diff --git a/.gitignore b/.gitignore
index 05c61b3..52f4ee5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,6 +51,20 @@
 /go1.9.5.src.tar.gz
 /go1.9.6.src.tar.gz
 /go1.9.7.src.tar.gz
+/go1.10beta1.src.tar.gz
+/go1.10beta2.src.tar.gz
+/go1.10rc1.src.tar.gz
+/go1.10rc2.src.tar.gz
+/go1.10.src.tar.gz
+/go1.10.1.src.tar.gz
+/go1.10.2.src.tar.gz
+/go1.10.3.src.tar.gz
+/go1.11beta1.src.tar.gz
+/go1.11beta2.src.tar.gz
+/go1.11beta3.src.tar.gz
+/go1.11rc1.src.tar.gz
+/go1.11rc2.src.tar.gz
+/go1.11.src.tar.gz
 /go1.11.1.src.tar.gz
 /go1.11.2.src.tar.gz
 /go1.11.4.src.tar.gz
@@ -60,3 +74,15 @@
 /go1.11.10.src.tar.gz
 /go1.11.11.src.tar.gz
 /go1.11.12.src.tar.gz
+/go1.12beta2.src.tar.gz
+/go1.12rc1.src.tar.gz
+/go1.12.src.tar.gz
+/go1.12.1.src.tar.gz
+/go1.12.2.src.tar.gz
+/go1.12.5.src.tar.gz
+/go1.12.6.src.tar.gz
+/go1.12.7.src.tar.gz
+/go1.13beta1.src.tar.gz
+/go1.13rc1.src.tar.gz
+/go1.13rc2.src.tar.gz
+/go1.13.src.tar.gz
diff --git a/0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch b/0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
new file mode 100644
index 0000000..0413f7a
--- /dev/null
+++ b/0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
@@ -0,0 +1,48 @@
+From 014cbe9e8cdc1a5f78f3e792309133eaaabdfc8f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
+Date: Mon, 27 May 2019 15:12:53 +0200
+Subject: [PATCH 3/3] cmd/go: disable Google's proxy and sumdb
+
+---
+ src/cmd/go/internal/cfg/cfg.go                  | 4 ++--
+ src/cmd/go/testdata/script/mod_sumdb_golang.txt | 6 +++---
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
+index a0b51a72c3..b972a81df2 100644
+--- a/src/cmd/go/internal/cfg/cfg.go
++++ b/src/cmd/go/internal/cfg/cfg.go
+@@ -292,8 +292,8 @@ var (
+ 	GOPPC64  = envOr("GOPPC64", fmt.Sprintf("%s%d", "power", objabi.GOPPC64))
+ 	GOWASM   = envOr("GOWASM", fmt.Sprint(objabi.GOWASM))
+ 
+-	GOPROXY   = envOr("GOPROXY", "https://proxy.golang.org,direct")
+-	GOSUMDB   = envOr("GOSUMDB", "sum.golang.org")
++	GOPROXY   = envOr("GOPROXY", "direct")
++	GOSUMDB   = envOr("GOSUMDB", "off")
+ 	GOPRIVATE = Getenv("GOPRIVATE")
+ 	GONOPROXY = envOr("GONOPROXY", GOPRIVATE)
+ 	GONOSUMDB = envOr("GONOSUMDB", GOPRIVATE)
+diff --git a/src/cmd/go/testdata/script/mod_sumdb_golang.txt b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
+index 40a07fc7e9..50436e32d7 100644
+--- a/src/cmd/go/testdata/script/mod_sumdb_golang.txt
++++ b/src/cmd/go/testdata/script/mod_sumdb_golang.txt
+@@ -2,12 +2,12 @@
+ env GOPROXY=
+ env GOSUMDB=
+ go env GOPROXY
+-stdout '^https://proxy.golang.org,direct$'
++stdout '^direct$'
+ go env GOSUMDB
+-stdout '^sum.golang.org$'
++stdout '^off$'
+ env GOPROXY=https://proxy.golang.org
+ go env GOSUMDB
+-stdout '^sum.golang.org$'
++stdout '^off$'
+ 
+ # download direct from github
+ [!net] skip
+-- 
+2.21.0
+
diff --git a/golang.spec b/golang.spec
index 90aea11..0ba6566 100644
--- a/golang.spec
+++ b/golang.spec
@@ -98,11 +98,11 @@
 %global gohostarch  s390x
 %endif
 
-%global go_api 1.11
-%global go_version 1.11.12
+%global go_api 1.13
+%global go_version 1.13
 
 Name:           golang
-Version:        1.11.12
+Version:        1.13
 Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
@@ -135,19 +135,19 @@ Provides: bundled(golang(golang.org/x/crypto/chacha20poly1305))
 Provides: bundled(golang(golang.org/x/crypto/cryptobyte))
 Provides: bundled(golang(golang.org/x/crypto/cryptobyte/asn1))
 Provides: bundled(golang(golang.org/x/crypto/curve25519))
+Provides: bundled(golang(golang.org/x/crypto/hkdf))
 Provides: bundled(golang(golang.org/x/crypto/internal/chacha20))
+Provides: bundled(golang(golang.org/x/crypto/internal/subtle))
 Provides: bundled(golang(golang.org/x/crypto/poly1305))
 Provides: bundled(golang(golang.org/x/net/dns/dnsmessage))
 Provides: bundled(golang(golang.org/x/net/http/httpguts))
 Provides: bundled(golang(golang.org/x/net/http/httpproxy))
 Provides: bundled(golang(golang.org/x/net/http2/hpack))
 Provides: bundled(golang(golang.org/x/net/idna))
-Provides: bundled(golang(golang.org/x/net/internal/nettest))
 Provides: bundled(golang(golang.org/x/net/nettest))
-Provides: bundled(golang(golang.org/x/text/secure))
+Provides: bundled(golang(golang.org/x/sys/cpu))
 Provides: bundled(golang(golang.org/x/text/secure/bidirule))
 Provides: bundled(golang(golang.org/x/text/transform))
-Provides: bundled(golang(golang.org/x/text/unicode))
 Provides: bundled(golang(golang.org/x/text/unicode/bidi))
 Provides: bundled(golang(golang.org/x/text/unicode/norm))
 Provides: bundled(golang(github.com/google/pprof/driver))
@@ -157,10 +157,10 @@ Provides: bundled(golang(github.com/google/pprof/internal/elfexec))
 Provides: bundled(golang(github.com/google/pprof/internal/graph))
 Provides: bundled(golang(github.com/google/pprof/internal/measurement))
 Provides: bundled(golang(github.com/google/pprof/internal/plugin))
-Provides: bundled(golang(github.com/google/pprof/internal/proftest))
 Provides: bundled(golang(github.com/google/pprof/internal/report))
 Provides: bundled(golang(github.com/google/pprof/internal/symbolizer))
 Provides: bundled(golang(github.com/google/pprof/internal/symbolz))
+Provides: bundled(golang(github.com/google/pprof/internal/transport))
 Provides: bundled(golang(github.com/google/pprof/profile))
 Provides: bundled(golang(github.com/google/pprof/third.party/d3))
 Provides: bundled(golang(github.com/google/pprof/third.party/d3flamegraph))
@@ -173,7 +173,40 @@ Provides: bundled(golang(golang.org/x/arch/x86/x86asm))
 Provides: bundled(golang(golang.org/x/crypto/ssh/terminal))
 Provides: bundled(golang(golang.org/x/sys/unix))
 Provides: bundled(golang(golang.org/x/sys/windows))
-Provides: bundled(golang(golang.org/x/sys/windows/registry))
+Provides: bundled(golang(golang.org/x/tools/go/analysis))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/analysisflags))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/internal/facts))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/asmdecl))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/assign))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/atomic))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/bools))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/buildtag))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/cgocall))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/composite))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/copylock))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/ctrlflow))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/errorsas))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/httpresponse))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/inspect))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/internal/analysisutil))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/loopclosure))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/lostcancel))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/nilfunc))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/printf))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/shift))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/stdmethods))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/structtag))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/tests))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unmarshal))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unreachable))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unsafeptr))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/passes/unusedresult))
+Provides: bundled(golang(golang.org/x/tools/go/analysis/unitchecker))
+Provides: bundled(golang(golang.org/x/tools/go/ast/astutil))
+Provides: bundled(golang(golang.org/x/tools/go/ast/inspector))
+Provides: bundled(golang(golang.org/x/tools/go/cfg))
+Provides: bundled(golang(golang.org/x/tools/go/types/objectpath))
+Provides: bundled(golang(golang.org/x/tools/go/types/typeutil))
 
 Requires:       %{name}-bin = %{version}-%{release}
 Requires:       %{name}-src = %{version}-%{release}
@@ -181,6 +214,7 @@ Requires:       go-srpm-macros
 
 Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
+Patch3:       0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -308,6 +342,7 @@ Requires:       %{name} = %{version}-%{release}
 
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 cp %{SOURCE1} ./src/runtime/
 
@@ -412,8 +447,8 @@ pushd $RPM_BUILD_ROOT%{goroot}
         echo "%%{golibdir}/$(basename $file)" >> $shared_list
     done
     
-	find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
-	find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
+    find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
+    find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
 %endif
 
 %if %{race}
@@ -571,6 +606,11 @@ fi
 %endif
 
 %changelog
+* Tue Sep 10 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-1
+- Rebase to go1.13
+- Fix for CVE-2019-9512, CVE-2019-9514, CVE-2019-14809
+- Resolves: BZ#1741815, BZ#1741826, BZ#1743130
+
 * Thu Aug 08 2019 Jakub Čajka <jcajka@redhat.com> - 1.11.12-1
 - Rebase to 1.11.12
 
diff --git a/sources b/sources
index 3ab14b1..6b6cea5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (go1.11.12.src.tar.gz) = ff74678d7002be20c994702cc778d2447bbe4aad2ecf906e4cde9cf00c0c226c2f0def25146acd24f86fddf397b47602c1e5509c21b0d7b856cf933a05e19a6d
+SHA512 (go1.13.src.tar.gz) = c6346b1ab256cb743dd98625d8b16cdcc1365b186e039e99747d6c18041045daa065f6bdce17cca0a9800be2dbb34e90adf5518d5295693f80435c02fe5b2cd8