!8 golang: sync code from master
Merge pull request !8 from DCCooper/openEuler-20.03-LTS
This commit is contained in:
openeuler-ci-bot
Gitee
commit
aaf02659c7
135
0013-drop-hard-code-cert.patch
Normal file
135
0013-drop-hard-code-cert.patch
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
From 2720067ebfb7568792bb0c8fe3fbf095c89b77a9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: jingrui <jingrui@huawei.com>
|
||||||
|
Date: Tue, 17 Mar 2020 17:43:33 +0800
|
||||||
|
Subject: [PATCH] drop hard-code cert
|
||||||
|
|
||||||
|
Signed-off-by: jingrui <jingrui@huawei.com>
|
||||||
|
---
|
||||||
|
src/crypto/x509/test-file.crt | 32 ---------------------------
|
||||||
|
src/crypto/x509/testdata/test-dir.crt | 31 --------------------------
|
||||||
|
src/net/http/internal/testcert.go | 31 ++------------------------
|
||||||
|
3 files changed, 2 insertions(+), 92 deletions(-)
|
||||||
|
delete mode 100644 src/crypto/x509/test-file.crt
|
||||||
|
delete mode 100644 src/crypto/x509/testdata/test-dir.crt
|
||||||
|
|
||||||
|
diff --git a/src/crypto/x509/test-file.crt b/src/crypto/x509/test-file.crt
|
||||||
|
deleted file mode 100644
|
||||||
|
index caa83b9..0000000
|
||||||
|
--- a/src/crypto/x509/test-file.crt
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,32 +0,0 @@
|
||||||
|
------BEGIN CERTIFICATE-----
|
||||||
|
-MIIFbTCCA1WgAwIBAgIJAN338vEmMtLsMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
|
||||||
|
-BAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYDVQQKDAxHb2xhbmcgVGVz
|
||||||
|
-dHMxEjAQBgNVBAMMCXRlc3QtZmlsZTAeFw0xNzAyMDEyMzUyMDhaFw0yNzAxMzAy
|
||||||
|
-MzUyMDhaME0xCzAJBgNVBAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYD
|
||||||
|
-VQQKDAxHb2xhbmcgVGVzdHMxEjAQBgNVBAMMCXRlc3QtZmlsZTCCAiIwDQYJKoZI
|
||||||
|
-hvcNAQEBBQADggIPADCCAgoCggIBAPMGiLjdiffQo3Xc8oUe7wsDhSaAJFOhO6Qs
|
||||||
|
-i0xYrYl7jmCuz9rGD2fdgk5cLqGazKuQ6fIFzHXFU2BKs4CWXt9KO0KFEhfvZeuW
|
||||||
|
-jG5d7C1ZUiuKOrPqjKVu8SZtFPc7y7Ke7msXzY+Z2LLyiJJ93LCMq4+cTSGNXVlI
|
||||||
|
-KqUxhxeoD5/QkUPyQy/ilu3GMYfx/YORhDP6Edcuskfj8wRh1UxBejP8YPMvI6St
|
||||||
|
-cE2GkxoEGqDWnQ/61F18te6WI3MD29tnKXOkXVhnSC+yvRLljotW2/tAhHKBG4tj
|
||||||
|
-iQWT5Ri4Wrw2tXxPKRLsVWc7e1/hdxhnuvYpXkWNhKsm002jzkFXlzfEwPd8nZdw
|
||||||
|
-5aT6gPUBN2AAzdoqZI7E200i0orEF7WaSoMfjU1tbHvExp3vyAPOfJ5PS2MQ6W03
|
||||||
|
-Zsy5dTVH+OBH++rkRzQCFcnIv/OIhya5XZ9KX9nFPgBEP7Xq2A+IjH7B6VN/S/bv
|
||||||
|
-8lhp2V+SQvlew9GttKC4hKuPsl5o7+CMbcqcNUdxm9gGkN8epGEKCuix97bpNlxN
|
||||||
|
-fHZxHE5+8GMzPXMkCD56y5TNKR6ut7JGHMPtGl5lPCLqzG/HzYyFgxsDfDUu2B0A
|
||||||
|
-GKj0lGpnLfGqwhs2/s3jpY7+pcvVQxEpvVTId5byDxu1ujP4HjO/VTQ2P72rE8Ft
|
||||||
|
-C6J2Av0tAgMBAAGjUDBOMB0GA1UdDgQWBBTLT/RbyfBB/Pa07oBnaM+QSJPO9TAf
|
||||||
|
-BgNVHSMEGDAWgBTLT/RbyfBB/Pa07oBnaM+QSJPO9TAMBgNVHRMEBTADAQH/MA0G
|
||||||
|
-CSqGSIb3DQEBCwUAA4ICAQB3sCntCcQwhMgRPPyvOCMyTcQ/Iv+cpfxz2Ck14nlx
|
||||||
|
-AkEAH2CH0ov5GWTt07/ur3aa5x+SAKi0J3wTD1cdiw4U/6Uin6jWGKKxvoo4IaeK
|
||||||
|
-SbM8w/6eKx6UbmHx7PA/eRABY9tTlpdPCVgw7/o3WDr03QM+IAtatzvaCPPczake
|
||||||
|
-pbdLwmBZB/v8V+6jUajy6jOgdSH0PyffGnt7MWgDETmNC6p/Xigp5eh+C8Fb4NGT
|
||||||
|
-xgHES5PBC+sruWp4u22bJGDKTvYNdZHsnw/CaKQWNsQqwisxa3/8N5v+PCff/pxl
|
||||||
|
-r05pE3PdHn9JrCl4iWdVlgtiI9BoPtQyDfa/OEFaScE8KYR8LxaAgdgp3zYncWls
|
||||||
|
-BpwQ6Y/A2wIkhlD9eEp5Ib2hz7isXOs9UwjdriKqrBXqcIAE5M+YIk3+KAQKxAtd
|
||||||
|
-4YsK3CSJ010uphr12YKqlScj4vuKFjuOtd5RyyMIxUG3lrrhAu2AzCeKCLdVgA8+
|
||||||
|
-75FrYMApUdvcjp4uzbBoED4XRQlx9kdFHVbYgmE/+yddBYJM8u4YlgAL0hW2/D8p
|
||||||
|
-z9JWIfxVmjJnBnXaKGBuiUyZ864A3PJndP6EMMo7TzS2CDnfCYuJjvI0KvDjFNmc
|
||||||
|
-rQA04+qfMSEz3nmKhbbZu4eYLzlADhfH8tT4GMtXf71WLA5AUHGf2Y4+HIHTsmHG
|
||||||
|
-vQ==
|
||||||
|
------END CERTIFICATE-----
|
||||||
|
diff --git a/src/crypto/x509/testdata/test-dir.crt b/src/crypto/x509/testdata/test-dir.crt
|
||||||
|
deleted file mode 100644
|
||||||
|
index b7fc9c5..0000000
|
||||||
|
--- a/src/crypto/x509/testdata/test-dir.crt
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,31 +0,0 @@
|
||||||
|
------BEGIN CERTIFICATE-----
|
||||||
|
-MIIFazCCA1OgAwIBAgIJAL8a/lsnspOqMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNV
|
||||||
|
-BAYTAlVLMRMwEQYDVQQIDApUZXN0LVN0YXRlMRUwEwYDVQQKDAxHb2xhbmcgVGVz
|
||||||
|
-dHMxETAPBgNVBAMMCHRlc3QtZGlyMB4XDTE3MDIwMTIzNTAyN1oXDTI3MDEzMDIz
|
||||||
|
-NTAyN1owTDELMAkGA1UEBhMCVUsxEzARBgNVBAgMClRlc3QtU3RhdGUxFTATBgNV
|
||||||
|
-BAoMDEdvbGFuZyBUZXN0czERMA8GA1UEAwwIdGVzdC1kaXIwggIiMA0GCSqGSIb3
|
||||||
|
-DQEBAQUAA4ICDwAwggIKAoICAQDzBoi43Yn30KN13PKFHu8LA4UmgCRToTukLItM
|
||||||
|
-WK2Je45grs/axg9n3YJOXC6hmsyrkOnyBcx1xVNgSrOAll7fSjtChRIX72Xrloxu
|
||||||
|
-XewtWVIrijqz6oylbvEmbRT3O8uynu5rF82Pmdiy8oiSfdywjKuPnE0hjV1ZSCql
|
||||||
|
-MYcXqA+f0JFD8kMv4pbtxjGH8f2DkYQz+hHXLrJH4/MEYdVMQXoz/GDzLyOkrXBN
|
||||||
|
-hpMaBBqg1p0P+tRdfLXuliNzA9vbZylzpF1YZ0gvsr0S5Y6LVtv7QIRygRuLY4kF
|
||||||
|
-k+UYuFq8NrV8TykS7FVnO3tf4XcYZ7r2KV5FjYSrJtNNo85BV5c3xMD3fJ2XcOWk
|
||||||
|
-+oD1ATdgAM3aKmSOxNtNItKKxBe1mkqDH41NbWx7xMad78gDznyeT0tjEOltN2bM
|
||||||
|
-uXU1R/jgR/vq5Ec0AhXJyL/ziIcmuV2fSl/ZxT4ARD+16tgPiIx+welTf0v27/JY
|
||||||
|
-adlfkkL5XsPRrbSguISrj7JeaO/gjG3KnDVHcZvYBpDfHqRhCgrosfe26TZcTXx2
|
||||||
|
-cRxOfvBjMz1zJAg+esuUzSkerreyRhzD7RpeZTwi6sxvx82MhYMbA3w1LtgdABio
|
||||||
|
-9JRqZy3xqsIbNv7N46WO/qXL1UMRKb1UyHeW8g8btboz+B4zv1U0Nj+9qxPBbQui
|
||||||
|
-dgL9LQIDAQABo1AwTjAdBgNVHQ4EFgQUy0/0W8nwQfz2tO6AZ2jPkEiTzvUwHwYD
|
||||||
|
-VR0jBBgwFoAUy0/0W8nwQfz2tO6AZ2jPkEiTzvUwDAYDVR0TBAUwAwEB/zANBgkq
|
||||||
|
-hkiG9w0BAQsFAAOCAgEAvEVnUYsIOt87rggmLPqEueynkuQ+562M8EDHSQl82zbe
|
||||||
|
-xDCxeg3DvPgKb+RvaUdt1362z/szK10SoeMgx6+EQLoV9LiVqXwNqeYfixrhrdw3
|
||||||
|
-ppAhYYhymdkbUQCEMHypmXP1vPhAz4o8Bs+eES1M+zO6ErBiD7SqkmBElT+GixJC
|
||||||
|
-6epC9ZQFs+dw3lPlbiZSsGE85sqc3VAs0/JgpL/pb1/Eg4s0FUhZD2C2uWdSyZGc
|
||||||
|
-g0/v3aXJCp4j/9VoNhI1WXz3M45nysZIL5OQgXymLqJElQa1pZ3Wa4i/nidvT4AT
|
||||||
|
-Xlxc/qijM8set/nOqp7hVd5J0uG6qdwLRILUddZ6OpXd7ZNi1EXg+Bpc7ehzGsDt
|
||||||
|
-3UFGzYXDjxYnK2frQfjLS8stOQIqSrGthW6x0fdkVx0y8BByvd5J6+JmZl4UZfzA
|
||||||
|
-m99VxXSt4B9x6BvnY7ktzcFDOjtuLc4B/7yg9fv1eQuStA4cHGGAttsCg1X/Kx8W
|
||||||
|
-PvkkeH0UWDZ9vhH9K36703z89da6MWF+bz92B0+4HoOmlVaXRkvblsNaynJnL0LC
|
||||||
|
-Ayry7QBxuh5cMnDdRwJB3AVJIiJ1GVpb7aGvBOnx+s2lwRv9HWtghb+cbwwktx1M
|
||||||
|
-JHyBf3GZNSWTpKY7cD8V+NnBv3UuioOVVo+XAU4LF/bYUjdRpxWADJizNtZrtFo=
|
||||||
|
------END CERTIFICATE-----
|
||||||
|
diff --git a/src/net/http/internal/testcert.go b/src/net/http/internal/testcert.go
|
||||||
|
index 2284a83..a33d06b 100644
|
||||||
|
--- a/src/net/http/internal/testcert.go
|
||||||
|
+++ b/src/net/http/internal/testcert.go
|
||||||
|
@@ -10,36 +10,9 @@ import "strings"
|
||||||
|
// "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.
|
||||||
|
// generated from src/crypto/tls:
|
||||||
|
// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
|
||||||
|
-var LocalhostCert = []byte(`-----BEGIN CERTIFICATE-----
|
||||||
|
-MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
|
||||||
|
-MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
|
||||||
|
-MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
|
||||||
|
-iQKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9SjY1bIw4
|
||||||
|
-iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZBl2+XsDul
|
||||||
|
-rKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQABo2gwZjAO
|
||||||
|
-BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
|
||||||
|
-AwEB/zAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAAAAAAAAAA
|
||||||
|
-AAAAATANBgkqhkiG9w0BAQsFAAOBgQCEcetwO59EWk7WiJsG4x8SY+UIAA+flUI9
|
||||||
|
-tyC4lNhbcF2Idq9greZwbYCqTTTr2XiRNSMLCOjKyI7ukPoPjo16ocHj+P3vZGfs
|
||||||
|
-h1fIw3cSS2OolhloGw/XM6RWPWtPAlGykKLciQrBru5NAPvCMsb/I1DAceTiotQM
|
||||||
|
-fblo6RBxUQ==
|
||||||
|
------END CERTIFICATE-----`)
|
||||||
|
+var LocalhostCert = []byte(``)
|
||||||
|
|
||||||
|
// LocalhostKey is the private key for localhostCert.
|
||||||
|
-var LocalhostKey = []byte(testingKey(`-----BEGIN RSA TESTING KEY-----
|
||||||
|
-MIICXgIBAAKBgQDuLnQAI3mDgey3VBzWnB2L39JUU4txjeVE6myuDqkM/uGlfjb9
|
||||||
|
-SjY1bIw4iA5sBBZzHi3z0h1YV8QPuxEbi4nW91IJm2gsvvZhIrCHS3l6afab4pZB
|
||||||
|
-l2+XsDulrKBxKKtD1rGxlG4LjncdabFn9gvLZad2bSysqz/qTAUStTvqJQIDAQAB
|
||||||
|
-AoGAGRzwwir7XvBOAy5tM/uV6e+Zf6anZzus1s1Y1ClbjbE6HXbnWWF/wbZGOpet
|
||||||
|
-3Zm4vD6MXc7jpTLryzTQIvVdfQbRc6+MUVeLKwZatTXtdZrhu+Jk7hx0nTPy8Jcb
|
||||||
|
-uJqFk541aEw+mMogY/xEcfbWd6IOkp+4xqjlFLBEDytgbIECQQDvH/E6nk+hgN4H
|
||||||
|
-qzzVtxxr397vWrjrIgPbJpQvBsafG7b0dA4AFjwVbFLmQcj2PprIMmPcQrooz8vp
|
||||||
|
-jy4SHEg1AkEA/v13/5M47K9vCxmb8QeD/asydfsgS5TeuNi8DoUBEmiSJwma7FXY
|
||||||
|
-fFUtxuvL7XvjwjN5B30pNEbc6Iuyt7y4MQJBAIt21su4b3sjXNueLKH85Q+phy2U
|
||||||
|
-fQtuUE9txblTu14q3N7gHRZB4ZMhFYyDy8CKrN2cPg/Fvyt0Xlp/DoCzjA0CQQDU
|
||||||
|
-y2ptGsuSmgUtWj3NM9xuwYPm+Z/F84K6+ARYiZ6PYj013sovGKUFfYAqVXVlxtIX
|
||||||
|
-qyUBnu3X9ps8ZfjLZO7BAkEAlT4R5Yl6cGhaJQYZHOde3JEMhNRcVFMO8dJDaFeo
|
||||||
|
-f9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==
|
||||||
|
------END RSA TESTING KEY-----`))
|
||||||
|
+var LocalhostKey = []byte(testingKey(``))
|
||||||
|
|
||||||
|
func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
@ -0,0 +1,124 @@
|
|||||||
|
From f938e06d0623d0e1de202575d16f1e126741f6e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Filippo Valsorda <filippo@golang.org>
|
||||||
|
Date: Fri, 24 Jan 2020 18:04:20 -0500
|
||||||
|
Subject: [PATCH] [release-branch.go1.13-security] src/go.mod: import
|
||||||
|
x/crypto/cryptobyte security fix for 32-bit archs
|
||||||
|
|
||||||
|
cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
|
||||||
|
|
||||||
|
When int is 32 bits wide (on 32-bit architectures like 386 and arm), an
|
||||||
|
overflow could occur, causing a panic, due to malformed ASN.1 being
|
||||||
|
passed to any of the ASN1 methods of String.
|
||||||
|
|
||||||
|
Tested on linux/386 and darwin/amd64.
|
||||||
|
|
||||||
|
This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof
|
||||||
|
test vectors.
|
||||||
|
|
||||||
|
Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54
|
||||||
|
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211
|
||||||
|
Reviewed-by: Katie Hockman <katiehockman@google.com>
|
||||||
|
Reviewed-by: Adam Langley <agl@google.com>
|
||||||
|
|
||||||
|
x/crypto/cryptobyte is used in crypto/x509 for parsing certificates.
|
||||||
|
Malformed certificates might cause a panic during parsing on 32-bit
|
||||||
|
architectures (like arm and 386).
|
||||||
|
|
||||||
|
Change-Id: I840feb54eba880dbb96780ef7adcade073c4c4e3
|
||||||
|
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647741
|
||||||
|
Reviewed-by: Katie Hockman <katiehockman@google.com>
|
||||||
|
---
|
||||||
|
src/go.mod | 2 +-
|
||||||
|
src/go.sum | 4 ++--
|
||||||
|
src/vendor/golang.org/x/crypto/cryptobyte/asn1.go | 5 +++--
|
||||||
|
src/vendor/golang.org/x/crypto/cryptobyte/string.go | 7 +------
|
||||||
|
src/vendor/modules.txt | 2 +-
|
||||||
|
5 files changed, 8 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/go.mod b/src/go.mod
|
||||||
|
index 90af2a7ea0..9c9026f0d8 100644
|
||||||
|
--- a/src/go.mod
|
||||||
|
+++ b/src/go.mod
|
||||||
|
@@ -3,7 +3,7 @@ module std
|
||||||
|
go 1.12
|
||||||
|
|
||||||
|
require (
|
||||||
|
- golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
|
||||||
|
+ golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
|
||||||
|
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
|
||||||
|
golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 // indirect
|
||||||
|
golang.org/x/text v0.3.2 // indirect
|
||||||
|
diff --git a/src/go.sum b/src/go.sum
|
||||||
|
index e358118e4c..e408f66328 100644
|
||||||
|
--- a/src/go.sum
|
||||||
|
+++ b/src/go.sum
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
|
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
|
||||||
|
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68 h1:WPLCzSEbawp58wezcvLvLnvhiDJAai54ESbc41NdXS0=
|
||||||
|
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
|
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
|
||||||
|
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||||
|
index 528b9bff67..f930f7e526 100644
|
||||||
|
--- a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||||
|
+++ b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
|
||||||
|
@@ -470,7 +470,8 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
|
||||||
|
// It reports whether the read was successful.
|
||||||
|
func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
|
||||||
|
var bytes String
|
||||||
|
- if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
|
||||||
|
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
|
||||||
|
+ len(bytes)*8/8 != len(bytes) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -740,7 +741,7 @@ func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
|
||||||
|
length = headerLen + len32
|
||||||
|
}
|
||||||
|
|
||||||
|
- if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
|
||||||
|
+ if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if skipHeader && !out.Skip(int(headerLen)) {
|
||||||
|
diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/string.go b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||||
|
index 39bf98aeea..589d297e6b 100644
|
||||||
|
--- a/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||||
|
+++ b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
|
||||||
|
@@ -24,7 +24,7 @@ type String []byte
|
||||||
|
// read advances a String by n bytes and returns them. If less than n bytes
|
||||||
|
// remain, it returns nil.
|
||||||
|
func (s *String) read(n int) []byte {
|
||||||
|
- if len(*s) < n {
|
||||||
|
+ if len(*s) < n || n < 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
v := (*s)[:n]
|
||||||
|
@@ -105,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
|
||||||
|
length = length << 8
|
||||||
|
length = length | uint32(b)
|
||||||
|
}
|
||||||
|
- if int(length) < 0 {
|
||||||
|
- // This currently cannot overflow because we read uint24 at most, but check
|
||||||
|
- // anyway in case that changes in the future.
|
||||||
|
- return false
|
||||||
|
- }
|
||||||
|
v := s.read(int(length))
|
||||||
|
if v == nil {
|
||||||
|
return false
|
||||||
|
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
|
||||||
|
index 453a312661..cff8acd02e 100644
|
||||||
|
--- a/src/vendor/modules.txt
|
||||||
|
+++ b/src/vendor/modules.txt
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-# golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
|
||||||
|
+# golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
|
||||||
|
golang.org/x/crypto/chacha20poly1305
|
||||||
|
golang.org/x/crypto/cryptobyte
|
||||||
|
golang.org/x/crypto/cryptobyte/asn1
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
||||||
15
golang.spec
15
golang.spec
@ -61,8 +61,8 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: golang
|
Name: golang
|
||||||
Version: 1.13
|
Version: 1.13.3
|
||||||
Release: 3.3
|
Release: 6
|
||||||
Summary: The Go Programming Language
|
Summary: The Go Programming Language
|
||||||
License: BSD and Public Domain
|
License: BSD and Public Domain
|
||||||
URL: http://golang.org/
|
URL: http://golang.org/
|
||||||
@ -160,6 +160,8 @@ Patch6009: 0009-release-branch.go1.13-net-http-don-t-cache-http2.err.patch
|
|||||||
Patch6010: 0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
|
Patch6010: 0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
|
||||||
Patch6011: 0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
|
Patch6011: 0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
|
||||||
Patch6012: 0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
|
Patch6012: 0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
|
||||||
|
Patch6013: backport-0013-release-branch.go1.13-security-src-go.mod-import-x-c.patch
|
||||||
|
Patch6014: 0013-drop-hard-code-cert.patch
|
||||||
|
|
||||||
ExclusiveArch: %{golang_arches}
|
ExclusiveArch: %{golang_arches}
|
||||||
|
|
||||||
@ -393,6 +395,15 @@ fi
|
|||||||
%files devel -f go-tests.list -f go-misc.list -f go-src.list
|
%files devel -f go-tests.list -f go-misc.list -f go-src.list
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue May 12 2020 lixiang <lixiang172@huawei.com> - 1.13.6
|
||||||
|
- rename tar name and make it same with upstream
|
||||||
|
|
||||||
|
* Tue Mar 17 2020 jingrui <jingrui@huawei.com> - 1.13.5
|
||||||
|
- drop hard code cert
|
||||||
|
|
||||||
|
* Mon Mar 23 2020 jingrui <jingrui@huawei.com> - 1.13.4
|
||||||
|
- fix CVE-2020-7919
|
||||||
|
|
||||||
* Thu Feb 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.13-3.2
|
* Thu Feb 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.13-3.2
|
||||||
- requires remove mercurial
|
- requires remove mercurial
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user