packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
65 Commits 1 Branch 0 Tags
Commit Graph

65 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hanchao
555fcebc87 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit 0548e7a6e5dff3d2e35f1083469192e6f31473bf)
 2022-08-30 15:13:00 +08:00
openeuler-ci-bot
adb530b92b
!113 golang: fix CVE-2022-29804,CVE-2022-29526 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-08-22 01:46:25 +00:00
hanchao
eeeca13a95 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-08-18 20:02:38 +08:00
openeuler-ci-bot
4fe4d4bc51
!107 golang: fix CVE-2022-32189 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-08-09 09:35:38 +00:00
hanchao
d95195796d golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
 2022-08-08 19:30:34 +08:00
openeuler-ci-bot
935d47607c
!102 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,CVE-2022-30631,CVE-2022-30629,CVE-2022-30634 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-07-28 01:34:21 +00:00
hanchao
4eff8aee0d golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict:
CVE-2022-1962: src/go/parser/parser.go
CVE-2022-1705: src/net/http/transfer.go
CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:  https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE
CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:  0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-07-27 23:11:25 +08:00
openeuler-ci-bot
d4f214f4dc
!93 fix CVE-2021-44717 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-05-16 07:54:57 +00:00
hanchao
ad5e33b97b fix CVE-2021-44717 
Conflict: NA
Score: CVE-2021-44717:4.5
Reference: https://go-review.googlesource.com/c/go/+/370514
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-05-16 15:03:09 +08:00
openeuler-ci-bot
91c5faf5e9
!90 fix CVE-2022-28327,CVE-2022-24675 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-05-13 09:44:19 +00:00
hanchao
90fce58fce fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: fix CVE-2022-28327,CVE-2022-24675
 2022-05-12 10:59:10 +08:00
openeuler-ci-bot
a1133548ce
!82 fix CVE-2022-23773 
From: @hcnbxx 
Reviewed-by: @jing-rui, @jackchan8 
Signed-off-by: @jing-rui
 2022-03-28 07:28:22 +00:00
hanchao
abeaca7a73 fix CVE-2022-23773 
Conflict:src/cmd/go/internal/modfetch/coderepo.go;src/cmd/go/internal/modfetch/coderepo_test.go
Score:CVE-2022-23773:7.5
Reference:https://go-review.googlesource.com/c/go/+/378400/
Reason:fix CVE-2022-23773
 2022-03-24 11:35:33 +08:00
openeuler-ci-bot
0c7844d8fc
!81 fix CVE-2022-24921 
From: @hcnbxx 
Reviewed-by: @jackchan8, @jing-rui 
Signed-off-by: @jing-rui
 2022-03-16 01:51:01 +00:00
hanchao
7f42874389 fix CVE-2022-24921 
Reference:https://go-review.googlesource.com/c/go/+/384855/
Conflict:NA
Score:CVE-2022-24921:7.5
Reason:fix CVE-2022-24921
 2022-03-14 15:59:38 +08:00
openeuler-ci-bot
1920295134
!76 fix CVE-2022-23772;CVE-2022-23806 
From: @hcnbxx 
Reviewed-by: @jackchan8, @jing-rui 
Signed-off-by: @jing-rui
 2022-03-11 06:51:06 +00:00
hanchao
2b2e619ed0 fix CVE-2022-23772 CVE-2022-23806 
Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854
Conflict:NA
Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1
Reason:fix CVE-2022-23772  CVE-2022-23806
 2022-03-05 16:42:40 +08:00
openeuler-ci-bot
76377cc07b
!71 fix CVE-2021-41771 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-03-02 03:48:09 +00:00
hanchao
61db6bd4b4 fix CVE-2021-41771 2022-03-02 11:38:36 +08:00
openeuler-ci-bot
162f86bf27
!70 fix CVE-2021-39293 
Merge pull request !70 from hc/openEuler-20.03-LTS-SP3
 2022-02-08 11:18:10 +00:00
hanchao
edc2d98d59 fix CVE-2021-39293 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-02-08 11:07:36 +08:00
openeuler-ci-bot
4e6cb8cc04
!65 fix CVE-2021-44716 
Merge pull request !65 from hc/openEuler-20.03-LTS-SP3
 2022-01-19 09:23:17 +00:00
hanchao
68522bdf25 fix CVE-2021-44716 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-01-19 16:25:03 +08:00
openeuler-ci-bot
e8ea8c4ecd !54 合入sp1的修改 
From: @weidongkl
Reviewed-by: @caihaomin
Signed-off-by: @jing-rui
 2021-12-06 13:46:53 +00:00
wei dong
e2514db08f Merge branch 'openEuler-20.03-LTS-SP1' of https://gitee.com/weidongkl/golang into openEuler-20.03-LTS-SP3 
Signed-off-by: wei dong <weidong@uniontech.com>
 2021-11-16 13:44:21 +08:00
openeuler-ci-bot
094284d05e !47 Fix multi CVEs 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-10-27 03:56:06 +00:00
chenjiankun
986a9036f1 fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221 2021-10-27 11:18:41 +08:00
openeuler-ci-bot
889d7db656 !45 batch synchronization 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-06-21 11:47:29 +00:00
chenjiankun
cef4d1953d batch synchronization 2021-06-18 15:46:44 +08:00
openeuler-ci-bot
131f3f204c !39 fix CVE-2021-27918 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-25 09:53:23 +08:00
chenjiankun
30db532fed fix CVE-2021-27918 2021-04-25 09:23:19 +08:00
openeuler-ci-bot
5684cc52d7 !33 [sync] PR-32: golang: speed up build progress 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 16:28:44 +08:00
openeuler-ci-bot
539e24a910 !34 [sync] PR-32: golang: speed up build progress 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 16:28:32 +08:00
DCCooper
724c6a76ea golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
(cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)
 2021-04-16 09:36:55 +08:00
DCCooper
e0760c442c golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
(cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)
 2021-04-16 09:36:49 +08:00
openeuler-ci-bot
e8c374c961 !31 golang: upgrade to 1.15.7 
From: @DCCooper
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-03-12 16:49:42 +08:00
DCCooper
76c5ebd313 golang: upgrade to 1.15.7 
Fixes: #I3B1LK

Signed-off-by: DCCooper <1866858@gmail.com>
 2021-03-12 16:17:36 +08:00
openeuler-ci-bot
9ec5fee370 !30 [sync] PR-29: fix cve 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-02-26 09:59:46 +08:00
jingrui
373c1dfbaf golang: add fixes CVE-2021-3114 
Signed-off-by: jingrui <jingrui@huawei.com>
(cherry picked from commit 79deab4eacbf1e09f03415d6bcd1f1fc1d35b452)
 2021-02-25 10:12:44 +08:00
openeuler-ci-bot
6a6cbf4d77 !27 [sync] PR-26: golang: fix CVE-2021-3114 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-02-23 21:13:22 +08:00
jingrui
1982f512d0 golang: fix CVE-2021-3114 
Signed-off-by: jingrui <jingrui@huawei.com>
(cherry picked from commit 53d3de4bc619b8c4fdebfe896418684aa0c9b721)
 2021-02-23 20:55:36 +08:00
openeuler-ci-bot
eebc14f31d !24 Upgrade golang to 1.15.7 
From: @meilier
Reviewed-by: @jingxiaolu,@jing-rui
Signed-off-by: @jing-rui
 2021-01-29 09:00:10 +08:00
meilier
fee2c79e99 golang: upgrade to 1.15.7 2021-01-28 20:45:20 +08:00
openeuler-ci-bot
240cfd6196 !20 golang: sync cve fix 
From: @jing-rui
Reviewed-by: @caihaomin
Signed-off-by: @caihaomin
 2021-01-18 19:13:06 +08:00
openeuler-ci-bot
8b174a38e5 !19 golang: sync cve fix 
From: @jing-rui
Reviewed-by: @caihaomin
Signed-off-by: @caihaomin
 2021-01-18 19:12:53 +08:00
jingrui
d2049ce1ac golang: sync cve fix 
Signed-off-by: jingrui <jingrui@huawei.com>
 2021-01-18 17:40:01 +08:00
openeuler-ci-bot
e3a26a1d24 !13 golang: upgrade to 1.13.15 
Merge pull request !13 from Vanient/openEuler-20.03-LTS
 2020-08-19 09:09:42 +08:00
xiadanni
e6f40e27fa golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 20:36:44 +08:00
openeuler-ci-bot
aaf02659c7 !8 golang: sync code from master 
Merge pull request !8 from DCCooper/openEuler-20.03-LTS
 2020-05-14 09:41:15 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00