From d5cb7cdeae32f071dfa243c2a34925a23dd50679 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 1 Aug 2023 23:46:01 +0200
Subject: [PATCH] update to go1.20.7

Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 .github/workflows/.windows.yml             | 2 +-
 .github/workflows/buildkit.yml             | 2 +-
 .github/workflows/test.yml                 | 2 +-
 Dockerfile                                 | 2 +-
 Dockerfile.simple                          | 2 +-
 Dockerfile.windows                         | 2 +-
 hack/dockerfiles/generate-files.Dockerfile | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml
index 66812324a8..5e8736e34d 100644
--- a/.github/workflows/.windows.yml
+++ b/.github/workflows/.windows.yml
@@ -15,7 +15,7 @@ on:
         default: false
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.3
   WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml
index 7de6e0c22f..95910dbf3c 100644
--- a/.github/workflows/buildkit.yml
+++ b/.github/workflows/buildkit.yml
@@ -13,7 +13,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   DESTDIR: ./build
 
 jobs:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index db57e182a3..9cf3d43352 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.3
   ITG_CLI_MATRIX_SIZE: 6
diff --git a/Dockerfile b/Dockerfile
index 9cd776966d..a18413ff33 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
 ARG XX_VERSION=1.2.1
diff --git a/Dockerfile.simple b/Dockerfile.simple
index 8605aa3fcd..91d2eaf04d 100644
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -5,7 +5,7 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
diff --git a/Dockerfile.windows b/Dockerfile.windows
index e98f714e16..d3783a9331 100644
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -165,7 +165,7 @@ FROM microsoft/windowsservercore
 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG GOTESTSUM_VERSION=v1.8.2
 ARG GOWINRES_VERSION=v0.3.0
 ARG CONTAINERD_VERSION=v1.7.3
diff --git a/hack/dockerfiles/generate-files.Dockerfile b/hack/dockerfiles/generate-files.Dockerfile
index c7d27f60f8..ce34b39fa3 100644
--- a/hack/dockerfiles/generate-files.Dockerfile
+++ b/hack/dockerfiles/generate-files.Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG PROTOC_VERSION=3.11.4