Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New patch release of Golang: v1.19.13 #1198

Merged
merged 5 commits into from
Oct 12, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions projects/golang/go/1.19/README.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# EKS Golang 1.19

Current Release: `11`
Current Release: `12`

Tracking Tag: `go1.19.13`

### Artifacts:
|Arch|Artifact|sha|
|:---:|:---:|:---:|
|noarch|[golang-1.19.13-11.amzn2.eks.noarch.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm)|[golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/noarch/golang-1.19.13-11.amzn2.eks.noarch.rpm.sha256)|
|x86_64|[golang-1.19.13-11.amzn2.eks.x86_64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm)|[golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/x86_64/RPMS/x86_64/golang-1.19.13-11.amzn2.eks.x86_64.rpm.sha256)|
|aarch64|[golang-1.19.13-11.amzn2.eks.aarch64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm)|[golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/aarch64/RPMS/aarch64/golang-1.19.13-11.amzn2.eks.aarch64.rpm.sha256)|
|arm64|[go1.19.13.linux-arm64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz)|[go1.19.13.linux-arm64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz.sha256)|
|amd64|[go1.19.13.linux-amd64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz)|[go1.19.13.linux-amd64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/11/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz.sha256)|
|noarch|[golang-1.19.13-12.amzn2.eks.noarch.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/x86_64/RPMS/noarch/golang-1.19.13-12.amzn2.eks.noarch.rpm)|[golang-1.19.13-12.amzn2.eks.noarch.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/x86_64/RPMS/noarch/golang-1.19.13-12.amzn2.eks.noarch.rpm.sha256)|
|x86_64|[golang-1.19.13-12.amzn2.eks.x86_64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/x86_64/RPMS/x86_64/golang-1.19.13-12.amzn2.eks.x86_64.rpm)|[golang-1.19.13-12.amzn2.eks.x86_64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/x86_64/RPMS/x86_64/golang-1.19.13-12.amzn2.eks.x86_64.rpm.sha256)|
|aarch64|[golang-1.19.13-12.amzn2.eks.aarch64.rpm](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/aarch64/RPMS/aarch64/golang-1.19.13-12.amzn2.eks.aarch64.rpm)|[golang-1.19.13-12.amzn2.eks.aarch64.rpm.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/aarch64/RPMS/aarch64/golang-1.19.13-12.amzn2.eks.aarch64.rpm.sha256)|
|arm64|[go1.19.13.linux-arm64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz)|[go1.19.13.linux-arm64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/archives/linux/arm64/go1.19.13.linux-arm64.tar.gz.sha256)|
|amd64|[go1.19.13.linux-amd64.tar.gz](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz)|[go1.19.13.linux-amd64.tar.gz.sha256](https://distro.eks.amazonaws.com/golang-go1.19.13/release/12/archives/linux/amd64/go1.19.13.linux-amd64.tar.gz.sha256)|


### ARM64 Builds
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,203 @@
From c07a3aaf582aca3f362fbfffa110c17b6b0e0b1d Mon Sep 17 00:00:00 2001
From: Damien Neil <[email protected]>
Date: Fri, 6 Oct 2023 14:16:27 -0700
Subject: [PATCH] [release-branch.go1.20] net/http: regenerate h2_bundle.go

# AWS EKS

Backported To: go-1.19.13-eks
Backported On: Thu, 12 Oct 2023
Backported By: [email protected]
Backported From: release-branch.go1.20
Source Commit: https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68

# Original Information

Pull in a security fix from x/net/http2:
http2: limit maximum handler goroutines to MaxConcurrentStreamso

For #63417
Fixes #63426
Fixes CVE-2023-39325

Change-Id: I6e32397323cd9b4114c990fcc9d19557a7f5f619
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2047401
Reviewed-by: Tatiana Bradley <[email protected]>
TryBot-Result: Security TryBots <[email protected]>
Run-TryBot: Damien Neil <[email protected]>
Reviewed-by: Ian Cottrell <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/534255
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
TryBot-Bypass: Dmitri Shuralyov <[email protected]>
Reviewed-by: Michael Pratt <[email protected]>
Auto-Submit: Dmitri Shuralyov <[email protected]>
---
src/cmd/internal/moddeps/moddeps_test.go | 2 +
src/net/http/h2_bundle.go | 94 ++++++++++++++++++++++--
2 files changed, 91 insertions(+), 5 deletions(-)

diff --git a/src/cmd/internal/moddeps/moddeps_test.go b/src/cmd/internal/moddeps/moddeps_test.go
index 053cb8f548..b05a143c79 100644
--- a/src/cmd/internal/moddeps/moddeps_test.go
+++ b/src/cmd/internal/moddeps/moddeps_test.go
@@ -33,6 +33,8 @@ import (
// See issues 36852, 41409, and 43687.
// (Also see golang.org/issue/27348.)
func TestAllDependencies(t *testing.T) {
+ t.Skip("TODO(#63427): 1.21.3 contains unreleased changes from vendored modules")
+
goBin := testenv.GoToolPath(t)

// Ensure that all packages imported within GOROOT
diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
index 2e5ef078e5..d6a9335c8f 100644
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@@ -4239,9 +4239,11 @@ type http2serverConn struct {
advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
curClientStreams uint32 // number of open streams initiated by the client
curPushedStreams uint32 // number of open streams initiated by server push
+ curHandlers uint32 // number of running handler goroutines
maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests
maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes
streams map[uint32]*http2stream
+ unstartedHandlers []http2unstartedHandler
initialStreamSendWindowSize int32
maxFrameSize int32
headerTableSize uint32
@@ -4635,6 +4637,8 @@ func (sc *http2serverConn) serve() {
return
case http2gracefulShutdownMsg:
sc.startGracefulShutdownInternal()
+ case http2handlerDoneMsg:
+ sc.handlerDone()
default:
panic("unknown timer")
}
@@ -4680,6 +4684,7 @@ var (
http2idleTimerMsg = new(http2serverMessage)
http2shutdownTimerMsg = new(http2serverMessage)
http2gracefulShutdownMsg = new(http2serverMessage)
+ http2handlerDoneMsg = new(http2serverMessage)
)

func (sc *http2serverConn) onSettingsTimer() { sc.sendServeMsg(http2settingsTimerMsg) }
@@ -5642,8 +5647,31 @@ func (sc *http2serverConn) processHeaders(f *http2MetaHeadersFrame) error {
sc.conn.SetReadDeadline(time.Time{})
}

- go sc.runHandler(rw, req, handler)
- return nil
+ return sc.scheduleHandler(id, rw, req, handler)
+}
+
+func (sc *http2serverConn) upgradeRequest(req *Request) {
+ sc.serveG.check()
+ id := uint32(1)
+ sc.maxClientStreamID = id
+ st := sc.newStream(id, 0, http2stateHalfClosedRemote)
+ st.reqTrailer = req.Trailer
+ if st.reqTrailer != nil {
+ st.trailer = make(Header)
+ }
+ rw := sc.newResponseWriter(st, req)
+
+ // Disable any read deadline set by the net/http package
+ // prior to the upgrade.
+ if sc.hs.ReadTimeout != 0 {
+ sc.conn.SetReadDeadline(time.Time{})
+ }
+
+ // This is the first request on the connection,
+ // so start the handler directly rather than going
+ // through scheduleHandler.
+ sc.curHandlers++
+ go sc.runHandler(rw, req, sc.handler.ServeHTTP)
}

func (st *http2stream) processTrailerHeaders(f *http2MetaHeadersFrame) error {
@@ -5871,6 +5899,11 @@ func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2re
}
req = req.WithContext(st.ctx)

+ rw := sc.newResponseWriter(st, req)
+ return rw, req, nil
+}
+
+func (sc *http2serverConn) newResponseWriter(st *http2stream, req *Request) *http2responseWriter {
rws := http2responseWriterStatePool.Get().(*http2responseWriterState)
bwSave := rws.bw
*rws = http2responseWriterState{} // zero all the fields
@@ -5879,14 +5912,65 @@ func (sc *http2serverConn) newWriterAndRequestNoBody(st *http2stream, rp http2re
rws.bw.Reset(http2chunkWriter{rws})
rws.stream = st
rws.req = req
- rws.body = body
+ return &http2responseWriter{rws: rws}
+}

- rw := &http2responseWriter{rws: rws}
- return rw, req, nil
+type http2unstartedHandler struct {
+ streamID uint32
+ rw *http2responseWriter
+ req *Request
+ handler func(ResponseWriter, *Request)
+}
+
+// scheduleHandler starts a handler goroutine,
+// or schedules one to start as soon as an existing handler finishes.
+func (sc *http2serverConn) scheduleHandler(streamID uint32, rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) error {
+ sc.serveG.check()
+ maxHandlers := sc.advMaxStreams
+ if sc.curHandlers < maxHandlers {
+ sc.curHandlers++
+ go sc.runHandler(rw, req, handler)
+ return nil
+ }
+ if len(sc.unstartedHandlers) > int(4*sc.advMaxStreams) {
+ return sc.countError("too_many_early_resets", http2ConnectionError(http2ErrCodeEnhanceYourCalm))
+ }
+ sc.unstartedHandlers = append(sc.unstartedHandlers, http2unstartedHandler{
+ streamID: streamID,
+ rw: rw,
+ req: req,
+ handler: handler,
+ })
+ return nil
+}
+
+func (sc *http2serverConn) handlerDone() {
+ sc.serveG.check()
+ sc.curHandlers--
+ i := 0
+ maxHandlers := sc.advMaxStreams
+ for ; i < len(sc.unstartedHandlers); i++ {
+ u := sc.unstartedHandlers[i]
+ if sc.streams[u.streamID] == nil {
+ // This stream was reset before its goroutine had a chance to start.
+ continue
+ }
+ if sc.curHandlers >= maxHandlers {
+ break
+ }
+ sc.curHandlers++
+ go sc.runHandler(u.rw, u.req, u.handler)
+ sc.unstartedHandlers[i] = http2unstartedHandler{} // don't retain references
+ }
+ sc.unstartedHandlers = sc.unstartedHandlers[i:]
+ if len(sc.unstartedHandlers) == 0 {
+ sc.unstartedHandlers = nil
+ }
}

// Run on its own goroutine.
func (sc *http2serverConn) runHandler(rw *http2responseWriter, req *Request, handler func(ResponseWriter, *Request)) {
+ defer sc.sendServeMsg(http2handlerDoneMsg)
didPanic := true
defer func() {
rw.rws.stream.cancelCtx()
--
2.42.0

4 changes: 4 additions & 0 deletions projects/golang/go/1.19/rpmbuild/SPECS/golang.spec
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ Requires: %{name}-src = %{version}-%{release}
Patch1: 0001-go-1.19.12-eks-html-template-support-HTML-lik.patch
Patch2: 0002-go-1.19.12-eks-html-template-properly-handle-.patch
Patch3: 0003-go-1.19.13-eks-cmd-compile-use-absolute-file-.patch
Patch4: 0004-go-1.19-13-eks-net-http-regenerate-h2_bundle-.patch

Patch102: 0102-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch103: 0103-cmd-go-disable-Google-s-proxy-and-sumdb.patch
Expand Down Expand Up @@ -540,6 +541,9 @@ fi
%endif

%changelog
* Thu Oct 12 2023 Cameron Rozean <[email protected]> - 1.19.13-5
- Includes security fix for CVE-2023-39325

* Tue Oct 10 2023 Cameron Rozean <[email protected]> - 1.19.13-4
- Includes security fix for CVE-2023-39323

Expand Down