Rebase to 1.10.8

Fix for CVE-2019-6486

.gitignore

@@ -53,3 +53,7 @@
 /go1.10.1.src.tar.gz
 /go1.10.2.src.tar.gz
 /go1.10.3.src.tar.gz
+/go1.10.4.src.tar.gz
+/go1.10.5.src.tar.gz
+/go1.10.7.src.tar.gz
+/go1.10.8.src.tar.gz

0004-cmd-internal-objfile-only-consider-executable-segmen.patch

@@ -0,0 +1,39 @@
+From 1ea34a218ac99e35695617e5d3648e6762254cc7 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Fri, 3 Aug 2018 14:52:54 -0700
+Subject: [PATCH 4/4] cmd/internal/objfile: only consider executable segments
+ for load address
+
+Reportedly on some new Fedora systems the linker is producing extra
+load segments, basically making the dynamic section non-executable.
+We were assuming that the first load segment could be used to
+determine the program's load offset, but that is no longer true.
+Use the first executable load segment instead.
+
+Fixes #26369
+
+Change-Id: I5ee31ddeef2e8caeed3112edc5149065a6448456
+Reviewed-on: https://go-review.googlesource.com/127895
+Run-TryBot: Ian Lance Taylor <iant@golang.org>
+TryBot-Result: Gobot Gobot <gobot@golang.org>
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
+---
+ src/cmd/internal/objfile/elf.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cmd/internal/objfile/elf.go b/src/cmd/internal/objfile/elf.go
+index 7d5162a1e8..a48a9df5d6 100644
+--- a/src/cmd/internal/objfile/elf.go
++++ b/src/cmd/internal/objfile/elf.go
+@@ -114,7 +114,7 @@ func (f *elfFile) goarch() string {
+ 
+ func (f *elfFile) loadAddress() (uint64, error) {
+ 	for _, p := range f.elf.Progs {
+-		if p.Type == elf.PT_LOAD {
++		if p.Type == elf.PT_LOAD && p.Flags&elf.PF_X != 0 {
+ 			return p.Vaddr, nil
+ 		}
+ 	}
+-- 
+2.14.4
+

golang.spec

@@ -102,10 +102,10 @@
 %endif
 
 %global go_api 1.10
-%global go_version 1.10.3
+%global go_version 1.10.8
 
 Name:           golang
-Version:        1.10.3
+Version:        1.10.8
 Release:        1%{?dist}
 Summary:        The Go Programming Language
 # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
@@ -178,6 +178,7 @@ Requires:       go-srpm-macros
 Patch1:       0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
 Patch2:       0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
 Patch3:       0003-cmd-go-internal-work-improve-pkgconfig-support-to-wo.patch
+Patch4:       0004-cmd-internal-objfile-only-consider-executable-segmen.patch
 
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@@ -304,6 +305,7 @@ Requires:       %{name} = %{version}-%{release}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 cp %{SOURCE1} ./src/runtime/
 
@@ -540,6 +542,22 @@ fi
 %endif
 
 %changelog
+* Sun Jan 27 2019 Jakub Čajka <jcajka@redhat.com> - 1.10.8-1
+- Rebase to 1.10.8
+- Fix for CVE-2019-6486
+- Resolves: BZ#1668973
+
+* Wed Jan 02 2019 Jakub Čajka <jcajka@redhat.com> - 1.10.7-1
+- Rebase to 1.10.7
+- Fix for CVE-2018-16875, CVE-2018-16874 and CVE-2018-16873
+- Resolves: BZ#1659290, BZ#1659289, BZ#1659288
+
+* Tue Nov 06 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.5-1
+- Rebase to 1.10.5
+
+* Tue Aug 28 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.4-1
+- Rebase to 1.10.4
+
 * Fri Jun 08 2018 Jakub Čajka <jcajka@redhat.com> - 1.10.3-1
 - Rebase to 1.10.3
 

sources

@@ -1 +1 @@
-SHA512 (go1.10.3.src.tar.gz) = fd2bd5fcb5c6d0a5336c4b1d2cacb368edbb01359297a83bdedc53f6018642598232f00633fc60fde879050f5f26a810c828d46b5d6626cbcc0702d93ad33fbb
+SHA512 (go1.10.8.src.tar.gz) = c274b99e39b78dfdf6b6b1c4fd6a5a54bff1b3eba55a879413692586ac7f0d30772416dcb5f715213c650946ade649bd424981f77508d92510c717d1845e3ede