Package init

2019-12-14 14:32:37 +08:00 · 2019-12-14 14:32:37 +08:00 · 467816af2c
commit 467816af2c
parent f6abdd32e1
5 changed files with 0 additions and 346 deletions
--- a/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
+++ b/0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
@ -1,88 +0,0 @@
-From edce31a2904846ae74e3c011f2cf5fddc963459e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jakub=20=C4=8Cajka?= <jcajka@redhat.com>
-Date: Thu, 22 Mar 2018 12:07:32 +0100
-Subject: [PATCH 1/3] Don't use the bundled tzdata at runtime, except for the
- internal test suite
-
---
- src/time/internal_test.go | 7 +++++--
- src/time/zoneinfo_test.go | 3 ++-
- src/time/zoneinfo_unix.go | 2 --
- 3 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/src/time/internal_test.go b/src/time/internal_test.go
-index 76d5524124..e81ace5f64 100644
--- a/src/time/internal_test.go
-+++ b/src/time/internal_test.go
-@@ -4,13 +4,15 @@
- 
- package time
- 
-+import "runtime"
-+
- func init() {
- 	// force US/Pacific for time zone tests
- 	ForceUSPacificForTesting()
- }
- 
- func initTestingZone() {
-	z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:])
-+	z, err := loadLocation("America/Los_Angeles", zoneSources)
- 	if err != nil {
- 		panic("cannot load America/Los_Angeles for testing: " + err.Error())
- 	}
-@@ -21,8 +23,9 @@ func initTestingZone() {
- var OrigZoneSources = zoneSources
- 
- func forceZipFileForTesting(zipOnly bool) {
-	zoneSources = make([]string, len(OrigZoneSources))
-+	zoneSources = make([]string, len(OrigZoneSources)+1)
- 	copy(zoneSources, OrigZoneSources)
-+	zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if zipOnly {
- 		zoneSources = zoneSources[len(zoneSources)-1:]
- 	}
-diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go
-index 7a55d4f618..6063ca1195 100644
--- a/src/time/zoneinfo_test.go
-+++ b/src/time/zoneinfo_test.go
-@@ -8,6 +8,7 @@ import (
- 	"fmt"
- 	"os"
- 	"reflect"
-+	"runtime"
- 	"testing"
- 	"time"
- )
-@@ -128,7 +129,7 @@ func TestLoadLocationFromTZData(t *testing.T) {
- 		t.Fatal(err)
- 	}
- 
-	tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1])
-+	tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip")
- 	if err != nil {
- 		t.Fatal(err)
- 	}
-diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go
-index 88313aa0ed..d9596115ef 100644
--- a/src/time/zoneinfo_unix.go
-+++ b/src/time/zoneinfo_unix.go
-@@ -12,7 +12,6 @@
- package time
- 
- import (
-	"runtime"
- 	"syscall"
- )
- 
-@@ -22,7 +21,6 @@ var zoneSources = []string{
- 	"/usr/share/zoneinfo/",
- 	"/usr/share/lib/zoneinfo/",
- 	"/usr/lib/locale/TZ/",
-	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
- }
- 
- func initLocal() {
-- 
-2.14.3
-
--- a/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
+++ b/0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
@ -1,41 +0,0 @@
-From 817407fc2d6a861e65086388766f58082d38bc0b Mon Sep 17 00:00:00 2001
-From: Michael Munday <munday@ca.ibm.com>
-Date: Tue, 17 Jan 2017 11:33:38 -0500
-Subject: [PATCH 2/3] syscall: expose IfInfomsg.X__ifi_pad on s390x
-
-Exposing this field on s390x improves compatibility with the other
-linux architectures, all of which already expose it.
-
-Fixes #18628 and updates #18632.
-
-Change-Id: I08e8e1eb705f898cd8822f8bee0d61ce11d514b5
---
- src/syscall/ztypes_linux_s390x.go | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/syscall/ztypes_linux_s390x.go b/src/syscall/ztypes_linux_s390x.go
-index 63c4a83b19..b5894255df 100644
--- a/src/syscall/ztypes_linux_s390x.go
-+++ b/src/syscall/ztypes_linux_s390x.go
-@@ -449,12 +449,12 @@ type RtAttr struct {
- }
- 
- type IfInfomsg struct {
-	Family uint8
-	_      uint8
-	Type   uint16
-	Index  int32
-	Flags  uint32
-	Change uint32
-+	Family     uint8
-+	X__ifi_pad uint8
-+	Type       uint16
-+	Index      int32
-+	Flags      uint32
-+	Change     uint32
- }
- 
- type IfAddrmsg struct {
-- 
-2.14.3
-
--- a/0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch
+++ b/0003-release-branch.go1.11-security-crypto-elliptic-reduc.patch
@ -1,44 +0,0 @@
-From 867a07a179ebcb40143c76403f7f232b90812059 Mon Sep 17 00:00:00 2001
-From: Filippo Valsorda <filippo@golang.org>
-Date: Tue, 22 Jan 2019 16:02:41 -0500
-Subject: [PATCH] [release-branch.go1.11-security] crypto/elliptic: reduce
- subtraction term to prevent long busy loop
-
-If beta8 is unusually large, the addition loop might take a very long
-time to bring x3-beta8 back positive.
-
-This would lead to a DoS vulnerability in the implementation of the
-P-521 and P-384 elliptic curves that may let an attacker craft inputs
-to ScalarMult that consume excessive amounts of CPU.
-
-This fixes CVE-2019-6486.
-
-Change-Id: Ia969e8b5bf5ac4071a00722de9d5e4d856d8071a
-Reviewed-on: https://team-review.git.corp.google.com/c/399777
-Reviewed-by: Adam Langley <agl@google.com>
-Reviewed-by: Julie Qiu <julieqiu@google.com>
-(cherry picked from commit 746d6abe2dfb9ce7609f8e1e1a8dcb7e221f423e)
-Reviewed-on: https://team-review.git.corp.google.com/c/401142
-Reviewed-by: Filippo Valsorda <valsorda@google.com>
---
- src/crypto/elliptic/elliptic.go | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
-index 4fc2b5e521..c84657c5e3 100644
--- a/src/crypto/elliptic/elliptic.go
-+++ b/src/crypto/elliptic/elliptic.go
-@@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int,
- 
- 	x3 := new(big.Int).Mul(alpha, alpha)
- 	beta8 := new(big.Int).Lsh(beta, 3)
-+	beta8.Mod(beta8, curve.P)
- 	x3.Sub(x3, beta8)
-	for x3.Sign() == -1 {
-+	if x3.Sign() == -1 {
- 		x3.Add(x3, curve.P)
- 	}
- 	x3.Mod(x3, curve.P)
-- 
-2.17.1
-
--- a/0004-fix-CVE-2019-9512-9514.patch
+++ b/0004-fix-CVE-2019-9512-9514.patch
@ -1,173 +0,0 @@
-From e152b01a468a1c18a290bf9aec52ccea7693c7f2 Mon Sep 17 00:00:00 2001
-From: Filippo Valsorda <filippo@golang.org>
-Date: Mon, 12 Aug 2019 16:59:30 -0400
-Subject: [PATCH] [release-branch.go1.11-security] net/http: update bundled
- http2 to import security fix
-
-Apply the following unpublished golang.org/x/net commit.
-
-    commit b1cc14aba47abf96f96818003fa4caad3a4b4e86
-    Author: Filippo Valsorda <filippo@golang.org>
-    Date:   Sun Aug 11 02:12:18 2019 -0400
-
-    [release-branch.go1.11] http2: limit number of control frames in server send queue
-
-    An attacker could cause servers to queue an unlimited number of PING
-    ACKs or RST_STREAM frames by soliciting them and not reading them, until
-    the program runs out of memory.
-
-    Limit control frames in the queue to a few thousands (matching the limit
-    imposed by other vendors) by counting as they enter and exit the scheduler,
-    so the protection will work with any WriteScheduler.
-
-    Once the limit is exceeded, close the connection, as we have no way to
-    communicate with the peer.
-
-    Change-Id: I842968fc6ed3eac654b497ade8cea86f7267886b
-    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/525552
-    Reviewed-by: Brad Fitzpatrick <bradfitz@google.com>
-    (cherry picked from commit 589ad6cc5321fb68a90370348a241a5da0a2cc80)
-    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526070
-    Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
-
-Fixes CVE-2019-9512 and CVE-2019-9514
-Updates #33606
-
-Change-Id: Iecedf1cc63ec7a1cd75661ec591d91ebc911cc64
-Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526072
-Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
- src/net/http/h2_bundle.go | 54 +++++++++++++++++++++++++++++++++++++++--------
- 1 file changed, 45 insertions(+), 9 deletions(-)
-
-diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go
-index 2cd2b86..6182495 100644
--- a/src/net/http/h2_bundle.go
-+++ b/src/net/http/h2_bundle.go
-@@ -3835,10 +3835,11 @@ func (p *http2pipe) Done() <-chan struct{} {
- }
- 
- const (
-	http2prefaceTimeout        = 10 * time.Second
-	http2firstSettingsTimeout  = 2 * time.Second // should be in-flight with preface anyway
-	http2handlerChunkWriteSize = 4 << 10
-	http2defaultMaxStreams     = 250 // TODO: make this 100 as the GFE seems to?
-+	http2prefaceTimeout         = 10 * time.Second
-+	http2firstSettingsTimeout   = 2 * time.Second // should be in-flight with preface anyway
-+	http2handlerChunkWriteSize  = 4 << 10
-+	http2defaultMaxStreams      = 250 // TODO: make this 100 as the GFE seems to?
-+	http2maxQueuedControlFrames = 10000
- )
- 
- var (
-@@ -3946,6 +3947,15 @@ func (s *http2Server) maxConcurrentStreams() uint32 {
- 	return http2defaultMaxStreams
- }
- 
-+// maxQueuedControlFrames is the maximum number of control frames like
-+// SETTINGS, PING and RST_STREAM that will be queued for writing before
-+// the connection is closed to prevent memory exhaustion attacks.
-+func (s *http2Server) maxQueuedControlFrames() int {
-+	// TODO: if anybody asks, add a Server field, and remember to define the
-+	// behavior of negative values.
-+	return http2maxQueuedControlFrames
-+}
-+
- type http2serverInternalState struct {
- 	mu          sync.Mutex
- 	activeConns map[*http2serverConn]struct{}
-@@ -4254,6 +4264,7 @@ type http2serverConn struct {
- 	sawFirstSettings            bool // got the initial SETTINGS frame after the preface
- 	needToSendSettingsAck       bool
- 	unackedSettings             int    // how many SETTINGS have we sent without ACKs?
-+	queuedControlFrames         int    // control frames in the writeSched queue
- 	clientMaxStreams            uint32 // SETTINGS_MAX_CONCURRENT_STREAMS from client (our PUSH_PROMISE limit)
- 	advMaxStreams               uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
- 	curClientStreams            uint32 // number of open streams initiated by the client
-@@ -4644,6 +4655,14 @@ func (sc *http2serverConn) serve() {
- 			}
- 		}
- 
-+		// If the peer is causing us to generate a lot of control frames,
-+		// but not reading them from us, assume they are trying to make us
-+		// run out of memory.
-+		if sc.queuedControlFrames > sc.srv.maxQueuedControlFrames() {
-+			sc.vlogf("http2: too many control frames in send queue, closing connection")
-+			return
-+		}
-+
- 		// Start the shutdown timer after sending a GOAWAY. When sending GOAWAY
- 		// with no error code (graceful shutdown), don't start the timer until
- 		// all open streams have been completed.
-@@ -4845,6 +4864,14 @@ func (sc *http2serverConn) writeFrame(wr http2FrameWriteRequest) {
- 	}
- 
- 	if !ignoreWrite {
-+		if wr.isControl() {
-+			sc.queuedControlFrames++
-+			// For extra safety, detect wraparounds, which should not happen,
-+			// and pull the plug.
-+			if sc.queuedControlFrames < 0 {
-+				sc.conn.Close()
-+			}
-+		}
- 		sc.writeSched.Push(wr)
- 	}
- 	sc.scheduleFrameWrite()
-@@ -4962,10 +4989,8 @@ func (sc *http2serverConn) wroteFrame(res http2frameWriteResult) {
- // If a frame is already being written, nothing happens. This will be called again
- // when the frame is done being written.
- //
-// If a frame isn't being written we need to send one, the best frame
-// to send is selected, preferring first things that aren't
-// stream-specific (e.g. ACKing settings), and then finding the
-// highest priority stream.
-+// If a frame isn't being written and we need to send one, the best frame
-+// to send is selected by writeSched.
- //
- // If a frame isn't being written and there's nothing else to send, we
- // flush the write buffer.
-@@ -4993,6 +5018,9 @@ func (sc *http2serverConn) scheduleFrameWrite() {
- 		}
- 		if !sc.inGoAway || sc.goAwayCode == http2ErrCodeNo {
- 			if wr, ok := sc.writeSched.Pop(); ok {
-+				if wr.isControl() {
-+					sc.queuedControlFrames--
-+				}
- 				sc.startFrameWrite(wr)
- 				continue
- 			}
-@@ -5285,6 +5313,8 @@ func (sc *http2serverConn) processSettings(f *http2SettingsFrame) error {
- 	if err := f.ForeachSetting(sc.processSetting); err != nil {
- 		return err
- 	}
-+	// TODO: judging by RFC 7540, Section 6.5.3 each SETTINGS frame should be
-+	// acknowledged individually, even if multiple are received before the ACK.
- 	sc.needToSendSettingsAck = true
- 	sc.scheduleFrameWrite()
- 	return nil
-@@ -9476,7 +9506,7 @@ type http2WriteScheduler interface {
- 
- 	// Pop dequeues the next frame to write. Returns false if no frames can
- 	// be written. Frames with a given wr.StreamID() are Pop'd in the same
-	// order they are Push'd.
-+	// order they are Push'd. No frames should be discarded except by CloseStream.
- 	Pop() (wr http2FrameWriteRequest, ok bool)
- }
- 
-@@ -9520,6 +9550,12 @@ func (wr http2FrameWriteRequest) StreamID() uint32 {
- 	return wr.stream.id
- }
- 
-+// isControl reports whether wr is a control frame for MaxQueuedControlFrames
-+// purposes. That includes non-stream frames and RST_STREAM frames.
-+func (wr http2FrameWriteRequest) isControl() bool {
-+	return wr.stream == nil
-+}
-+
- // DataSize returns the number of flow control bytes that must be consumed
- // to write this entire frame. This is 0 for non-DATA frames.
- func (wr http2FrameWriteRequest) DataSize() int {
-- 
-1.9.4
-
--- a/go1.11.src.tar.gz
+++ b/go1.11.src.tar.gz