From a72bc5cab91069345d6be9e60758cb693d47534f Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Mon, 16 Oct 2023 15:23:01 +0000
Subject: [PATCH] import golang-1.19.13-1.module+el8.8.0+20373+d9cd605c

---
 .gitignore                                    |  2 -
 .golang.checksum                              |  2 +-
 .golang.metadata                              |  4 +-
 SOURCES/fix-memory-leak-evp-sign-verify.patch | 48 -------------------
 SPECS/golang.spec                             | 19 +++++---
 5 files changed, 16 insertions(+), 59 deletions(-)
 delete mode 100644 .gitignore
 delete mode 100644 SOURCES/fix-memory-leak-evp-sign-verify.patch

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 5600ca0..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-SOURCES/go1.19.9-1-openssl-fips.tar.gz
-SOURCES/go1.19.9.tar.gz
diff --git a/.golang.checksum b/.golang.checksum
index 4bfeaa8..d3ef809 100644
--- a/.golang.checksum
+++ b/.golang.checksum
@@ -1 +1 @@
-ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12
+42e39a16939df3ab342cc0b42799090d067933958b075b43712b67a4ebfb3073
diff --git a/.golang.metadata b/.golang.metadata
index 8c4d4b6..acd0617 100644
--- a/.golang.metadata
+++ b/.golang.metadata
@@ -1,2 +1,2 @@
-55d30126b7b78f006dfed700355621bc0ee2e6f8e4969499333d1df3ad93a912  SOURCES/go1.19.10-1-openssl-fips.tar.gz
-8b87b1de458bccd4aa239ec7c3be4683634a985ded6171ada2fd6150baf57630  SOURCES/go1.19.10.tar.gz
+5bb2656868a17c1c250755c3380fff3fb3f2fedd2574894b5d8d11d8d146c757  SOURCES/go1.19.13-2-openssl-fips.tar.gz
+51b8c3be568c9034808a3186ab3b03593c57aa4489ca39038b08a3ab730614a3  SOURCES/go1.19.13.tar.gz
diff --git a/SOURCES/fix-memory-leak-evp-sign-verify.patch b/SOURCES/fix-memory-leak-evp-sign-verify.patch
deleted file mode 100644
index ef231bf..0000000
--- a/SOURCES/fix-memory-leak-evp-sign-verify.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-index 2124978..1f853b4 100644
---- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
-@@ -44,7 +44,11 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
-                              GO_RSA *rsa_key) {
-   int ret = 0;
-   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
--  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
-+  if (!pk)
-+    return 0;
-+
-+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
-+    goto err;
- 
-   if (!ctx && !(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
-     goto err;
-@@ -64,6 +68,8 @@ int _goboringcrypto_EVP_sign_raw(EVP_MD *md, EVP_PKEY_CTX *ctx, const uint8_t *m
- err:
-   if (ctx)
-     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+  if (pk)
-+    _goboringcrypto_EVP_PKEY_free(pk);
- 
-   return ret;
- }
-@@ -104,7 +110,11 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
-   int ret = 0;
-   EVP_PKEY_CTX *ctx;
-   GO_EVP_PKEY *pk = _goboringcrypto_EVP_PKEY_new();
--  _goboringcrypto_EVP_PKEY_assign_RSA(pk, rsa_key);
-+  if (!pk)
-+    return 0;
-+
-+  if (!(_goboringcrypto_EVP_PKEY_set1_RSA(pk, rsa_key)))
-+    goto err;
- 
-   if (!(ctx = _goboringcrypto_EVP_PKEY_CTX_new(pk, NULL)))
-     goto err;
-@@ -124,6 +134,8 @@ int _goboringcrypto_EVP_verify_raw(const uint8_t *msg, size_t msgLen,
- err:
-   if (ctx)
-     _goboringcrypto_EVP_PKEY_CTX_free(ctx);
-+  if (pk)
-+    _goboringcrypto_EVP_PKEY_free(pk);
- 
-   return ret;
- }
diff --git a/SPECS/golang.spec b/SPECS/golang.spec
index a92e4a4..338a38c 100644
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@@ -96,13 +96,12 @@
 %endif
 
 %global go_api 1.19
-%global version 1.19.10
-%global pkg_release 1
+%global version 1.19.13
+%global pkg_release 2
 
 Name:           golang
 Version:        %{version}
 Release:        1%{?dist}
-
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@@ -149,7 +148,6 @@ Patch1939923:   skip_test_rhbz1939923.patch
 
 Patch2: 	disable_static_tests_part1.patch
 Patch3: 	disable_static_tests_part2.patch
-Patch6:		fix-memory-leak-evp-sign-verify.patch
 
 Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch
 
@@ -247,6 +245,8 @@ tar -xf %{SOURCE1}
 popd
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
 patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
+patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/003-h2-bundle-fix-CVE-2023-39325.patch
 
 # Configure crypto tests
 pushd ../go-go%{version}-%{pkg_release}-openssl-fips
@@ -254,10 +254,8 @@ ln -s ../go-go%{version} go
 ./scripts/configure-crypto-tests.sh
 popd
 
-
 %patch2 -p1
 %patch3 -p1
-%patch6 -p1
 
 %patch221 -p1
 
@@ -536,6 +534,15 @@ cd ..
 %endif
 
 %changelog
+* Thu Oct 12 2023 David Benoit <dbenoit@redhat.com> - 1.19.13-1
+- Fix CVE-2023-39325
+- Resolves: RHEL-12618
+
+* Wed Aug 30 2023 David Benoit <dbenoit@redhat.com> - 1.19.12-1
+- Update to Go 1.19.12
+- Midstream patches
+- Resolves: rhbz#2223641
+
 * Tue Jun 6 2023 David Benoit <dbenoit@redhat.com> - 1.19.10-1
 - Update to Go 1.19.10
 - Resolves: rhbz#2217623
-- 
GitLab