From 772a27056bc07fe29a3b52d3545018da4bfe4136 Mon Sep 17 00:00:00 2001
From: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Date: Wed, 19 Jul 2023 11:38:10 -0400
Subject: [PATCH] Update Go version to 1.20.6

This resolves [CVE-2023-29406]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the
`net/http` standard library.

Note that until the follow-up to #18124 is done, the version of Go used
in those impacted tests will need to remain on 1.20.5.

Manual backport of 93f3209a69b0db8446c08add6521b2409f86c476.
---
 .changelog/18190.txt                     |  5 ++
 .github/workflows/build.yml              | 71 ++++++++++++++++++++----
 build-support/docker/Build-Go.dockerfile |  2 +-
 3 files changed, 67 insertions(+), 11 deletions(-)
 create mode 100644 .changelog/18190.txt

diff --git a/.changelog/18190.txt b/.changelog/18190.txt
new file mode 100644
index 0000000000000..3468442e2161b
--- /dev/null
+++ b/.changelog/18190.txt
@@ -0,0 +1,5 @@
+```release-note:security
+Upgrade to use Go 1.20.6.
+This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`) for uses of the standard library. 
+A separate change updates dependencies on `golang.org/x/net` to use `0.12.0`.
+```
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5c410838fd7c7..7cfaca7cb2c06 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -80,15 +80,15 @@ jobs:
     strategy:
       matrix:
         include:
-          - {go: "1.20.4", goos: "linux", goarch: "386"}
-          - {go: "1.20.4", goos: "linux", goarch: "amd64"}
-          - {go: "1.20.4", goos: "linux", goarch: "arm"}
-          - {go: "1.20.4", goos: "linux", goarch: "arm64"}
-          - {go: "1.20.4", goos: "freebsd", goarch: "386"}
-          - {go: "1.20.4", goos: "freebsd", goarch: "amd64"}
-          - {go: "1.20.4", goos: "windows", goarch: "386"}
-          - {go: "1.20.4", goos: "windows", goarch: "amd64"}
-          - {go: "1.20.4", goos: "solaris", goarch: "amd64"}
+          - {go: "1.20.6", goos: "linux", goarch: "386"}
+          - {go: "1.20.6", goos: "linux", goarch: "amd64"}
+          - {go: "1.20.6", goos: "linux", goarch: "arm"}
+          - {go: "1.20.6", goos: "linux", goarch: "arm64"}
+          - {go: "1.20.6", goos: "freebsd", goarch: "386"}
+          - {go: "1.20.6", goos: "freebsd", goarch: "amd64"}
+          - {go: "1.20.6", goos: "windows", goarch: "386"}
+          - {go: "1.20.6", goos: "windows", goarch: "amd64"}
+          - {go: "1.20.6", goos: "solaris", goarch: "amd64"}
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
@@ -170,6 +170,57 @@ jobs:
           name: ${{ env.DEB_PACKAGE }}
           path: out/${{ env.DEB_PACKAGE }}
 
+  build-s390x:
+    needs: set-product-version
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - {go: "1.20.6", goos: "linux", goarch: "s390x"}
+      fail-fast: true
+
+    name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Setup with node and yarn
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: '14'
+          cache: 'yarn'
+          cache-dependency-path: 'ui/yarn.lock'
+
+      - name: Build UI
+        run: |
+          CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
+          CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
+          CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
+          CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
+          echo "consul_version is ${CONSUL_VERSION}"
+          echo "consul_date is ${CONSUL_DATE}"
+          echo "consul binary type is ${CONSUL_BINARY_TYPE}"
+          echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
+          cd ui && make && cd ..
+          rm -rf agent/uiserver/dist
+          mv ui/packages/consul-ui/dist agent/uiserver/
+      - name: Go Build
+        env:
+          PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
+          PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
+          CGO_ENABLED: "0"
+          GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
+        uses: hashicorp/actions-go-build@v0.1.7
+        with:
+          product_name: ${{ env.PKG_NAME }}
+          product_version: ${{ needs.set-product-version.outputs.product-version }}
+          go_version: ${{ matrix.go }}
+          os: ${{ matrix.goos }}
+          arch: ${{ matrix.goarch }}
+          reproducible: report
+          instructions: |-
+            go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
+
   build-darwin:
     needs: set-product-version
     runs-on: macos-latest
@@ -177,7 +228,7 @@ jobs:
       matrix:
         goos: [ darwin ]
         goarch: [ "amd64", "arm64" ]
-        go: [ "1.20.4" ]
+        go: [ "1.20.6" ]
       fail-fast: true
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile
index 8ab8e8cb9a994..5f0732cf252ee 100644
--- a/build-support/docker/Build-Go.dockerfile
+++ b/build-support/docker/Build-Go.dockerfile
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-ARG GOLANG_VERSION=1.20.4
+ARG GOLANG_VERSION=1.20.6
 FROM golang:${GOLANG_VERSION}
 
 WORKDIR /consul