packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
79 Commits 1 Branch 0 Tags
Commit Graph

79 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hanchao
bbb8152b93 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
Reference:https://go-review.googlesource.com/c/net/+/468135
          https://go-review.googlesource.com/c/go/+/468117
          https://go-review.googlesource.com/c/go/+/468116
Type:CVE
Score:7.5
Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
 2023-03-27 16:25:01 +08:00
openeuler-ci-bot
46ff905a5c
!171 [sync] PR-168: golang: fix CVE-2022-41717 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-02-09 11:00:03 +00:00
hanchao
1fe64e66d6 golang: fix CVE-2022-41717 
Score:5.3
reference:https://go-review.googlesource.com/c/go/+/455361
(cherry picked from commit de526ee737e82150800249f335822d321ee263a5)
 2023-02-09 15:23:16 +08:00
openeuler-ci-bot
d64f2258b4
!148 [sync] PR-147: golang: fix CVE-2022-41716 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-11-21 06:58:47 +00:00
hanchao
a8d8b39014 golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
(cherry picked from commit 04fc1e107bc84ce060d324c77d9e94e6c03aae84)
 2022-11-21 11:39:21 +08:00
openeuler-ci-bot
a36ca3a2a1
!145 [sync] PR-144: golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-10-17 07:58:11 +00:00
hanchao
bcd9f462c2 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score: Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
(cherry picked from commit 35fc18fe0e32f4e0889de907f6f8eb1adfe492c2)
 2022-10-13 17:27:12 +08:00
openeuler-ci-bot
dd4a2dcf7f
!138 【轻量级 PR】:fix bad %goroot}/lib/ macro 
From: @fuowang 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-10-12 09:51:33 +00:00
fuowang
45d77ec6d0
fix bad %goroot}/lib/ macro 
修复不完整的宏 %goroot}/lib/,应为 %{goroot}/lib/

Signed-off-by: fuowang <wangshuo@kylinos.cn>
 2022-10-05 07:53:44 +00:00
openeuler-ci-bot
d62a581a7b
!135 [sync] PR-133: golang: fix CVE-2022-27664 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 08:02:34 +00:00
hanchao
b51ea02ebb golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 55efe5f6ec1095bac2041031da0b4daa63b61523)
 2022-09-15 14:31:15 +08:00
openeuler-ci-bot
ea4568a9c9
!124 [sync] PR-123: Fixed goroutine abnormal when accessiong pollDesc r/w Gs inconsistently 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-13 06:37:47 +00:00
hanchao
7a601b0c7a runtime: consistently access pollDesc r/w Gs with atomics 
Reference:https://go-review.googlesource.com/c/go/+/356370
Conflict:NA
Reason:
Both netpollblock and netpollunblock read gpp using a non-atomic load.
When consuming a ready event, netpollblock clears gpp using a non-atomic
store, thus skipping a barrier.

Thus on systems with weak memory ordering, a sequence like so this is
possible:

             T1                                T2

1. netpollblock: read gpp -> pdReady
2. netpollblock: store gpp -> 0

                                 3. netpollunblock: read gpp -> pdReady
                                 4. netpollunblock: return

i.e., without a happens-before edge between (2) and (3), netpollunblock
may read the stale value of gpp.

Switch these access to use atomic loads and stores in order to create
these edges.

For ease of future maintainance, I've simply changed rg and wg to always
be accessed atomically, though I don't believe pollOpen or pollClose
require atomics today.

(cherry picked from commit f2498bf6fec075643ff54319bfa7d153be00f7b9)
 2022-09-13 09:57:27 +08:00
openeuler-ci-bot
fe31522d86
!118 [sync] PR-115: golang.spec: modify the golang.spec to remove unnecessary files from golang-help package 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-08-30 07:37:15 +00:00
hanchao
555fcebc87 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit 0548e7a6e5dff3d2e35f1083469192e6f31473bf)
 2022-08-30 15:13:00 +08:00
openeuler-ci-bot
adb530b92b
!113 golang: fix CVE-2022-29804,CVE-2022-29526 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-08-22 01:46:25 +00:00
hanchao
eeeca13a95 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-08-18 20:02:38 +08:00
openeuler-ci-bot
4fe4d4bc51
!107 golang: fix CVE-2022-32189 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-08-09 09:35:38 +00:00
hanchao
d95195796d golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
 2022-08-08 19:30:34 +08:00
openeuler-ci-bot
935d47607c
!102 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,CVE-2022-30631,CVE-2022-30629,CVE-2022-30634 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-07-28 01:34:21 +00:00
hanchao
4eff8aee0d golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict:
CVE-2022-1962: src/go/parser/parser.go
CVE-2022-1705: src/net/http/transfer.go
CVE-2022-30634: src/crypto/rand/rand.go, src/crypto/rand/rand_windows.go

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:  https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE
CVE-2022-32148: 0064-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:  0065-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0066-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0067-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0068-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30632: 0069-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0070-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0071-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0072-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0073-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-07-27 23:11:25 +08:00
openeuler-ci-bot
d4f214f4dc
!93 fix CVE-2021-44717 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-05-16 07:54:57 +00:00
hanchao
ad5e33b97b fix CVE-2021-44717 
Conflict: NA
Score: CVE-2021-44717:4.5
Reference: https://go-review.googlesource.com/c/go/+/370514
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-05-16 15:03:09 +08:00
openeuler-ci-bot
91c5faf5e9
!90 fix CVE-2022-28327,CVE-2022-24675 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-05-13 09:44:19 +00:00
hanchao
90fce58fce fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: fix CVE-2022-28327,CVE-2022-24675
 2022-05-12 10:59:10 +08:00
openeuler-ci-bot
a1133548ce
!82 fix CVE-2022-23773 
From: @hcnbxx 
Reviewed-by: @jing-rui, @jackchan8 
Signed-off-by: @jing-rui
 2022-03-28 07:28:22 +00:00
hanchao
abeaca7a73 fix CVE-2022-23773 
Conflict:src/cmd/go/internal/modfetch/coderepo.go;src/cmd/go/internal/modfetch/coderepo_test.go
Score:CVE-2022-23773:7.5
Reference:https://go-review.googlesource.com/c/go/+/378400/
Reason:fix CVE-2022-23773
 2022-03-24 11:35:33 +08:00
openeuler-ci-bot
0c7844d8fc
!81 fix CVE-2022-24921 
From: @hcnbxx 
Reviewed-by: @jackchan8, @jing-rui 
Signed-off-by: @jing-rui
 2022-03-16 01:51:01 +00:00
hanchao
7f42874389 fix CVE-2022-24921 
Reference:https://go-review.googlesource.com/c/go/+/384855/
Conflict:NA
Score:CVE-2022-24921:7.5
Reason:fix CVE-2022-24921
 2022-03-14 15:59:38 +08:00
openeuler-ci-bot
1920295134
!76 fix CVE-2022-23772;CVE-2022-23806 
From: @hcnbxx 
Reviewed-by: @jackchan8, @jing-rui 
Signed-off-by: @jing-rui
 2022-03-11 06:51:06 +00:00
hanchao
2b2e619ed0 fix CVE-2022-23772 CVE-2022-23806 
Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854
Conflict:NA
Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1
Reason:fix CVE-2022-23772  CVE-2022-23806
 2022-03-05 16:42:40 +08:00
openeuler-ci-bot
76377cc07b
!71 fix CVE-2021-41771 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-03-02 03:48:09 +00:00
hanchao
61db6bd4b4 fix CVE-2021-41771 2022-03-02 11:38:36 +08:00
openeuler-ci-bot
162f86bf27
!70 fix CVE-2021-39293 
Merge pull request !70 from hc/openEuler-20.03-LTS-SP3
 2022-02-08 11:18:10 +00:00
hanchao
edc2d98d59 fix CVE-2021-39293 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-02-08 11:07:36 +08:00
openeuler-ci-bot
4e6cb8cc04
!65 fix CVE-2021-44716 
Merge pull request !65 from hc/openEuler-20.03-LTS-SP3
 2022-01-19 09:23:17 +00:00
hanchao
68522bdf25 fix CVE-2021-44716 
Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-01-19 16:25:03 +08:00
openeuler-ci-bot
e8ea8c4ecd !54 合入sp1的修改 
From: @weidongkl
Reviewed-by: @caihaomin
Signed-off-by: @jing-rui
 2021-12-06 13:46:53 +00:00
wei dong
e2514db08f Merge branch 'openEuler-20.03-LTS-SP1' of https://gitee.com/weidongkl/golang into openEuler-20.03-LTS-SP3 
Signed-off-by: wei dong <weidong@uniontech.com>
 2021-11-16 13:44:21 +08:00
openeuler-ci-bot
094284d05e !47 Fix multi CVEs 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-10-27 03:56:06 +00:00
chenjiankun
986a9036f1 fix CVE-2021-33195,CVE-2021-33196,CVE-2021-33197,CVE-2021-33198,CVE-2021-34558,CVE-2021-29923,CVE-2021-38297,CVE-2021-36221 2021-10-27 11:18:41 +08:00
openeuler-ci-bot
889d7db656 !45 batch synchronization 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-06-21 11:47:29 +00:00
chenjiankun
cef4d1953d batch synchronization 2021-06-18 15:46:44 +08:00
openeuler-ci-bot
131f3f204c !39 fix CVE-2021-27918 
From: @jackchan8
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-25 09:53:23 +08:00
chenjiankun
30db532fed fix CVE-2021-27918 2021-04-25 09:23:19 +08:00
openeuler-ci-bot
5684cc52d7 !33 [sync] PR-32: golang: speed up build progress 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 16:28:44 +08:00
openeuler-ci-bot
539e24a910 !34 [sync] PR-32: golang: speed up build progress 
From: @openeuler-sync-bot
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-04-16 16:28:32 +08:00
DCCooper
724c6a76ea golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
(cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)
 2021-04-16 09:36:55 +08:00
DCCooper
e0760c442c golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
(cherry picked from commit 0953db6ef4af5a7e8042faf6d99801bd08e10815)
 2021-04-16 09:36:49 +08:00
openeuler-ci-bot
e8c374c961 !31 golang: upgrade to 1.15.7 
From: @DCCooper
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
 2021-03-12 16:49:42 +08:00