packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
65 Commits 1 Branch 0 Tags
Commit Graph

65 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
openeuler-ci-bot
dc342486df
!184 fix bogus date in %changelog 
From: @htpeng 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-04-20 11:50:27 +00:00
htpeng
df0be10478 fix bogus date in %changelog 
Signed-off-by: htpeng <htpengc@isoftstone.com>
 2023-04-13 11:42:53 +08:00
openeuler-ci-bot
6d86478b7a
!178 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
From: @hcnbxx 
Reviewed-by: @duguhaotian, @jing-rui, @zhangsong234 
Signed-off-by: @duguhaotian, @jing-rui
 2023-03-27 08:59:36 +00:00
hanchao
89917347f5 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
Reference:https://go-review.googlesource.com/c/net/+/468135
          https://go-review.googlesource.com/c/go/+/468117
          https://go-review.googlesource.com/c/go/+/468116
Type:CVE
Score:7.5
Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
 2023-03-23 11:45:48 +08:00
openeuler-ci-bot
87c488bd2f
!170 golang: fix CVE-2022-23806,CVE-2022-23773,CVE-2022-24921,CVE-2021-44716,CVE-2022-23772,CVE-2022-41717 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-02-06 06:21:10 +00:00
hanchao
c8ce26fac8 golang: fix CVE-2022-23806,CVE-2022-23773,CVE-2022-24921,CVE-2021-44716,CVE-2022-23772,CVE-2022-41717 
reference:https://go-review.googlesource.com/q/status:open+-is:wip
 2023-01-28 17:39:56 +08:00
openeuler-ci-bot
4969bd5aa5
!162 add type definition of String Cut 
From: @wanglmb 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-12-28 01:53:01 +00:00
wanglimin
e5fb6b40ce support Cut in bytes,strings 2022-12-21 14:35:21 +08:00
openeuler-ci-bot
f559f45360
!152 [sync] PR-151: golang: remove hard code and strong dependency of git, subversion and mercurial 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-11-22 01:45:58 +00:00
hanchao
d5248856c7 golang: remove hard code and strong dependency of git, subversion and mercurial 
(cherry picked from commit 9bab37fbc72e58672fa20c6ec97f1ab04da4ab14)
 2022-11-21 19:16:21 +08:00
openeuler-ci-bot
04b7b81184
!150 [sync] PR-146: golang: fix CVE-2022-41716 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-11-21 06:59:21 +00:00
hanchao
cfa27fd672 golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
(cherry picked from commit 76ac33e67eb0a5b5dcde7bce38edda989149c158)
 2022-11-21 11:41:35 +08:00
openeuler-ci-bot
1c39e44327
!142 [sync] PR-139: golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-10-13 01:34:05 +00:00
hanchao
b9542b2c31 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
(cherry picked from commit 4fd46fe7b9f44f4057337ee7493a4a39cb7a18f1)
 2022-10-12 17:40:44 +08:00
openeuler-ci-bot
8ebbd194ca
!137 [sync] PR-132: golang: fix CVE-2022-27664 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 08:02:57 +00:00
hanchao
cf825335b1 golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 793f4d493d6bc84a363b98a79e3ece97ae229006)
 2022-09-15 14:53:12 +08:00
openeuler-ci-bot
37e974ad4b
!130 [sync] PR-125: golang.spec: modify the golang.spec to remove unnecessary files from golang-help package 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 01:59:26 +00:00
hanchao
8a81b3e5e1 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit eac443ba4af3b120d548c7c68e746c2a80f3537f)
 2022-09-13 17:21:21 +08:00
openeuler-ci-bot
b75c527011
!128 [sync] PR-122: Synchronize the master branch and openEuler-22.03 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-13 07:27:26 +00:00
hanchao
67a3196cbd golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
(cherry picked from commit 282de33531134134e5d590913baa6c92a2ddfd7c)
 2022-09-13 15:04:07 +08:00
hanchao
49fd00bdd2 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
(cherry picked from commit 6dd57444d5c99f2d24ba90f5b581eb41d3c7407a)
 2022-09-13 15:04:07 +08:00
hanchao
e90b790887 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
(cherry picked from commit 40c91388a14ffca6efc7fc085165dece753b6da8)
 2022-09-13 15:04:07 +08:00
hubin
221035a0c9 backport patch to fix bug of golang plugin mode 
Signed-off-by: hubin <hubin73@huawei.com>
(cherry picked from commit e40a694498d46d2be02ce1add6a14d5d1fdf6987)
 2022-09-13 15:04:07 +08:00
hc
28ab46a770 update golang.spec. 
(cherry picked from commit 9ab15eb485c326d714d62ddf7518644149460885)
 2022-09-13 15:04:07 +08:00
hanchao
c087d808a3 fix CVE-2021-44717 
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
(cherry picked from commit 6f993c149e73653dae13ace07e524c29878dcea3)
 2022-09-13 15:04:07 +08:00
hanchao
2ef5441ce3 fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
(cherry picked from commit 11457185219bd14f1bf975780e3ee066342ab9cb)
 2022-09-13 15:04:07 +08:00
openeuler-ci-bot
0a067a38d7 !58 upgrade to 1.17.3 
From: @jackchan8
Reviewed-by: @jing-rui,@duguhaotian
Signed-off-by: @duguhaotian,@jing-rui
 2021-11-30 12:31:04 +00:00
JackChan8
1c3997f3dc upgrade to 1.17.3 
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
 2021-11-21 03:33:14 +08:00
openeuler-ci-bot
8d3cd0f27c !32 golang: speed up build progress 
From: @DCCooper
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 09:36:45 +08:00
DCCooper
0953db6ef4 golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
 2021-04-15 15:40:15 +08:00
openeuler-ci-bot
c049552c00 !22 Upgrade golang to 1.15.7 
From: @meilier
Reviewed-by: @jingxiaolu,@jing-rui
Signed-off-by: @jing-rui
 2021-01-29 08:58:58 +08:00
meilier
10a96e3391 golang: upgrade to 1.15.7 2021-01-28 20:44:14 +08:00
openeuler-ci-bot
352325f497 !17 Enable cgo for risc-v golang 
From: @riscv-spare
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-12-11 15:02:22 +08:00
rv_spare
7194175613 !1 all: add cgo support to the riscv port 
Merge pull request !1 from 杨演超/master
 2020-12-10 15:55:22 +08:00
yangyanchao
d4285b29c9 all:add cgo support to the riscv port 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-07 15:06:43 +08:00
openeuler-ci-bot
8fc567dddc !16 Adapt for riscv64 and fix error in changelog 
From: @whoisxxx
Reviewed-by: @liqingqing_1229,@jing-rui
Signed-off-by: @jing-rui
 2020-11-30 14:53:56 +08:00
whoisxxx
09c818ff0c Fix error in changelog date 2020-11-28 13:22:42 +08:00
whoisxxx
42186258f0 Adapt for riscv-64 2020-11-28 13:20:11 +08:00
openeuler-ci-bot
72293a06dd !15 golang: upgrade to 1.15.5 
From: @zvier
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2020-11-18 10:58:21 +08:00
zvier
17b4faefc5 golang: upgrade to 1.15.5 
Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-11-18 10:16:36 +08:00
openeuler-ci-bot
2966fbf3da !12 golang: upgrade to 1.13.15 
Merge pull request !12 from Vanient/master
 2020-08-18 20:24:00 +08:00
xiadanni
6ad438669a golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 19:23:22 +08:00
openeuler-ci-bot
b96ea79f9c !11 golang: add yaml 
Merge pull request !11 from Vanient/master
 2020-07-31 15:11:19 +08:00
xiadanni
5820a98415 golang: add yaml 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 11:24:52 +08:00
openeuler-ci-bot
08a7c059f6 !10 golang: upgrade to 1.13.14 
Merge pull request !10 from Vanient/master
 2020-07-31 10:23:45 +08:00
xiadanni
52c05d8eb6 golang: upgrade to 1.13.14 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 09:27:27 +08:00
openeuler-ci-bot
282d90f4a9 !9 golang: bump version to 1.13.4 
Merge pull request !9 from Vanient/master
 2020-07-23 20:01:41 +08:00
xiadanni
e6fdab00b8 golang: bump to 1.13.4 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-23 19:40:56 +08:00
openeuler-ci-bot
3741a0e1b9 !7 golang: sync code with CVE and cleancode 
Merge pull request !7 from DCCooper/master
 2020-05-14 09:41:57 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00