packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
59 Commits 1 Branch 0 Tags
Commit Graph

28 Commits

Author SHA1 Message Date
hanchao
4eff8aee0d golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict:
CVE-2022-1962: src/go/parser/parser.go
CVE-2022-1705: src/net/http/transfer.go
CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:  https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE
CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:  0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-07-27 23:11:25 +08:00
hanchao
ad5e33b97b fix CVE-2021-44717 
Conflict: NA
Score: CVE-2021-44717:4.5
Reference: https://go-review.googlesource.com/c/go/+/370514
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-05-16 15:03:09 +08:00
hanchao
90fce58fce fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: fix CVE-2022-28327,CVE-2022-24675
 2022-05-12 10:59:10 +08:00
hanchao
abeaca7a73 fix CVE-2022-23773 
Conflict:src/cmd/go/internal/modfetch/coderepo.go;src/cmd/go/internal/modfetch/coderepo_test.go
Score:CVE-2022-23773:7.5
Reference:https://go-review.googlesource.com/c/go/+/378400/
Reason:fix CVE-2022-23773
 2022-03-24 11:35:33 +08:00
hanchao
7f42874389 fix CVE-2022-24921 
Reference:https://go-review.googlesource.com/c/go/+/384855/
Conflict:NA
Score:CVE-2022-24921:7.5
Reason:fix CVE-2022-24921
 2022-03-14 15:59:38 +08:00
hanchao
2b2e619ed0 fix CVE-2022-23772 CVE-2022-23806 
Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854
Conflict:NA
Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1
Reason:fix CVE-2022-23772  CVE-2022-23806
 2022-03-05 16:42:40 +08:00
hanchao
61db6bd4b4 fix CVE-2021-41771 2022-03-02 11:38:36 +08:00
hanchao
edc2d98d59 fix CVE-2021-39293 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-02-08 11:07:36 +08:00
hanchao
68522bdf25 fix CVE-2021-44716 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-01-19 16:25:03 +08:00
chenjiankun
986a9036f1 fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221 2021-10-27 11:18:41 +08:00
chenjiankun
cef4d1953d batch synchronization 2021-06-18 15:46:44 +08:00
chenjiankun
30db532fed fix CVE-2021-27918 2021-04-25 09:23:19 +08:00
DCCooper
724c6a76ea golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
(cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)
 2021-04-16 09:36:55 +08:00
DCCooper
76c5ebd313 golang: upgrade to 1.15.7 
Fixes: #I3B1LK

Signed-off-by: DCCooper <1866858@gmail.com>
 2021-03-12 16:17:36 +08:00
jingrui
373c1dfbaf golang: add fixes CVE-2021-3114 
Signed-off-by: jingrui <jingrui@huawei.com>
(cherry picked from commit 79deab4eacbf1e09f03415d6bcd1f1fc1d35b452)
 2021-02-25 10:12:44 +08:00
jingrui
1982f512d0 golang: fix CVE-2021-3114 
Signed-off-by: jingrui <jingrui@huawei.com>
(cherry picked from commit 53d3de4bc619b8c4fdebfe896418684aa0c9b721)
 2021-02-23 20:55:36 +08:00
jingrui
d2049ce1ac golang: sync cve fix 
Signed-off-by: jingrui <jingrui@huawei.com>
 2021-01-18 17:40:01 +08:00
xiadanni
e6f40e27fa golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 20:36:44 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00
jingrui
d9ea2f312b golang: fix cve CVE-2020-7919 
Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84
Signed-off-by: jingrui <jingrui@huawei.com>
 2020-04-16 16:22:51 +08:00
Grooooot
03aa981a87 golang: remove unused requires "mercurial" 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-02-20 18:22:53 +08:00
Grooooot
1ce9a9033f golang: fix patch 0012 format 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-10 10:06:14 +08:00
Grooooot
8b0d150421 runtime: use innermost frame's func name for async preemption check 
We don't asynchronously preempt if we are in the runtime. We do
this by checking the function name. However, it failed to take
inlining into account. If a runtime function gets inlined into
a non-runtime function, it can be preempted, and bad things can
happen. One instance of this is dounlockOSThread inlined into
UnlockOSThread which is in turn inlined into a non-runtime
function.

Fix this by using the innermost frame's function name.

Change-Id: Ifa036ce1320700aaaefd829b4bee0d04d05c395d
Reviewed-on: https://go-review.googlesource.com/c/go/+/211978
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-08 15:04:53 +08:00
Grooooot
592bf09553 golang: modification of spec 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-06 10:24:02 +08:00
openeuler-iSula
747b3d9598 golang: modify source0 download address 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:43:54 +08:00
dogsheng
ce820709f2 Package init 2019-12-25 15:47:08 +08:00
dogsheng
f6abdd32e1 Package init 2019-12-13 15:19:17 +08:00
overweight
c29de2f632 Package init 2019-09-30 10:41:22 -04:00