From abcf5dd83b4c1dcbcf0198e500d03abd82c04fbe Mon Sep 17 00:00:00 2001
From: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Date: Thu, 24 Oct 2024 05:28:51 +0000
Subject: [PATCH 1/4] Upgrade msft-golang to 1.22.8 To fix CVE-2022-41717

---
 SPECS/msft-golang/msft-golang.signatures.json | 14 +++++++-------
 SPECS/msft-golang/msft-golang.spec            |  5 ++++-
 cgmanifest.json                               |  4 ++--
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/SPECS/msft-golang/msft-golang.signatures.json b/SPECS/msft-golang/msft-golang.signatures.json
index dcd94f32e1e..51ebadcc1b3 100644
--- a/SPECS/msft-golang/msft-golang.signatures.json
+++ b/SPECS/msft-golang/msft-golang.signatures.json
@@ -1,8 +1,8 @@
 {
- "Signatures": {
-  "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
-  "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
-  "go1.22.7-20240905.3.src.tar.gz": "4c2601d9fe6b4692b6bb4487751dec149c30bd76ad9383331a84971a66bdd0bc",
-  "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
- }
-}
\ No newline at end of file
+  "Signatures": {
+    "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
+    "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
+    "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52",
+    "go1.22.8-20240905.3.src.tar.gz": "0c0631e7390b92d0cfec8f3550d5a33303cfdcddc580fffeb7a5312abdeb03de"
+  }
+}
diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec
index 1c1058198b5..558e03f4311 100644
--- a/SPECS/msft-golang/msft-golang.spec
+++ b/SPECS/msft-golang/msft-golang.spec
@@ -14,7 +14,7 @@
 %define __find_requires %{nil}
 Summary:        Go
 Name:           msft-golang
-Version:        1.22.7
+Version:        1.22.8
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ fi
 %{_bindir}/*
 
 %changelog
+* Thu Oct 24 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.22.8-1
+- Auto-upgrade to 1.22.8 - To fix CVE-2022-41717
+
 * Mon Sep 09 2024 Henry Beberman <henry.beberman@microsoft.com> - 1.22.7-1
 - Bump version to 1.22.7 to address CVE-2024-34158, CVE-2024-34156, CVE-2024-34155
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 312707c0b6d..69834767f85 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13673,8 +13673,8 @@
         "type": "other",
         "other": {
           "name": "msft-golang",
-          "version": "1.22.7",
-          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.7-1/go1.22.7-20240905.3.src.tar.gz"
+          "version": "1.22.8",
+          "downloadUrl": "https://github.com/microsoft/go/archive/refs/tags/v1.22.8-1.tar.gz"
         }
       }
     },

From aa0f8c61f5a41521a3d5471921ed5072f15eb175 Mon Sep 17 00:00:00 2001
From: Balakumaran Kannan <kumaran.4353@gmail.com>
Date: Thu, 24 Oct 2024 06:50:57 +0000
Subject: [PATCH 2/4] Update source file name in the spec file

---
 SPECS/msft-golang/msft-golang.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec
index 558e03f4311..036ec3f8dd7 100644
--- a/SPECS/msft-golang/msft-golang.spec
+++ b/SPECS/msft-golang/msft-golang.spec
@@ -1,6 +1,6 @@
 %global goroot          %{_libdir}/golang
 %global gopath          %{_datadir}/gocode
-%global ms_go_filename  go1.22.7-20240905.3.src.tar.gz
+%global ms_go_filename  go1.22.8-20240905.3.src.tar.gz
 %global ms_go_revision  1
 %ifarch aarch64
 %global gohostarch      arm64

From 9e61a7e919ba6be91db199351f2763a444f65efb Mon Sep 17 00:00:00 2001
From: Balakumaran Kannan <kumaran.4353@gmail.com>
Date: Thu, 24 Oct 2024 07:04:16 +0000
Subject: [PATCH 3/4] Update the file name in %setup macro

---
 SPECS/msft-golang/msft-golang.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec
index 036ec3f8dd7..d8a622944e7 100644
--- a/SPECS/msft-golang/msft-golang.spec
+++ b/SPECS/msft-golang/msft-golang.spec
@@ -47,7 +47,7 @@ mv -v go go-bootstrap-01
 tar xf %{SOURCE3} --no-same-owner
 mv -v go go-bootstrap-02
 
-%setup -q -n go
+%setup -q -n go-%{version}-%{ms_go_revision}
 
 %build
 # go 1.4 bootstraps with C.

From 523118176865282d8204ffd926ac01ed5cecffc4 Mon Sep 17 00:00:00 2001
From: Balakumaran Kannan <kumaran.4353@gmail.com>
Date: Thu, 24 Oct 2024 16:30:46 +0000
Subject: [PATCH 4/4] Use correct go source from the upstream

---
 SPECS/msft-golang/msft-golang.signatures.json | 14 +++++++-------
 SPECS/msft-golang/msft-golang.spec            |  4 ++--
 cgmanifest.json                               |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/SPECS/msft-golang/msft-golang.signatures.json b/SPECS/msft-golang/msft-golang.signatures.json
index 51ebadcc1b3..d92ca320b25 100644
--- a/SPECS/msft-golang/msft-golang.signatures.json
+++ b/SPECS/msft-golang/msft-golang.signatures.json
@@ -1,8 +1,8 @@
 {
-  "Signatures": {
-    "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
-    "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
-    "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52",
-    "go1.22.8-20240905.3.src.tar.gz": "0c0631e7390b92d0cfec8f3550d5a33303cfdcddc580fffeb7a5312abdeb03de"
-  }
-}
+ "Signatures": {
+  "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
+  "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
+  "go1.22.8-20241001.6.src.tar.gz": "549a43643849c73ffd8579d63e2e3488428f0a4c436169abe02be01a3dbd41c8",
+  "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/msft-golang/msft-golang.spec b/SPECS/msft-golang/msft-golang.spec
index d8a622944e7..6921a3af739 100644
--- a/SPECS/msft-golang/msft-golang.spec
+++ b/SPECS/msft-golang/msft-golang.spec
@@ -1,6 +1,6 @@
 %global goroot          %{_libdir}/golang
 %global gopath          %{_datadir}/gocode
-%global ms_go_filename  go1.22.8-20240905.3.src.tar.gz
+%global ms_go_filename  go1.22.8-20241001.6.src.tar.gz
 %global ms_go_revision  1
 %ifarch aarch64
 %global gohostarch      arm64
@@ -47,7 +47,7 @@ mv -v go go-bootstrap-01
 tar xf %{SOURCE3} --no-same-owner
 mv -v go go-bootstrap-02
 
-%setup -q -n go-%{version}-%{ms_go_revision}
+%setup -q -n go
 
 %build
 # go 1.4 bootstraps with C.
diff --git a/cgmanifest.json b/cgmanifest.json
index 69834767f85..84c0bac264a 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13674,7 +13674,7 @@
         "other": {
           "name": "msft-golang",
           "version": "1.22.8",
-          "downloadUrl": "https://github.com/microsoft/go/archive/refs/tags/v1.22.8-1.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.8-1/go1.22.8-20241001.6.src.tar.gz"
         }
       }
     },