New patch release of Golang: v1.19.13

projects/golang/go/1.19/GIT_TAG

@@ -1 +1 @@
-go1.19.12
+go1.19.13

projects/golang/go/1.19/README.md

@@ -1,20 +1,27 @@
 # EKS Golang 1.19
 
-Current Release: `10`
+Current Release: `11`
 
-Tracking Tag: `go1.19.12`
+Tracking Tag: `go1.19.13`
+
+### Artifacts:  
+|Arch|Artifact|sha|
+|:---:|:---:|:---:|
+|noarch|[golang-1.19.13-11.amzn2.eks.noarch.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm)|[golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256)|
+|x86_64|[golang-1.19.13-11.amzn2.eks.x86_64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm)|[golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256)|
+|aarch64|[golang-1.19.13-11.amzn2.eks.aarch64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm)|[golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256)|
+|arm64|[go1.19.13.linux-arm64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz)|[go1.19.13.linux-arm64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz.sha256)|
+|amd64|[go1.19.13.linux-amd64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz)|[go1.19.13.linux-amd64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz.sha256)|
 
-Artifacts: https://distro.eks.amazonaws.com/golang-go1.19/releases/3/RPMS
 
 ### ARM64 Builds
-[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1.19-ARM64-PROD-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
+[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1-19-ARM64-PROD-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
 
 ### AMD64 Builds
-[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1.19-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
+[![Build status](https://prow.eks.amazonaws.com/badge.svg?jobs=golang-1-19-tooling-postsubmit)](https://prow.eks.amazonaws.com/?repo=aws%2Feks-distro-build-tooling&type=postsubmit)
 
 ### Patches
 The patches in `./patches` include relevant utility fixes for go `1.19`.
 
 ### Spec
-The RPM spec file in `./rpmbuild/SPECS` is sourced from the go 1.19 SRPM available on Fedora, and modified to include the relevant patches and build the `go1.19.4` source.
-
+The RPM spec file in `./rpmbuild/SPECS` is sourced from the go 1.19 SRPM available on Fedora, and modified to include the relevant patches and build the `go1.19.13` source.

projects/golang/go/1.19/patches/0003-go-1.19.13-eks-cmd-compile-use-absolute-file-.patch

@@ -0,0 +1,126 @@
+From d370b823909c2010fe9fc8d0d049757deaac249f Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <[email protected]>
+Date: Wed, 20 Sep 2023 16:16:29 -0700
+Subject: [PATCH] [release-branch.go1.20] cmd/compile: use absolute file name
+ in isCgo check
+
+# AWS EKS
+
+Backported To: go-1.19.13-eks
+Backported On: Tue, 10 Oct 2023
+Backported By: [email protected]
+Backported From: release-branch.go1.20
+Source Commit: https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49
+
+# Original Information
+
+For #23672
+Updates #63211
+Fixes #63213
+Fixes CVE-2023-39323
+
+Change-Id: I4586a69e1b2560036afec29d53e53cf25e6c7352
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2032884
+Reviewed-by: Matthew Dempsky <[email protected]>
+Reviewed-by: Roland Shoemaker <[email protected]>
+(cherry picked from commit 9b19e751918dd218035811b1ef83a8c2693b864a)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2037629
+Reviewed-by: Tatiana Bradley <[email protected]>
+Run-TryBot: Roland Shoemaker <[email protected]>
+Reviewed-by: Damien Neil <[email protected]>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/533195
+Auto-Submit: Michael Pratt <[email protected]>
+Reviewed-by: Ian Lance Taylor <[email protected]>
+TryBot-Bypass: Michael Pratt <[email protected]>
+Reviewed-by: Than McIntosh <[email protected]>
+---
+ misc/cgo/errors/errors_test.go          | 24 ++++++++++++++++--------
+ misc/cgo/errors/testdata/err5.go        | 11 +++++++++++
+ src/cmd/compile/internal/noder/noder.go |  8 +++++++-
+ 3 files changed, 34 insertions(+), 9 deletions(-)
+ create mode 100644 misc/cgo/errors/testdata/err5.go
+
+diff --git a/misc/cgo/errors/errors_test.go b/misc/cgo/errors/errors_test.go
+index 9718b7f9fb..8168032dc3 100644
+--- a/misc/cgo/errors/errors_test.go
++++ b/misc/cgo/errors/errors_test.go
+@@ -36,16 +36,23 @@ func check(t *testing.T, file string) {
+ 				continue
+ 			}
+
+-			_, frag, ok := bytes.Cut(line, []byte("ERROR HERE: "))
+-			if !ok {
+-				continue
++			if _, frag, ok := bytes.Cut(line, []byte("ERROR HERE: ")); ok {
++				re, err := regexp.Compile(fmt.Sprintf(":%d:.*%s", i+1, frag))
++				if err != nil {
++					t.Errorf("Invalid regexp after `ERROR HERE: `: %#q", frag)
++					continue
++				}
++				errors = append(errors, re)
+ 			}
+-			re, err := regexp.Compile(fmt.Sprintf(":%d:.*%s", i+1, frag))
+-			if err != nil {
+-				t.Errorf("Invalid regexp after `ERROR HERE: `: %#q", frag)
+-				continue
++
++			if _, frag, ok := bytes.Cut(line, []byte("ERROR MESSAGE: ")); ok {
++				re, err := regexp.Compile(string(frag))
++				if err != nil {
++					t.Errorf("Invalid regexp after `ERROR MESSAGE: `: %#q", frag)
++					continue
++				}
++				errors = append(errors, re)
+ 			}
+-			errors = append(errors, re)
+ 		}
+ 		if len(errors) == 0 {
+ 			t.Fatalf("cannot find ERROR HERE")
+@@ -106,6 +113,7 @@ func TestReportsTypeErrors(t *testing.T) {
+ 	for _, file := range []string{
+ 		"err1.go",
+ 		"err2.go",
++		"err5.go",
+ 		"issue11097a.go",
+ 		"issue11097b.go",
+ 		"issue18452.go",
+diff --git a/misc/cgo/errors/testdata/err5.go b/misc/cgo/errors/testdata/err5.go
+new file mode 100644
+index 0000000000..c12a290d38
+--- /dev/null
++++ b/misc/cgo/errors/testdata/err5.go
+@@ -0,0 +1,11 @@
++// Copyright 2023 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package main
++
++//line /tmp/_cgo_.go:1
++//go:cgo_dynamic_linker "/elf/interp"
++// ERROR MESSAGE: only allowed in cgo-generated code
++
++func main() {}
+diff --git a/src/cmd/compile/internal/noder/noder.go b/src/cmd/compile/internal/noder/noder.go
+index d0d95451ac..c99c085037 100644
+--- a/src/cmd/compile/internal/noder/noder.go
++++ b/src/cmd/compile/internal/noder/noder.go
+@@ -359,8 +359,14 @@ func (p *noder) pragma(pos syntax.Pos, blankLine bool, text string, old syntax.P
+ // contain cgo directives, and for security reasons
+ // (primarily misuse of linker flags), other files are not.
+ // See golang.org/issue/23672.
++// Note that cmd/go ignores files whose names start with underscore,
++// so the only _cgo_ files we will see from cmd/go are generated by cgo.
++// It's easy to bypass this check by calling the compiler directly;
++// we only protect against uses by cmd/go.
+ func isCgoGeneratedFile(pos syntax.Pos) bool {
+-	return strings.HasPrefix(filepath.Base(trimFilename(pos.Base())), "_cgo_")
++	// We need the absolute file, independent of //line directives,
++	// so we call pos.Base().Pos().
++	return strings.HasPrefix(filepath.Base(trimFilename(pos.Base().Pos().Base())), "_cgo_")
+ }
+
+ // safeArg reports whether arg is a "safe" command-line argument,
+-- 
+2.42.0
+

projects/golang/go/1.19/rpmbuild/SPECS/golang.spec

@@ -108,7 +108,7 @@
 # Comment out go_prerelease and go_patch as needed
 %global go_api 1.19
 #global go_prerelease rc2
-%global go_patch 12
+%global go_patch 13
 
 %global go_version %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease:~%{go_prerelease}}
 %global go_source %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease}
@@ -159,10 +159,12 @@ Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
 
 Patch1:       0001-go-1.19.12-eks-html-template-support-HTML-lik.patch
-Patch2:	      0002-go-1.19.12-eks-html-template-properly-handle-.patch
-Patch3:       0102-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
-Patch4:       0103-cmd-go-disable-Google-s-proxy-and-sumdb.patch
-Patch5:       0104-add-method-to-skip-privd-tests-if-required.patch
+Patch2:       0002-go-1.19.12-eks-html-template-properly-handle-.patch
+Patch3:       0003-go-1.19.13-eks-cmd-compile-use-absolute-file-.patch
+
+Patch102:       0102-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
+Patch103:       0103-cmd-go-disable-Google-s-proxy-and-sumdb.patch
+Patch104:       0104-add-method-to-skip-privd-tests-if-required.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -538,6 +540,9 @@ fi
 %endif
 
 %changelog
+* Tue Oct 10 2023 Cameron Rozean <[email protected]> - 1.19.13-4
+- Includes security fix for CVE-2023-39323
+
 * Wed Sep 06 2023 Cameron Rozean <[email protected]> - 1.19.12-3
 - Includes security fix for CVE-2023-39319