From b50b95935bf43e7b047e07314a6a2388017b408b Mon Sep 17 00:00:00 2001
From: dayshappy <zhangzhihui@xfusion.com>
Date: Mon, 17 Apr 2023 10:38:31 +0800
Subject: [PATCH] [Backport]update go to go1.19.8

reference:https://github.com/moby/moby/commit/a09b3e9cf9de906438a6300760754fcb087f166a

Signed-off-by: dayshappy <zhangzhihui@xfusion.com>
---
 apply-patches                                 |   2 +-
 moby.spec                                     |   5 +-
 patch/README.md                               |   1 -
 ...0001-moby20.10-update-go-to-go1.19.8.patch | 165 ++++++++++++++++++
 series.conf                                   |   1 +
 5 files changed, 171 insertions(+), 3 deletions(-)
 delete mode 100644 patch/README.md
 create mode 100644 patch/backport-0001-moby20.10-update-go-to-go1.19.8.patch

diff --git a/apply-patches b/apply-patches
index 325c2c0..5c809c5 100644
--- a/apply-patches
+++ b/apply-patches
@@ -23,7 +23,7 @@ git commit -m "init build"
 cd $cwd
 
 series=$cwd/series.conf
-while IPF=read -r line
+while IPF= read -r line
 do
   if [[ "$line" =~ ^patch* ]];then
     echo git apply $cwd/$line
diff --git a/moby.spec b/moby.spec
index d1b95bd..6568ff6 100644
--- a/moby.spec
+++ b/moby.spec
@@ -7,7 +7,7 @@
 
 Name: 	  docker 
 Version:  20.10.24
-Release:  1
+Release:  2
 Summary:  The open-source application container engine
 License:  ASL 2.0
 URL:	  https://www.docker.com
@@ -210,6 +210,9 @@ fi
 %systemd_postun_with_restart docker.service
 
 %changelog
+* Mon Apr 17 2023 dayshappy<zhangzhihui@xfusion.com> - 20.10.24-2
+- DESC: sync upstream patch to update go1.19.8
+
 * Mon Apr 10 2023 xulei<xulei@xfusion.com> - 20.10.24-1
 - DESC: update to 20.10.24
 
diff --git a/patch/README.md b/patch/README.md
deleted file mode 100644
index dbd56a0..0000000
--- a/patch/README.md
+++ /dev/null
@@ -1 +0,0 @@
-This directory is used to apply patches for the project
diff --git a/patch/backport-0001-moby20.10-update-go-to-go1.19.8.patch b/patch/backport-0001-moby20.10-update-go-to-go1.19.8.patch
new file mode 100644
index 0000000..d8c9407
--- /dev/null
+++ b/patch/backport-0001-moby20.10-update-go-to-go1.19.8.patch
@@ -0,0 +1,165 @@
+From a09b3e9cf9de906438a6300760754fcb087f166a Mon Sep 17 00:00:00 2001
+From: Sebastiaan van Stijn <github@gone.nl>
+Date: Wed, 5 Apr 2023 15:55:35 +0200
+Subject: [PATCH] [20.10] update go to go1.19.8
+
+go1.19.8 (released 2023-04-04) includes security fixes to the go/parser,
+html/template, mime/multipart, net/http, and net/textproto packages, as well as
+bug fixes to the linker, the runtime, and the time package. See the Go 1.19.8
+milestone on our issue tracker for details:
+
+https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved
+
+full diff: https://github.com/golang/go/compare/go1.19.7...go1.19.8
+
+Further details from the announcement on the mailing list:
+
+We have just released Go versions 1.20.3 and 1.19.8, minor point releases.
+These minor releases include 4 security fixes following the security policy:
+
+- go/parser: infinite loop in parsing
+
+  Calling any of the Parse functions on Go source code which contains `//line`
+  directives with very large line numbers can cause an infinite loop due to
+  integer overflow.
+  Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
+  This is CVE-2023-24537 and Go issue https://go.dev/issue/59180.
+
+- html/template: backticks not treated as string delimiters
+
+  Templates did not properly consider backticks (`) as Javascript string
+  delimiters, and as such did not escape them as expected. Backticks are
+  used, since ES6, for JS template literals. If a template contained a Go
+  template action within a Javascript template literal, the contents of the
+  action could be used to terminate the literal, injecting arbitrary Javascript
+  code into the Go template.
+
+  As ES6 template literals are rather complex, and themselves can do string
+  interpolation, we've decided to simply disallow Go template actions from being
+  used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe
+  way to allow this behavior. This takes the same approach as
+  github.com/google/safehtml. Template.Parse will now return an Error when it
+  encounters templates like this, with a currently unexported ErrorCode with a
+  value of 12. This ErrorCode will be exported in the next major release.
+
+  Users who rely on this behavior can re-enable it using the GODEBUG flag
+  jstmpllitinterp=1, with the caveat that backticks will now be escaped. This
+  should be used with caution.
+
+  Thanks to Sohom Datta, Manipal Institute of Technology, for reporting this issue.
+
+  This is CVE-2023-24538 and Go issue https://go.dev/issue/59234.
+
+- net/http, net/textproto: denial of service from excessive memory allocation
+
+  HTTP and MIME header parsing could allocate large amounts of memory, even when
+  parsing small inputs.
+
+  Certain unusual patterns of input data could cause the common function used to
+  parse HTTP and MIME headers to allocate substantially more memory than
+  required to hold the parsed headers. An attacker can exploit this behavior to
+  cause an HTTP server to allocate large amounts of memory from a small request,
+  potentially leading to memory exhaustion and a denial of service.
+  Header parsing now correctly allocates only the memory required to hold parsed
+  headers.
+
+  Thanks to Jakob Ackermann (@das7pad) for discovering this issue.
+
+  This is CVE-2023-24534 and Go issue https://go.dev/issue/58975.
+
+- net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
+
+  Multipart form parsing can consume large amounts of CPU and memory when
+  processing form inputs containing very large numbers of parts. This stems from
+  several causes:
+
+  mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form
+  can consume. ReadForm could undercount the amount of memory consumed, leading
+  it to accept larger inputs than intended. Limiting total memory does not
+  account for increased pressure on the garbage collector from large numbers of
+  small allocations in forms with many parts. ReadForm could allocate a large
+  number of short-lived buffers, further increasing pressure on the garbage
+  collector. The combination of these factors can permit an attacker to cause an
+  program that parses multipart forms to consume large amounts of CPU and
+  memory, potentially resulting in a denial of service. This affects programs
+  that use mime/multipart.Reader.ReadForm, as well as form parsing in the
+  net/http package with the Request methods FormFile, FormValue,
+  ParseMultipartForm, and PostFormValue.
+
+  ReadForm now does a better job of estimating the memory consumption of parsed
+  forms, and performs many fewer short-lived allocations.
+
+  In addition, mime/multipart.Reader now imposes the following limits on the
+  size of parsed forms:
+
+  Forms parsed with ReadForm may contain no more than 1000 parts. This limit may
+  be adjusted with the environment variable GODEBUG=multipartmaxparts=. Form
+  parts parsed with NextPart and NextRawPart may contain no more than 10,000
+  header fields. In addition, forms parsed with ReadForm may contain no more
+  than 10,000 header fields across all parts. This limit may be adjusted with
+  the environment variable GODEBUG=multipartmaxheaders=.
+
+  Thanks to Jakob Ackermann for discovering this issue.
+
+  This is CVE-2023-24536 and Go issue https://go.dev/issue/59153.
+
+Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
+---
+ Dockerfile         | 2 +-
+ Dockerfile.e2e     | 2 +-
+ Dockerfile.simple  | 2 +-
+ Dockerfile.windows | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/Dockerfile b/Dockerfile
+index 2bb94b6987..17abe24c62 100644
+--- a/Dockerfile
++++ b/Dockerfile
+@@ -3,7 +3,7 @@
+ ARG CROSS="false"
+ ARG SYSTEMD="false"
+ # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
+-ARG GO_VERSION=1.19.7
++ARG GO_VERSION=1.19.8
+ ARG DEBIAN_FRONTEND=noninteractive
+ ARG VPNKIT_VERSION=0.5.0
+ ARG DOCKER_BUILDTAGS="apparmor seccomp"
+diff --git a/Dockerfile.e2e b/Dockerfile.e2e
+index 6007ddee18..1d70ccee87 100644
+--- a/Dockerfile.e2e
++++ b/Dockerfile.e2e
+@@ -1,4 +1,4 @@
+-ARG GO_VERSION=1.19.7
++ARG GO_VERSION=1.19.8
+ 
+ FROM golang:${GO_VERSION}-alpine AS base
+ ENV GO111MODULE=off
+diff --git a/Dockerfile.simple b/Dockerfile.simple
+index dc9850d77a..d0a6e36779 100644
+--- a/Dockerfile.simple
++++ b/Dockerfile.simple
+@@ -5,7 +5,7 @@
+ 
+ # This represents the bare minimum required to build and test Docker.
+ 
+-ARG GO_VERSION=1.19.7
++ARG GO_VERSION=1.19.8
+ 
+ FROM golang:${GO_VERSION}-buster
+ ENV GO111MODULE=off
+diff --git a/Dockerfile.windows b/Dockerfile.windows
+index 755949126f..259318be22 100644
+--- a/Dockerfile.windows
++++ b/Dockerfile.windows
+@@ -165,7 +165,7 @@ FROM microsoft/windowsservercore
+ # Use PowerShell as the default shell
+ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
+ 
+-ARG GO_VERSION=1.19.7
++ARG GO_VERSION=1.19.8
+ ARG GOTESTSUM_VERSION=v1.8.2
+ 
+ # Environment variable notes:
+-- 
+2.37.1
+
diff --git a/series.conf b/series.conf
index e69de29..b658425 100644
--- a/series.conf
+++ b/series.conf
@@ -0,0 +1 @@
+patch/backport-0001-moby20.10-update-go-to-go1.19.8.patch
-- 
Gitee