golang

Author	SHA1	Message	Date
Lu Jingxiao	6780406796	backport: fix CVE-2024-24787 Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com> (cherry picked from commit 66a307a0e760e1d099b2ad51cda71a44adc9c530)	2024-05-28 09:23:43 +08:00
hanchao	2257649bc3	backport: fix CVE-2023-45288	2024-04-16 11:58:08 +08:00
wangshuo	9b819ac1bf	backport the upstream patch, fix the overflow issue in runtime.netpollWaiters	2024-03-28 17:32:39 +08:00
hanchao	f4c9675d23	backport: fix CVE-2024-24784	2024-03-28 12:56:17 +08:00
hanchao	579269c1d8	bugfix: fix failure of net/http unit test	2024-03-28 12:54:11 +08:00
hanchao	f2859f8a72	backport:fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289	2024-03-15 16:32:46 +08:00
wangshuo	a7a3874295	fix test error about mod_insecure_issue63845	2023-12-27 15:55:16 +08:00
hanchao	a4aa7eee28	cvefix: fix CVE-2023-39326,CVE-2023-45285	2023-12-15 20:45:38 +08:00
hanchao	4af3c6fe6d	cvefix: fix CVE-2023-39325	2023-10-28 16:41:27 +08:00
luoyujie	cc7f90041b	cvefix:fix CVE-2023-39323	2023-10-28 12:55:03 +08:00
luoyujie	03a29d5388	fix CVE-2023-39318 and CVE-2023-39319	2023-09-25 11:49:03 +08:00
sunchendong	d9df071cb0	permit requests with invalid Host headers	2023-08-25 15:39:10 +08:00
luoyujie	ff5bae14ab	cvefix:fix CVE-2023-29409	2023-08-18 10:54:19 +08:00
hanchao	d2d2ed93fb	cvefix:fix CVE-2023-29406 score:6.5 reference:https://go-review.googlesource.com/c/go/+/507358	2023-07-25 11:31:41 +08:00
hanchao	27c663e5bf	bugfix: fix build error for go test runtime	2023-07-07 17:17:03 +08:00
hanchao	025dbdf1eb	cvefix:fix CVE-2023-29403	2023-06-29 20:46:38 +08:00
hanchao	debf83463a	cvefix: CVE-2023-29402,CVE-2023-29404,CVE-2023-29405,CVE-2023-29403	2023-06-29 00:03:17 +08:00
hanchao	2ac3ebbd18	bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 CVE:CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 Reference:https://go-review.googlesource.com/c/go/+/491615,https://go-review.googlesource.com/c/go/+/491616,https://go-review.googlesource.com/c/go/+/491617 Type:CVE Reason:fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540	2023-05-22 23:01:57 +08:00
hanchao	5e86082cc3	golang-1.15: fix a deadlock issue when a signal is received Reference:https://go-review.googlesource.com/c/go/+/270861; https://go-review.googlesource.com/c/go/+/204636; https://go-review.googlesource.com/c/go/+/205097; https://go-review.googlesource.com/c/go/+/189318; https://go-review.googlesource.com/c/go/+/204778; https://go-review.googlesource.com/c/go/+/279994 Type:bugfix reason:fix a deadlock issue when a signal is received.	2023-04-14 18:36:58 +08:00
hanchao	5d929012be	golang-1.15: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537, CVE-2023-24538 CVE:CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 Reference:https://go-review.googlesource.com/c/go/+/481982, https://go-review.googlesource.com/c/go/+/481986, https://go-review.googlesource.com/c/go/+/481987, https://go-review.googlesource.com/c/go/+/481983, https://go-review.googlesource.com/c/go/+/481984, https://go-review.googlesource.com/c/go/+/481985 Type:CVE reason: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538	2023-04-13 17:40:03 +08:00
hanchao	bbb8152b93	golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 Reference:https://go-review.googlesource.com/c/net/+/468135 https://go-review.googlesource.com/c/go/+/468117 https://go-review.googlesource.com/c/go/+/468116 Type:CVE Score:7.5 Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725	2023-03-27 16:25:01 +08:00
hanchao	1fe64e66d6	golang: fix CVE-2022-41717 Score:5.3 reference:https://go-review.googlesource.com/c/go/+/455361 (cherry picked from commit de526ee737e82150800249f335822d321ee263a5)	2023-02-09 15:23:16 +08:00
hanchao	a8d8b39014	golang: fix CVE-2022-41716 Score: 7.5 Reference: https://go-review.googlesource.com/c/go/+/446916 Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go Reason: fix CVE-2022-41716 (cherry picked from commit 04fc1e107bc84ce060d324c77d9e94e6c03aae84)	2022-11-21 11:39:21 +08:00
hanchao	bcd9f462c2	golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 Score: Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2 Reference:https://go-review.googlesource.com/c/go/+/438501, https://go-review.googlesource.com/c/go/+/433695, https://go-review.googlesource.com/c/go/+/438500 Conflict:NA Reason: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 (cherry picked from commit 35fc18fe0e32f4e0889de907f6f8eb1adfe492c2)	2022-10-13 17:27:12 +08:00
fuowang	45d77ec6d0	fix bad %goroot}/lib/ macro 修复不完整的宏 %goroot}/lib/，应为 %{goroot}/lib/ Signed-off-by: fuowang <wangshuo@kylinos.cn>	2022-10-05 07:53:44 +00:00
hanchao	b51ea02ebb	golang: fix CVE-2022-27664 Score: 7.5 Reference: https://go-review.googlesource.com/c/go/+/428635/ Conflict: NA Reason: fix CVE-2022-27664 (cherry picked from commit 55efe5f6ec1095bac2041031da0b4daa63b61523)	2022-09-15 14:31:15 +08:00
hanchao	7a601b0c7a	runtime: consistently access pollDesc r/w Gs with atomics Reference:https://go-review.googlesource.com/c/go/+/356370 Conflict:NA Reason: Both netpollblock and netpollunblock read gpp using a non-atomic load. When consuming a ready event, netpollblock clears gpp using a non-atomic store, thus skipping a barrier. Thus on systems with weak memory ordering, a sequence like so this is possible: T1 T2 1. netpollblock: read gpp -> pdReady 2. netpollblock: store gpp -> 0 3. netpollunblock: read gpp -> pdReady 4. netpollunblock: return i.e., without a happens-before edge between (2) and (3), netpollunblock may read the stale value of gpp. Switch these access to use atomic loads and stores in order to create these edges. For ease of future maintainance, I've simply changed rg and wg to always be accessed atomically, though I don't believe pollOpen or pollClose require atomics today. (cherry picked from commit f2498bf6fec075643ff54319bfa7d153be00f7b9)	2022-09-13 09:57:27 +08:00
hanchao	555fcebc87	golang: modify the golang.spec to remove unnecessary files from golang-help package Reason: golang-help package include unnecessary files such as shared libs. now remove those unnecessary files. (cherry picked from commit 0548e7a6e5dff3d2e35f1083469192e6f31473bf)	2022-08-30 15:13:00 +08:00
hanchao	eeeca13a95	golang: fix CVE-2022-29804,CVE-2022-29526 Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3 Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/ Conflict: NA Reason: fix CVE-2022-29804,CVE-2022-29526	2022-08-18 20:02:38 +08:00
hanchao	d95195796d	golang: fix CVE-2022-32189 Score: 6.5 Reference: https://go-review.googlesource.com/c/go/+/419814 Conflict: NA Reason: fix CVE-2022-32189	2022-08-08 19:30:34 +08:00
hanchao	4eff8aee0d	golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, CVE-2022-30635,CVE-2022-30632,CVE-2022-28131, CVE-2022-30631,CVE-2022-30629,CVE-2022-30634 Conflict: CVE-2022-1962: src/go/parser/parser.go CVE-2022-1705: src/net/http/transfer.go CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go Score: CVE-2022-32148: 5.3 CVE-2022-1962: 6.2 CVE-2022-1705: 5.3 CVE-2022-30633: 6.2 CVE-2022-30635: 5.5 CVE-2022-30632: 6.2 CVE-2022-28131: 6.2 CVE-2022-30631: 7.5 CVE-2022-30629: 2.6 CVE-2022-30634: 7.5 Reference: CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221 CVE-2022-1962: https://go-review.googlesource.com/c/go/+/417070 CVE-2022-1705: https://go-review.googlesource.com/c/go/+/415217 CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069 CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074 CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073 CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068 CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071 CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574 CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635 Reason: fix CVE CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch CVE-2022-1962: 0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch CVE-2022-1705: 0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch	2022-07-27 23:11:25 +08:00
hanchao	ad5e33b97b	fix CVE-2021-44717 Conflict: NA Score: CVE-2021-44717:4.5 Reference: https://go-review.googlesource.com/c/go/+/370514 Reason: fix CVE-2021-44717 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-05-16 15:03:09 +08:00
hanchao	90fce58fce	fix CVE-2022-28327,CVE-2022-24675 Conflict: NA Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5 Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816 Reason: fix CVE-2022-28327,CVE-2022-24675	2022-05-12 10:59:10 +08:00
hanchao	abeaca7a73	fix CVE-2022-23773 Conflict:src/cmd/go/internal/modfetch/coderepo.go;src/cmd/go/internal/modfetch/coderepo_test.go Score:CVE-2022-23773:7.5 Reference:https://go-review.googlesource.com/c/go/+/378400/ Reason:fix CVE-2022-23773	2022-03-24 11:35:33 +08:00
hanchao	7f42874389	fix CVE-2022-24921 Reference:https://go-review.googlesource.com/c/go/+/384855/ Conflict:NA Score:CVE-2022-24921:7.5 Reason:fix CVE-2022-24921	2022-03-14 15:59:38 +08:00
hanchao	2b2e619ed0	fix CVE-2022-23772 CVE-2022-23806 Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854 Conflict:NA Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1 Reason:fix CVE-2022-23772 CVE-2022-23806	2022-03-05 16:42:40 +08:00
hanchao	61db6bd4b4	fix CVE-2021-41771	2022-03-02 11:38:36 +08:00
hanchao	edc2d98d59	fix CVE-2021-39293 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-02-08 11:07:36 +08:00
hanchao	68522bdf25	fix CVE-2021-44716 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-01-19 16:25:03 +08:00
chenjiankun	986a9036f1	fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221	2021-10-27 11:18:41 +08:00
chenjiankun	cef4d1953d	batch synchronization	2021-06-18 15:46:44 +08:00
chenjiankun	30db532fed	fix CVE-2021-27918	2021-04-25 09:23:19 +08:00
DCCooper	724c6a76ea	golang: speed up build progress Signed-off-by: DCCooper <1866858@gmail.com> (cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)	2021-04-16 09:36:55 +08:00
DCCooper	76c5ebd313	golang: upgrade to 1.15.7 Fixes: #I3B1LK Signed-off-by: DCCooper <1866858@gmail.com>	2021-03-12 16:17:36 +08:00
jingrui	373c1dfbaf	golang: add fixes CVE-2021-3114 Signed-off-by: jingrui <jingrui@huawei.com> (cherry picked from commit 79deab4eacbf1e09f03415d6bcd1f1fc1d35b452)	2021-02-25 10:12:44 +08:00
jingrui	1982f512d0	golang: fix CVE-2021-3114 Signed-off-by: jingrui <jingrui@huawei.com> (cherry picked from commit 53d3de4bc619b8c4fdebfe896418684aa0c9b721)	2021-02-23 20:55:36 +08:00
jingrui	d2049ce1ac	golang: sync cve fix Signed-off-by: jingrui <jingrui@huawei.com>	2021-01-18 17:40:01 +08:00
xiadanni	e6f40e27fa	golang: upgrade to 1.13.15 Signed-off-by: xiadanni <xiadanni1@huawei.com>	2020-08-18 20:36:44 +08:00
DCCooper	deb13bfa9d	golang: sync code with CVE and cleancode reason: 1. drop hard code cert 2. rename tar name and make it same with upstream Signed-off-by: DCCooper <1866858@gmail.com>	2020-05-12 17:08:40 +08:00
jingrui	d9ea2f312b	golang: fix cve CVE-2020-7919 Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84 Signed-off-by: jingrui <jingrui@huawei.com>	2020-04-16 16:22:51 +08:00

1 2

58 Commits