From 71841a692aac26cb8b671ab844d767d70cb38158 Mon Sep 17 00:00:00 2001 From: basebuilder_pel7ppc64bebuilder0 Date: Sun, 25 Mar 2018 19:45:07 +0200 Subject: [PATCH] added golang source files Signed-off-by: basebuilder_pel7ppc64bebuilder0 --- SOURCES/CVE-2018-7187.patch | 124 ++++++++++++ SOURCES/fedora.go | 7 + SOURCES/go1.5-zoneinfo_testing_only.patch | 70 +++++++ SOURCES/golang-1.10-pkgconfig-fix.patch | 177 ++++++++++++++++++ SOURCES/golang-gdbinit | 1 + .../s390x-expose-IfInfomsg-X__ifi_pad.patch | 36 ++++ 6 files changed, 415 insertions(+) create mode 100644 SOURCES/CVE-2018-7187.patch create mode 100644 SOURCES/fedora.go create mode 100644 SOURCES/go1.5-zoneinfo_testing_only.patch create mode 100644 SOURCES/golang-1.10-pkgconfig-fix.patch create mode 100644 SOURCES/golang-gdbinit create mode 100644 SOURCES/s390x-expose-IfInfomsg-X__ifi_pad.patch diff --git a/SOURCES/CVE-2018-7187.patch b/SOURCES/CVE-2018-7187.patch new file mode 100644 index 00000000..591ba322 --- /dev/null +++ b/SOURCES/CVE-2018-7187.patch @@ -0,0 +1,124 @@ +From c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc Mon Sep 17 00:00:00 2001 +From: Ian Lance Taylor +Date: Thu, 15 Feb 2018 15:57:13 -0800 +Subject: [PATCH] cmd/go: restrict meta imports to valid schemes + +Before this change, when using -insecure, we permitted any meta import +repo root as long as it contained "://". When not using -insecure, we +restrict meta import repo roots to be valid URLs. People may depend on +that somehow, so permit meta import repo roots to be invalid URLs, but +require them to have valid schemes per RFC 3986. + +Fixes #23867 + +Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d +Reviewed-on: https://go-review.googlesource.com/94603 +Reviewed-by: Brad Fitzpatrick +--- + src/cmd/go/internal/get/vcs.go | 34 +++++++++++++++++++++++++++-- + src/cmd/go/internal/get/vcs_test.go | 43 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 75 insertions(+), 2 deletions(-) + +diff --git a/src/cmd/go/internal/get/vcs.go b/src/cmd/go/internal/get/vcs.go +index ee6b16a1369..dced0ed8db5 100644 +--- a/src/cmd/go/internal/get/vcs.go ++++ b/src/cmd/go/internal/get/vcs.go +@@ -809,8 +809,8 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re + } + } + +- if !strings.Contains(mmi.RepoRoot, "://") { +- return nil, fmt.Errorf("%s: invalid repo root %q; no scheme", urlStr, mmi.RepoRoot) ++ if err := validateRepoRootScheme(mmi.RepoRoot); err != nil { ++ return nil, fmt.Errorf("%s: invalid repo root %q: %v", urlStr, mmi.RepoRoot, err) + } + rr := &repoRoot{ + vcs: vcsByCmd(mmi.VCS), +@@ -824,6 +824,36 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re + return rr, nil + } + ++// validateRepoRootScheme returns an error if repoRoot does not seem ++// to have a valid URL scheme. At this point we permit things that ++// aren't valid URLs, although later, if not using -insecure, we will ++// restrict repoRoots to be valid URLs. This is only because we've ++// historically permitted them, and people may depend on that. ++func validateRepoRootScheme(repoRoot string) error { ++ end := strings.Index(repoRoot, "://") ++ if end <= 0 { ++ return errors.New("no scheme") ++ } ++ ++ // RFC 3986 section 3.1. ++ for i := 0; i < end; i++ { ++ c := repoRoot[i] ++ switch { ++ case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z': ++ // OK. ++ case '0' <= c && c <= '9' || c == '+' || c == '-' || c == '.': ++ // OK except at start. ++ if i == 0 { ++ return errors.New("invalid scheme") ++ } ++ default: ++ return errors.New("invalid scheme") ++ } ++ } ++ ++ return nil ++} ++ + var fetchGroup singleflight.Group + var ( + fetchCacheMu sync.Mutex +diff --git a/src/cmd/go/internal/get/vcs_test.go b/src/cmd/go/internal/get/vcs_test.go +index 2cb611fabd8..ece78b563ce 100644 +--- a/src/cmd/go/internal/get/vcs_test.go ++++ b/src/cmd/go/internal/get/vcs_test.go +@@ -416,3 +416,46 @@ func TestMatchGoImport(t *testing.T) { + } + } + } ++ ++func TestValidateRepoRootScheme(t *testing.T) { ++ tests := []struct { ++ root string ++ err string ++ }{ ++ { ++ root: "", ++ err: "no scheme", ++ }, ++ { ++ root: "http://", ++ err: "", ++ }, ++ { ++ root: "a://", ++ err: "", ++ }, ++ { ++ root: "a#://", ++ err: "invalid scheme", ++ }, ++ { ++ root: "-config://", ++ err: "invalid scheme", ++ }, ++ } ++ ++ for _, test := range tests { ++ err := validateRepoRootScheme(test.root) ++ if err == nil { ++ if test.err != "" { ++ t.Errorf("validateRepoRootScheme(%q) = nil, want %q", test.root, test.err) ++ } ++ } else if test.err == "" { ++ if err != nil { ++ t.Errorf("validateRepoRootScheme(%q) = %q, want nil", test.root, test.err) ++ } ++ } else if err.Error() != test.err { ++ t.Errorf("validateRepoRootScheme(%q) = %q, want %q", test.root, err, test.err) ++ } ++ } ++} diff --git a/SOURCES/fedora.go b/SOURCES/fedora.go new file mode 100644 index 00000000..81b28ba3 --- /dev/null +++ b/SOURCES/fedora.go @@ -0,0 +1,7 @@ +// +build rpm_crashtraceback + +package runtime + +func init() { + setTraceback("crash") +} diff --git a/SOURCES/go1.5-zoneinfo_testing_only.patch b/SOURCES/go1.5-zoneinfo_testing_only.patch new file mode 100644 index 00000000..581cb948 --- /dev/null +++ b/SOURCES/go1.5-zoneinfo_testing_only.patch @@ -0,0 +1,70 @@ +diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go +--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go.time 2017-12-05 01:10:10.000000000 +0100 ++++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/internal_test.go 2017-12-05 14:55:10.574637475 +0100 +@@ -4,13 +4,15 @@ + + package time + ++import "runtime" ++ + func init() { + // force US/Pacific for time zone tests + ForceUSPacificForTesting() + } + + func initTestingZone() { +- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:]) ++ z, err := loadLocation("America/Los_Angeles", zoneSources) + if err != nil { + panic("cannot load America/Los_Angeles for testing: " + err.Error()) + } +@@ -21,8 +23,9 @@ func initTestingZone() { + var OrigZoneSources = zoneSources + + func forceZipFileForTesting(zipOnly bool) { +- zoneSources = make([]string, len(OrigZoneSources)) ++ zoneSources = make([]string, len(OrigZoneSources)+1) + copy(zoneSources, OrigZoneSources) ++ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if zipOnly { + zoneSources = zoneSources[len(zoneSources)-1:] + } +diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go +--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go.time 2017-12-05 01:10:10.000000000 +0100 ++++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_test.go 2017-12-05 14:58:09.823109248 +0100 +@@ -8,6 +8,7 @@ import ( + "fmt" + "os" + "reflect" ++ "runtime" + "testing" + "time" + ) +@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testi + t.Fatal(err) + } + +- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1]) ++ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if err != nil { + t.Fatal(err) + } +diff -up go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go +--- go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go.time 2017-12-05 01:10:10.000000000 +0100 ++++ go-dd7cbf3a846c2cb125ac65173abaf6a8b9f903ff/src/time/zoneinfo_unix.go 2017-12-05 14:55:10.574637475 +0100 +@@ -12,7 +12,6 @@ + package time + + import ( +- "runtime" + "syscall" + ) + +@@ -22,7 +21,6 @@ var zoneSources = []string{ + "/usr/share/zoneinfo/", + "/usr/share/lib/zoneinfo/", + "/usr/lib/locale/TZ/", +- runtime.GOROOT() + "/lib/time/zoneinfo.zip", + } + + func initLocal() { diff --git a/SOURCES/golang-1.10-pkgconfig-fix.patch b/SOURCES/golang-1.10-pkgconfig-fix.patch new file mode 100644 index 00000000..24f454a7 --- /dev/null +++ b/SOURCES/golang-1.10-pkgconfig-fix.patch @@ -0,0 +1,177 @@ +From 09581ca4826b6d67b1c3a3c8597038b28a37f52d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jakub=20=C4=8Cajka?= +Date: Fri, 5 Jan 2018 13:38:55 +0100 +Subject: [PATCH] cmd/go/internal/work : improve pkgconfig support to work with + latest(1.4+) pkgconf + +Fixes #23373 + +Fix interfacing with latest(1.4+) pkgconf versions, as they have change the output format, by extending parsing function splitPkgConfigOutput to accommodate more possible fragment escaping formats. Function is based on pkgconfigs own implementation at https://github.com/pkgconf/pkgconf/blob/master/libpkgconf/argvsplit.c. Along with this change test case TestSplitPkgConfigOutput have been expanded. Thanks to ignatenko for help on test cases and insights in to the pkgconfig. + +Change-Id: I55301bb564b07128d5564ec1454dd247f84a95c3 +--- + src/cmd/go/internal/work/build_test.go | 44 +++++++++++++++++--- + src/cmd/go/internal/work/exec.go | 75 +++++++++++++++++++++++----------- + 2 files changed, 90 insertions(+), 29 deletions(-) + +diff --git a/src/cmd/go/internal/work/build_test.go b/src/cmd/go/internal/work/build_test.go +index 3f5ba37c64..c3c63a97a4 100644 +--- a/src/cmd/go/internal/work/build_test.go ++++ b/src/cmd/go/internal/work/build_test.go +@@ -39,14 +39,46 @@ func TestSplitPkgConfigOutput(t *testing.T) { + for _, test := range []struct { + in []byte + want []string ++ pass bool + }{ +- {[]byte(`-r:foo -L/usr/white\ space/lib -lfoo\ bar -lbar\ baz`), []string{"-r:foo", "-L/usr/white space/lib", "-lfoo bar", "-lbar baz"}}, +- {[]byte(`-lextra\ fun\ arg\\`), []string{`-lextra fun arg\`}}, +- {[]byte(`broken flag\`), []string{"broken", "flag"}}, +- {[]byte("\textra whitespace\r\n"), []string{"extra", "whitespace"}}, +- {[]byte(" \r\n "), nil}, ++ {[]byte(`-r:foo -L/usr/white\ space/lib -lfoo\ bar -lbar\ baz`), []string{"-r:foo", "-L/usr/white space/lib", "-lfoo bar", "-lbar baz"}, true}, ++ {[]byte(`-lextra\ fun\ arg\\`), []string{`-lextra fun arg\`}, true}, ++ {[]byte(`broken flag\`), []string{"broken", "flag"}, true}, ++ {[]byte(`extra broken flag \`), []string{"extra", "broken", "flag"}, true}, ++ {[]byte(`\`), nil, true}, ++ {[]byte("\textra whitespace\r\n"), []string{"extra", "whitespace"}, true}, ++ {[]byte(" \r\n "), nil, true}, ++ {[]byte(`"-r:foo" "-L/usr/white space/lib" "-lfoo bar" "-lbar baz"`), []string{"-r:foo", "-L/usr/white space/lib", "-lfoo bar", "-lbar baz"}, true}, ++ {[]byte(`"-lextra fun arg\\"`), []string{`-lextra fun arg\`}, true}, ++ {[]byte(`" \r\n\ "`), []string{` \r\n\ `}, true}, ++ {[]byte(`""`), nil, true}, ++ {[]byte(``), nil, true}, ++ {[]byte(`"\\"`), []string{`\`}, true}, ++ {[]byte(`"\x"`), []string{`\x`}, true}, ++ {[]byte(`"\\x"`), []string{`\x`}, true}, ++ {[]byte(`'\\'`), []string{`\`}, true}, ++ {[]byte(`'\x'`), []string{`\x`}, true}, ++ {[]byte(`"\\x"`), []string{`\x`}, true}, ++ {[]byte(`-fPIC -I/test/include/foo -DQUOTED='"/test/share/doc"'`), []string{"-fPIC", "-I/test/include/foo", `-DQUOTED="/test/share/doc"`}, true}, ++ {[]byte(`-fPIC -I/test/include/foo -DQUOTED="/test/share/doc"`), []string{"-fPIC", "-I/test/include/foo", "-DQUOTED=/test/share/doc"}, true}, ++ {[]byte(`-fPIC -I/test/include/foo -DQUOTED=\"/test/share/doc\"`), []string{"-fPIC", "-I/test/include/foo", `-DQUOTED="/test/share/doc"`}, true}, ++ {[]byte(`-fPIC -I/test/include/foo -DQUOTED='/test/share/doc'`), []string{"-fPIC", "-I/test/include/foo", "-DQUOTED=/test/share/doc"}, true}, ++ {[]byte(`-DQUOTED='/te\st/share/d\oc'`), []string{`-DQUOTED=/te\st/share/d\oc`}, true}, ++ {[]byte(`-Dhello=10 -Dworld=+32 -DDEFINED_FROM_PKG_CONFIG=hello\ world`), []string{"-Dhello=10", "-Dworld=+32", "-DDEFINED_FROM_PKG_CONFIG=hello world"}, true}, ++ {[]byte(`" \r\n `), nil, false}, ++ {[]byte(`"-r:foo" "-L/usr/white space/lib "-lfoo bar" "-lbar baz"`), nil, false}, ++ {[]byte(`"-lextra fun arg\\`), nil, false}, + } { +- got := splitPkgConfigOutput(test.in) ++ got, err := splitPkgConfigOutput(test.in) ++ if err != nil { ++ if test.pass { ++ t.Errorf("splitPkgConfigOutput(%v) = %v; function returned error %v", test.in, got, err) ++ } ++ if got != nil { ++ t.Errorf("splitPkgConfigOutput failed with error %v and output has been non nil %v", err, got) ++ } ++ continue ++ } + if !reflect.DeepEqual(got, test.want) { + t.Errorf("splitPkgConfigOutput(%v) = %v; want %v", test.in, got, test.want) + } +diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go +index a5ab75f6a8..8774be1385 100644 +--- a/src/cmd/go/internal/work/exec.go ++++ b/src/cmd/go/internal/work/exec.go +@@ -900,36 +900,62 @@ func (b *Builder) PkgconfigCmd() string { + } + + // splitPkgConfigOutput parses the pkg-config output into a slice of +-// flags. pkg-config always uses \ to escape special characters. +-func splitPkgConfigOutput(out []byte) []string { ++// flags. This implements the algorithm from pkgconf/libpkgconf/argvsplit.c ++func splitPkgConfigOutput(out []byte) ([]string, error) { + if len(out) == 0 { +- return nil ++ return nil, nil + } + var flags []string +- flag := make([]byte, len(out)) +- r, w := 0, 0 +- for r < len(out) { +- switch out[r] { +- case ' ', '\t', '\r', '\n': +- if w > 0 { +- flags = append(flags, string(flag[:w])) ++ flag := make([]byte, 0, len(out)) ++ escaped := false ++ quote := byte(0) ++ ++ for _, c := range out { ++ if escaped { ++ if quote == '"' || quote == '\'' { ++ switch c { ++ case '$', '`', '"', '\\': ++ default: ++ flag = append(flag, '\\') ++ } ++ flag = append(flag, c) ++ } else { ++ flag = append(flag, c) + } +- w = 0 +- case '\\': +- r++ +- fallthrough +- default: +- if r < len(out) { +- flag[w] = out[r] +- w++ ++ escaped = false ++ } else if quote != 0 { ++ if c == quote { ++ quote = 0 ++ } else { ++ switch c { ++ case '\\': ++ escaped = true ++ default: ++ flag = append(flag, c) ++ } + } ++ } else if strings.IndexByte(" \t\n\v\f\r", c) < 0 { ++ switch c { ++ case '\\': ++ escaped = true ++ case '\'', '"': ++ quote = c ++ default: ++ flag = append(flag, c) ++ } ++ } else if len(flag) != 0 { ++ flags = append(flags, string(flag)) ++ flag = flag[:0] + } +- r++ + } +- if w > 0 { +- flags = append(flags, string(flag[:w])) ++ ++ if quote != 0 { ++ return nil, errors.New("unterminated quoted string in pkgconf output ") ++ } else if len(flag) != 0 { ++ flags = append(flags, string(flag)) + } +- return flags ++ ++ return flags, nil + } + + // Calls pkg-config if needed and returns the cflags/ldflags needed to build the package. +@@ -948,7 +974,10 @@ func (b *Builder) getPkgConfigFlags(p *load.Package) (cflags, ldflags []string, + return nil, nil, errPrintedOutput + } + if len(out) > 0 { +- cflags = splitPkgConfigOutput(out) ++ cflags, err = splitPkgConfigOutput(out) ++ if err != nil { ++ return nil, nil, err ++ } + if err := checkCompilerFlags("CFLAGS", "pkg-config --cflags", cflags); err != nil { + return nil, nil, err + } +-- +2.14.3 + diff --git a/SOURCES/golang-gdbinit b/SOURCES/golang-gdbinit new file mode 100644 index 00000000..ecddca6d --- /dev/null +++ b/SOURCES/golang-gdbinit @@ -0,0 +1 @@ +add-auto-load-safe-path /usr/lib/golang/src/runtime/runtime-gdb.py diff --git a/SOURCES/s390x-expose-IfInfomsg-X__ifi_pad.patch b/SOURCES/s390x-expose-IfInfomsg-X__ifi_pad.patch new file mode 100644 index 00000000..ec530777 --- /dev/null +++ b/SOURCES/s390x-expose-IfInfomsg-X__ifi_pad.patch @@ -0,0 +1,36 @@ +From 84b8c9ceaa5257f7ff4ab059ff208246ecdfe9d9 Mon Sep 17 00:00:00 2001 +From: Michael Munday +Date: Tue, 17 Jan 2017 11:33:38 -0500 +Subject: [PATCH] syscall: expose IfInfomsg.X__ifi_pad on s390x + +Exposing this field on s390x improves compatibility with the other +linux architectures, all of which already expose it. + +Fixes #18628 and updates #18632. + +Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5 +--- + +diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go +index 63c4a83..b589425 100644 +--- a/src/syscall/ztypes_linux_s390x.go ++++ b/src/syscall/ztypes_linux_s390x.go +@@ -449,12 +449,12 @@ + } + + type IfInfomsg struct { +- Family uint8 +- _ uint8 +- Type uint16 +- Index int32 +- Flags uint32 +- Change uint32 ++ Family uint8 ++ X__ifi_pad uint8 ++ Type uint16 ++ Index int32 ++ Flags uint32 ++ Change uint32 + } + + type IfAddrmsg struct {