From 4042d64b0c560ecd8d8606d01b69d402dab3d293 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
Date: Fri, 1 Jul 2022 17:11:36 +0200
Subject: [PATCH] Backport of patch

Resolves: rhbz#2093092
Adds 0006-fix-CVE-2022-29526.patch
---
 0006-fix-CVE-2022-29526.patch | 25 +++++++++++++++++++++++++
 golang.spec                   | 13 ++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 0006-fix-CVE-2022-29526.patch

diff --git a/0006-fix-CVE-2022-29526.patch b/0006-fix-CVE-2022-29526.patch
new file mode 100644
index 0000000..72c6a73
--- /dev/null
+++ b/0006-fix-CVE-2022-29526.patch
@@ -0,0 +1,25 @@
+From 4115e1e9943e7627e7028a7343b2db6280a9fe0f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Fri, 1 Jul 2022 17:07:06 +0200
+Subject: [PATCH] Backport of CVE-2022-29526 from go1.17
+
+---
+ src/syscall/syscall_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
+index 3041f6f8fc..b2cc53e5c0 100644
+--- a/src/syscall/syscall_linux.go
++++ b/src/syscall/syscall_linux.go
+@@ -106,7 +106,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ 			gid = Getgid()
+ 		}
+ 
+-		if uint32(gid) == st.Gid || isGroupMember(gid) {
++		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
+ 			fmode = (st.Mode >> 3) & 7
+ 		} else {
+ 			fmode = st.Mode & 7
+-- 
+2.35.3
+
diff --git a/golang.spec b/golang.spec
index 6dc536e..5bc5d86 100644
--- a/golang.spec
+++ b/golang.spec
@@ -102,7 +102,7 @@
 %global go_version %{go_api}.15
 
 # For rpmdev-bumpspec and releng automation
-%global baserelease 2
+%global baserelease 3
 
 Name:           golang
 Version:        %{go_version}
@@ -164,6 +164,12 @@ Patch4:       0004-fix-CVE-2022-24675.patch
 # Patch: https://go-review.googlesource.com/c/go/+/397135/
 Patch5:       0005-fix-CVE-2022-28327.patch
 
+# The issue: https://github.com/golang/go/issues/52313
+# Fixed in: go1.19
+# Backported by upstream to go1.18.2 and go1.17.10
+# Patch: https://go-review.googlesource.com/c/go/+/401078/
+Patch6:       0006-fix-CVE-2022-29526.patch
+
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
 
@@ -530,6 +536,11 @@ fi
 %endif
 
 %changelog
+* Fri Jul 01 2022 Alejandro Sáez <asm@redhat.com> - 1.16.15-3
+- Backport of patch.
+- Resolves: rhbz#2093092
+- Adds 0006-fix-CVE-2022-29526.patch
+
 * Wed Jun 08 2022 Alejandro Sáez <asm@redhat.com> - 1.16.15-2
 - Backport of patches.
 - Skip tests for arm