packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
112 Commits 1 Branch 0 Tags
Commit Graph

112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hanchao
f4c9675d23 backport: fix CVE-2024-24784 2024-03-28 12:56:17 +08:00
hanchao
579269c1d8 bugfix: fix failure of net/http unit test 2024-03-28 12:54:11 +08:00
openeuler-ci-bot
7619d4c97d
!304 backport:fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2024-03-15 08:36:15 +00:00
hanchao
f2859f8a72 backport:fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 2024-03-15 16:32:46 +08:00
openeuler-ci-bot
5dc98a1f35
!294 fix test error about mod_insecure_issue63845 
From: @fuowang 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2024-01-16 03:02:43 +00:00
wangshuo
a7a3874295 fix test error about mod_insecure_issue63845 2023-12-27 15:55:16 +08:00
openeuler-ci-bot
0a7e450705
!291 cvefix: fix CVE-2023-39326,CVE-2023-45285 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-12-15 12:30:13 +00:00
hanchao
a4aa7eee28 cvefix: fix CVE-2023-39326,CVE-2023-45285 2023-12-15 20:45:38 +08:00
openeuler-ci-bot
0b76401dd9
!279 cvefix: fix CVE-2023-39325 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-10-28 09:14:43 +00:00
hanchao
4af3c6fe6d cvefix: fix CVE-2023-39325 2023-10-28 16:41:27 +08:00
openeuler-ci-bot
bed0a15903
!274 cvefix:fix CVE-2023-39323 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-10-28 03:42:36 +00:00
luoyujie
cc7f90041b cvefix:fix CVE-2023-39323 2023-10-28 12:55:03 +08:00
openeuler-ci-bot
b70d70b379
!257 [Backport]fix CVE-2023-39318 and CVE-2023-39319 
From: @Rose-yujie 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-09-27 05:44:53 +00:00
luoyujie
03a29d5388 fix CVE-2023-39318 and CVE-2023-39319 2023-09-25 11:49:03 +08:00
openeuler-ci-bot
8f92f371c3
!254 permit requests with invalid Host headers 
From: @ChendongSun 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-08-25 08:49:30 +00:00
sunchendong
d9df071cb0 permit requests with invalid Host headers 2023-08-25 15:39:10 +08:00
openeuler-ci-bot
e7dc1121bd
!245 cvefix:fix CVE-2023-29409 
From: @Rose-yujie 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-08-21 06:26:49 +00:00
luoyujie
ff5bae14ab cvefix:fix CVE-2023-29409 2023-08-18 10:54:19 +08:00
openeuler-ci-bot
a694cee258
!234 cvefix:fix CVE-2023-29406 
From: @hcnbxx 
Reviewed-by: @jing-rui, @zhangsong234 
Signed-off-by: @jing-rui
 2023-08-07 06:43:16 +00:00
hanchao
d2d2ed93fb cvefix:fix CVE-2023-29406 
score:6.5
reference:https://go-review.googlesource.com/c/go/+/507358
 2023-07-25 11:31:41 +08:00
openeuler-ci-bot
63f5cda4f1
!218 bugfix: fix build error for go test runtime 
From: @hcnbxx 
Reviewed-by: @caihaomin 
Signed-off-by: @caihaomin
 2023-07-07 08:45:17 +00:00
hanchao
27c663e5bf bugfix: fix build error for go test runtime 2023-07-07 17:17:03 +08:00
openeuler-ci-bot
ce9d8ab69a
!216 cvefix:fix CVE-2023-29403 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2023-06-30 01:27:06 +00:00
hanchao
025dbdf1eb cvefix:fix CVE-2023-29403 2023-06-29 20:46:38 +08:00
openeuler-ci-bot
65aa6f00de
!213 cvefix: CVE-2023-29402,CVE-2023-29404,CVE-2023-29405,CVE-2023-29403 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2023-06-29 01:22:10 +00:00
hanchao
debf83463a cvefix: CVE-2023-29402,CVE-2023-29404,CVE-2023-29405,CVE-2023-29403 2023-06-29 00:03:17 +08:00
openeuler-ci-bot
04742352c3
!203 bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-05-23 09:29:21 +00:00
hanchao
2ac3ebbd18 bugfix: fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540 
CVE:CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
Reference:https://go-review.googlesource.com/c/go/+/491615,https://go-review.googlesource.com/c/go/+/491616,https://go-review.googlesource.com/c/go/+/491617
Type:CVE
Reason:fix CVE-2023-29400,CVE-2023-24539,CVE-2023-24540
 2023-05-22 23:01:57 +08:00
openeuler-ci-bot
af8ef0f258
!189 golang-1.15: fix a deadlock issue when a signal is received 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-04-14 09:47:17 +00:00
hanchao
5e86082cc3 golang-1.15: fix a deadlock issue when a signal is received 
Reference:https://go-review.googlesource.com/c/go/+/270861;
  https://go-review.googlesource.com/c/go/+/204636;
  https://go-review.googlesource.com/c/go/+/205097;
  https://go-review.googlesource.com/c/go/+/189318;
  https://go-review.googlesource.com/c/go/+/204778;
  https://go-review.googlesource.com/c/go/+/279994
Type:bugfix
reason:fix a deadlock issue when a signal is received.
 2023-04-14 18:36:58 +08:00
openeuler-ci-bot
42d62dbc41
!187 golang-1.15: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537, CVE-2023-24538 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2023-04-14 07:29:19 +00:00
hanchao
5d929012be golang-1.15: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537, 
CVE-2023-24538

CVE:CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
Reference:https://go-review.googlesource.com/c/go/+/481982,
https://go-review.googlesource.com/c/go/+/481986,
https://go-review.googlesource.com/c/go/+/481987,
https://go-review.googlesource.com/c/go/+/481983,
https://go-review.googlesource.com/c/go/+/481984,
https://go-review.googlesource.com/c/go/+/481985

Type:CVE
reason: fix CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538
 2023-04-13 17:40:03 +08:00
openeuler-ci-bot
243e89b1b4
!181 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-03-27 09:16:25 +00:00
hanchao
bbb8152b93 golang: fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725 
CVE:CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
Reference:https://go-review.googlesource.com/c/net/+/468135
          https://go-review.googlesource.com/c/go/+/468117
          https://go-review.googlesource.com/c/go/+/468116
Type:CVE
Score:7.5
Reason:fix CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
 2023-03-27 16:25:01 +08:00
openeuler-ci-bot
46ff905a5c
!171 [sync] PR-168: golang: fix CVE-2022-41717 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-02-09 11:00:03 +00:00
hanchao
1fe64e66d6 golang: fix CVE-2022-41717 
Score:5.3
reference:https://go-review.googlesource.com/c/go/+/455361
(cherry picked from commit de526ee737e82150800249f335822d321ee263a5)
 2023-02-09 15:23:16 +08:00
openeuler-ci-bot
d64f2258b4
!148 [sync] PR-147: golang: fix CVE-2022-41716 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-11-21 06:58:47 +00:00
hanchao
a8d8b39014 golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
(cherry picked from commit 04fc1e107bc84ce060d324c77d9e94e6c03aae84)
 2022-11-21 11:39:21 +08:00
openeuler-ci-bot
a36ca3a2a1
!145 [sync] PR-144: golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-10-17 07:58:11 +00:00
hanchao
bcd9f462c2 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score: Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
(cherry picked from commit 35fc18fe0e32f4e0889de907f6f8eb1adfe492c2)
 2022-10-13 17:27:12 +08:00
openeuler-ci-bot
dd4a2dcf7f
!138 【轻量级 PR】:fix bad %goroot}/lib/ macro 
From: @fuowang 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-10-12 09:51:33 +00:00
fuowang
45d77ec6d0
fix bad %goroot}/lib/ macro 
修复不完整的宏 %goroot}/lib/,应为 %{goroot}/lib/

Signed-off-by: fuowang <wangshuo@kylinos.cn>
 2022-10-05 07:53:44 +00:00
openeuler-ci-bot
d62a581a7b
!135 [sync] PR-133: golang: fix CVE-2022-27664 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-15 08:02:34 +00:00
hanchao
b51ea02ebb golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
(cherry picked from commit 55efe5f6ec1095bac2041031da0b4daa63b61523)
 2022-09-15 14:31:15 +08:00
openeuler-ci-bot
ea4568a9c9
!124 [sync] PR-123: Fixed goroutine abnormal when accessiong pollDesc r/w Gs inconsistently 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-13 06:37:47 +00:00
hanchao
7a601b0c7a runtime: consistently access pollDesc r/w Gs with atomics 
Reference:https://go-review.googlesource.com/c/go/+/356370
Conflict:NA
Reason:
Both netpollblock and netpollunblock read gpp using a non-atomic load.
When consuming a ready event, netpollblock clears gpp using a non-atomic
store, thus skipping a barrier.

Thus on systems with weak memory ordering, a sequence like so this is
possible:

             T1                                T2

1. netpollblock: read gpp -> pdReady
2. netpollblock: store gpp -> 0

                                 3. netpollunblock: read gpp -> pdReady
                                 4. netpollunblock: return

i.e., without a happens-before edge between (2) and (3), netpollunblock
may read the stale value of gpp.

Switch these access to use atomic loads and stores in order to create
these edges.

For ease of future maintainance, I've simply changed rg and wg to always
be accessed atomically, though I don't believe pollOpen or pollClose
require atomics today.

(cherry picked from commit f2498bf6fec075643ff54319bfa7d153be00f7b9)
 2022-09-13 09:57:27 +08:00
openeuler-ci-bot
fe31522d86
!118 [sync] PR-115: golang.spec: modify the golang.spec to remove unnecessary files from golang-help package 
From: @openeuler-sync-bot 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-08-30 07:37:15 +00:00
hanchao
555fcebc87 golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.

(cherry picked from commit 0548e7a6e5dff3d2e35f1083469192e6f31473bf)
 2022-08-30 15:13:00 +08:00
openeuler-ci-bot
adb530b92b
!113 golang: fix CVE-2022-29804,CVE-2022-29526 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-08-22 01:46:25 +00:00
hanchao
eeeca13a95 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-08-18 20:02:38 +08:00