packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
51 Commits 1 Branch 0 Tags
Commit Graph

30 Commits

Author SHA1 Message Date
hanchao
cf825335b1 golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 793f4d493d6bc84a363b98a79e3ece97ae229006)
 2022-09-15 14:53:12 +08:00
hanchao
8a81b3e5e1 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit eac443ba4af3b120d548c7c68e746c2a80f3537f)
 2022-09-13 17:21:21 +08:00
hanchao
67a3196cbd golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
(cherry picked from commit 282de33531134134e5d590913baa6c92a2ddfd7c)
 2022-09-13 15:04:07 +08:00
hanchao
49fd00bdd2 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
(cherry picked from commit 6dd57444d5c99f2d24ba90f5b581eb41d3c7407a)
 2022-09-13 15:04:07 +08:00
hanchao
e90b790887 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
(cherry picked from commit 40c91388a14ffca6efc7fc085165dece753b6da8)
 2022-09-13 15:04:07 +08:00
hubin
221035a0c9 backport patch to fix bug of golang plugin mode 
Signed-off-by: hubin <hubin73@huawei.com>
(cherry picked from commit e40a694498d46d2be02ce1add6a14d5d1fdf6987)
 2022-09-13 15:04:07 +08:00
hc
28ab46a770 update golang.spec. 
(cherry picked from commit 9ab15eb485c326d714d62ddf7518644149460885)
 2022-09-13 15:04:07 +08:00
hanchao
c087d808a3 fix CVE-2021-44717 
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
(cherry picked from commit 6f993c149e73653dae13ace07e524c29878dcea3)
 2022-09-13 15:04:07 +08:00
hanchao
2ef5441ce3 fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
(cherry picked from commit 11457185219bd14f1bf975780e3ee066342ab9cb)
 2022-09-13 15:04:07 +08:00
JackChan8
1c3997f3dc upgrade to 1.17.3 
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
 2021-11-21 03:33:14 +08:00
DCCooper
0953db6ef4 golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
 2021-04-15 15:40:15 +08:00
meilier
10a96e3391 golang: upgrade to 1.15.7 2021-01-28 20:44:14 +08:00
yangyanchao
d4285b29c9 all:add cgo support to the riscv port 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-07 15:06:43 +08:00
whoisxxx
09c818ff0c Fix error in changelog date 2020-11-28 13:22:42 +08:00
whoisxxx
42186258f0 Adapt for riscv-64 2020-11-28 13:20:11 +08:00
zvier
17b4faefc5 golang: upgrade to 1.15.5 
Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-11-18 10:16:36 +08:00
xiadanni
6ad438669a golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 19:23:22 +08:00
xiadanni
5820a98415 golang: add yaml 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 11:24:52 +08:00
xiadanni
52c05d8eb6 golang: upgrade to 1.13.14 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 09:27:27 +08:00
xiadanni
e6fdab00b8 golang: bump to 1.13.4 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-23 19:40:56 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00
jingrui
d9ea2f312b golang: fix cve CVE-2020-7919 
Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84
Signed-off-by: jingrui <jingrui@huawei.com>
 2020-04-16 16:22:51 +08:00
Grooooot
03aa981a87 golang: remove unused requires "mercurial" 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-02-20 18:22:53 +08:00
Grooooot
1ce9a9033f golang: fix patch 0012 format 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-10 10:06:14 +08:00
Grooooot
8b0d150421 runtime: use innermost frame's func name for async preemption check 
We don't asynchronously preempt if we are in the runtime. We do
this by checking the function name. However, it failed to take
inlining into account. If a runtime function gets inlined into
a non-runtime function, it can be preempted, and bad things can
happen. One instance of this is dounlockOSThread inlined into
UnlockOSThread which is in turn inlined into a non-runtime
function.

Fix this by using the innermost frame's function name.

Change-Id: Ifa036ce1320700aaaefd829b4bee0d04d05c395d
Reviewed-on: https://go-review.googlesource.com/c/go/+/211978
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-08 15:04:53 +08:00
Grooooot
592bf09553 golang: modification of spec 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-06 10:24:02 +08:00
openeuler-iSula
747b3d9598 golang: modify source0 download address 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:43:54 +08:00
dogsheng
ce820709f2 Package init 2019-12-25 15:47:08 +08:00
dogsheng
f6abdd32e1 Package init 2019-12-13 15:19:17 +08:00
overweight
c29de2f632 Package init 2019-09-30 10:41:22 -04:00