From d5cb7cdeae32f071dfa243c2a34925a23dd50679 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 1 Aug 2023 23:46:01 +0200
Subject: [PATCH] update to go1.20.7

Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 .github/workflows/.windows.yml             | 2 +-
 .github/workflows/buildkit.yml             | 2 +-
 .github/workflows/test.yml                 | 2 +-
 Dockerfile                                 | 2 +-
 Dockerfile.simple                          | 2 +-
 Dockerfile.windows                         | 2 +-
 hack/dockerfiles/generate-files.Dockerfile | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml
index 66812324a817df833f5c3d6722c6cfb180b04607..5e8736e34de9b2f25eee53153320456576eb85bc 100644
--- a/.github/workflows/.windows.yml
+++ b/.github/workflows/.windows.yml
@@ -15,7 +15,7 @@ on:
         default: false
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.3
   WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml
index 7de6e0c22f941e2a7812950fd7836d92d2c7dd2e..95910dbf3c9e249065faba1c6ab2f1967cef4d11 100644
--- a/.github/workflows/buildkit.yml
+++ b/.github/workflows/buildkit.yml
@@ -13,7 +13,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   DESTDIR: ./build
 
 jobs:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index db57e182a306b00dee394737919eeaae24aaac02..9cf3d43352916ae4aede3d5b08eb02cad8ff91cf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: "1.20.6"
+  GO_VERSION: "1.20.7"
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.3
   ITG_CLI_MATRIX_SIZE: 6
diff --git a/Dockerfile b/Dockerfile
index 9cd776966d7033c14819aee0f0a1a60ef780f82c..a18413ff330f0a65f17d431374ea3568835e85ba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
 ARG XX_VERSION=1.2.1
diff --git a/Dockerfile.simple b/Dockerfile.simple
index 8605aa3fcd0c742483615b2358e15c23a7c8d2d3..91d2eaf04d068e27192a4006eda99c03f7da2107 100644
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -5,7 +5,7 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
diff --git a/Dockerfile.windows b/Dockerfile.windows
index e98f714e16c7577d2f856a0c3148e735fd550a9c..d3783a9331bf76281e511f018ea36f06ca3292ac 100644
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -165,7 +165,7 @@ FROM microsoft/windowsservercore
 # Use PowerShell as the default shell
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG GOTESTSUM_VERSION=v1.8.2
 ARG GOWINRES_VERSION=v0.3.0
 ARG CONTAINERD_VERSION=v1.7.3
diff --git a/hack/dockerfiles/generate-files.Dockerfile b/hack/dockerfiles/generate-files.Dockerfile
index c7d27f60f8781ee9e8a40863f60714c33e7b03fa..ce34b39fa391f298fc74e82dd88a5d34a198b499 100644
--- a/hack/dockerfiles/generate-files.Dockerfile
+++ b/hack/dockerfiles/generate-files.Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.20.6
+ARG GO_VERSION=1.20.7
 ARG BASE_DEBIAN_DISTRO="bullseye"
 ARG PROTOC_VERSION=3.11.4