[kirkstone,14/16] go: Fix issue in DNS resolver

Message ID	8c8b01e84844a7e721c668d5ffbc7161e67f0862.1700620126.git.steve@sakoman.com
State	New, archived
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/16] go: Fix issue in DNS resolver Date: Tue, 21 Nov 2023 16:31:11 -1000 Message-Id: <8c8b01e84844a7e721c668d5ffbc7161e67f0862.1700620126.git.steve@sakoman.com> In-Reply-To: <cover.1700620126.git.steve@sakoman.com> References: <cover.1700620126.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 \| expand [kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 [kirkstone,02/16] grub: fix CVE-2023-4692 [kirkstone,03/16] qemu 6.2.0: Fix CVE-2023-1544 [kirkstone,04/16] avahi: fix CVE-2023-38471 [kirkstone,05/16] avahi: fix CVE-2023-38470 [kirkstone,06/16] avahi: fix CVE-2023-38469 [kirkstone,07/16] avahi: fix CVE-2023-38472 [kirkstone,08/16] avahi: fix CVE-2023-38473 [kirkstone,09/16] binutils: Fix CVE-2022-47007 [kirkstone,10/16] binutils: Fix CVE-2022-48064 [kirkstone,11/16] ghostscript: ignore GhostPCL CVE-2023-38560 [kirkstone,12/16] go: ignore CVE-2023-45283 and CVE-2023-45284 [kirkstone,13/16] sudo: upgrade 1.9.13p3 -> 1.9.15p2 [kirkstone,14/16] go: Fix issue in DNS resolver [kirkstone,15/16] goarch: Move Go architecture mapping to a library [kirkstone,16/16] libxcrypt: fixed some build error for nativesdk with mingw

Message ID

8c8b01e84844a7e721c668d5ffbc7161e67f0862.1700620126.git.steve@sakoman.com

State

New, archived

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 14/16] go: Fix issue in DNS resolver
Date: Tue, 21 Nov 2023 16:31:11 -1000
Message-Id: 
 <8c8b01e84844a7e721c668d5ffbc7161e67f0862.1700620126.git.steve@sakoman.com>
In-Reply-To: <cover.1700620126.git.steve@sakoman.com>
References: <cover.1700620126.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 | expand

Commit Message

Steve Sakoman Nov. 22, 2023, 2:31 a.m. UTC

From: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>

This change adds a patch that is a partial backport of an upstream
commit[1].

It fixes a bug in go's DNS resolver that was causing a docker issue
where the first "docker pull" always fails after system boot if docker
daemon is started before networking is completely up.

[1] https://github.com/golang/go/commit/d52883f443e1d564b0300acdd382af1769bf0477

Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/go/go-1.17.13.inc       |  1 +
 ...Fix-issue-with-DNS-not-being-updated.patch | 51 +++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index a0974629fb..330f571d22 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -16,6 +16,7 @@  SRC_URI += "\
     file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \
     file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
     file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
+    file://0010-net-Fix-issue-with-DNS-not-being-updated.patch  \
     file://CVE-2022-27664.patch \
     file://0001-net-http-httputil-avoid-query-parameter-smuggling.patch \
     file://CVE-2022-41715.patch \
diff --git a/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch b/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
new file mode 100644
index 0000000000..6ead518843
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.20/0010-net-Fix-issue-with-DNS-not-being-updated.patch
@@ -0,0 +1,51 @@ 
+From 20176b390e28daa86b4552965cb7bd9181983c4d Mon Sep 17 00:00:00 2001
+From: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
+Date: Mon, 6 Nov 2023 20:11:19 -0600
+Subject: [PATCH] net: Fix issue with DNS not being updated
+
+When dns requests are made, go's native DNS resolver only reads
+/etc/resolv.conf if the previous request is older than 5 seconds.
+
+On first network call, an initialization code runs that is
+supposed to initialize DNS data and set lastChecked time. There is a bug
+in this code that causes /etc/resolv.conf to not be read during
+initialization and the DNS data from program startup ends up being used
+until the next 5 seconds. This means that if /etc/resolv.conf changed
+between program startup and the first network call, old DNS data is
+still used until the next 5 seconds.
+
+This causes "docker pull" to fail the first time if docker daemon is
+started before networking is up.
+
+Upstream commit d52883f443e1d564b0300acdd382af1769bf0477 made lot of
+improvements to DNS resolver to fix some issues which also fixes this
+issue.
+This patch picks the relevant changes from it to fix this particular
+issue.
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/d52883f443e1d564b0300acdd382af1769bf0477]
+
+Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
+---
+ src/net/dnsclient_unix.go | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/net/dnsclient_unix.go b/src/net/dnsclient_unix.go
+index 6dfd4af..520ffe6 100644
+--- a/src/net/dnsclient_unix.go
++++ b/src/net/dnsclient_unix.go
+@@ -337,10 +337,7 @@ var resolvConf resolverConfig
+ func (conf *resolverConfig) init() {
+ 	// Set dnsConfig and lastChecked so we don't parse
+ 	// resolv.conf twice the first time.
+-	conf.dnsConfig = systemConf().resolv
+-	if conf.dnsConfig == nil {
+-		conf.dnsConfig = dnsReadConfig("/etc/resolv.conf")
+-	}
++	conf.dnsConfig = dnsReadConfig("/etc/resolv.conf")
+ 	conf.lastChecked = time.Now()
+ 
+ 	// Prepare ch so that only one update of resolverConfig may
+-- 
+2.34.1
+

[kirkstone,14/16] go: Fix issue in DNS resolver

Commit Message

Patch