From 7133d8067069f551c1bf2356a881cc1114f07e97 Mon Sep 17 00:00:00 2001
From: Jay Conrod <jayconrod@google.com>
Date: Thu, 12 Nov 2020 18:02:52 -0500
Subject: [PATCH] GoStdLib: add CGO_LDFLAGS to CGO_LDFLAGS_ALLOW (#2714)

For golang/go#42565
For #2710
---
 go/tools/builders/stdlib.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/go/tools/builders/stdlib.go b/go/tools/builders/stdlib.go
index fd21cc3b89..6daa6883de 100644
--- a/go/tools/builders/stdlib.go
+++ b/go/tools/builders/stdlib.go
@@ -20,6 +20,7 @@ import (
 	"go/build"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 )
 
@@ -91,6 +92,18 @@ You may need to use the flags --cpu=x64_windows --compiler=mingw-gcc.`)
 	os.Setenv("CGO_CFLAGS", os.Getenv("CGO_CFLAGS")+" "+strings.Join(defaultCFlags(output), " "))
 	os.Setenv("CGO_LDFLAGS", os.Getenv("CGO_LDFLAGS")+" "+strings.Join(defaultLdFlags(), " "))
 
+	// Allow flags in CGO_LDFLAGS that wouldn't pass the security check.
+	// Workaround for golang.org/issue/42565.
+	var b strings.Builder
+	sep := ""
+	cgoLdflags, _ := splitQuoted(os.Getenv("CGO_LDFLAGS"))
+	for _, f := range cgoLdflags {
+		b.WriteString(sep)
+		sep = "|"
+		b.WriteString(regexp.QuoteMeta(f))
+	}
+	os.Setenv("CGO_LDFLAGS_ALLOW", b.String())
+
 	// Build the commands needed to build the std library in the right mode
 	// NOTE: the go command stamps compiled .a files with build ids, which are
 	// cryptographic sums derived from the inputs. This prevents us from