diff --git a/changelog/security/2023-07-17-go-1.19.11-1.20.6.md b/changelog/security/2023-07-17-go-1.19.11-1.20.6.md new file mode 100644 index 0000000000..ddad66d27b --- /dev/null +++ b/changelog/security/2023-07-17-go-1.19.11-1.20.6.md @@ -0,0 +1 @@ +- Go ([CVE-2023-29406](https://nvd.nist.gov/vuln/detail/CVE-2023-29406)) diff --git a/changelog/updates/2023-07-17-go-1.19.11-update.md b/changelog/updates/2023-07-17-go-1.19.11-update.md new file mode 100644 index 0000000000..203ebb1024 --- /dev/null +++ b/changelog/updates/2023-07-17-go-1.19.11-update.md @@ -0,0 +1 @@ +- Go ([1.19.11](https://go.dev/doc/devel/release#go1.19.11)) diff --git a/changelog/updates/2023-07-17-go-1.20.6-update.md b/changelog/updates/2023-07-17-go-1.20.6-update.md new file mode 100644 index 0000000000..e62dc9aba8 --- /dev/null +++ b/changelog/updates/2023-07-17-go-1.20.6-update.md @@ -0,0 +1 @@ +- Go ([1.20.6](https://go.dev/doc/devel/release#go1.20.6)) diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24-r1.ebuild similarity index 90% rename from sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24-r1.ebuild index 27e4a3545c..e5181c72ea 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/docker-cli-20.10.24-r1.ebuild @@ -26,6 +26,11 @@ RESTRICT="installsources strip" S="${WORKDIR}/${P}/src/${EGO_PN}" +# Flatcar: fix invalid headers issue when building with Go 1.19.11+. +PATCHES=( + "${FILESDIR}/0001-20.10-vendor-docker-v20.10.25-45-g0d4b9ed98b-v20.10..patch" +) + src_prepare() { default sed -i 's@dockerd\?\.exe@@g' contrib/completion/bash/docker || die @@ -47,8 +52,6 @@ src_compile() { VERSION="${PV}" \ GITCOMMIT="${GIT_COMMIT}" \ dynbinary - - # Flatcar: removed man page generation since they are not included in images } src_install() { diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/files/0001-20.10-vendor-docker-v20.10.25-45-g0d4b9ed98b-v20.10..patch b/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/files/0001-20.10-vendor-docker-v20.10.25-45-g0d4b9ed98b-v20.10..patch new file mode 100644 index 0000000000..d35abf1783 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-containers/docker-cli/files/0001-20.10-vendor-docker-v20.10.25-45-g0d4b9ed98b-v20.10..patch @@ -0,0 +1,104 @@ +From 5d4e44df90bb913f30a1f0215f9715cb60e17d75 Mon Sep 17 00:00:00 2001 +Message-Id: <5d4e44df90bb913f30a1f0215f9715cb60e17d75.1689769748.git.dpark@linux.microsoft.com> +From: Sebastiaan van Stijn +Date: Mon, 17 Jul 2023 16:48:27 +0200 +Subject: [PATCH] [20.10] vendor: docker v20.10.25-45-g0d4b9ed98b + (v20.10.26-dev) + +full diff: https://github.com/docker/docker/compare/v20.10.25...0d4b9ed98be2aecf27e8dd014bef7bad0be15457 + +Signed-off-by: Sebastiaan van Stijn +--- + .../github.com/docker/docker/client/client.go | 30 +++++++++++++++++++ + .../github.com/docker/docker/client/hijack.go | 6 +++- + .../docker/docker/client/request.go | 14 ++++----- + vendor/github.com/docker/docker/vendor.conf | 2 +- + 5 files changed, 43 insertions(+), 11 deletions(-) + +diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go +index 0d3614d5..d0ce09ae 100644 +--- a/vendor/github.com/docker/docker/client/client.go ++++ b/vendor/github.com/docker/docker/client/client.go +@@ -56,6 +56,36 @@ import ( + "github.com/pkg/errors" + ) + ++// DummyHost is a hostname used for local communication. ++// ++// It acts as a valid formatted hostname for local connections (such as "unix://" ++// or "npipe://") which do not require a hostname. It should never be resolved, ++// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2] ++// and [RFC 6761, Section 6.3]). ++// ++// [RFC 7230, Section 5.4] defines that an empty header must be used for such ++// cases: ++// ++// If the authority component is missing or undefined for the target URI, ++// then a client MUST send a Host header field with an empty field-value. ++// ++// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not ++// allow an empty header to be used, and requires req.URL.Scheme to be either ++// "http" or "https". ++// ++// For further details, refer to: ++// ++// - https://github.com/docker/engine-api/issues/189 ++// - https://github.com/golang/go/issues/13624 ++// - https://github.com/golang/go/issues/61076 ++// - https://github.com/moby/moby/issues/45935 ++// ++// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2 ++// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3 ++// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 ++// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569 ++const DummyHost = "api.moby.localhost" ++ + // ErrRedirect is the error returned by checkRedirect when the request is non-GET. + var ErrRedirect = errors.New("unexpected redirect in response") + +diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go +index e1dc49ef..b8fac0be 100644 +--- a/vendor/github.com/docker/docker/client/hijack.go ++++ b/vendor/github.com/docker/docker/client/hijack.go +@@ -62,7 +62,11 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) { + } + + func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, error) { +- req.Host = cli.addr ++ req.URL.Host = cli.addr ++ if cli.proto == "unix" || cli.proto == "npipe" { ++ // Override host header for non-tcp connections. ++ req.Host = DummyHost ++ } + req.Header.Set("Connection", "Upgrade") + req.Header.Set("Upgrade", proto) + +diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go +index d3d9a3fe..66530d4b 100644 +--- a/vendor/github.com/docker/docker/client/request.go ++++ b/vendor/github.com/docker/docker/client/request.go +@@ -88,15 +88,13 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea + return nil, err + } + req = cli.addHeaders(req, headers) +- +- if cli.proto == "unix" || cli.proto == "npipe" { +- // For local communications, it doesn't matter what the host is. We just +- // need a valid and meaningful host name. (See #189) +- req.Host = "docker" +- } +- +- req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme ++ req.URL.Host = cli.addr ++ ++ if cli.proto == "unix" || cli.proto == "npipe" { ++ // Override host header for non-tcp connections. ++ req.Host = DummyHost ++ } + + if expectedPayload && req.Header.Get("Content-Type") == "" { + req.Header.Set("Content-Type", "text/plain") +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r3.ebuild similarity index 97% rename from sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r3.ebuild index 63dc429a82..fd5dc6e762 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/docker-20.10.24-r3.ebuild @@ -72,9 +72,13 @@ RESTRICT="installsources strip test" S="${WORKDIR}/${P}/src/${EGO_PN}" -# Flatcar: Dropped outdated bug links, dropped openrc init script patch +# Flatcar: Dropped outdated bug links, dropped openrc init script patch, +# backport upstream patches for fixing invalid headers issue when building +# with Go 1.19.11+. PATCHES=( "${FILESDIR}/ppc64-buildmode.patch" + "${FILESDIR}/0001-client-define-a-dummy-hostname-to-use-for-local-conn.patch" + "${FILESDIR}/0002-pkg-plugins-use-a-dummy-hostname-for-local-connectio.patch" ) # see "contrib/check-config.sh" from upstream's sources diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0001-client-define-a-dummy-hostname-to-use-for-local-conn.patch b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0001-client-define-a-dummy-hostname-to-use-for-local-conn.patch new file mode 100644 index 0000000000..2009922b4d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0001-client-define-a-dummy-hostname-to-use-for-local-conn.patch @@ -0,0 +1,161 @@ +From 74b4974cb7e7e81e57661f93b03c94a95a15472e Mon Sep 17 00:00:00 2001 +Message-Id: <74b4974cb7e7e81e57661f93b03c94a95a15472e.1689689028.git.dpark@linux.microsoft.com> +From: Sebastiaan van Stijn +Date: Wed, 12 Jul 2023 14:15:38 +0200 +Subject: [PATCH 1/2] client: define a "dummy" hostname to use for local + connections + +For local communications (npipe://, unix://), the hostname is not used, +but we need valid and meaningful hostname. + +The current code used the client's `addr` as hostname in some cases, which +could contain the path for the unix-socket (`/var/run/docker.sock`), which +gets rejected by go1.20.6 and go1.19.11 because of a security fix for +[CVE-2023-29406 ][1], which was implemented in https://go.dev/issue/60374. + +Prior versions go Go would clean the host header, and strip slashes in the +process, but go1.20.6 and go1.19.11 no longer do, and reject the host +header. + +This patch introduces a `DummyHost` const, and uses this dummy host for +cases where we don't need an actual hostname. + +Before this patch (using go1.20.6): + + make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration + === RUN TestAttachWithTTY + attach_test.go:46: assertion failed: error is not nil: http: invalid Host header + --- FAIL: TestAttachWithTTY (0.11s) + === RUN TestAttachWithoutTTy + attach_test.go:46: assertion failed: error is not nil: http: invalid Host header + --- FAIL: TestAttachWithoutTTy (0.02s) + FAIL + +With this patch applied: + + make GO_VERSION=1.20.6 TEST_FILTER=TestAttach test-integration + INFO: Testing against a local daemon + === RUN TestAttachWithTTY + --- PASS: TestAttachWithTTY (0.12s) + === RUN TestAttachWithoutTTy + --- PASS: TestAttachWithoutTTy (0.02s) + PASS + +[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx + +Signed-off-by: Sebastiaan van Stijn +(cherry picked from commit 92975f0c11f0566cc3c36659f5e3bb9faf5cb176) +Signed-off-by: Sebastiaan van Stijn +--- + client/client.go | 30 ++++++++++++++++++++++++++++++ + client/hijack.go | 6 +++++- + client/request.go | 14 ++++++-------- + client/request_test.go | 4 ++-- + 4 files changed, 43 insertions(+), 11 deletions(-) + +diff --git a/client/client.go b/client/client.go +index 0d3614d5..d0ce09ae 100644 +--- a/client/client.go ++++ b/client/client.go +@@ -56,6 +56,36 @@ import ( + "github.com/pkg/errors" + ) + ++// DummyHost is a hostname used for local communication. ++// ++// It acts as a valid formatted hostname for local connections (such as "unix://" ++// or "npipe://") which do not require a hostname. It should never be resolved, ++// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2] ++// and [RFC 6761, Section 6.3]). ++// ++// [RFC 7230, Section 5.4] defines that an empty header must be used for such ++// cases: ++// ++// If the authority component is missing or undefined for the target URI, ++// then a client MUST send a Host header field with an empty field-value. ++// ++// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not ++// allow an empty header to be used, and requires req.URL.Scheme to be either ++// "http" or "https". ++// ++// For further details, refer to: ++// ++// - https://github.com/docker/engine-api/issues/189 ++// - https://github.com/golang/go/issues/13624 ++// - https://github.com/golang/go/issues/61076 ++// - https://github.com/moby/moby/issues/45935 ++// ++// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2 ++// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3 ++// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 ++// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569 ++const DummyHost = "api.moby.localhost" ++ + // ErrRedirect is the error returned by checkRedirect when the request is non-GET. + var ErrRedirect = errors.New("unexpected redirect in response") + +diff --git a/client/hijack.go b/client/hijack.go +index e1dc49ef..b8fac0be 100644 +--- a/client/hijack.go ++++ b/client/hijack.go +@@ -62,7 +62,11 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) { + } + + func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, error) { +- req.Host = cli.addr ++ req.URL.Host = cli.addr ++ if cli.proto == "unix" || cli.proto == "npipe" { ++ // Override host header for non-tcp connections. ++ req.Host = DummyHost ++ } + req.Header.Set("Connection", "Upgrade") + req.Header.Set("Upgrade", proto) + +diff --git a/client/request.go b/client/request.go +index d3d9a3fe..66530d4b 100644 +--- a/client/request.go ++++ b/client/request.go +@@ -88,15 +88,13 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea + return nil, err + } + req = cli.addHeaders(req, headers) +- +- if cli.proto == "unix" || cli.proto == "npipe" { +- // For local communications, it doesn't matter what the host is. We just +- // need a valid and meaningful host name. (See #189) +- req.Host = "docker" +- } +- +- req.URL.Host = cli.addr + req.URL.Scheme = cli.scheme ++ req.URL.Host = cli.addr ++ ++ if cli.proto == "unix" || cli.proto == "npipe" { ++ // Override host header for non-tcp connections. ++ req.Host = DummyHost ++ } + + if expectedPayload && req.Header.Get("Content-Type") == "" { + req.Header.Set("Content-Type", "text/plain") +diff --git a/client/request_test.go b/client/request_test.go +index a3be507b..c1a10923 100644 +--- a/client/request_test.go ++++ b/client/request_test.go +@@ -27,12 +27,12 @@ func TestSetHostHeader(t *testing.T) { + }{ + { + "unix:///var/run/docker.sock", +- "docker", ++ DummyHost, + "/var/run/docker.sock", + }, + { + "npipe:////./pipe/docker_engine", +- "docker", ++ DummyHost, + "//./pipe/docker_engine", + }, + { +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0002-pkg-plugins-use-a-dummy-hostname-for-local-connectio.patch b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0002-pkg-plugins-use-a-dummy-hostname-for-local-connectio.patch new file mode 100644 index 0000000000..da7e0dbc11 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-containers/docker/files/0002-pkg-plugins-use-a-dummy-hostname-for-local-connectio.patch @@ -0,0 +1,72 @@ +From 1603196c5bc3e3b826c841e599bc45fc33562633 Mon Sep 17 00:00:00 2001 +Message-Id: <1603196c5bc3e3b826c841e599bc45fc33562633.1689689028.git.dpark@linux.microsoft.com> +In-Reply-To: <74b4974cb7e7e81e57661f93b03c94a95a15472e.1689689028.git.dpark@linux.microsoft.com> +References: <74b4974cb7e7e81e57661f93b03c94a95a15472e.1689689028.git.dpark@linux.microsoft.com> +From: Sebastiaan van Stijn +Date: Wed, 12 Jul 2023 15:07:59 +0200 +Subject: [PATCH 2/2] pkg/plugins: use a dummy hostname for local connections + +For local communications (npipe://, unix://), the hostname is not used, +but we need valid and meaningful hostname. + +The current code used the socket path as hostname, which gets rejected by +go1.20.6 and go1.19.11 because of a security fix for [CVE-2023-29406 ][1], +which was implemented in https://go.dev/issue/60374. + +Prior versions go Go would clean the host header, and strip slashes in the +process, but go1.20.6 and go1.19.11 no longer do, and reject the host +header. + +Before this patch, tests would fail on go1.20.6: + + === FAIL: pkg/authorization TestAuthZRequestPlugin (15.01s) + time="2023-07-12T12:53:45Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 1s" + time="2023-07-12T12:53:46Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 2s" + time="2023-07-12T12:53:48Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 4s" + time="2023-07-12T12:53:52Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 8s" + authz_unix_test.go:82: Failed to authorize request Post "http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq": http: invalid Host header + +[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx + +Signed-off-by: Sebastiaan van Stijn +(cherry picked from commit 6b7705d5b29e226a24902a8dcc488836faaee33c) +Signed-off-by: Sebastiaan van Stijn +--- + pkg/plugins/client.go | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go +index 752fecd0..e683eb77 100644 +--- a/pkg/plugins/client.go ++++ b/pkg/plugins/client.go +@@ -18,6 +18,12 @@ import ( + + const ( + defaultTimeOut = 30 ++ ++ // dummyHost is a hostname used for local communication. ++ // ++ // For local communications (npipe://, unix://), the hostname is not used, ++ // but we need valid and meaningful hostname. ++ dummyHost = "plugin.moby.localhost" + ) + + func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transport, error) { +@@ -44,8 +50,12 @@ func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transpor + return nil, err + } + scheme := httpScheme(u) +- +- return transport.NewHTTPTransport(tr, scheme, socket), nil ++ hostName := u.Host ++ if hostName == "" || u.Scheme == "unix" || u.Scheme == "npipe" { ++ // Override host header for non-tcp connections. ++ hostName = dummyHost ++ } ++ return transport.NewHTTPTransport(tr, scheme, hostName), nil + } + + // NewClient creates a new plugin client (http). +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest index 84544fbebf..41ce0f4b4b 100644 --- a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest @@ -1,2 +1,2 @@ -DIST go1.19.10.src.tar.gz 26563069 BLAKE2B 2aec01a67ba3e61f83b635bdf830bf6407342bd877b84367f268560cbb691291825622c4035db99f86ca7ae2153fd11f3f800ab7a90089da7624a531e189f374 SHA512 e8e7d1118d0c409d692ebb406f0e6807781dfd8f7dbe8b03be145e3fc287cde967fde387a216eb9996366508f4e61954cd131cd33f85b652bfd223e37bf41a67 -DIST go1.20.5.src.tar.gz 26192951 BLAKE2B 13ab06a45a7b13eb5cf8886594343bc169df3c4ff0062ac89c0997283686563edccb7d39423457947f945782bef418ab1a1f3b8712aa8817a8f4c61b54e8574c SHA512 94cecb366cd9d9722b53e52ea3b0a5715a9e9dc21da0273dd3db9354557f71b9501b018125ef073dacc2e59125335f436cea1151cd8df0d60e2ad513f841905c +DIST go1.19.11.src.tar.gz 26568253 BLAKE2B 06d06edd602ee88114353a8d867e9ba0cb88333115d308290b4bc2ec52f7655a50ff506068862c5c5ac8311e4e971635d409b4d6bbff2082f0667b2515e2576f SHA512 da95a1f007a1aff3bd6eeb4b7560654e1ed990e9f6d14663c5309e72714718287a2eb2937f9ec9a041adf384454a2a3bbf8f1671f11c4bd55c76d95e03e7538b +DIST go1.20.6.src.tar.gz 26194491 BLAKE2B 1a31f77ec5208d738ab190557a7b8767d8f8a6d56ae6beda81b55995d4281f11117216124e53c566a032db9cc26e0eea146e2ea8ed02240092e2c78e9b5f32c8 SHA512 509ade7c2a76bd46b26dda4522692ceef5023aae21461b866006341f98544e7ea755aee230a9fea789ed7afb1c49a693c34c8337892e308dfb051aef2b08c975 diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.19.10.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.19.11.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.19.10.ebuild rename to sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.19.11.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.20.5.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.20.6.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.20.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.20.6.ebuild