Rebase to 1.10.1

Resolves: BZ#1562270
2018-04-04 10:10:28 +02:00 · 2018-04-04 10:10:28 +02:00 · 66a92c4de7
parent 2389428bde
commit 66a92c4de7
4 changed files with 9 additions and 132 deletions
--- a/.gitignore
+++ b/.gitignore
@ -50,3 +50,4 @@
 /go1.10rc1.src.tar.gz
 /go1.10rc2.src.tar.gz
 /go1.10.src.tar.gz
+/go1.10.1.src.tar.gz
--- a/CVE-2018-7187.patch
+++ b/CVE-2018-7187.patch
@ -1,124 +0,0 @@
-From c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc Mon Sep 17 00:00:00 2001
-From: Ian Lance Taylor <iant@golang.org>
-Date: Thu, 15 Feb 2018 15:57:13 -0800
-Subject: [PATCH] cmd/go: restrict meta imports to valid schemes
-
-Before this change, when using -insecure, we permitted any meta import
-repo root as long as it contained "://". When not using -insecure, we
-restrict meta import repo roots to be valid URLs. People may depend on
-that somehow, so permit meta import repo roots to be invalid URLs, but
-require them to have valid schemes per RFC 3986.
-
-Fixes #23867
-
-Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
-Reviewed-on: https://go-review.googlesource.com/94603
-Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
- src/cmd/go/internal/get/vcs.go      | 34 +++++++++++++++++++++++++++--
- src/cmd/go/internal/get/vcs_test.go | 43 +++++++++++++++++++++++++++++++++++++
- 2 files changed, 75 insertions(+), 2 deletions(-)
-
-diff --git a/src/cmd/go/internal/get/vcs.go b/src/cmd/go/internal/get/vcs.go
-index ee6b16a1369..dced0ed8db5 100644
--- a/src/cmd/go/internal/get/vcs.go
-+++ b/src/cmd/go/internal/get/vcs.go
-@@ -809,8 +809,8 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re
- 		}
- 	}
- 
-	if !strings.Contains(mmi.RepoRoot, "://") {
-		return nil, fmt.Errorf("%s: invalid repo root %q; no scheme", urlStr, mmi.RepoRoot)
-+	if err := validateRepoRootScheme(mmi.RepoRoot); err != nil {
-+		return nil, fmt.Errorf("%s: invalid repo root %q: %v", urlStr, mmi.RepoRoot, err)
- 	}
- 	rr := &repoRoot{
- 		vcs:      vcsByCmd(mmi.VCS),
-@@ -824,6 +824,36 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re
- 	return rr, nil
- }
- 
-+// validateRepoRootScheme returns an error if repoRoot does not seem
-+// to have a valid URL scheme. At this point we permit things that
-+// aren't valid URLs, although later, if not using -insecure, we will
-+// restrict repoRoots to be valid URLs. This is only because we've
-+// historically permitted them, and people may depend on that.
-+func validateRepoRootScheme(repoRoot string) error {
-+	end := strings.Index(repoRoot, "://")
-+	if end <= 0 {
-+		return errors.New("no scheme")
-+	}
-+
-+	// RFC 3986 section 3.1.
-+	for i := 0; i < end; i++ {
-+		c := repoRoot[i]
-+		switch {
-+		case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z':
-+			// OK.
-+		case '0' <= c && c <= '9' || c == '+' || c == '-' || c == '.':
-+			// OK except at start.
-+			if i == 0 {
-+				return errors.New("invalid scheme")
-+			}
-+		default:
-+			return errors.New("invalid scheme")
-+		}
-+	}
-+
-+	return nil
-+}
-+
- var fetchGroup singleflight.Group
- var (
- 	fetchCacheMu sync.Mutex
-diff --git a/src/cmd/go/internal/get/vcs_test.go b/src/cmd/go/internal/get/vcs_test.go
-index 2cb611fabd8..ece78b563ce 100644
--- a/src/cmd/go/internal/get/vcs_test.go
-+++ b/src/cmd/go/internal/get/vcs_test.go
-@@ -416,3 +416,46 @@ func TestMatchGoImport(t *testing.T) {
- 		}
- 	}
- }
-+
-+func TestValidateRepoRootScheme(t *testing.T) {
-+	tests := []struct {
-+		root string
-+		err  string
-+	}{
-+		{
-+			root: "",
-+			err:  "no scheme",
-+		},
-+		{
-+			root: "http://",
-+			err:  "",
-+		},
-+		{
-+			root: "a://",
-+			err:  "",
-+		},
-+		{
-+			root: "a#://",
-+			err:  "invalid scheme",
-+		},
-+		{
-+			root: "-config://",
-+			err:  "invalid scheme",
-+		},
-+	}
-+
-+	for _, test := range tests {
-+		err := validateRepoRootScheme(test.root)
-+		if err == nil {
-+			if test.err != "" {
-+				t.Errorf("validateRepoRootScheme(%q) = nil, want %q", test.root, test.err)
-+			}
-+		} else if test.err == "" {
-+			if err != nil {
-+				t.Errorf("validateRepoRootScheme(%q) = %q, want nil", test.root, test.err)
-+			}
-+		} else if err.Error() != test.err {
-+			t.Errorf("validateRepoRootScheme(%q) = %q, want %q", test.root, err, test.err)
-+		}
-+	}
-+}
--- a/golang.spec
+++ b/golang.spec
@ -102,11 +102,11 @@
 %endif

 %global go_api 1.10
-%global go_version 1.10
+%global go_version 1.10.1

 Name:           golang
-Version:        1.10
-Release:        2%{?dist}
+Version:        1.10.1
+Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
 License:        BSD and Public Domain
@ -185,8 +185,6 @@ Patch219: s390x-expose-IfInfomsg-X__ifi_pad.patch
 # Proposed patch by jcajka https://golang.org/cl/86541
 Patch221: golang-1.10-pkgconfig-fix.patch

-Patch222: CVE-2018-7187.patch
-
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4

@ -315,8 +313,6 @@ Requires:       %{name} = %{version}-%{release}

 %patch221 -p1

-%patch222 -p1
-
 cp %{SOURCE1} ./src/runtime/

 %build
@ -552,6 +548,10 @@ fi
 %endif

 %changelog
+* Wed Apr 04 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.1-1
+- Rebase to 1.10.1
+- Resolves: BZ#1562270
+
 * Sat Mar 03 2018 Jakub Čajka <jcajka@redhat.com> - 1.10-2
 - Fix CVE-2018-7187
 - Resolves: BZ#1546386, BZ#1546388
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (go1.10.src.tar.gz) = 59f089e1ffb2d3aba5ada329d4f0d1181c3c4f01fa64f19d0b753f8a989cb59cf290ad88d215cadc18ef99aba8518e44c9bc258c07eaffc834c55e4a37bd4651
+SHA512 (go1.10.1.src.tar.gz) = 13f6b0643a4f92eeca04444b9fa10de38fc3427daea9aa3227cf9a5738ffee1a3f2e355ba5faf711b8506f7de118bdcd3b9064b65407a22613523e29ffd73415