community/go: security upgrade to 1.13.10 (CVE-2020-7919)

Issue: alpine/aports!7067

2 files changed, 101 insertions, 11 deletions

diff --git a/community/go/APKBUILD b/community/go/APKBUILD
index 7424eecb34..01eb08bd76 100644
--- a/community/go/APKBUILD
+++ b/community/go/APKBUILD
@@ -3,8 +3,8 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=go
 # go binaries are statically linked, security updates require rebuilds
-pkgver=1.13.4
-pkgrel=1
+pkgver=1.13.10
+pkgrel=0
 pkgdesc="Go programming language compiler"
 url="https://golang.org/"
 arch="all"
@@ -17,6 +17,7 @@ source="https://golang.org/dl/go${pkgver/_/}.src.tar.gz
 	default-buildmode-pie.patch
 	set-external-linker.patch
 	disable-flaky-sync-test.patch
+	fix-rlimit-syscall-aarch64-armv7.patch
 	"
 
 case "$CARCH" in
@@ -25,18 +26,20 @@ case "$CARCH" in
 esac
 
 # secfixes:
+#   1.13.7-r0:
+#     - CVE-2020-7919
 #   1.13.2-r0:
-#   - CVE-2019-17596
+#     - CVE-2019-17596
 #   1.13.1-r0:
-#   - CVE-2019-16276
+#     - CVE-2019-16276
 #   1.12.8-r0:
-#   - CVE-2019-9512
-#   - CVE-2019-9514
-#   - CVE-2019-14809
+#     - CVE-2019-9512
+#     - CVE-2019-9514
+#     - CVE-2019-14809
 #   1.11.5-r0:
-#   - CVE-2019-6486
+#     - CVE-2019-6486
 #   1.9.4-r0:
-#   - CVE-2018-6574
+#     - CVE-2018-6574
 
 # NOTE: building go for x86 with grsec kernel requires:
 #           sysctl -w kernel.modify_ldt=1
@@ -137,7 +140,8 @@ package() {
 		-exec rm -rf \{\} \+
 }
 
-sha512sums="e8155cdceca2ebefd386feef98223bbdc92d9316f7188d4ba701cf43a723b75a9bf67a1eb92ac80987b7a113a2fb6981ef235292bec7dd3964805b7c33abdbb1  go1.13.4.src.tar.gz
+sha512sums="9e020dd89ab6201c4cbb893caecc0b077d5fbb2e10381e1b76a29ddc18c141d8db67a1b0f607ed915b0e9c40c4fb2c65b0319472535892534a31ad962e72fe05  go1.13.10.src.tar.gz
 f0c07d9979fc3165fc78158406de8440624b3f2c6f6542c9889c71efbf3d2f02a7ffee27ccba8c2630489895d331b7b9d3a606162134dcb3e8e0b9fc06b529dc  default-buildmode-pie.patch
 faf8de430df185842902322f064254f3e9ecee0884b3075b5550c85da15ff61ea6c2bb8d0fb7cf3887abc0e40974bd73ee8f8c14da7f914dde7e9220177c4e2a  set-external-linker.patch
-6ce14ca43fd35520e667530af91cfcad8902d635e6dd8c04d19428299b9e29ba049120f5eebbb00717a895f052d1cc40d3f522c090786625cce726715a8218ec  disable-flaky-sync-test.patch"
+6ce14ca43fd35520e667530af91cfcad8902d635e6dd8c04d19428299b9e29ba049120f5eebbb00717a895f052d1cc40d3f522c090786625cce726715a8218ec  disable-flaky-sync-test.patch
+91298a7b74cce2405fe9774ebc67c78691fb7ffe5d34c3d22e2632900158efc6f922387f58265bb0587be1f37a91240d604d52e96c9315e7fb83e0210b274715  fix-rlimit-syscall-aarch64-armv7.patch"
diff --git a/community/go/fix-rlimit-syscall-aarch64-armv7.patch b/community/go/fix-rlimit-syscall-aarch64-armv7.patch
new file mode 100644
index 0000000000..bda590afd0
--- /dev/null
+++ b/community/go/fix-rlimit-syscall-aarch64-armv7.patch
@@ -0,0 +1,86 @@
+Upstream: Yes
+Url: https://github.com/golang/go/issues/38604
+
+From a6895a6a52aa5e865b8ee055a8bf85982c91b555 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Mon, 27 Apr 2020 17:43:35 -0700
+Subject: [PATCH] syscall: on linux-arm64, prefer prlimit to {g,s}etrlimit
+
+Reportedly some Docker images accept the prlimit64 system call,
+used by syscall.prlimit, but prohibit the getrlimit and setrlimit
+system calls.
+
+Fixes #38604
+
+Change-Id: I91ff9370450b4869098cc8e335bbb7b863060508
+---
+
+diff --git a/src/syscall/syscall_linux_arm64.go b/src/syscall/syscall_linux_arm64.go
+index 6d3b3df..1ad9dd8 100644
+--- a/src/syscall/syscall_linux_arm64.go
++++ b/src/syscall/syscall_linux_arm64.go
+@@ -28,7 +28,7 @@
+ //sysnb	Getegid() (egid int)
+ //sysnb	Geteuid() (euid int)
+ //sysnb	Getgid() (gid int)
+-//sysnb	Getrlimit(resource int, rlim *Rlimit) (err error)
++//sysnb	getrlimit(resource int, rlim *Rlimit) (err error)
+ //sysnb	Getuid() (uid int)
+ //sys	Listen(s int, n int) (err error)
+ //sys	Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+@@ -41,7 +41,7 @@
+ //sysnb	Setregid(rgid int, egid int) (err error)
+ //sysnb	Setresgid(rgid int, egid int, sgid int) (err error)
+ //sysnb	Setresuid(ruid int, euid int, suid int) (err error)
+-//sysnb	Setrlimit(resource int, rlim *Rlimit) (err error)
++//sysnb	setrlimit(resource int, rlim *Rlimit) (err error)
+ //sysnb	Setreuid(ruid int, euid int) (err error)
+ //sys	Shutdown(fd int, how int) (err error)
+ //sys	Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int64, err error)
+@@ -171,6 +171,24 @@
+ 	return
+ }
+ 
++// Getrlimit prefers the prlimit64 system call. See issue 38604.
++func Getrlimit(resource int, rlim *Rlimit) error {
++	err := prlimit(0, resource, nil, rlim)
++	if err != ENOSYS {
++		return err
++	}
++	return getrlimit(resource, rlim)
++}
++
++// Setrlimit prefers the prlimit64 system call. See issue 38604.
++func Setrlimit(resource int, rlim *Rlimit) error {
++	err := prlimit(0, resource, rlim, nil)
++	if err != ENOSYS {
++		return err
++	}
++	return setrlimit(resource, rlim)
++}
++
+ func (r *PtraceRegs) PC() uint64 { return r.Pc }
+ 
+ func (r *PtraceRegs) SetPC(pc uint64) { r.Pc = pc }
+diff --git a/src/syscall/zsyscall_linux_arm64.go b/src/syscall/zsyscall_linux_arm64.go
+index b62383e..f20f05e 100644
+--- a/src/syscall/zsyscall_linux_arm64.go
++++ b/src/syscall/zsyscall_linux_arm64.go
+@@ -1158,7 +1158,7 @@
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
+-func Getrlimit(resource int, rlim *Rlimit) (err error) {
++func getrlimit(resource int, rlim *Rlimit) (err error) {
+ 	_, _, e1 := RawSyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+ 	if e1 != 0 {
+ 		err = errnoErr(e1)
+@@ -1312,7 +1312,7 @@
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
+-func Setrlimit(resource int, rlim *Rlimit) (err error) {
++func setrlimit(resource int, rlim *Rlimit) (err error) {
+ 	_, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+ 	if e1 != 0 {
+ 		err = errnoErr(e1)