packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
77 Commits 1 Branch 0 Tags
Commit Graph

77 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
luoyujie
a55f2e83eb [Backport]fix CVE-2023-39323 2023-12-05 11:44:23 +08:00
luoyujie
2332a50120 fix CVE-2023-39318 and CVE-2023-39319 2023-12-05 11:44:14 +08:00
LuoYujie
6075b8d074 cvefix:fix CVE-2023-29409 2023-12-05 11:41:36 +08:00
openeuler-ci-bot
9faeb6202c
!252 permit requests with invalid Host headers 
From: @ChendongSun 
Reviewed-by: @jing-rui, @hcnbxx, @lleaf 
Signed-off-by: @lleaf, @jing-rui
 2023-08-25 08:49:22 +00:00
sunchendong
aac5d69daa permit requests with invalid Host headers 2023-08-25 15:08:46 +08:00
openeuler-ci-bot
fdca9901c9
!232 cvefix: fix CVE-2023-29406 
From: @hcnbxx 
Reviewed-by: @jing-rui, @zhangsong234 
Signed-off-by: @jing-rui
 2023-08-07 06:04:45 +00:00
hanchao
3bb0edf5eb cvefix: fix CVE-2023-29406 
reference:https://go-review.googlesource.com/c/go/+/507358
score:6.5
 2023-07-24 19:00:24 +08:00
openeuler-ci-bot
47445cc2b3
!210 cvefix: fix CVE-2023-29402,CVE-2023-29403,CVE-2023-29404,CVE-2023-29405 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2023-06-26 07:02:41 +00:00
hanchao
fd63bbeeb8 cvefix: fix CVE-2023-29402,CVE-2023-29403,CVE-2023-29404,CVE-2023-29405 2023-06-26 00:52:31 +08:00
openeuler-ci-bot
28945ec2a4
!205 bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-06-20 01:32:49 +00:00
hanchao
4ba5829313 bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 
CVE:CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
Reference:https://go-review.googlesource.com/c/go/+/491615,https://go-review.googlesource.com/c/go/+/491616,https://go-review.googlesource.com/c/go/+/491617
Type:CVE
Reason:fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
 2023-06-19 23:45:32 +08:00
hanchao
eeac9110d3 golang-1.17:fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 
CVE:CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
Reference:https://go-review.googlesource.com/c/go/+/481982,
  https://go-review.googlesource.com/c/go/+/481986,
  https://go-review.googlesource.com/c/go/+/481987,
  https://go-review.googlesource.com/c/go/+/481983,
  https://go-review.googlesource.com/c/go/+/481984,
  https://go-review.googlesource.com/c/go/+/481985
Type:CVE
reason: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
 2023-06-19 23:40:23 +08:00
openeuler-ci-bot
dc342486df
!184 fix bogus date in %changelog 
From: @htpeng 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-04-20 11:50:27 +00:00
htpeng
df0be10478 fix bogus date in %changelog 
Signed-off-by: htpeng <htpengc@isoftstone.com>
 2023-04-13 11:42:53 +08:00
openeuler-ci-bot
6d86478b7a
!178 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
From: @hcnbxx 
Reviewed-by: @duguhaotian, @jing-rui, @zhangsong234 
Signed-off-by: @duguhaotian, @jing-rui
 2023-03-27 08:59:36 +00:00
hanchao
89917347f5 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
Reference:https://go-review.googlesource.com/c/net/+/468135
          https://go-review.googlesource.com/c/go/+/468117
          https://go-review.googlesource.com/c/go/+/468116
Type:CVE
Score:7.5
Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
 2023-03-23 11:45:48 +08:00
openeuler-ci-bot
87c488bd2f
!170 golang: fix CVE-2022-23806,CVE-2022-23773,CVE-2022-24921,CVE-2021-44716,CVE-2022-23772,CVE-2022-41717 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-02-06 06:21:10 +00:00
hanchao
c8ce26fac8 golang: fix CVE-2022-23806,CVE-2022-23773,CVE-2022-24921,CVE-2021-44716,CVE-2022-23772,CVE-2022-41717 
reference:https://go-review.googlesource.com/q/status:open+-is:wip
 2023-01-28 17:39:56 +08:00
openeuler-ci-bot
4969bd5aa5
!162 add type definition of String Cut 
From: @wanglmb 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-12-28 01:53:01 +00:00
wanglimin
e5fb6b40ce support Cut in bytes,strings 2022-12-21 14:35:21 +08:00
openeuler-ci-bot
f559f45360
!152 [sync] PR-151: golang: remove hard code and strong dependency of git, subversion and mercurial 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-11-22 01:45:58 +00:00
hanchao
d5248856c7 golang: remove hard code and strong dependency of git, subversion and mercurial 
(cherry picked from commit 9bab37fbc72e58672fa20c6ec97f1ab04da4ab14)
 2022-11-21 19:16:21 +08:00
openeuler-ci-bot
04b7b81184
!150 [sync] PR-146: golang: fix CVE-2022-41716 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-11-21 06:59:21 +00:00
hanchao
cfa27fd672 golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
(cherry picked from commit 76ac33e67eb0a5b5dcde7bce38edda989149c158)
 2022-11-21 11:41:35 +08:00
openeuler-ci-bot
1c39e44327
!142 [sync] PR-139: golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-10-13 01:34:05 +00:00
hanchao
b9542b2c31 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
(cherry picked from commit 4fd46fe7b9f44f4057337ee7493a4a39cb7a18f1)
 2022-10-12 17:40:44 +08:00
openeuler-ci-bot
8ebbd194ca
!137 [sync] PR-132: golang: fix CVE-2022-27664 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 08:02:57 +00:00
hanchao
cf825335b1 golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 793f4d493d6bc84a363b98a79e3ece97ae229006)
 2022-09-15 14:53:12 +08:00
openeuler-ci-bot
37e974ad4b
!130 [sync] PR-125: golang.spec: modify the golang.spec to remove unnecessary files from golang-help package 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 01:59:26 +00:00
hanchao
8a81b3e5e1 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit eac443ba4af3b120d548c7c68e746c2a80f3537f)
 2022-09-13 17:21:21 +08:00
openeuler-ci-bot
b75c527011
!128 [sync] PR-122: Synchronize the master branch and openEuler-22.03 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-13 07:27:26 +00:00
hanchao
67a3196cbd golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
(cherry picked from commit 282de33531134134e5d590913baa6c92a2ddfd7c)
 2022-09-13 15:04:07 +08:00
hanchao
49fd00bdd2 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
(cherry picked from commit 6dd57444d5c99f2d24ba90f5b581eb41d3c7407a)
 2022-09-13 15:04:07 +08:00
hanchao
e90b790887 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
(cherry picked from commit 40c91388a14ffca6efc7fc085165dece753b6da8)
 2022-09-13 15:04:07 +08:00
hubin
221035a0c9 backport patch to fix bug of golang plugin mode 
Signed-off-by: hubin <hubin73@huawei.com>
(cherry picked from commit e40a694498d46d2be02ce1add6a14d5d1fdf6987)
 2022-09-13 15:04:07 +08:00
hc
28ab46a770 update golang.spec. 
(cherry picked from commit 9ab15eb485c326d714d62ddf7518644149460885)
 2022-09-13 15:04:07 +08:00
hanchao
c087d808a3 fix CVE-2021-44717 
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
(cherry picked from commit 6f993c149e73653dae13ace07e524c29878dcea3)
 2022-09-13 15:04:07 +08:00
hanchao
2ef5441ce3 fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
(cherry picked from commit 11457185219bd14f1bf975780e3ee066342ab9cb)
 2022-09-13 15:04:07 +08:00
openeuler-ci-bot
0a067a38d7 !58 upgrade to 1.17.3 
From: @jackchan8
Reviewed-by: @jing-rui,@duguhaotian
Signed-off-by: @duguhaotian,@jing-rui
 2021-11-30 12:31:04 +00:00
JackChan8
1c3997f3dc upgrade to 1.17.3 
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
 2021-11-21 03:33:14 +08:00
openeuler-ci-bot
8d3cd0f27c !32 golang: speed up build progress 
From: @DCCooper
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 09:36:45 +08:00
DCCooper
0953db6ef4 golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
 2021-04-15 15:40:15 +08:00
openeuler-ci-bot
c049552c00 !22 Upgrade golang to 1.15.7 
From: @meilier
Reviewed-by: @jingxiaolu,@jing-rui
Signed-off-by: @jing-rui
 2021-01-29 08:58:58 +08:00
meilier
10a96e3391 golang: upgrade to 1.15.7 2021-01-28 20:44:14 +08:00
openeuler-ci-bot
352325f497 !17 Enable cgo for risc-v golang 
From: @riscv-spare
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-12-11 15:02:22 +08:00
rv_spare
7194175613 !1 all: add cgo support to the riscv port 
Merge pull request !1 from 杨演超/master
 2020-12-10 15:55:22 +08:00
yangyanchao
d4285b29c9 all:add cgo support to the riscv port 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-07 15:06:43 +08:00
openeuler-ci-bot
8fc567dddc !16 Adapt for riscv64 and fix error in changelog 
From: @whoisxxx
Reviewed-by: @liqingqing_1229,@jing-rui
Signed-off-by: @jing-rui
 2020-11-30 14:53:56 +08:00
whoisxxx
09c818ff0c Fix error in changelog date 2020-11-28 13:22:42 +08:00
whoisxxx
42186258f0 Adapt for riscv-64 2020-11-28 13:20:11 +08:00