go: Upgrade 1.20.1 -> 1.20.4

- Remove already upstreamed patches - Brings a list of changes [1] [2] [3] [1] https://github.com/golang/go/issues?q=milestone%3AGo1.20.2+label%3ACherryPickApproved [2] https://github.com/golang/go/issues?q=milestone%3AGo1.20.3+label%3ACherryPickApproved [3] https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved (From OE-Core rev: e043bfb42156c59c93c6a4816528a63cfdaccc3e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Khem Raj <raj.khem@gmail.com> 2023-05-23 09:17:13 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-05-25 12:36:00 +0100
commit: c3bdaa70e64b831bb3a1adb5464d347692600e8f (patch)
tree: fca541bfa538c0b29c33ca8ac8fb596a9e5551f7 /meta/recipes-devtools
parent: 57761516e6cd2a4d0c7038c17cc493f9da43f667 (diff)
download: poky-c3bdaa70e64b831bb3a1adb5464d347692600e8f.tar.gz
11 files changed, 4 insertions, 394 deletions
diff --git a/meta/recipes-devtools/go/go-1.20.1.inc b/meta/recipes-devtools/go/go-1.20.4.inc
index 179f0e29eb..05bc168e0c 100644
--- a/meta/recipes-devtools/go/go-1.20.1.inc
+++ b/meta/recipes-devtools/go/go-1.20.4.inc
@@ -14,8 +14,5 @@ SRC_URI += "\
    file://0007-exec.go-do-not-write-linker-flags-into-buildids.patch \
    file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
    file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
-    file://0010-cmd-compile-re-compile-instantiated-generic-methods-.patch \
-    file://CVE-2023-24532.patch \
-    file://CVE-2023-24537.patch \
 "
-SRC_URI[main.sha256sum] = "b5c1a3af52c385a6d1c76aed5361cf26459023980d0320de7658bae3915831a2"
+SRC_URI[main.sha256sum] = "9f34ace128764b7a3a4b238b805856cc1b2184304df9e5690825b0710f4202d6"
diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb b/meta/recipes-devtools/go/go-binary-native_1.20.4.bb
index 239334552a..87ce8a558f 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.20.4.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
 # Checksums available at https://go.dev/dl/
 SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "000a5b1fca4f75895f78befeb2eecf10bfff3c428597f3f1e69133b63b911b02"
+SRC_URI[go_linux_amd64.sha256sum] = "698ef3243972a51ddb4028e4a1ac63dc6d60821bf18e59a807e051fee0a385bd"
-SRC_URI[go_linux_arm64.sha256sum] = "5e5e2926733595e6f3c5b5ad1089afac11c1490351855e87849d0e7702b1ec2e"
+SRC_URI[go_linux_arm64.sha256sum] = "105889992ee4b1d40c7c108555222ca70ae43fccb42e20fbf1eebb822f5e72c6"
-SRC_URI[go_linux_ppc64le.sha256sum] = "85cfd4b89b48c94030783b6e9e619e35557862358b846064636361421d0b0c52"
+SRC_URI[go_linux_ppc64le.sha256sum] = "8c6f44b96c2719c90eebabe2dd866f9c39538648f7897a212cac448587e9a408"
 UPSTREAM_CHECK_URI = "https://golang.org/dl/"
 UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.20.1.bb b/meta/recipes-devtools/go/go-cross-canadian_1.20.4.bb
index 7ac9449e47..7ac9449e47 100644
--- a/meta/recipes-devtools/go/go-cross-canadian_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-cross-canadian_1.20.4.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.20.1.bb b/meta/recipes-devtools/go/go-cross_1.20.4.bb
index 80b5a03f6c..80b5a03f6c 100644
--- a/meta/recipes-devtools/go/go-cross_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-cross_1.20.4.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.20.1.bb b/meta/recipes-devtools/go/go-crosssdk_1.20.4.bb
index 1857c8a577..1857c8a577 100644
--- a/meta/recipes-devtools/go/go-crosssdk_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-crosssdk_1.20.4.bb
diff --git a/meta/recipes-devtools/go/go-native_1.20.1.bb b/meta/recipes-devtools/go/go-native_1.20.4.bb
index ddf25b2c9b..ddf25b2c9b 100644
--- a/meta/recipes-devtools/go/go-native_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-native_1.20.4.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.20.1.bb b/meta/recipes-devtools/go/go-runtime_1.20.4.bb
index 63464a1501..63464a1501 100644
--- a/meta/recipes-devtools/go/go-runtime_1.20.1.bb
+++ b/meta/recipes-devtools/go/go-runtime_1.20.4.bb
diff --git a/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch b/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch
deleted file mode 100644
index f9ac202421..0000000000
--- a/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 7a3bb16b43efba73674629eae4369f9004e37f22 Mon Sep 17 00:00:00 2001
-From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
-Date: Sat, 18 Mar 2023 00:53:07 +0700
-Subject: [PATCH] cmd/compile: re-compile instantiated generic methods in
- linkshared mode
-For G[T] that was seen and compiled in imported package, it is not added
-to typecheck.Target.Decls, prevent wasting compile time re-creating
-DUPOKS symbols. However, the linker do not support a type symbol
-referencing a method symbol across DSO boundary. That causes unreachable
-sym error when building under -linkshared mode.
-To fix it, always re-compile generic methods in linkshared mode.
-Fixes #58966
-Change-Id: I894b417cfe8234ae1fe809cc975889345df22cef
-Reviewed-on: https://go-review.googlesource.com/c/go/+/477375
-Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
-Reviewed-by: Cherry Mui <cherryyz@google.com>
-Reviewed-by: Matthew Dempsky <mdempsky@google.com>
-TryBot-Result: Gopher Robot <gobot@golang.org>
-Upstream-Status: Backport [https://github.com/golang/go/commit/bcd82125f85c7c552493e863fa1bb14e6c444557]
-Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
---
- misc/cgo/testshared/shared_test.go              |  7 ++++++-
- misc/cgo/testshared/testdata/issue58966/main.go | 15 +++++++++++++++
- src/cmd/compile/internal/noder/unified.go       |  6 +++++-
- 3 files changed, 26 insertions(+), 2 deletions(-)
- create mode 100644 misc/cgo/testshared/testdata/issue58966/main.go
-diff --git a/misc/cgo/testshared/shared_test.go b/misc/cgo/testshared/shared_test.go
-index b14fb1cb3a..03da8f9435 100644
--- a/misc/cgo/testshared/shared_test.go
-+++ b/misc/cgo/testshared/shared_test.go
-@@ -1112,8 +1112,13 @@ func TestStd(t *testing.T) {
-                t.Skip("skip in short mode")
-        }
-        t.Parallel()
-+       tmpDir := t.TempDir()
-        // Use a temporary pkgdir to not interfere with other tests, and not write to GOROOT.
-        // Cannot use goCmd as it runs with cloned GOROOT which is incomplete.
-        runWithEnv(t, "building std", []string{"GOROOT=" + oldGOROOT},
-               filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+t.TempDir(), "std")
-+               filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+tmpDir, "std")
-+
-+       // Issue #58966.
-+       runWithEnv(t, "testing issue #58966", []string{"GOROOT=" + oldGOROOT},
-+               filepath.Join(oldGOROOT, "bin", "go"), "run", "-linkshared", "-pkgdir="+tmpDir, "./issue58966/main.go")
- }
-diff --git a/misc/cgo/testshared/testdata/issue58966/main.go b/misc/cgo/testshared/testdata/issue58966/main.go
-new file mode 100644
-index 0000000000..2d923c3607
--- /dev/null
-+++ b/misc/cgo/testshared/testdata/issue58966/main.go
-@@ -0,0 +1,15 @@
-+// Copyright 2023 The Go Authors. All rights reserved.
-+// Use of this source code is governed by a BSD-style
-+// license that can be found in the LICENSE file.
-+
-+package main
-+
-+import "crypto/elliptic"
-+
-+var curve elliptic.Curve
-+
-+func main() {
-+       switch curve {
-+       case elliptic.P224():
-+       }
-+}
-diff --git a/src/cmd/compile/internal/noder/unified.go b/src/cmd/compile/internal/noder/unified.go
-index ed97a09302..25136e6aad 100644
--- a/src/cmd/compile/internal/noder/unified.go
-+++ b/src/cmd/compile/internal/noder/unified.go
-@@ -158,7 +158,11 @@ func readBodies(target *ir.Package, duringInlining bool) {
-                        // Instantiated generic function: add to Decls for typechecking
-                        // and compilation.
-                        if fn.OClosure == nil && len(pri.dict.targs) != 0 {
-                               if duringInlining {
-+                               // cmd/link does not support a type symbol referencing a method symbol
-+                               // across DSO boundary, so force re-compiling methods on a generic type
-+                               // even it was seen from imported package in linkshared mode, see #58966.
-+                               canSkipNonGenericMethod := !(base.Ctxt.Flag_linkshared && ir.IsMethod(fn))
-+                               if duringInlining && canSkipNonGenericMethod {
-                                        inlDecls = append(inlDecls, fn)
-                                } else {
-                                        target.Decls = append(target.Decls, fn)
diff --git a/meta/recipes-devtools/go/go/CVE-2023-24532.patch b/meta/recipes-devtools/go/go/CVE-2023-24532.patch
deleted file mode 100644
index 22f080dbd4..0000000000
--- a/meta/recipes-devtools/go/go/CVE-2023-24532.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-From 602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 Mon Sep 17 00:00:00 2001
-From: Filippo Valsorda <filippo@golang.org>
-Date: Mon, 13 Feb 2023 15:16:27 +0100
-Subject: [PATCH] [release-branch.go1.20] crypto/internal/nistec: reduce P-256
- scalar
-Unlike the rest of nistec, the P-256 assembly doesn't use complete
-addition formulas, meaning that p256PointAdd[Affine]Asm won't return the
-correct value if the two inputs are equal.
-This was (undocumentedly) ignored in the scalar multiplication loops
-because as long as the input point is not the identity and the scalar is
-lower than the order of the group, the addition inputs can't be the same.
-As part of the math/big rewrite, we went however from always reducing
-the scalar to only checking its length, under the incorrect assumption
-that the scalar multiplication loop didn't require reduction.
-Added a reduction, and while at it added it in P256OrdInverse, too, to
-enforce a universal reduction invariant on p256OrdElement values.
-Note that if the input point is the infinity, the code currently still
-relies on undefined behavior, but that's easily tested to behave
-acceptably, and will be addressed in a future CL.
-Updates #58647
-Fixes #58720
-Fixes CVE-2023-24532
-(Filed with the "safe APIs like complete addition formulas are good" dept.)
-Change-Id: I7b2c75238440e6852be2710fad66ff1fdc4e2b24
-Reviewed-on: https://go-review.googlesource.com/c/go/+/471255
-TryBot-Result: Gopher Robot <gobot@golang.org>
-Reviewed-by: Roland Shoemaker <roland@golang.org>
-Run-TryBot: Filippo Valsorda <filippo@golang.org>
-Auto-Submit: Filippo Valsorda <filippo@golang.org>
-Reviewed-by: Damien Neil <dneil@google.com>
-(cherry picked from commit 203e59ad41bd288e1d92b6f617c2f55e70d3c8e3)
-Reviewed-on: https://go-review.googlesource.com/c/go/+/471695
-Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
-Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
-Reviewed-by: Filippo Valsorda <filippo@golang.org>
-Run-TryBot: Roland Shoemaker <roland@golang.org>
-CVE: CVE-2023-24532
-Upstream-Status: Backport [602eeaab387f24a4b28c5eccbb50fa934f3bc3c4]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- src/crypto/internal/nistec/nistec_test.go | 81 +++++++++++++++++++++++
- src/crypto/internal/nistec/p256_asm.go    | 17 +++++
- src/crypto/internal/nistec/p256_ordinv.go |  1 +
- 3 files changed, 99 insertions(+)
-diff --git a/src/crypto/internal/nistec/nistec_test.go b/src/crypto/internal/nistec/nistec_test.go
-index 309f68be16a9f..9103608c18a0f 100644
--- a/src/crypto/internal/nistec/nistec_test.go
-+++ b/src/crypto/internal/nistec/nistec_test.go
-@@ -8,6 +8,7 @@ import (
-        "bytes"
-        "crypto/elliptic"
-        "crypto/internal/nistec"
-+       "fmt"
-        "internal/testenv"
-        "math/big"
-        "math/rand"
-@@ -165,6 +166,86 @@ func testEquivalents[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic
-        }
- }
- 
-+func TestScalarMult(t *testing.T) {
-+       t.Run("P224", func(t *testing.T) {
-+               testScalarMult(t, nistec.NewP224Point, elliptic.P224())
-+       })
-+       t.Run("P256", func(t *testing.T) {
-+               testScalarMult(t, nistec.NewP256Point, elliptic.P256())
-+       })
-+       t.Run("P384", func(t *testing.T) {
-+               testScalarMult(t, nistec.NewP384Point, elliptic.P384())
-+       })
-+       t.Run("P521", func(t *testing.T) {
-+               testScalarMult(t, nistec.NewP521Point, elliptic.P521())
-+       })
-+}
-+
-+func testScalarMult[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic.Curve) {
-+       G := newPoint().SetGenerator()
-+       checkScalar := func(t *testing.T, scalar []byte) {
-+               p1, err := newPoint().ScalarBaseMult(scalar)
-+               fatalIfErr(t, err)
-+               p2, err := newPoint().ScalarMult(G, scalar)
-+               fatalIfErr(t, err)
-+               if !bytes.Equal(p1.Bytes(), p2.Bytes()) {
-+                       t.Error("[k]G != ScalarBaseMult(k)")
-+               }
-+
-+               d := new(big.Int).SetBytes(scalar)
-+               d.Sub(c.Params().N, d)
-+               d.Mod(d, c.Params().N)
-+               g1, err := newPoint().ScalarBaseMult(d.FillBytes(make([]byte, len(scalar))))
-+               fatalIfErr(t, err)
-+               g1.Add(g1, p1)
-+               if !bytes.Equal(g1.Bytes(), newPoint().Bytes()) {
-+                       t.Error("[N - k]G + [k]G != ∞")
-+               }
-+       }
-+
-+       byteLen := len(c.Params().N.Bytes())
-+       bitLen := c.Params().N.BitLen()
-+       t.Run("0", func(t *testing.T) { checkScalar(t, make([]byte, byteLen)) })
-+       t.Run("1", func(t *testing.T) {
-+               checkScalar(t, big.NewInt(1).FillBytes(make([]byte, byteLen)))
-+       })
-+       t.Run("N-1", func(t *testing.T) {
-+               checkScalar(t, new(big.Int).Sub(c.Params().N, big.NewInt(1)).Bytes())
-+       })
-+       t.Run("N", func(t *testing.T) { checkScalar(t, c.Params().N.Bytes()) })
-+       t.Run("N+1", func(t *testing.T) {
-+               checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(1)).Bytes())
-+       })
-+       t.Run("all1s", func(t *testing.T) {
-+               s := new(big.Int).Lsh(big.NewInt(1), uint(bitLen))
-+               s.Sub(s, big.NewInt(1))
-+               checkScalar(t, s.Bytes())
-+       })
-+       if testing.Short() {
-+               return
-+       }
-+       for i := 0; i < bitLen; i++ {
-+               t.Run(fmt.Sprintf("1<<%d", i), func(t *testing.T) {
-+                       s := new(big.Int).Lsh(big.NewInt(1), uint(i))
-+                       checkScalar(t, s.FillBytes(make([]byte, byteLen)))
-+               })
-+       }
-+       // Test N+1...N+32 since they risk overlapping with precomputed table values
-+       // in the final additions.
-+       for i := int64(2); i <= 32; i++ {
-+               t.Run(fmt.Sprintf("N+%d", i), func(t *testing.T) {
-+                       checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(i)).Bytes())
-+               })
-+       }
-+}
-+
-+func fatalIfErr(t *testing.T, err error) {
-+       t.Helper()
-+       if err != nil {
-+               t.Fatal(err)
-+       }
-+}
-+
- func BenchmarkScalarMult(b *testing.B) {
-        b.Run("P224", func(b *testing.B) {
-                benchmarkScalarMult(b, nistec.NewP224Point().SetGenerator(), 28)
-diff --git a/src/crypto/internal/nistec/p256_asm.go b/src/crypto/internal/nistec/p256_asm.go
-index 6ea161eb49953..99a22b833f028 100644
--- a/src/crypto/internal/nistec/p256_asm.go
-+++ b/src/crypto/internal/nistec/p256_asm.go
-@@ -364,6 +364,21 @@ func p256PointDoubleAsm(res, in *P256Point)
- // Montgomery domain (with R 2²⁵⁶) as four uint64 limbs in little-endian order.
- type p256OrdElement [4]uint64
- 
-+// p256OrdReduce ensures s is in the range [0, ord(G)-1].
-+func p256OrdReduce(s *p256OrdElement) {
-+       // Since 2 * ord(G) > 2²⁵⁶, we can just conditionally subtract ord(G),
-+       // keeping the result if it doesn't underflow.
-+       t0, b := bits.Sub64(s[0], 0xf3b9cac2fc632551, 0)
-+       t1, b := bits.Sub64(s[1], 0xbce6faada7179e84, b)
-+       t2, b := bits.Sub64(s[2], 0xffffffffffffffff, b)
-+       t3, b := bits.Sub64(s[3], 0xffffffff00000000, b)
-+       tMask := b - 1 // zero if subtraction underflowed
-+       s[0] ^= (t0 ^ s[0]) & tMask
-+       s[1] ^= (t1 ^ s[1]) & tMask
-+       s[2] ^= (t2 ^ s[2]) & tMask
-+       s[3] ^= (t3 ^ s[3]) & tMask
-+}
-+
- // Add sets q = p1 + p2, and returns q. The points may overlap.
- func (q *P256Point) Add(r1, r2 *P256Point) *P256Point {
-        var sum, double P256Point
-@@ -393,6 +408,7 @@ func (r *P256Point) ScalarBaseMult(scalar []byte) (*P256Point, error) {
-        }
-        scalarReversed := new(p256OrdElement)
-        p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
-+       p256OrdReduce(scalarReversed)
- 
-        r.p256BaseMult(scalarReversed)
-        return r, nil
-@@ -407,6 +423,7 @@ func (r *P256Point) ScalarMult(q *P256Point, scalar []byte) (*P256Point, error)
-        }
-        scalarReversed := new(p256OrdElement)
-        p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
-+       p256OrdReduce(scalarReversed)
- 
-        r.Set(q).p256ScalarMult(scalarReversed)
-        return r, nil
-diff --git a/src/crypto/internal/nistec/p256_ordinv.go b/src/crypto/internal/nistec/p256_ordinv.go
-index 86a7a230bdce8..1274fb7fd3f5c 100644
--- a/src/crypto/internal/nistec/p256_ordinv.go
-+++ b/src/crypto/internal/nistec/p256_ordinv.go
-@@ -25,6 +25,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
- 
-        x := new(p256OrdElement)
-        p256OrdBigToLittle(x, (*[32]byte)(k))
-+       p256OrdReduce(x)
- 
-        // Inversion is implemented as exponentiation by n - 2, per Fermat's little theorem.
-        //
diff --git a/meta/recipes-devtools/go/go/CVE-2023-24537.patch b/meta/recipes-devtools/go/go/CVE-2023-24537.patch
deleted file mode 100644
index 6b5dc2c8d9..0000000000
--- a/meta/recipes-devtools/go/go/CVE-2023-24537.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 110e4fb1c2e3a21631704bbfaf672230b9ba2492 Mon Sep 17 00:00:00 2001
-From: Damien Neil <dneil@google.com>
-Date: Wed, 22 Mar 2023 09:33:22 -0700
-Subject: [PATCH] go/scanner: reject large line and column numbers in //line
- directives
-Setting a large line or column number using a //line directive can cause
-integer overflow even in small source files.
-Limit line and column numbers in //line directives to 2^30-1, which
-is small enough to avoid int32 overflow on all reasonbly-sized files.
-For #59180
-Fixes CVE-2023-24537
-Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456
-Reviewed-by: Julie Qiu <julieqiu@google.com>
-Reviewed-by: Roland Shoemaker <bracewell@google.com>
-Run-TryBot: Damien Neil <dneil@google.com>
-Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14
-Reviewed-on: https://go-review.googlesource.com/c/go/+/482078
-Reviewed-by: Matthew Dempsky <mdempsky@google.com>
-TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
-Run-TryBot: Michael Knyszek <mknyszek@google.com>
-Auto-Submit: Michael Knyszek <mknyszek@google.com>
-CVE: CVE-2023-24537
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@arm.com>
---
- src/go/parser/parser_test.go | 16 ++++++++++++++++
- src/go/scanner/scanner.go    |  7 +++++--
- 2 files changed, 21 insertions(+), 2 deletions(-)
-diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
-index 153562df75068..22b11a0cc4535 100644
--- a/src/go/parser/parser_test.go
-+++ b/src/go/parser/parser_test.go
-@@ -764,3 +764,19 @@ func TestRangePos(t *testing.T) {
-                })
-        }
- }
-+
-+// TestIssue59180 tests that line number overflow doesn't cause an infinite loop.
-+func TestIssue59180(t *testing.T) {
-+       testcases := []string{
-+               "package p\n//line :9223372036854775806\n\n//",
-+               "package p\n//line :1:9223372036854775806\n\n//",
-+               "package p\n//line file:9223372036854775806\n\n//",
-+       }
-+
-+       for _, src := range testcases {
-+               _, err := ParseFile(token.NewFileSet(), "", src, ParseComments)
-+               if err == nil {
-+                       t.Errorf("ParseFile(%s) succeeded unexpectedly", src)
-+               }
-+       }
-+}
-diff --git a/src/go/scanner/scanner.go b/src/go/scanner/scanner.go
-index 16958d22ce299..0cd9f5901d0bb 100644
--- a/src/go/scanner/scanner.go
-+++ b/src/go/scanner/scanner.go
-@@ -253,13 +253,16 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
-                return
-        }
- 
-+       // Put a cap on the maximum size of line and column numbers.
-+       // 30 bits allows for some additional space before wrapping an int32.
-+       const maxLineCol = 1<<30 - 1
-        var line, col int
-        i2, n2, ok2 := trailingDigits(text[:i-1])
-        if ok2 {
-                //line filename:line:col
-                i, i2 = i2, i
-                line, col = n2, n
-               if col == 0 {
-+               if col == 0 || col > maxLineCol {
-                        s.error(offs+i2, "invalid column number: "+string(text[i2:]))
-                        return
-                }
-@@ -269,7 +272,7 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
-                line = n
-        }
- 
-       if line == 0 {
-+       if line == 0 || line > maxLineCol {
-                s.error(offs+i, "invalid line number: "+string(text[i:]))
-                return
-        }
diff --git a/meta/recipes-devtools/go/go_1.20.1.bb b/meta/recipes-devtools/go/go_1.20.4.bb
index 587ee55944..587ee55944 100644
--- a/meta/recipes-devtools/go/go_1.20.1.bb
+++ b/meta/recipes-devtools/go/go_1.20.4.bb
author	Khem Raj <raj.khem@gmail.com>	2023-05-23 09:17:13 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-05-25 12:36:00 +0100
commit	c3bdaa70e64b831bb3a1adb5464d347692600e8f (patch)
tree	fca541bfa538c0b29c33ca8ac8fb596a9e5551f7 /meta/recipes-devtools
parent	57761516e6cd2a4d0c7038c17cc493f9da43f667 (diff)
download	poky-c3bdaa70e64b831bb3a1adb5464d347692600e8f.tar.gz

diff --git a/meta/recipes-devtools/go/go-1.20.1.inc b/meta/recipes-devtools/go/go-1.20.4.inc index 179f0e29eb..05bc168e0c 100644 --- a/meta/recipes-devtools/go/go-1.20.1.inc +++ b/meta/recipes-devtools/go/go-1.20.4.inc
@@ -14,8 +14,5 @@ SRC_URI += "\
14	file://0007-exec.go-do-not-write-linker-flags-into-buildids.patch \	14	file://0007-exec.go-do-not-write-linker-flags-into-buildids.patch \
15	file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \	15	file://0008-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
16	file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \	16	file://0009-go-Filter-build-paths-on-staticly-linked-arches.patch \
17	file://0010-cmd-compile-re-compile-instantiated-generic-methods-.patch \
18	file://CVE-2023-24532.patch \
19	file://CVE-2023-24537.patch \
20	"	17	"
21	SRC_URI[main.sha256sum] = "b5c1a3af52c385a6d1c76aed5361cf26459023980d0320de7658bae3915831a2"	18	SRC_URI[main.sha256sum] = "9f34ace128764b7a3a4b238b805856cc1b2184304df9e5690825b0710f4202d6"


diff --git a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb b/meta/recipes-devtools/go/go-binary-native_1.20.4.bb index 239334552a..87ce8a558f 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.20.1.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.20.4.bb
@@ -9,9 +9,9 @@ PROVIDES = "go-native"
9		9
10	# Checksums available at https://go.dev/dl/	10	# Checksums available at https://go.dev/dl/
11	SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"	11	SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
12	SRC_URI[go_linux_amd64.sha256sum] = "000a5b1fca4f75895f78befeb2eecf10bfff3c428597f3f1e69133b63b911b02"	12	SRC_URI[go_linux_amd64.sha256sum] = "698ef3243972a51ddb4028e4a1ac63dc6d60821bf18e59a807e051fee0a385bd"
13	SRC_URI[go_linux_arm64.sha256sum] = "5e5e2926733595e6f3c5b5ad1089afac11c1490351855e87849d0e7702b1ec2e"	13	SRC_URI[go_linux_arm64.sha256sum] = "105889992ee4b1d40c7c108555222ca70ae43fccb42e20fbf1eebb822f5e72c6"
14	SRC_URI[go_linux_ppc64le.sha256sum] = "85cfd4b89b48c94030783b6e9e619e35557862358b846064636361421d0b0c52"	14	SRC_URI[go_linux_ppc64le.sha256sum] = "8c6f44b96c2719c90eebabe2dd866f9c39538648f7897a212cac448587e9a408"
15		15
16	UPSTREAM_CHECK_URI = "https://golang.org/dl/"	16	UPSTREAM_CHECK_URI = "https://golang.org/dl/"
17	UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"	17	UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"


diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.20.1.bb b/meta/recipes-devtools/go/go-cross-canadian_1.20.4.bb index 7ac9449e47..7ac9449e47 100644 --- a/meta/recipes-devtools/go/go-cross-canadian_1.20.1.bb +++ b/meta/recipes-devtools/go/go-cross-canadian_1.20.4.bb


diff --git a/meta/recipes-devtools/go/go-cross_1.20.1.bb b/meta/recipes-devtools/go/go-cross_1.20.4.bb index 80b5a03f6c..80b5a03f6c 100644 --- a/meta/recipes-devtools/go/go-cross_1.20.1.bb +++ b/meta/recipes-devtools/go/go-cross_1.20.4.bb


diff --git a/meta/recipes-devtools/go/go-crosssdk_1.20.1.bb b/meta/recipes-devtools/go/go-crosssdk_1.20.4.bb index 1857c8a577..1857c8a577 100644 --- a/meta/recipes-devtools/go/go-crosssdk_1.20.1.bb +++ b/meta/recipes-devtools/go/go-crosssdk_1.20.4.bb


diff --git a/meta/recipes-devtools/go/go-native_1.20.1.bb b/meta/recipes-devtools/go/go-native_1.20.4.bb index ddf25b2c9b..ddf25b2c9b 100644 --- a/meta/recipes-devtools/go/go-native_1.20.1.bb +++ b/meta/recipes-devtools/go/go-native_1.20.4.bb


diff --git a/meta/recipes-devtools/go/go-runtime_1.20.1.bb b/meta/recipes-devtools/go/go-runtime_1.20.4.bb index 63464a1501..63464a1501 100644 --- a/meta/recipes-devtools/go/go-runtime_1.20.1.bb +++ b/meta/recipes-devtools/go/go-runtime_1.20.4.bb


diff --git a/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch b/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch deleted file mode 100644 index f9ac202421..0000000000 --- a/meta/recipes-devtools/go/go/0010-cmd-compile-re-compile-instantiated-generic-methods-.patch +++ /dev/null
@@ -1,90 +0,0 @@
1	From 7a3bb16b43efba73674629eae4369f9004e37f22 Mon Sep 17 00:00:00 2001
2	From: Cuong Manh Le <cuong.manhle.vn@gmail.com>
3	Date: Sat, 18 Mar 2023 00:53:07 +0700
4	Subject: [PATCH] cmd/compile: re-compile instantiated generic methods in
5	linkshared mode
6
7	For G[T] that was seen and compiled in imported package, it is not added
8	to typecheck.Target.Decls, prevent wasting compile time re-creating
9	DUPOKS symbols. However, the linker do not support a type symbol
10	referencing a method symbol across DSO boundary. That causes unreachable
11	sym error when building under -linkshared mode.
12
13	To fix it, always re-compile generic methods in linkshared mode.
14
15	Fixes #58966
16
17	Change-Id: I894b417cfe8234ae1fe809cc975889345df22cef
18	Reviewed-on: https://go-review.googlesource.com/c/go/+/477375
19	Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
20	Reviewed-by: Cherry Mui <cherryyz@google.com>
21	Reviewed-by: Matthew Dempsky <mdempsky@google.com>
22	TryBot-Result: Gopher Robot <gobot@golang.org>
23
24	Upstream-Status: Backport [https://github.com/golang/go/commit/bcd82125f85c7c552493e863fa1bb14e6c444557]
25
26	Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
27	---
28	misc/cgo/testshared/shared_test.go \| 7 ++++++-
29	misc/cgo/testshared/testdata/issue58966/main.go \| 15 +++++++++++++++
30	src/cmd/compile/internal/noder/unified.go \| 6 +++++-
31	3 files changed, 26 insertions(+), 2 deletions(-)
32	create mode 100644 misc/cgo/testshared/testdata/issue58966/main.go
33
34	diff --git a/misc/cgo/testshared/shared_test.go b/misc/cgo/testshared/shared_test.go
35	index b14fb1cb3a..03da8f9435 100644
36	--- a/misc/cgo/testshared/shared_test.go
37	+++ b/misc/cgo/testshared/shared_test.go
38	@@ -1112,8 +1112,13 @@ func TestStd(t *testing.T) {
39	t.Skip("skip in short mode")
40	}
41	t.Parallel()
42	+ tmpDir := t.TempDir()
43	// Use a temporary pkgdir to not interfere with other tests, and not write to GOROOT.
44	// Cannot use goCmd as it runs with cloned GOROOT which is incomplete.
45	runWithEnv(t, "building std", []string{"GOROOT=" + oldGOROOT},
46	- filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+t.TempDir(), "std")
47	+ filepath.Join(oldGOROOT, "bin", "go"), "install", "-buildmode=shared", "-pkgdir="+tmpDir, "std")
48	+
49	+ // Issue #58966.
50	+ runWithEnv(t, "testing issue #58966", []string{"GOROOT=" + oldGOROOT},
51	+ filepath.Join(oldGOROOT, "bin", "go"), "run", "-linkshared", "-pkgdir="+tmpDir, "./issue58966/main.go")
52	}
53	diff --git a/misc/cgo/testshared/testdata/issue58966/main.go b/misc/cgo/testshared/testdata/issue58966/main.go
54	new file mode 100644
55	index 0000000000..2d923c3607
56	--- /dev/null
57	+++ b/misc/cgo/testshared/testdata/issue58966/main.go
58	@@ -0,0 +1,15 @@
59	+// Copyright 2023 The Go Authors. All rights reserved.
60	+// Use of this source code is governed by a BSD-style
61	+// license that can be found in the LICENSE file.
62	+
63	+package main
64	+
65	+import "crypto/elliptic"
66	+
67	+var curve elliptic.Curve
68	+
69	+func main() {
70	+ switch curve {
71	+ case elliptic.P224():
72	+ }
73	+}
74	diff --git a/src/cmd/compile/internal/noder/unified.go b/src/cmd/compile/internal/noder/unified.go
75	index ed97a09302..25136e6aad 100644
76	--- a/src/cmd/compile/internal/noder/unified.go
77	+++ b/src/cmd/compile/internal/noder/unified.go
78	@@ -158,7 +158,11 @@ func readBodies(target *ir.Package, duringInlining bool) {
79	// Instantiated generic function: add to Decls for typechecking
80	// and compilation.
81	if fn.OClosure == nil && len(pri.dict.targs) != 0 {
82	- if duringInlining {
83	+ // cmd/link does not support a type symbol referencing a method symbol
84	+ // across DSO boundary, so force re-compiling methods on a generic type
85	+ // even it was seen from imported package in linkshared mode, see #58966.
86	+ canSkipNonGenericMethod := !(base.Ctxt.Flag_linkshared && ir.IsMethod(fn))
87	+ if duringInlining && canSkipNonGenericMethod {
88	inlDecls = append(inlDecls, fn)
89	} else {
90	target.Decls = append(target.Decls, fn)


diff --git a/meta/recipes-devtools/go/go/CVE-2023-24532.patch b/meta/recipes-devtools/go/go/CVE-2023-24532.patch deleted file mode 100644 index 22f080dbd4..0000000000 --- a/meta/recipes-devtools/go/go/CVE-2023-24532.patch +++ /dev/null
@@ -1,208 +0,0 @@
1	From 602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 Mon Sep 17 00:00:00 2001
2	From: Filippo Valsorda <filippo@golang.org>
3	Date: Mon, 13 Feb 2023 15:16:27 +0100
4	Subject: [PATCH] [release-branch.go1.20] crypto/internal/nistec: reduce P-256
5	scalar
6
7	Unlike the rest of nistec, the P-256 assembly doesn't use complete
8	addition formulas, meaning that p256PointAdd[Affine]Asm won't return the
9	correct value if the two inputs are equal.
10
11	This was (undocumentedly) ignored in the scalar multiplication loops
12	because as long as the input point is not the identity and the scalar is
13	lower than the order of the group, the addition inputs can't be the same.
14
15	As part of the math/big rewrite, we went however from always reducing
16	the scalar to only checking its length, under the incorrect assumption
17	that the scalar multiplication loop didn't require reduction.
18
19	Added a reduction, and while at it added it in P256OrdInverse, too, to
20	enforce a universal reduction invariant on p256OrdElement values.
21
22	Note that if the input point is the infinity, the code currently still
23	relies on undefined behavior, but that's easily tested to behave
24	acceptably, and will be addressed in a future CL.
25
26	Updates #58647
27	Fixes #58720
28	Fixes CVE-2023-24532
29
30	(Filed with the "safe APIs like complete addition formulas are good" dept.)
31
32	Change-Id: I7b2c75238440e6852be2710fad66ff1fdc4e2b24
33	Reviewed-on: https://go-review.googlesource.com/c/go/+/471255
34	TryBot-Result: Gopher Robot <gobot@golang.org>
35	Reviewed-by: Roland Shoemaker <roland@golang.org>
36	Run-TryBot: Filippo Valsorda <filippo@golang.org>
37	Auto-Submit: Filippo Valsorda <filippo@golang.org>
38	Reviewed-by: Damien Neil <dneil@google.com>
39	(cherry picked from commit 203e59ad41bd288e1d92b6f617c2f55e70d3c8e3)
40	Reviewed-on: https://go-review.googlesource.com/c/go/+/471695
41	Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
42	Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
43	Reviewed-by: Filippo Valsorda <filippo@golang.org>
44	Run-TryBot: Roland Shoemaker <roland@golang.org>
45
46	CVE: CVE-2023-24532
47	Upstream-Status: Backport [602eeaab387f24a4b28c5eccbb50fa934f3bc3c4]
48	Signed-off-by: Ross Burton <ross.burton@arm.com>
49
50	---
51	src/crypto/internal/nistec/nistec_test.go \| 81 +++++++++++++++++++++++
52	src/crypto/internal/nistec/p256_asm.go \| 17 +++++
53	src/crypto/internal/nistec/p256_ordinv.go \| 1 +
54	3 files changed, 99 insertions(+)
55
56	diff --git a/src/crypto/internal/nistec/nistec_test.go b/src/crypto/internal/nistec/nistec_test.go
57	index 309f68be16a9f..9103608c18a0f 100644
58	--- a/src/crypto/internal/nistec/nistec_test.go
59	+++ b/src/crypto/internal/nistec/nistec_test.go
60	@@ -8,6 +8,7 @@ import (
61	"bytes"
62	"crypto/elliptic"
63	"crypto/internal/nistec"
64	+ "fmt"
65	"internal/testenv"
66	"math/big"
67	"math/rand"
68	@@ -165,6 +166,86 @@ func testEquivalents[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic
69	}
70	}
71
72	+func TestScalarMult(t *testing.T) {
73	+ t.Run("P224", func(t *testing.T) {
74	+ testScalarMult(t, nistec.NewP224Point, elliptic.P224())
75	+ })
76	+ t.Run("P256", func(t *testing.T) {
77	+ testScalarMult(t, nistec.NewP256Point, elliptic.P256())
78	+ })
79	+ t.Run("P384", func(t *testing.T) {
80	+ testScalarMult(t, nistec.NewP384Point, elliptic.P384())
81	+ })
82	+ t.Run("P521", func(t *testing.T) {
83	+ testScalarMult(t, nistec.NewP521Point, elliptic.P521())
84	+ })
85	+}
86	+
87	+func testScalarMult[P nistPoint[P]](t *testing.T, newPoint func() P, c elliptic.Curve) {
88	+ G := newPoint().SetGenerator()
89	+ checkScalar := func(t *testing.T, scalar []byte) {
90	+ p1, err := newPoint().ScalarBaseMult(scalar)
91	+ fatalIfErr(t, err)
92	+ p2, err := newPoint().ScalarMult(G, scalar)
93	+ fatalIfErr(t, err)
94	+ if !bytes.Equal(p1.Bytes(), p2.Bytes()) {
95	+ t.Error("[k]G != ScalarBaseMult(k)")
96	+ }
97	+
98	+ d := new(big.Int).SetBytes(scalar)
99	+ d.Sub(c.Params().N, d)
100	+ d.Mod(d, c.Params().N)
101	+ g1, err := newPoint().ScalarBaseMult(d.FillBytes(make([]byte, len(scalar))))
102	+ fatalIfErr(t, err)
103	+ g1.Add(g1, p1)
104	+ if !bytes.Equal(g1.Bytes(), newPoint().Bytes()) {
105	+ t.Error("[N - k]G + [k]G != ∞")
106	+ }
107	+ }
108	+
109	+ byteLen := len(c.Params().N.Bytes())
110	+ bitLen := c.Params().N.BitLen()
111	+ t.Run("0", func(t *testing.T) { checkScalar(t, make([]byte, byteLen)) })
112	+ t.Run("1", func(t *testing.T) {
113	+ checkScalar(t, big.NewInt(1).FillBytes(make([]byte, byteLen)))
114	+ })
115	+ t.Run("N-1", func(t *testing.T) {
116	+ checkScalar(t, new(big.Int).Sub(c.Params().N, big.NewInt(1)).Bytes())
117	+ })
118	+ t.Run("N", func(t *testing.T) { checkScalar(t, c.Params().N.Bytes()) })
119	+ t.Run("N+1", func(t *testing.T) {
120	+ checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(1)).Bytes())
121	+ })
122	+ t.Run("all1s", func(t *testing.T) {
123	+ s := new(big.Int).Lsh(big.NewInt(1), uint(bitLen))
124	+ s.Sub(s, big.NewInt(1))
125	+ checkScalar(t, s.Bytes())
126	+ })
127	+ if testing.Short() {
128	+ return
129	+ }
130	+ for i := 0; i < bitLen; i++ {
131	+ t.Run(fmt.Sprintf("1<<%d", i), func(t *testing.T) {
132	+ s := new(big.Int).Lsh(big.NewInt(1), uint(i))
133	+ checkScalar(t, s.FillBytes(make([]byte, byteLen)))
134	+ })
135	+ }
136	+ // Test N+1...N+32 since they risk overlapping with precomputed table values
137	+ // in the final additions.
138	+ for i := int64(2); i <= 32; i++ {
139	+ t.Run(fmt.Sprintf("N+%d", i), func(t *testing.T) {
140	+ checkScalar(t, new(big.Int).Add(c.Params().N, big.NewInt(i)).Bytes())
141	+ })
142	+ }
143	+}
144	+
145	+func fatalIfErr(t *testing.T, err error) {
146	+ t.Helper()
147	+ if err != nil {
148	+ t.Fatal(err)
149	+ }
150	+}
151	+
152	func BenchmarkScalarMult(b *testing.B) {
153	b.Run("P224", func(b *testing.B) {
154	benchmarkScalarMult(b, nistec.NewP224Point().SetGenerator(), 28)
155	diff --git a/src/crypto/internal/nistec/p256_asm.go b/src/crypto/internal/nistec/p256_asm.go
156	index 6ea161eb49953..99a22b833f028 100644
157	--- a/src/crypto/internal/nistec/p256_asm.go
158	+++ b/src/crypto/internal/nistec/p256_asm.go
159	@@ -364,6 +364,21 @@ func p256PointDoubleAsm(res, in *P256Point)
160	// Montgomery domain (with R 2²⁵⁶) as four uint64 limbs in little-endian order.
161	type p256OrdElement [4]uint64
162
163	+// p256OrdReduce ensures s is in the range [0, ord(G)-1].
164	+func p256OrdReduce(s *p256OrdElement) {
165	+ // Since 2 * ord(G) > 2²⁵⁶, we can just conditionally subtract ord(G),
166	+ // keeping the result if it doesn't underflow.
167	+ t0, b := bits.Sub64(s[0], 0xf3b9cac2fc632551, 0)
168	+ t1, b := bits.Sub64(s[1], 0xbce6faada7179e84, b)
169	+ t2, b := bits.Sub64(s[2], 0xffffffffffffffff, b)
170	+ t3, b := bits.Sub64(s[3], 0xffffffff00000000, b)
171	+ tMask := b - 1 // zero if subtraction underflowed
172	+ s[0] ^= (t0 ^ s[0]) & tMask
173	+ s[1] ^= (t1 ^ s[1]) & tMask
174	+ s[2] ^= (t2 ^ s[2]) & tMask
175	+ s[3] ^= (t3 ^ s[3]) & tMask
176	+}
177	+
178	// Add sets q = p1 + p2, and returns q. The points may overlap.
179	func (q P256Point) Add(r1, r2 P256Point) *P256Point {
180	var sum, double P256Point
181	@@ -393,6 +408,7 @@ func (r P256Point) ScalarBaseMult(scalar []byte) (P256Point, error) {
182	}
183	scalarReversed := new(p256OrdElement)
184	p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
185	+ p256OrdReduce(scalarReversed)
186
187	r.p256BaseMult(scalarReversed)
188	return r, nil
189	@@ -407,6 +423,7 @@ func (r P256Point) ScalarMult(q P256Point, scalar []byte) (*P256Point, error)
190	}
191	scalarReversed := new(p256OrdElement)
192	p256OrdBigToLittle(scalarReversed, (*[32]byte)(scalar))
193	+ p256OrdReduce(scalarReversed)
194
195	r.Set(q).p256ScalarMult(scalarReversed)
196	return r, nil
197	diff --git a/src/crypto/internal/nistec/p256_ordinv.go b/src/crypto/internal/nistec/p256_ordinv.go
198	index 86a7a230bdce8..1274fb7fd3f5c 100644
199	--- a/src/crypto/internal/nistec/p256_ordinv.go
200	+++ b/src/crypto/internal/nistec/p256_ordinv.go
201	@@ -25,6 +25,7 @@ func P256OrdInverse(k []byte) ([]byte, error) {
202
203	x := new(p256OrdElement)
204	p256OrdBigToLittle(x, (*[32]byte)(k))
205	+ p256OrdReduce(x)
206
207	// Inversion is implemented as exponentiation by n - 2, per Fermat's little theorem.
208	//


diff --git a/meta/recipes-devtools/go/go/CVE-2023-24537.patch b/meta/recipes-devtools/go/go/CVE-2023-24537.patch deleted file mode 100644 index 6b5dc2c8d9..0000000000 --- a/meta/recipes-devtools/go/go/CVE-2023-24537.patch +++ /dev/null
@@ -1,89 +0,0 @@
1	From 110e4fb1c2e3a21631704bbfaf672230b9ba2492 Mon Sep 17 00:00:00 2001
2	From: Damien Neil <dneil@google.com>
3	Date: Wed, 22 Mar 2023 09:33:22 -0700
4	Subject: [PATCH] go/scanner: reject large line and column numbers in //line
5	directives
6
7	Setting a large line or column number using a //line directive can cause
8	integer overflow even in small source files.
9
10	Limit line and column numbers in //line directives to 2^30-1, which
11	is small enough to avoid int32 overflow on all reasonbly-sized files.
12
13	For #59180
14	Fixes CVE-2023-24537
15
16	Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456
17	Reviewed-by: Julie Qiu <julieqiu@google.com>
18	Reviewed-by: Roland Shoemaker <bracewell@google.com>
19	Run-TryBot: Damien Neil <dneil@google.com>
20	Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14
21	Reviewed-on: https://go-review.googlesource.com/c/go/+/482078
22	Reviewed-by: Matthew Dempsky <mdempsky@google.com>
23	TryBot-Bypass: Michael Knyszek <mknyszek@google.com>
24	Run-TryBot: Michael Knyszek <mknyszek@google.com>
25	Auto-Submit: Michael Knyszek <mknyszek@google.com>
26
27	CVE: CVE-2023-24537
28	Upstream-Status: Backport
29	Signed-off-by: Ross Burton <ross.burton@arm.com>
30	---
31	src/go/parser/parser_test.go \| 16 ++++++++++++++++
32	src/go/scanner/scanner.go \| 7 +++++--
33	2 files changed, 21 insertions(+), 2 deletions(-)
34
35	diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
36	index 153562df75068..22b11a0cc4535 100644
37	--- a/src/go/parser/parser_test.go
38	+++ b/src/go/parser/parser_test.go
39	@@ -764,3 +764,19 @@ func TestRangePos(t *testing.T) {
40	})
41	}
42	}
43	+
44	+// TestIssue59180 tests that line number overflow doesn't cause an infinite loop.
45	+func TestIssue59180(t *testing.T) {
46	+ testcases := []string{
47	+ "package p\n//line :9223372036854775806\n\n//",
48	+ "package p\n//line :1:9223372036854775806\n\n//",
49	+ "package p\n//line file:9223372036854775806\n\n//",
50	+ }
51	+
52	+ for _, src := range testcases {
53	+ _, err := ParseFile(token.NewFileSet(), "", src, ParseComments)
54	+ if err == nil {
55	+ t.Errorf("ParseFile(%s) succeeded unexpectedly", src)
56	+ }
57	+ }
58	+}
59	diff --git a/src/go/scanner/scanner.go b/src/go/scanner/scanner.go
60	index 16958d22ce299..0cd9f5901d0bb 100644
61	--- a/src/go/scanner/scanner.go
62	+++ b/src/go/scanner/scanner.go
63	@@ -253,13 +253,16 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
64	return
65	}
66
67	+ // Put a cap on the maximum size of line and column numbers.
68	+ // 30 bits allows for some additional space before wrapping an int32.
69	+ const maxLineCol = 1<<30 - 1
70	var line, col int
71	i2, n2, ok2 := trailingDigits(text[:i-1])
72	if ok2 {
73	//line filename:line:col
74	i, i2 = i2, i
75	line, col = n2, n
76	- if col == 0 {
77	+ if col == 0 \|\| col > maxLineCol {
78	s.error(offs+i2, "invalid column number: "+string(text[i2:]))
79	return
80	}
81	@@ -269,7 +272,7 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) {
82	line = n
83	}
84
85	- if line == 0 {
86	+ if line == 0 \|\| line > maxLineCol {
87	s.error(offs+i, "invalid line number: "+string(text[i:]))
88	return
89	}


diff --git a/meta/recipes-devtools/go/go_1.20.1.bb b/meta/recipes-devtools/go/go_1.20.4.bb index 587ee55944..587ee55944 100644 --- a/meta/recipes-devtools/go/go_1.20.1.bb +++ b/meta/recipes-devtools/go/go_1.20.4.bb