packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
97 Commits 1 Branch 0 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
vegbir
7d9ba61b3a golang: fix CVE-2024-24789 
Signed-off-by: vegbir <yangjiaqi16@huawei.com>
(cherry picked from commit 05d8718c3a2decd5a343af98ac75a2f159463d84)
 2024-06-25 14:43:28 +08:00
Lu Jingxiao
0b0994323a backport: fix CVE-2024-24787 
Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit d39fee73beadf014ecb2ee2533a2c3f233212809)
 2024-05-27 21:21:34 +08:00
hanchao
8b7cfecf37 backport: fix CVE-2023-45288 2024-04-16 19:12:58 +08:00
wangshuo
f0378ccd8b backport the upstream patch, fix the overflow issue in runtime.netpollWaiters 
(cherry picked from commit 7aa48df497e1ce07e19286f4370d33275553b097)
 2024-04-07 10:13:23 +08:00
hanchao
9122544a8e backport: fix CVE-2024-24784 2024-03-28 01:05:52 +08:00
hanchao
2bfc2be1a3 bugfix: fix failure of net/http unit test and enable go test 2024-03-28 01:05:47 +08:00
hanchao
3230d05b4e backport: fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 2024-03-15 13:34:02 +08:00
wangshuo
0dd51de738 fix test error about mod_insecure_issue63845 2024-01-16 14:34:20 +08:00
hanchao
6e9c1b3214 cvefix:fix CVE-2023-39326,CVE-2023-45285 2023-12-15 20:22:12 +08:00
hanchao
56ae71c2a1 cvefix: fix CVE-2023-39325 2023-12-05 11:44:29 +08:00
luoyujie
a55f2e83eb [Backport]fix CVE-2023-39323 2023-12-05 11:44:23 +08:00
luoyujie
2332a50120 fix CVE-2023-39318 and CVE-2023-39319 2023-12-05 11:44:14 +08:00
LuoYujie
6075b8d074 cvefix:fix CVE-2023-29409 2023-12-05 11:41:36 +08:00
sunchendong
aac5d69daa permit requests with invalid Host headers 2023-08-25 15:08:46 +08:00
hanchao
3bb0edf5eb cvefix: fix CVE-2023-29406 
reference:https://go-review.googlesource.com/c/go/+/507358
score:6.5
 2023-07-24 19:00:24 +08:00
hanchao
fd63bbeeb8 cvefix: fix CVE-2023-29402,CVE-2023-29403,CVE-2023-29404,CVE-2023-29405 2023-06-26 00:52:31 +08:00
hanchao
4ba5829313 bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 
CVE:CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
Reference:https://go-review.googlesource.com/c/go/+/491615,https://go-review.googlesource.com/c/go/+/491616,https://go-review.googlesource.com/c/go/+/491617
Type:CVE
Reason:fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
 2023-06-19 23:45:32 +08:00
hanchao
eeac9110d3 golang-1.17:fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 
CVE:CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
Reference:https://go-review.googlesource.com/c/go/+/481982,
  https://go-review.googlesource.com/c/go/+/481986,
  https://go-review.googlesource.com/c/go/+/481987,
  https://go-review.googlesource.com/c/go/+/481983,
  https://go-review.googlesource.com/c/go/+/481984,
  https://go-review.googlesource.com/c/go/+/481985
Type:CVE
reason: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
 2023-06-19 23:40:23 +08:00
htpeng
df0be10478 fix bogus date in %changelog 
Signed-off-by: htpeng <htpengc@isoftstone.com>
 2023-04-13 11:42:53 +08:00
hanchao
89917347f5 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
Reference:https://go-review.googlesource.com/c/net/+/468135
          https://go-review.googlesource.com/c/go/+/468117
          https://go-review.googlesource.com/c/go/+/468116
Type:CVE
Score:7.5
Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
 2023-03-23 11:45:48 +08:00
hanchao
c8ce26fac8 golang: fix CVE-2022-23806,CVE-2022-23773,CVE-2022-24921,CVE-2021-44716,CVE-2022-23772,CVE-2022-41717 
reference:https://go-review.googlesource.com/q/status:open+-is:wip
 2023-01-28 17:39:56 +08:00
wanglimin
e5fb6b40ce support Cut in bytes,strings 2022-12-21 14:35:21 +08:00
hanchao
d5248856c7 golang: remove hard code and strong dependency of git, subversion and mercurial 
(cherry picked from commit 9bab37fbc72e58672fa20c6ec97f1ab04da4ab14)
 2022-11-21 19:16:21 +08:00
hanchao
cfa27fd672 golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
(cherry picked from commit 76ac33e67eb0a5b5dcde7bce38edda989149c158)
 2022-11-21 11:41:35 +08:00
hanchao
b9542b2c31 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
(cherry picked from commit 4fd46fe7b9f44f4057337ee7493a4a39cb7a18f1)
 2022-10-12 17:40:44 +08:00
hanchao
cf825335b1 golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 793f4d493d6bc84a363b98a79e3ece97ae229006)
 2022-09-15 14:53:12 +08:00
hanchao
8a81b3e5e1 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit eac443ba4af3b120d548c7c68e746c2a80f3537f)
 2022-09-13 17:21:21 +08:00
hanchao
67a3196cbd golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
(cherry picked from commit 282de33531134134e5d590913baa6c92a2ddfd7c)
 2022-09-13 15:04:07 +08:00
hanchao
49fd00bdd2 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
(cherry picked from commit 6dd57444d5c99f2d24ba90f5b581eb41d3c7407a)
 2022-09-13 15:04:07 +08:00
hanchao
e90b790887 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
(cherry picked from commit 40c91388a14ffca6efc7fc085165dece753b6da8)
 2022-09-13 15:04:07 +08:00
hubin
221035a0c9 backport patch to fix bug of golang plugin mode 
Signed-off-by: hubin <hubin73@huawei.com>
(cherry picked from commit e40a694498d46d2be02ce1add6a14d5d1fdf6987)
 2022-09-13 15:04:07 +08:00
hc
28ab46a770 update golang.spec. 
(cherry picked from commit 9ab15eb485c326d714d62ddf7518644149460885)
 2022-09-13 15:04:07 +08:00
hanchao
c087d808a3 fix CVE-2021-44717 
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
(cherry picked from commit 6f993c149e73653dae13ace07e524c29878dcea3)
 2022-09-13 15:04:07 +08:00
hanchao
2ef5441ce3 fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
(cherry picked from commit 11457185219bd14f1bf975780e3ee066342ab9cb)
 2022-09-13 15:04:07 +08:00
JackChan8
1c3997f3dc upgrade to 1.17.3 
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
 2021-11-21 03:33:14 +08:00
DCCooper
0953db6ef4 golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
 2021-04-15 15:40:15 +08:00
meilier
10a96e3391 golang: upgrade to 1.15.7 2021-01-28 20:44:14 +08:00
yangyanchao
d4285b29c9 all:add cgo support to the riscv port 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-07 15:06:43 +08:00
whoisxxx
09c818ff0c Fix error in changelog date 2020-11-28 13:22:42 +08:00
whoisxxx
42186258f0 Adapt for riscv-64 2020-11-28 13:20:11 +08:00
zvier
17b4faefc5 golang: upgrade to 1.15.5 
Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-11-18 10:16:36 +08:00
xiadanni
6ad438669a golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 19:23:22 +08:00
xiadanni
5820a98415 golang: add yaml 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 11:24:52 +08:00
xiadanni
52c05d8eb6 golang: upgrade to 1.13.14 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 09:27:27 +08:00
xiadanni
e6fdab00b8 golang: bump to 1.13.4 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-23 19:40:56 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00
jingrui
d9ea2f312b golang: fix cve CVE-2020-7919 
Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84
Signed-off-by: jingrui <jingrui@huawei.com>
 2020-04-16 16:22:51 +08:00
Grooooot
03aa981a87 golang: remove unused requires "mercurial" 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-02-20 18:22:53 +08:00
Grooooot
1ce9a9033f golang: fix patch 0012 format 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-10 10:06:14 +08:00
Grooooot
8b0d150421 runtime: use innermost frame's func name for async preemption check 
We don't asynchronously preempt if we are in the runtime. We do
this by checking the function name. However, it failed to take
inlining into account. If a runtime function gets inlined into
a non-runtime function, it can be preempted, and bad things can
happen. One instance of this is dounlockOSThread inlined into
UnlockOSThread which is in turn inlined into a non-runtime
function.

Fix this by using the innermost frame's function name.

Change-Id: Ifa036ce1320700aaaefd829b4bee0d04d05c395d
Reviewed-on: https://go-review.googlesource.com/c/go/+/211978
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-08 15:04:53 +08:00