golang

Author	SHA1	Message	Date
hanchao	debf83463a	cvefix: CVE-2023-29402,CVE-2023-29404,CVE-2023-29405,CVE-2023-29403	2023-06-29 00:03:17 +08:00
hanchao	2ac3ebbd18	bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 CVE:CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 Reference:https://go-review.googlesource.com/c/go/+/491615,https://go-review.googlesource.com/c/go/+/491616,https://go-review.googlesource.com/c/go/+/491617 Type:CVE Reason:fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540	2023-05-22 23:01:57 +08:00
hanchao	5e86082cc3	golang-1.15: fix a deadlock issue when a signal is received Reference:https://go-review.googlesource.com/c/go/+/270861; https://go-review.googlesource.com/c/go/+/204636; https://go-review.googlesource.com/c/go/+/205097; https://go-review.googlesource.com/c/go/+/189318; https://go-review.googlesource.com/c/go/+/204778; https://go-review.googlesource.com/c/go/+/279994 Type:bugfix reason:fix a deadlock issue when a signal is received.	2023-04-14 18:36:58 +08:00
hanchao	5d929012be	golang-1.15: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537, CVE-2023-24538 CVE:CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 Reference:https://go-review.googlesource.com/c/go/+/481982, https://go-review.googlesource.com/c/go/+/481986, https://go-review.googlesource.com/c/go/+/481987, https://go-review.googlesource.com/c/go/+/481983, https://go-review.googlesource.com/c/go/+/481984, https://go-review.googlesource.com/c/go/+/481985 Type:CVE reason: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538	2023-04-13 17:40:03 +08:00
hanchao	bbb8152b93	golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 Reference:https://go-review.googlesource.com/c/net/+/468135 https://go-review.googlesource.com/c/go/+/468117 https://go-review.googlesource.com/c/go/+/468116 Type:CVE Score:7.5 Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725	2023-03-27 16:25:01 +08:00
hanchao	1fe64e66d6	golang: fix CVE-2022-41717 Score:5.3 reference:https://go-review.googlesource.com/c/go/+/455361 (cherry picked from commit de526ee737e82150800249f335822d321ee263a5)	2023-02-09 15:23:16 +08:00
hanchao	a8d8b39014	golang: fix CVE-2022-41716 Score: 7.5 Reference: https://go-review.googlesource.com/c/go/+/446916 Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go Reason: fix CVE-2022-41716 (cherry picked from commit 04fc1e107bc84ce060d324c77d9e94e6c03aae84)	2022-11-21 11:39:21 +08:00
hanchao	bcd9f462c2	golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 Score: Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2 Reference:https://go-review.googlesource.com/c/go/+/438501, https://go-review.googlesource.com/c/go/+/433695, https://go-review.googlesource.com/c/go/+/438500 Conflict:NA Reason: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 (cherry picked from commit 35fc18fe0e32f4e0889de907f6f8eb1adfe492c2)	2022-10-13 17:27:12 +08:00
fuowang	45d77ec6d0	fix bad %goroot}/lib/ macro 修复不完整的宏 %goroot}/lib/，应为 %{goroot}/lib/ Signed-off-by: fuowang <wangshuo@kylinos.cn>	2022-10-05 07:53:44 +00:00
hanchao	b51ea02ebb	golang: fix CVE-2022-27664 Score: 7.5 Reference: https://go-review.googlesource.com/c/go/+/428635/ Conflict: NA Reason: fix CVE-2022-27664 (cherry picked from commit 55efe5f6ec1095bac2041031da0b4daa63b61523)	2022-09-15 14:31:15 +08:00
hanchao	7a601b0c7a	runtime: consistently access pollDesc r/w Gs with atomics Reference:https://go-review.googlesource.com/c/go/+/356370 Conflict:NA Reason: Both netpollblock and netpollunblock read gpp using a non-atomic load. When consuming a ready event, netpollblock clears gpp using a non-atomic store, thus skipping a barrier. Thus on systems with weak memory ordering, a sequence like so this is possible: T1 T2 1. netpollblock: read gpp -> pdReady 2. netpollblock: store gpp -> 0 3. netpollunblock: read gpp -> pdReady 4. netpollunblock: return i.e., without a happens-before edge between (2) and (3), netpollunblock may read the stale value of gpp. Switch these access to use atomic loads and stores in order to create these edges. For ease of future maintainance, I've simply changed rg and wg to always be accessed atomically, though I don't believe pollOpen or pollClose require atomics today. (cherry picked from commit f2498bf6fec075643ff54319bfa7d153be00f7b9)	2022-09-13 09:57:27 +08:00
hanchao	555fcebc87	golang: modify the golang.spec to remove unnecessary files from golang-help package Reason: golang-help package include unnecessary files such as shared libs. now remove those unnecessary files. (cherry picked from commit 0548e7a6e5dff3d2e35f1083469192e6f31473bf)	2022-08-30 15:13:00 +08:00
hanchao	eeeca13a95	golang: fix CVE-2022-29804,CVE-2022-29526 Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3 Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/ Conflict: NA Reason: fix CVE-2022-29804,CVE-2022-29526	2022-08-18 20:02:38 +08:00
hanchao	d95195796d	golang: fix CVE-2022-32189 Score: 6.5 Reference: https://go-review.googlesource.com/c/go/+/419814 Conflict: NA Reason: fix CVE-2022-32189	2022-08-08 19:30:34 +08:00
hanchao	4eff8aee0d	golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, CVE-2022-30635,CVE-2022-30632,CVE-2022-28131, CVE-2022-30631,CVE-2022-30629,CVE-2022-30634 Conflict: CVE-2022-1962: src/go/parser/parser.go CVE-2022-1705: src/net/http/transfer.go CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go Score: CVE-2022-32148: 5.3 CVE-2022-1962: 6.2 CVE-2022-1705: 5.3 CVE-2022-30633: 6.2 CVE-2022-30635: 5.5 CVE-2022-30632: 6.2 CVE-2022-28131: 6.2 CVE-2022-30631: 7.5 CVE-2022-30629: 2.6 CVE-2022-30634: 7.5 Reference: CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221 CVE-2022-1962: https://go-review.googlesource.com/c/go/+/417070 CVE-2022-1705: https://go-review.googlesource.com/c/go/+/415217 CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069 CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074 CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073 CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068 CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071 CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574 CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635 Reason: fix CVE CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch CVE-2022-1962: 0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch CVE-2022-1705: 0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch	2022-07-27 23:11:25 +08:00
hanchao	ad5e33b97b	fix CVE-2021-44717 Conflict: NA Score: CVE-2021-44717:4.5 Reference: https://go-review.googlesource.com/c/go/+/370514 Reason: fix CVE-2021-44717 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-05-16 15:03:09 +08:00
hanchao	90fce58fce	fix CVE-2022-28327,CVE-2022-24675 Conflict: NA Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5 Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816 Reason: fix CVE-2022-28327,CVE-2022-24675	2022-05-12 10:59:10 +08:00
hanchao	abeaca7a73	fix CVE-2022-23773 Conflict:src/cmd/go/internal/modfetch/coderepo.go;src/cmd/go/internal/modfetch/coderepo_test.go Score:CVE-2022-23773:7.5 Reference:https://go-review.googlesource.com/c/go/+/378400/ Reason:fix CVE-2022-23773	2022-03-24 11:35:33 +08:00
hanchao	7f42874389	fix CVE-2022-24921 Reference:https://go-review.googlesource.com/c/go/+/384855/ Conflict:NA Score:CVE-2022-24921:7.5 Reason:fix CVE-2022-24921	2022-03-14 15:59:38 +08:00
hanchao	2b2e619ed0	fix CVE-2022-23772 CVE-2022-23806 Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854 Conflict:NA Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1 Reason:fix CVE-2022-23772 CVE-2022-23806	2022-03-05 16:42:40 +08:00
hanchao	61db6bd4b4	fix CVE-2021-41771	2022-03-02 11:38:36 +08:00
hanchao	edc2d98d59	fix CVE-2021-39293 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-02-08 11:07:36 +08:00
hanchao	68522bdf25	fix CVE-2021-44716 Signed-off-by: hanchao <hanchao47@huawei.com>	2022-01-19 16:25:03 +08:00
chenjiankun	986a9036f1	fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221	2021-10-27 11:18:41 +08:00
chenjiankun	cef4d1953d	batch synchronization	2021-06-18 15:46:44 +08:00
chenjiankun	30db532fed	fix CVE-2021-27918	2021-04-25 09:23:19 +08:00
DCCooper	724c6a76ea	golang: speed up build progress Signed-off-by: DCCooper <1866858@gmail.com> (cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)	2021-04-16 09:36:55 +08:00
DCCooper	76c5ebd313	golang: upgrade to 1.15.7 Fixes: #I3B1LK Signed-off-by: DCCooper <1866858@gmail.com>	2021-03-12 16:17:36 +08:00
jingrui	373c1dfbaf	golang: add fixes CVE-2021-3114 Signed-off-by: jingrui <jingrui@huawei.com> (cherry picked from commit 79deab4eacbf1e09f03415d6bcd1f1fc1d35b452)	2021-02-25 10:12:44 +08:00
jingrui	1982f512d0	golang: fix CVE-2021-3114 Signed-off-by: jingrui <jingrui@huawei.com> (cherry picked from commit 53d3de4bc619b8c4fdebfe896418684aa0c9b721)	2021-02-23 20:55:36 +08:00
jingrui	d2049ce1ac	golang: sync cve fix Signed-off-by: jingrui <jingrui@huawei.com>	2021-01-18 17:40:01 +08:00
xiadanni	e6f40e27fa	golang: upgrade to 1.13.15 Signed-off-by: xiadanni <xiadanni1@huawei.com>	2020-08-18 20:36:44 +08:00
DCCooper	deb13bfa9d	golang: sync code with CVE and cleancode reason: 1. drop hard code cert 2. rename tar name and make it same with upstream Signed-off-by: DCCooper <1866858@gmail.com>	2020-05-12 17:08:40 +08:00
jingrui	d9ea2f312b	golang: fix cve CVE-2020-7919 Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84 Signed-off-by: jingrui <jingrui@huawei.com>	2020-04-16 16:22:51 +08:00
Grooooot	03aa981a87	golang: remove unused requires "mercurial" Signed-off-by: Grooooot <isula@huawei.com>	2020-02-20 18:22:53 +08:00
Grooooot	1ce9a9033f	golang: fix patch 0012 format Signed-off-by: Grooooot <isula@huawei.com>	2020-01-10 10:06:14 +08:00
Grooooot	8b0d150421	runtime: use innermost frame's func name for async preemption check We don't asynchronously preempt if we are in the runtime. We do this by checking the function name. However, it failed to take inlining into account. If a runtime function gets inlined into a non-runtime function, it can be preempted, and bad things can happen. One instance of this is dounlockOSThread inlined into UnlockOSThread which is in turn inlined into a non-runtime function. Fix this by using the innermost frame's function name. Change-Id: Ifa036ce1320700aaaefd829b4bee0d04d05c395d Reviewed-on: https://go-review.googlesource.com/c/go/+/211978 Run-TryBot: Cherry Zhang <cherryyz@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Austin Clements <austin@google.com> Signed-off-by: Grooooot <isula@huawei.com>	2020-01-08 15:04:53 +08:00
Grooooot	592bf09553	golang: modification of spec Signed-off-by: Grooooot <isula@huawei.com>	2020-01-06 10:24:02 +08:00
openeuler-iSula	747b3d9598	golang: modify source0 download address Signed-off-by: openeuler-iSula <isula@huawei.com>	2019-12-29 15:43:54 +08:00
dogsheng	ce820709f2	Package init	2019-12-25 15:47:08 +08:00
dogsheng	f6abdd32e1	Package init	2019-12-13 15:19:17 +08:00
overweight	c29de2f632	Package init	2019-09-30 10:41:22 -04:00

42 Commits