From 289fb278498a62ae3d5d0eb05386194d442ed01f Mon Sep 17 00:00:00 2001
From: Blaine Gardner <blaine.gardner@redhat.com>
Date: Mon, 16 Aug 2021 11:43:44 -0600
Subject: [PATCH] build: use latest golang v1.16.7 (Go CVE-2021-34558)

Rook CephObjectStore S3 connections may be affected by CVE-2021-34558.
This is fixed in Go v1.16.6, so we update to the latest Go version
available to ensure this is fixed in future builds.

Signed-off-by: Blaine Gardner <blaine.gardner@redhat.com>
(cherry picked from commit 1592c9b9dadf1735794def6f7df15bfd20e6c331)
---
 images/cross/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/cross/Dockerfile b/images/cross/Dockerfile
index 1b914b9cbe7a..31c316bf49f1 100644
--- a/images/cross/Dockerfile
+++ b/images/cross/Dockerfile
@@ -37,8 +37,8 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # install golang from the official repo
-RUN GO_VERSION=1.16.3 && \
-    GO_HASH=951a3c7c6ce4e56ad883f97d9db74d3d6d80d5fec77455c6ada6c1f7ac4776d2 && \
+RUN GO_VERSION=1.16.7 && \
+    GO_HASH=7fe7a73f55ba3e2285da36f8b085e5c0159e9564ef5f63ee0ed6b818ade8ef04 && \
     curl -fsSL https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz -o golang.tar.gz && \
     echo "${GO_HASH}  golang.tar.gz" | sha256sum -c - && \
     tar -C /usr/local -xzf golang.tar.gz && \