golang: fix CVE-2022-29804,CVE-2022-29526

Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3 Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/ Conflict: NA Reason: fix CVE-2022-29804,CVE-2022-29526
2022-08-18 17:48:04 +08:00 · 2022-08-18 17:48:04 +08:00 · 282de33531
commit 282de33531
parent 6dd57444d5
3 changed files with 165 additions and 1 deletions
--- a/0017-path-filepath-do-not-remove-prefix-.-when-following-.patch
+++ b/0017-path-filepath-do-not-remove-prefix-.-when-following-.patch
@ -0,0 +1,103 @@
+From e903e474f9632a151fff2df3dd3e891395f1a8f1 Mon Sep 17 00:00:00 2001
+From: Yasuhiro Matsumoto <mattn.jp@gmail.com>
+Date: Fri, 22 Apr 2022 10:07:51 +0900
+Subject: [PATCH 1/2] path/filepath: do not remove prefix "." when following
+ path contains ":".
+
+Fixes #52476
+
+Change-Id: I9eb72ac7dbccd6322d060291f31831dc389eb9bb
+Reviewed-on: https://go-review.googlesource.com/c/go/+/401595
+Auto-Submit: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
+Run-TryBot: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Reference:https://go-review.googlesource.com/c/go/+/401595/
+Conflict:NA
+---
+ src/path/filepath/path.go              | 14 +++++++++++++-
+ src/path/filepath/path_test.go         |  3 +++
+ src/path/filepath/path_windows_test.go | 26 ++++++++++++++++++++++++++
+ 3 files changed, 42 insertions(+), 1 deletion(-)
+
+diff --git a/src/path/filepath/path.go b/src/path/filepath/path.go
+index b56534dead..8300a32cb1 100644
+--- a/src/path/filepath/path.go
+++ b/src/path/filepath/path.go
+@@ -117,9 +117,21 @@ func Clean(path string) string {
+ 		case os.IsPathSeparator(path[r]):
+ 			// empty path element
+ 			r++
+-		case path[r] == '.' && (r+1 == n || os.IsPathSeparator(path[r+1])):
+		case path[r] == '.' && r+1 == n:
+ 			// . element
+ 			r++
+		case path[r] == '.' && os.IsPathSeparator(path[r+1]):
+			// ./ element
+			r++
+
+			for r < len(path) && os.IsPathSeparator(path[r]) {
+				r++
+			}
+			if out.w == 0 && volumeNameLen(path[r:]) > 0 {
+				// When joining prefix "." and an absolute path on Windows,
+				// the prefix should not be removed.
+				out.append('.')
+			}
+ 		case path[r] == '.' && path[r+1] == '.' && (r+2 == n || os.IsPathSeparator(path[r+2])):
+ 			// .. element: remove to last separator
+ 			r += 2
+diff --git a/src/path/filepath/path_test.go b/src/path/filepath/path_test.go
+index bc5509b49c..ed17a8854d 100644
+--- a/src/path/filepath/path_test.go
+++ b/src/path/filepath/path_test.go
+@@ -93,6 +93,9 @@ var wincleantests = []PathTest{
+ 	{`//host/share/foo/../baz`, `\\host\share\baz`},
+ 	{`\\a\b\..\c`, `\\a\b\c`},
+ 	{`\\a\b`, `\\a\b`},
+	{`.\c:`, `.\c:`},
+	{`.\c:\foo`, `.\c:\foo`},
+	{`.\c:foo`, `.\c:foo`},
+ }
+ 
+ func TestClean(t *testing.T) {
+diff --git a/src/path/filepath/path_windows_test.go b/src/path/filepath/path_windows_test.go
+index 76a459ac96..3edafb5a85 100644
+--- a/src/path/filepath/path_windows_test.go
+++ b/src/path/filepath/path_windows_test.go
+@@ -530,3 +530,29 @@ func TestNTNamespaceSymlink(t *testing.T) {
+ 		t.Errorf(`EvalSymlinks(%q): got %q, want %q`, filelink, got, want)
+ 	}
+ }
+
+func TestIssue52476(t *testing.T) {
+	tests := []struct {
+		lhs, rhs string
+		want     string
+	}{
+		{`..\.`, `C:`, `..\C:`},
+		{`..`, `C:`, `..\C:`},
+		{`.`, `:`, `:`},
+		{`.`, `C:`, `.\C:`},
+		{`.`, `C:/a/b/../c`, `.\C:\a\c`},
+		{`.`, `\C:`, `.\C:`},
+		{`C:\`, `.`, `C:\`},
+		{`C:\`, `C:\`, `C:\C:`},
+		{`C`, `:`, `C\:`},
+		{`\.`, `C:`, `\C:`},
+		{`\`, `C:`, `\C:`},
+	}
+
+	for _, test := range tests {
+		got := filepath.Join(test.lhs, test.rhs)
+		if got != test.want {
+			t.Errorf(`Join(%q, %q): got %q, want %q`, test.lhs, test.rhs, got, test.want)
+		}
+	}
+}
+-- 
+2.30.2
+
--- a/0018-release-branch.go1.17-syscall-check-correct-group-in.patch
+++ b/0018-release-branch.go1.17-syscall-check-correct-group-in.patch
@ -0,0 +1,53 @@
+From 66cff0cda766c1533373fabf3bc26fc3397e55d5 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Tue, 12 Apr 2022 13:38:17 -0700
+Subject: [PATCH 2/2] [release-branch.go1.17] syscall: check correct group in
+ Faccessat
+
+The Faccessat call checks the user, group, or other permission bits of a
+file to see if the calling process can access it. The test to see if the
+group permissions should be used was made with the wrong group id, using
+the process's group id rather than the file's group id. Fix this to use
+the correct group id.
+
+No test since we cannot easily change file permissions when not running
+as root and the test is meaningless if running as root.
+
+For #52313
+Fixes #52439
+
+Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee
+Reviewed-on: https://go-review.googlesource.com/c/go/+/399539
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+Run-TryBot: Ian Lance Taylor <iant@google.com>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+(cherry picked from commit f66925e854e71e0c54b581885380a490d7afa30c)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/401078
+Auto-Submit: Tatiana Bradley <tatiana@golang.org>
+Run-TryBot: Tatiana Bradley <tatiana@golang.org>
+Run-TryBot: Damien Neil <dneil@google.com>
+Auto-Submit: Damien Neil <dneil@google.com>
+Reviewed-by: Tatiana Bradley <tatiana@golang.org>
+
+Reference:https://go-review.googlesource.com/c/go/+/401078/
+Conflict:NA
+---
+ src/syscall/syscall_linux.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
+index dfce3d0a4b..3387f3bdc2 100644
+--- a/src/syscall/syscall_linux.go
+++ b/src/syscall/syscall_linux.go
+@@ -109,7 +109,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ 			gid = Getgid()
+ 		}
+ 
+-		if uint32(gid) == st.Gid || isGroupMember(gid) {
+		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
+ 			fmode = (st.Mode >> 3) & 7
+ 		} else {
+ 			fmode = st.Mode & 7
+-- 
+2.30.2
+
--- a/golang.spec
+++ b/golang.spec
@ -66,7 +66,7 @@

 Name:           golang
 Version:        1.17.3
-Release:        6
+Release:        7
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@ -169,6 +169,8 @@ Patch6013:	0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
 Patch6014:	0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
 Patch6015:	0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 Patch6016:	0016-release-branch.go1.17-math-big-check-buffer-lengths-.patch
+Patch6017:	0017-path-filepath-do-not-remove-prefix-.-when-following-.patch
+Patch6018:	0018-release-branch.go1.17-syscall-check-correct-group-in.patch

 ExclusiveArch:  %{golang_arches}

@ -403,6 +405,12 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list

 %changelog
+* Thu Aug 18 2022 hanchao <hanchao47@huawei.com> - 1.17.3-7
+- Type:CVE
+- CVE:CVE-2022-29804,CVE-2022-29526
+- SUG:NA
+- DESC: fix CVE-2022-29804,CVE-2022-29526
+
 * Mon Aug 8 2022 hanchao <hanchao47@huawei.com> - 1.17.3-6
 - Type:CVE
 - CVE:NA