Skip to content

Commit

Permalink
New patch release of Golang: v1.19.13 (#1192)
Browse files Browse the repository at this point in the history
* Init new Go Minor Version 1.19 files.

* update values to match new release

* remove quote from README

* include patch for CVE-2023-39319

* remove release from patch pr

---------

Co-authored-by:  <>
  • Loading branch information
rcrozean authored Oct 11, 2023
1 parent c02ca8d commit 1e67574
Show file tree
Hide file tree
Showing 4 changed files with 151 additions and 13 deletions.
2 changes: 1 addition & 1 deletion projects/golang/go/1.19/GIT_TAG
Original file line number Diff line number Diff line change
@@ -1 +1 @@
go1.19.12
go1.19.13
21 changes: 14 additions & 7 deletions projects/golang/go/1.19/README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,27 @@
# EKS Golang 1.19

Current Release: `10`
Current Release: `11`

Tracking Tag: `go1.19.12`
Tracking Tag: `go1.19.13`

### Artifacts:
|Arch|Artifact|sha|
|:---:|:---:|:---:|
|noarch|[golang-1.19.13-11.amzn2.eks.noarch.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm)|[golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256)|
|x86_64|[golang-1.19.13-11.amzn2.eks.x86_64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm)|[golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256)|
|aarch64|[golang-1.19.13-11.amzn2.eks.aarch64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm)|[golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256)|
|arm64|[go1.19.13.linux-arm64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz)|[go1.19.13.linux-arm64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz.sha256)|
|amd64|[go1.19.13.linux-amd64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz)|[go1.19.13.linux-amd64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz.sha256)|

Artifacts: https://distro.eks.amazonaws.com/golang-go1.19/releases/3/RPMS

### ARM64 Builds
[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1.19-ARM64-PROD-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1-19-ARM64-PROD-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)

### AMD64 Builds
[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1.19-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1-19-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)

### Patches
The patches in `./patches` include relevant utility fixes for go `1.19`.

### Spec
The RPM spec file in `./rpmbuild/SPECS` is sourced from the go 1.19 SRPM available on Fedora, and modified to include the relevant patches and build the `go1.19.4` source.

The RPM spec file in `./rpmbuild/SPECS` is sourced from the go 1.19 SRPM available on Fedora, and modified to include the relevant patches and build the `go1.19.13` source.
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
From d370b823909c2010fe9fc8d0d049757deaac249f Mon Sep 17 00:00:00 2001
From: Ian Lance Taylor <[email protected]>
Date: Wed, 20 Sep 2023 16:16:29 -0700
Subject: [PATCH] [release-branch.go1.20] cmd/compile: use absolute file name
in isCgo check

# AWS EKS

Backported To: go-1.19.13-eks
Backported On: Tue, 10 Oct 2023
Backported By: [email protected]
Backported From: release-branch.go1.20
Source Commit: https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49

# Original Information

For #23672
Updates #63211
Fixes #63213
Fixes CVE-2023-39323

Change-Id: I4586a69e1b2560036afec29d53e53cf25e6c7352
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2032884
Reviewed-by: Matthew Dempsky <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
(cherry picked from commit 9b19e751918dd218035811b1ef83a8c2693b864a)
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2037629
Reviewed-by: Tatiana Bradley <[email protected]>
Run-TryBot: Roland Shoemaker <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/533195
Auto-Submit: Michael Pratt <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>
TryBot-Bypass: Michael Pratt <[email protected]>
Reviewed-by: Than McIntosh <[email protected]>
---
misc/cgo/errors/errors_test.go | 24 ++++++++++++++++--------
misc/cgo/errors/testdata/err5.go | 11 +++++++++++
src/cmd/compile/internal/noder/noder.go | 8 +++++++-
3 files changed, 34 insertions(+), 9 deletions(-)
create mode 100644 misc/cgo/errors/testdata/err5.go

diff --git a/misc/cgo/errors/errors_test.go b/misc/cgo/errors/errors_test.go
index 9718b7f9fb..8168032dc3 100644
--- a/misc/cgo/errors/errors_test.go
+++ b/misc/cgo/errors/errors_test.go
@@ -36,16 +36,23 @@ func check(t *testing.T, file string) {
continue
}

- _, frag, ok := bytes.Cut(line, []byte("ERROR HERE: "))
- if !ok {
- continue
+ if _, frag, ok := bytes.Cut(line, []byte("ERROR HERE: ")); ok {
+ re, err := regexp.Compile(fmt.Sprintf(":%d:.*%s", i+1, frag))
+ if err != nil {
+ t.Errorf("Invalid regexp after `ERROR HERE: `: %#q", frag)
+ continue
+ }
+ errors = append(errors, re)
}
- re, err := regexp.Compile(fmt.Sprintf(":%d:.*%s", i+1, frag))
- if err != nil {
- t.Errorf("Invalid regexp after `ERROR HERE: `: %#q", frag)
- continue
+
+ if _, frag, ok := bytes.Cut(line, []byte("ERROR MESSAGE: ")); ok {
+ re, err := regexp.Compile(string(frag))
+ if err != nil {
+ t.Errorf("Invalid regexp after `ERROR MESSAGE: `: %#q", frag)
+ continue
+ }
+ errors = append(errors, re)
}
- errors = append(errors, re)
}
if len(errors) == 0 {
t.Fatalf("cannot find ERROR HERE")
@@ -106,6 +113,7 @@ func TestReportsTypeErrors(t *testing.T) {
for _, file := range []string{
"err1.go",
"err2.go",
+ "err5.go",
"issue11097a.go",
"issue11097b.go",
"issue18452.go",
diff --git a/misc/cgo/errors/testdata/err5.go b/misc/cgo/errors/testdata/err5.go
new file mode 100644
index 0000000000..c12a290d38
--- /dev/null
+++ b/misc/cgo/errors/testdata/err5.go
@@ -0,0 +1,11 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+//line /tmp/_cgo_.go:1
+//go:cgo_dynamic_linker "/elf/interp"
+// ERROR MESSAGE: only allowed in cgo-generated code
+
+func main() {}
diff --git a/src/cmd/compile/internal/noder/noder.go b/src/cmd/compile/internal/noder/noder.go
index d0d95451ac..c99c085037 100644
--- a/src/cmd/compile/internal/noder/noder.go
+++ b/src/cmd/compile/internal/noder/noder.go
@@ -359,8 +359,14 @@ func (p *noder) pragma(pos syntax.Pos, blankLine bool, text string, old syntax.P
// contain cgo directives, and for security reasons
// (primarily misuse of linker flags), other files are not.
// See golang.org/issue/23672.
+// Note that cmd/go ignores files whose names start with underscore,
+// so the only _cgo_ files we will see from cmd/go are generated by cgo.
+// It's easy to bypass this check by calling the compiler directly;
+// we only protect against uses by cmd/go.
func isCgoGeneratedFile(pos syntax.Pos) bool {
- return strings.HasPrefix(filepath.Base(trimFilename(pos.Base())), "_cgo_")
+ // We need the absolute file, independent of //line directives,
+ // so we call pos.Base().Pos().
+ return strings.HasPrefix(filepath.Base(trimFilename(pos.Base().Pos().Base())), "_cgo_")
}

// safeArg reports whether arg is a "safe" command-line argument,
--
2.42.0

15 changes: 10 additions & 5 deletions projects/golang/go/1.19/rpmbuild/SPECS/golang.spec
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@
# Comment out go_prerelease and go_patch as needed
%global go_api 1.19
#global go_prerelease rc2
%global go_patch 12
%global go_patch 13

%global go_version %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease:~%{go_prerelease}}
%global go_source %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease}
Expand Down Expand Up @@ -159,10 +159,12 @@ Requires: %{name}-bin = %{version}-%{release}
Requires: %{name}-src = %{version}-%{release}

Patch1: 0001-go-1.19.12-eks-html-template-support-HTML-lik.patch
Patch2: 0002-go-1.19.12-eks-html-template-properly-handle-.patch
Patch3: 0102-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch4: 0103-cmd-go-disable-Google-s-proxy-and-sumdb.patch
Patch5: 0104-add-method-to-skip-privd-tests-if-required.patch
Patch2: 0002-go-1.19.12-eks-html-template-properly-handle-.patch
Patch3: 0003-go-1.19.13-eks-cmd-compile-use-absolute-file-.patch

Patch102: 0102-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch103: 0103-cmd-go-disable-Google-s-proxy-and-sumdb.patch
Patch104: 0104-add-method-to-skip-privd-tests-if-required.patch

# Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4
Expand Down Expand Up @@ -538,6 +540,9 @@ fi
%endif

%changelog
* Tue Oct 10 2023 Cameron Rozean <[email protected]> - 1.19.13-4
- Includes security fix for CVE-2023-39323

* Wed Sep 06 2023 Cameron Rozean <[email protected]> - 1.19.12-3
- Includes security fix for CVE-2023-39319

Expand Down

0 comments on commit 1e67574

Please sign in to comment.