From 0b59bc131779dc7d37dc1c5d5f14469a3d1be4d9 Mon Sep 17 00:00:00 2001
From: Chun-Hung Tseng <henrybear327@gmail.com>
Date: Thu, 4 Apr 2024 10:34:39 +0200
Subject: [PATCH 1/2] Bump go toolchain version to address CVE-2023-45288

Changes:
- Bump toolchain version to 1.21.9 due to CVE-2023-45288
- run `go mod tidy`

Reference:
- PR etcd #17703

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
---
 .github/workflows/failpoint_test.yaml | 1 -
 .github/workflows/tests.yaml          | 1 -
 .go-version                           | 2 +-
 go.mod                                | 4 ++--
 4 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/failpoint_test.yaml b/.github/workflows/failpoint_test.yaml
index 944ab6b00..80829ac88 100644
--- a/.github/workflows/failpoint_test.yaml
+++ b/.github/workflows/failpoint_test.yaml
@@ -17,4 +17,3 @@ jobs:
       - run: |
           make gofail-enable
           make test-failpoint
-
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index a756439f1..35a8ae1a9 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -102,4 +102,3 @@ jobs:
       with:
         go-version: ${{ steps.goversion.outputs.goversion }}
     - run: make coverage
-
diff --git a/.go-version b/.go-version
index 47287f173..f124bfa15 100644
--- a/.go-version
+++ b/.go-version
@@ -1 +1 @@
-1.17.13
+1.21.9
diff --git a/go.mod b/go.mod
index a5cc44074..b3365aa2e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,16 +1,16 @@
 module go.etcd.io/bbolt
 
-go 1.17
+go 1.21
 
 require (
 	github.com/stretchr/testify v1.8.1
 	go.etcd.io/gofail v0.1.0
+	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.4.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

From 9b60c134ede4c009cbbcab4a6541b61a44b7da66 Mon Sep 17 00:00:00 2001
From: Chun-Hung Tseng <henrybear327@gmail.com>
Date: Thu, 4 Apr 2024 20:13:51 +0200
Subject: [PATCH 2/2] Address linter issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Changes (align with the main branch):
- remove rand.Seed(s)
- use rand.Read from "crypto/rand"
- add //nolint:all for (*reflect.SliceHeader)(slice) -> will fix in a
follow-up PR

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
Co-authored-by: Iván Valdés Castillo <iv@nvald.es>
---
 cmd/bbolt/main_test.go | 7 -------
 freelist_test.go       | 1 -
 manydbs_test.go        | 6 ++++--
 simulation_test.go     | 2 --
 unsafe.go              | 2 +-
 5 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/cmd/bbolt/main_test.go b/cmd/bbolt/main_test.go
index d43c03619..dac574104 100644
--- a/cmd/bbolt/main_test.go
+++ b/cmd/bbolt/main_test.go
@@ -3,7 +3,6 @@ package main_test
 import (
 	"bytes"
 	crypto "crypto/rand"
-	"encoding/binary"
 	"fmt"
 	"io"
 	"math/rand"
@@ -304,12 +303,6 @@ func NewMain() *Main {
 }
 
 func TestCompactCommand_Run(t *testing.T) {
-	var s int64
-	if err := binary.Read(crypto.Reader, binary.BigEndian, &s); err != nil {
-		t.Fatal(err)
-	}
-	rand.Seed(s)
-
 	dstdb := btesting.MustCreateDB(t)
 	dstdb.Close()
 
diff --git a/freelist_test.go b/freelist_test.go
index 97656f4a2..6b7861add 100644
--- a/freelist_test.go
+++ b/freelist_test.go
@@ -320,7 +320,6 @@ func benchmark_FreelistRelease(b *testing.B, size int) {
 }
 
 func randomPgids(n int) []pgid {
-	rand.Seed(42)
 	pgids := make(pgids, n)
 	for i := range pgids {
 		pgids[i] = pgid(rand.Int63())
diff --git a/manydbs_test.go b/manydbs_test.go
index 48bc21171..d0e80040f 100644
--- a/manydbs_test.go
+++ b/manydbs_test.go
@@ -1,8 +1,8 @@
 package bbolt
 
 import (
+	"crypto/rand"
 	"fmt"
-	"math/rand"
 	"os"
 	"path/filepath"
 	"testing"
@@ -46,7 +46,9 @@ func createAndPutKeys(t *testing.T) {
 			}
 
 			var key [16]byte
-			rand.Read(key[:])
+			if _, err := rand.Read(key[:]); err != nil {
+				return err
+			}
 			if err := nodes.Put(key[:], nil); err != nil {
 				return err
 			}
diff --git a/simulation_test.go b/simulation_test.go
index 037b7183c..6f4d5b236 100644
--- a/simulation_test.go
+++ b/simulation_test.go
@@ -35,8 +35,6 @@ func testSimulate(t *testing.T, openOption *bolt.Options, round, threadCount, pa
 		t.Skip("skipping test in short mode.")
 	}
 
-	rand.Seed(int64(qseed))
-
 	// A list of operations that readers and writers can perform.
 	var readerHandlers = []simulateHandler{simulateGetHandler}
 	var writerHandlers = []simulateHandler{simulateGetHandler, simulatePutHandler}
diff --git a/unsafe.go b/unsafe.go
index c0e503750..c30ff7cd7 100644
--- a/unsafe.go
+++ b/unsafe.go
@@ -32,7 +32,7 @@ func unsafeByteSlice(base unsafe.Pointer, offset uintptr, i, j int) []byte {
 // manipulation of reflect.SliceHeader to prevent misuse, namely, converting
 // from reflect.SliceHeader to a Go slice type.
 func unsafeSlice(slice, data unsafe.Pointer, len int) {
-	s := (*reflect.SliceHeader)(slice)
+	s := (*reflect.SliceHeader)(slice) //nolint:staticcheck
 	s.Data = uintptr(data)
 	s.Cap = len
 	s.Len = len