTests = []baseMultTest{
+ },
+ }
+
+-type scalarMultTest struct {
+- k string
+- xIn, yIn string
+- xOut, yOut string
+-}
+-
+-var p256MultTests = []scalarMultTest{
+- {
+- "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737",
+- "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea",
+- "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad",
+- "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3",
+- "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0",
+- },
+- {
+- "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd",
+- "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06",
+- "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031",
+- "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991",
+- "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684",
+- },
+-}
+-
+ func TestBaseMult(t *testing.T) {
+ p224 := P224()
+ for i, e := range p224BaseMultTests {
+@@ -359,65 +336,6 @@ func TestGenericBaseMult(t *testing.T) {
+ }
+ }
+
+-func TestP256BaseMult(t *testing.T) {
+- p256 := P256()
+- p256Generic := p256.Params()
+-
+- scalars :=
make([]*big.Int, 0, len(p224BaseMultTests)+1)
+- for _, e := range p224BaseMultTests {
+- k, _ := new(big.Int).SetString(e.k, 10)
+- scalars = append(scalars, k)
+- }
+- k := new(big.Int).SetInt64(1)
+- k.Lsh(k, 500)
+- scalars = append(scalars, k)
+-
+- for i, k := range scalars {
+- x, y := p256.ScalarBaseMult(k.Bytes())
+- x2, y2 := p256Generic.ScalarBaseMult(k.Bytes())
+- if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 {
+- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2)
+- }
+-
+- if testing.Short() && i > 5 {
+- break
+- }
+- }
+-}
+-
+-func TestP256Mult(t *testing.T) {
+- p256 := P256()
+- p256Generic := p256.Params()
+-
+- for i, e := range p224BaseMultTests {
+- x, _ := new(big.Int).SetString(e.x, 16)
+- y, _ := new(big.Int).SetString(e.y, 16)
+- k, _ := new(big.Int).SetString(e.k, 10)
+-
+- xx, yy := p256.ScalarMult(x, y, k.Bytes())
+- xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes())
+- if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 {
+- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2)
+- }
+- if testing.Short() && i > 5 {
+- break
+- }
+- }
+-
+- for i, e := range p256MultTests {
+- x, _ := new(big.Int).SetString(e.xIn, 16)
+- y, _ := new(big.Int).SetString(e.yIn, 16)
+- k, _ := new(big.Int).SetString(e.k, 16)
+- expectedX, _ := new(big.Int).SetString(e.xOut, 16)
+- expectedY, _ := new(big.Int).SetString(e.yOut, 16)
+-
+- xx, yy := p256.ScalarMult(x, y, k.Bytes())
+- if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
+- t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX,
expectedY)
+- }
+- }
+-}
+-
+ func testInfinity(t *testing.T, curve Curve) {
+ _, x, y, _ := GenerateKey(curve, rand.Reader)
+ x, y = curve.ScalarMult(x, y, curve.Params().N.Bytes())
+@@ -477,16 +395,6 @@ func TestInfinity(t *testing.T) {
+ }
+ }
+
+-type synthCombinedMult struct {
+- Curve
+-}
+-
+-func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte)
(x, y *big.Int) {
+- x1, y1 := s.ScalarBaseMult(baseScalar)
+- x2, y2 := s.ScalarMult(bigX, bigY, scalar)
+- return s.Add(x1, y1, x2, y2)
+-}
+-
+ func TestCombinedMult(t *testing.T) {
+ type combinedMult interface {
+ Curve
+diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
+index c23e414156..787e3e7444 100644
+--- a/src/crypto/elliptic/p256.go
++++ b/src/crypto/elliptic/p256.go
+@@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
+ n := new(big.Int).SetBytes(in)
+ var scalarBytes []byte
+
+- if n.Cmp(p256Params.N) >= 0 {
++ if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
+ n.Mod(n, p256Params.N)
+ scalarBytes = n.Bytes()
+ } else {
+diff --git a/src/crypto/elliptic/p256_test.go b/src/crypto/elliptic/p256_test.go
+new file mode 100644
+index 0000000000..694186df81
+--- /dev/null
++++ b/src/crypto/elliptic/p256_test.go
+@@ -0,0 +1,169 @@
++// Copyright 2021 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package elliptic
++
++import (
++ "math/big"
++ "testing"
++)
++
++type scalarMultTest struct {
++ k string
++ xIn, yIn string
++ xOut, yOut string
++}
++
++var p256MultTests = []scalarMultTest{
++ {
++ "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737",
++ "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea",
++ "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad",
++ "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3",
++ "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0",
++ },
++ {
++ "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd",
++ "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06",
++ "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031",
++ "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991",
++ "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684",
++ },
++}
++
++func TestP256BaseMult(t *testing.T) {
++ p256 := P256()
++ p256Generic := p256.Params()
++
++ scalars :=
make([]*big.Int, 0, len(p224BaseMultTests)+1)
++ for _, e := range p224BaseMultTests {
++ k, _ := new(big.Int).SetString(e.k, 10)
++ scalars = append(scalars, k)
++ }
++ k := new(big.Int).SetInt64(1)
++ k.Lsh(k, 500)
++ scalars = append(scalars, k)
++
++ for i, k := range scalars {
++ x, y := p256.ScalarBaseMult(k.Bytes())
++ x2, y2 := p256Generic.ScalarBaseMult(k.Bytes())
++ if x.Cmp(x2) != 0 || y.Cmp(y2) != 0 {
++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, x, y, x2, y2)
++ }
++
++ if testing.Short() && i > 5 {
++ break
++ }
++ }
++}
++
++func TestP256Mult(t *testing.T) {
++ p256 := P256()
++ p256Generic := p256.Params()
++
++ for i, e := range p224BaseMultTests {
++ x, _ := new(big.Int).SetString(e.x, 16)
++ y, _ := new(big.Int).SetString(e.y, 16)
++ k, _ := new(big.Int).SetString(e.k, 10)
++
++ xx, yy := p256.ScalarMult(x, y, k.Bytes())
++ xx2, yy2 := p256Generic.ScalarMult(x, y, k.Bytes())
++ if xx.Cmp(xx2) != 0 || yy.Cmp(yy2) != 0 {
++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, xx2, yy2)
++ }
++ if testing.Short() && i > 5 {
++ break
++ }
++ }
++
++ for i, e := range p256MultTests {
++ x, _ := new(big.Int).SetString(e.xIn, 16)
++ y, _ := new(big.Int).SetString(e.yIn, 16)
++ k, _ := new(big.Int).SetString(e.k, 16)
++ expectedX, _ := new(big.Int).SetString(e.xOut, 16)
++ expectedY, _ := new(big.Int).SetString(e.yOut, 16)
++
++ xx, yy := p256.ScalarMult(x, y, k.Bytes())
++ if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX,
expectedY)
++ }
++ }
++}
++
++type synthCombinedMult struct {
++ Curve
++}
++
++func (s synthCombinedMult) CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte)
(x, y *big.Int) {
++ x1, y1 := s.ScalarBaseMult(baseScalar)
++ x2, y2 := s.ScalarMult(bigX, bigY, scalar)
++ return s.Add(x1, y1, x2, y2)
++}
++
++func TestP256CombinedMult(t *testing.T) {
++ type combinedMult interface {
++ Curve
++ CombinedMult(bigX, bigY *big.Int, baseScalar, scalar []byte) (x, y *big.Int)
++ }
++
++ p256, ok := P256().(combinedMult)
++ if !ok {
++ p256 = &synthCombinedMult{P256()}
++ }
++
++ gx := p256.Params().Gx
++ gy := p256.Params().Gy
++
++ zero := make([]byte, 32)
++ one := make([]byte, 32)
++ one[31] = 1
++ two := make([]byte, 32)
++ two[31] = 2
++
++ // 0×G + 0×G = ∞
++ x, y := p256.CombinedMult(gx, gy, zero, zero)
++ if x.Sign() != 0 || y.Sign() != 0 {
++ t.Errorf("0×G + 0×G = (%d, %d), should be ∞", x, y)
++ }
++
++ // 1×G + 0×G = G
++ x, y = p256.CombinedMult(gx, gy, one, zero)
++ if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
++ t.Errorf("1×G + 0×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
++ }
++
++ // 0×G + 1×G = G
++ x, y = p256.CombinedMult(gx, gy, zero, one)
++ if x.Cmp(gx) != 0 || y.Cmp(gy) != 0 {
++ t.Errorf("0×G + 1×G = (%d, %d), should be (%d, %d)", x, y, gx, gy)
++ }
++
++ // 1×G + 1×G = 2×G
++ x, y = p256.CombinedMult(gx, gy, one, one)
++ ggx, ggy := p256.ScalarBaseMult(two)
++ if x.Cmp(ggx) != 0 || y.Cmp(ggy) != 0 {
++ t.Errorf("1×G + 1×G = (%d, %d), should be (%d, %d)", x, y, ggx, ggy)
++ }
++
++ minusOne := new(big.Int).Sub(p256.Params().N, big.NewInt(1))
++ // 1×G + (-1)×G = ∞
++ x, y = p256.CombinedMult(gx, gy, one, minusOne.Bytes())
++ if x.Sign() != 0 || y.Sign() != 0 {
++ t.Errorf("1×G + (-1)×G = (%d, %d), should be ∞", x, y)
++ }
++}
++
++func TestIssue52075(t *testing.T) {
++ Gx, Gy := P256().Params().Gx, P256().Params().Gy
++ scalar := make([]byte, 33)
++ scalar[32] = 1
++ x, y := P256().ScalarBaseMult(scalar)
++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
++ t.Errorf("unexpected output (%v,%v)", x, y)
++ }
++ x, y = P256().ScalarMult(Gx, Gy, scalar)
++ if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
++ t.Errorf("unexpected output (%v,%v)", x, y)
++ }
++}
+--
+2.35.3
+
diff --git a/golang.spec b/golang.spec
index 4f8fd3e..6dc536e 100644
--- a/golang.spec
+++ b/golang.spec
@@ -1,7 +1,7 @@
%bcond_with bootstrap
# temporalily ignore test failures
# due to
https://github.com/golang/go/issues/39466
-%ifarch aarch64
+%ifarch aarch64 %{arm}
%bcond_without ignore_tests
%else
%bcond_with ignore_tests
@@ -59,13 +59,6 @@
%global golang_bootstrap 1
%endif
-# Controls what ever we fail on failed tests
-%if %{with ignore_tests}
-%global fail_on_tests 0
-%else
-%global fail_on_tests 1
-%endif
-
# Build golang shared objects for stdlib
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64
%global shared 1
@@ -109,7 +102,7 @@
%global go_version %{go_api}.15
# For rpmdev-bumpspec and releng automation
-%global baserelease 1
+%global baserelease 2
Name: golang
Version: %{go_version}
@@ -159,6 +152,18 @@ Patch1:
0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
+# The issue:
https://github.com/golang/go/issues/51853
+# Fixed in: go1.19
+# Backported by upstream to go1.18.1 and Go1.17.9
+# Patch:
https://go-review.googlesource.com/c/go/+/399816/
+Patch4: 0004-fix-CVE-2022-24675.patch
+
+# The issue:
https://github.com/golang/go/issues/52075
+# Fixed in: go1.19
+# Backported by upstream to go1.18
+# Patch:
https://go-review.googlesource.com/c/go/+/397135/
+Patch5: 0005-fix-CVE-2022-28327.patch
+
# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
@@ -459,11 +464,7 @@ export CGO_ENABLED=0
# make sure to not timeout
export GO_TEST_TIMEOUT_SCALE=2
-%if %{fail_on_tests}
-./run.bash --no-rebuild -v -v -v -k
-%else
-./run.bash --no-rebuild -v -v -v -k || :
-%endif
+./run.bash --no-rebuild -v -v -v -k %{?with_ignore_tests: || :}
cd ..
@@ -529,6 +530,14 @@ fi
%endif
%changelog
+* Wed Jun 08 2022 Alejandro Sáez <asm(a)redhat.com> - 1.16.15-2
+- Backport of patches.
+- Skip tests for arm
+- Adds 0004-fix-CVE-2022-24675.patch
+- Resolves: rhbz#2080125
+- Adds 0005-fix-CVE-2022-28327.patch
+- Resolves: rhbz#2079826
+
* Thu Mar 10 2022 Alejandro Sáez <asm(a)redhat.com> - 1.16.15-1
- Update to go1.16.15