golang: upgrade to 1.13.14

Signed-off-by: xiadanni <xiadanni1@huawei.com>
2020-07-30 16:01:33 +08:00 · 2020-07-30 16:01:33 +08:00 · 52c05d8eb6
commit 52c05d8eb6
parent 282d90f4a9
8 changed files with 6 additions and 554 deletions
--- a/0009-release-branch.go1.13-net-http-don-t-cache-http2.err.patch
+++ b/0009-release-branch.go1.13-net-http-don-t-cache-http2.err.patch
@ -1,130 +0,0 @@
 From b2df6bf225859f82b3f69d471e1c99b72c208ec3 Mon Sep 17 00:00:00 2001
 From: Brad Fitzpatrick <bradfitz@golang.org>
 Date: Fri, 18 Oct 2019 20:45:33 +0000
 Subject: [PATCH] [release-branch.go1.13] net/http: don't cache
 http2.erringRoundTripper connections
 Fixes #35087
 Updates #34978
 Change-Id: I3baf1392ba7366ae6628889c47c343ef702ec438
 Reviewed-on: https://go-review.googlesource.com/c/go/+/202078
 Reviewed-by: Bryan C. Mills <bcmills@google.com>
 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
 TryBot-Result: Gobot Gobot <gobot@golang.org>
 (cherry picked from commit 88186e5e232625f9c91d639e0cb90a88c6cf1172)
 Reviewed-on: https://go-review.googlesource.com/c/go/+/202642
 Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
 ---
 src/net/http/transport.go      |  9 +++-
 src/net/http/transport_test.go | 75 ++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 2 deletions(-)
 diff --git a/src/net/http/transport.go b/src/net/http/transport.go
 index caa4bdc36f..b46c4e7066 100644
 --- a/src/net/http/transport.go
 +++ b/src/net/http/transport.go
@@ -537,10 +537,15 @@ func (t *Transport) roundTrip(req *Request) (*Response, error) {
 		if err == nil {
 			return resp, nil
 		}
 -		if http2isNoCachedConnError(err) {
 +
 +		// Failed. Clean up and determine whether to retry.
 +
 +		_, isH2DialError := pconn.alt.(http2erringRoundTripper)
 +		if http2isNoCachedConnError(err) || isH2DialError {
 			t.removeIdleConn(pconn)
 			t.decConnsPerHost(pconn.cacheKey)
 -		} else if !pconn.shouldRetryRequest(req, err) {
 +		}
 +		if !pconn.shouldRetryRequest(req, err) {
 			// Issue 16465: return underlying net.Conn.Read error from peek,
 			// as we've historically done.
 			if e, ok := err.(transportReadFromServerError); ok {
 diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
 index e43c8956ee..f8c13a7091 100644
 --- a/src/net/http/transport_test.go
 +++ b/src/net/http/transport_test.go
@@ -5719,3 +5719,78 @@ func TestInvalidHeaderResponse(t *testing.T) {
 		t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar")
 	}
 }
 +
 +// breakableConn is a net.Conn wrapper with a Write method
 +// that will fail when its brokenState is true.
 +type breakableConn struct {
 +	net.Conn
 +	*brokenState
 +}
 +
 +type brokenState struct {
 +	sync.Mutex
 +	broken bool
 +}
 +
 +func (w *breakableConn) Write(b []byte) (n int, err error) {
 +	w.Lock()
 +	defer w.Unlock()
 +	if w.broken {
 +		return 0, errors.New("some write error")
 +	}
 +	return w.Conn.Write(b)
 +}
 +
 +// Issue 34978: don't cache a broken HTTP/2 connection
 +func TestDontCacheBrokenHTTP2Conn(t *testing.T) {
 +	cst := newClientServerTest(t, h2Mode, HandlerFunc(func(w ResponseWriter, r *Request) {}), optQuietLog)
 +	defer cst.close()
 +
 +	var brokenState brokenState
 +
 +	cst.tr.Dial = func(netw, addr string) (net.Conn, error) {
 +		c, err := net.Dial(netw, addr)
 +		if err != nil {
 +			t.Errorf("unexpected Dial error: %v", err)
 +			return nil, err
 +		}
 +		return &breakableConn{c, &brokenState}, err
 +	}
 +
 +	const numReqs = 5
 +	var gotConns uint32 // atomic
 +	for i := 1; i <= numReqs; i++ {
 +		brokenState.Lock()
 +		brokenState.broken = false
 +		brokenState.Unlock()
 +
 +		// doBreak controls whether we break the TCP connection after the TLS
 +		// handshake (before the HTTP/2 handshake). We test a few failures
 +		// in a row followed by a final success.
 +		doBreak := i != numReqs
 +
 +		ctx := httptrace.WithClientTrace(context.Background(), &httptrace.ClientTrace{
 +			GotConn: func(info httptrace.GotConnInfo) {
 +				atomic.AddUint32(&gotConns, 1)
 +			},
 +			TLSHandshakeDone: func(cfg tls.ConnectionState, err error) {
 +				brokenState.Lock()
 +				defer brokenState.Unlock()
 +				if doBreak {
 +					brokenState.broken = true
 +				}
 +			},
 +		})
 +		req, err := NewRequestWithContext(ctx, "GET", cst.ts.URL, nil)
 +		if err != nil {
 +			t.Fatal(err)
 +		}
 +		_, err = cst.c.Do(req)
 +		if doBreak != (err != nil) {
 +			t.Errorf("for iteration %d, doBreak=%v; unexpected error %v", i, doBreak, err)
 +		}
 +	}
 +	if got, want := atomic.LoadUint32(&gotConns), 1; int(got) != want {
 +		t.Errorf("GotConn calls = %v; want %v", got, want)
 +	}
 +}
 -- 
 2.17.1
--- a/0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
+++ b/0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
@ -1,96 +0,0 @@
 From 94b6eec5dc639e87f0e2f739cfd257a432160881 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Roman=20Koll=C3=A1r?= <roman.kollar.0@gmail.com>
 Date: Thu, 21 Nov 2019 22:25:52 +0000
 Subject: [PATCH] [release-branch.go1.13] net/http: fix Server.ConnContext
 modifying context for all new connections
 Updates #35750
 Fixes #35765
 Change-Id: I65d38cfc5ddd66131777e104c269cc3559b2471d
 GitHub-Last-Rev: 953fdfd49b2be665be43f8148d2a6180dae3b91c
 GitHub-Pull-Request: golang/go#35751
 Reviewed-on: https://go-review.googlesource.com/c/go/+/208318
 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
 TryBot-Result: Gobot Gobot <gobot@golang.org>
 (cherry picked from commit bbbc6589dfbc05be2bfa59f51c20f9eaa8d0c531)
 Reviewed-on: https://go-review.googlesource.com/c/go/+/208235
 Reviewed-by: Bryan C. Mills <bcmills@google.com>
 ---
 src/net/http/serve_test.go | 33 +++++++++++++++++++++++++++++++++
 src/net/http/server.go     |  7 ++++---
 2 files changed, 37 insertions(+), 3 deletions(-)
 diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
 index 1d1449aa65..90f112b2ee 100644
 --- a/src/net/http/serve_test.go
 +++ b/src/net/http/serve_test.go
@@ -6121,6 +6121,39 @@ func TestServerContextsHTTP2(t *testing.T) {
 	}
 }
 +// Issue 35750: check ConnContext not modifying context for other connections
 +func TestConnContextNotModifyingAllContexts(t *testing.T) {
 +	setParallel(t)
 +	defer afterTest(t)
 +	type connKey struct{}
 +	ts := httptest.NewUnstartedServer(HandlerFunc(func(rw ResponseWriter, r *Request) {
 +		rw.Header().Set("Connection", "close")
 +	}))
 +	ts.Config.ConnContext = func(ctx context.Context, c net.Conn) context.Context {
 +		if got := ctx.Value(connKey{}); got != nil {
 +			t.Errorf("in ConnContext, unexpected context key = %#v", got)
 +		}
 +		return context.WithValue(ctx, connKey{}, "conn")
 +	}
 +	ts.Start()
 +	defer ts.Close()
 +
 +	var res *Response
 +	var err error
 +
 +	res, err = ts.Client().Get(ts.URL)
 +	if err != nil {
 +		t.Fatal(err)
 +	}
 +	res.Body.Close()
 +
 +	res, err = ts.Client().Get(ts.URL)
 +	if err != nil {
 +		t.Fatal(err)
 +	}
 +	res.Body.Close()
 +}
 +
 // Issue 30710: ensure that as per the spec, a server responds
 // with 501 Not Implemented for unsupported transfer-encodings.
 func TestUnsupportedTransferEncodingsReturn501(t *testing.T) {
 diff --git a/src/net/http/server.go b/src/net/http/server.go
 index 95a5eabaa2..8252e45aca 100644
 --- a/src/net/http/server.go
 +++ b/src/net/http/server.go
@@ -2915,16 +2915,17 @@ func (srv *Server) Serve(l net.Listener) error {
 			}
 			return e
 		}
 +		connCtx := ctx
 		if cc := srv.ConnContext; cc != nil {
 -			ctx = cc(ctx, rw)
 -			if ctx == nil {
 +			connCtx = cc(connCtx, rw)
 +			if connCtx == nil {
 				panic("ConnContext returned nil")
 			}
 		}
 		tempDelay = 0
 		c := srv.newConn(rw)
 		c.setState(c.rwc, StateNew) // before Serve can return
 -		go c.serve(ctx)
 +		go c.serve(connCtx)
 	}
 }
 -- 
 2.17.1
--- a/0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
+++ b/0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
@ -1,49 +0,0 @@
 From 6eee9903c7f970defbc0c9770397790b2bed5709 Mon Sep 17 00:00:00 2001
 From: Lynn Boger <laboger@linux.vnet.ibm.com>
 Date: Mon, 28 Oct 2019 09:29:40 -0400
 Subject: [PATCH] [release-branch.go1.13] runtime: fix textOff for multiple
 text sections
 If a compilation has multiple text sections, code in
 textOff must compare the offset argument against the range
 for each text section to determine which one it is in.
 The comparison looks like this:
 if uintptr(off) >= sectaddr && uintptr(off) <= sectaddr+sectlen
 If the off value being compared is equal to sectaddr+sectlen then it
 is not within the range of the text section but after it. The
 comparison should be just '<'.
 Fixes #35211
 Change-Id: I114633fd734563d38f4e842dd884c6c239f73c95
 Reviewed-on: https://go-review.googlesource.com/c/go/+/203817
 Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
 TryBot-Result: Gobot Gobot <gobot@golang.org>
 Reviewed-by: Ian Lance Taylor <iant@golang.org>
 Reviewed-by: Cherry Zhang <cherryyz@google.com>
 (cherry picked from commit 0ae9389609f23dc905c58fc2ad7bcc16b770f337)
 Reviewed-on: https://go-review.googlesource.com/c/go/+/203819
 Run-TryBot: Carlos Amedee <carlos@golang.org>
 Reviewed-by: Keith Randall <khr@golang.org>
 ---
 src/runtime/type.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/runtime/type.go b/src/runtime/type.go
 index 660b45ef39..5ae3c4b09e 100644
 --- a/src/runtime/type.go
 +++ b/src/runtime/type.go
@@ -287,7 +287,7 @@ func (t *_type) textOff(off textOff) unsafe.Pointer {
 		for i := range md.textsectmap {
 			sectaddr := md.textsectmap[i].vaddr
 			sectlen := md.textsectmap[i].length
 -			if uintptr(off) >= sectaddr && uintptr(off) <= sectaddr+sectlen {
 +			if uintptr(off) >= sectaddr && uintptr(off) < sectaddr+sectlen {
 				res = md.textsectmap[i].baseaddr + uintptr(off) - uintptr(md.textsectmap[i].vaddr)
 				break
 			}
 -- 
 2.17.1
--- a/0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
+++ b/0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
@ -1,126 +0,0 @@
 From acc723af2646200d13f76ffde80b000c4095074a Mon Sep 17 00:00:00 2001
 From: Cherry Zhang <cherryyz@google.com>
 Date: Fri, 27 Dec 2019 12:02:00 -0500
 Subject: [PATCH] [release-branch.go1.13] runtime: ensure memmove write pointer
 atomically on ARM64
 If a pointer write is not atomic, if the GC is running
 concurrently, it may observe a partially updated pointer, which
 may point to unallocated or already dead memory. Most pointer
 writes, like the store instructions generated by the compiler,
 are already atomic. But we still need to be careful in places
 like memmove. In memmove, we don't know which bits are pointers
 (or too expensive to query), so we ensure that all aligned
 pointer-sized units are written atomically.
 Fixes #36361.
 Updates #36101.
 Change-Id: I1b3ca24c6b1ac8a8aaf9ee470115e9a89ec1b00b
 Reviewed-on: https://go-review.googlesource.com/c/go/+/212626
 Reviewed-by: Austin Clements <austin@google.com>
 (cherry picked from commit ffbc02761abb47106ce88e09290a31513b5f6c8a)
 Reviewed-on: https://go-review.googlesource.com/c/go/+/213683
 Run-TryBot: Cherry Zhang <cherryyz@google.com>
 TryBot-Result: Gobot Gobot <gobot@golang.org>
 ---
 src/runtime/memmove_arm64.s | 42 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)
 diff --git a/src/runtime/memmove_arm64.s b/src/runtime/memmove_arm64.s
 index ac29f94..cedb018 100644
 --- a/src/runtime/memmove_arm64.s
 +++ b/src/runtime/memmove_arm64.s
@@ -22,7 +22,7 @@ check:
 	CMP	R3, R4
 	BLT	backward
 -	// Copying forward proceeds by copying R7/8 words then copying R6 bytes.
 +	// Copying forward proceeds by copying R7/32 quadwords then R6 <= 31 tail bytes.
 	// R3 and R4 are advanced as we copy.
 	// (There may be implementations of armv8 where copying by bytes until
@@ -30,11 +30,12 @@ check:
 	// optimization, but the on the one tested so far (xgene) it did not
 	// make a significance difference.)
 -	CBZ	R7, noforwardlarge	// Do we need to do any doubleword-by-doubleword copying?
 +	CBZ	R7, noforwardlarge	// Do we need to do any quadword copying?
 	ADD	R3, R7, R9	// R9 points just past where we copy by word
 forwardlargeloop:
 +	// Copy 32 bytes at a time.
 	LDP.P	32(R4), (R8, R10)
 	STP.P	(R8, R10), 32(R3)
 	LDP	-16(R4), (R11, R12)
@@ -43,10 +44,26 @@ forwardlargeloop:
 	CBNZ	R7, forwardlargeloop
 noforwardlarge:
 -	CBNZ	R6, forwardtail		// Do we need to do any byte-by-byte copying?
 +	CBNZ	R6, forwardtail		// Do we need to copy any tail bytes?
 	RET
 forwardtail:
 +	// There are R6 <= 31 bytes remaining to copy.
 +	// This is large enough to still contain pointers,
 +	// which must be copied atomically.
 +	// Copy the next 16 bytes, then 8 bytes, then any remaining bytes.
 +	TBZ	$4, R6, 3(PC)	// write 16 bytes if R6&16 != 0
 +	LDP.P	16(R4), (R8, R10)
 +	STP.P	(R8, R10), 16(R3)
 +
 +	TBZ	$3, R6, 3(PC)	// write 8 bytes if R6&8 != 0
 +	MOVD.P	8(R4), R8
 +	MOVD.P	R8, 8(R3)
 +
 +	AND	$7, R6
 +	CBNZ	R6, 2(PC)
 +	RET
 +
 	ADD	R3, R6, R9	// R9 points just past the destination memory
 forwardtailloop:
@@ -90,7 +107,7 @@ copy1:
 	RET
 backward:
 -	// Copying backwards proceeds by copying R6 bytes then copying R7/8 words.
 +	// Copying backwards first copies R6 <= 31 tail bytes, then R7/32 quadwords.
 	// R3 and R4 are advanced to the end of the destination/source buffers
 	// respectively and moved back as we copy.
@@ -99,13 +116,28 @@ backward:
 	CBZ	R6, nobackwardtail	// Do we need to do any byte-by-byte copying?
 -	SUB	R6, R3, R9	// R9 points at the lowest destination byte that should be copied by byte.
 +	AND	$7, R6, R12
 +	CBZ	R12, backwardtaillarge
 +
 +	SUB	R12, R3, R9	// R9 points at the lowest destination byte that should be copied by byte.
 backwardtailloop:
 +	// Copy sub-pointer-size tail.
 	MOVBU.W	-1(R4), R8
 	MOVBU.W	R8, -1(R3)
 	CMP	R9, R3
 	BNE	backwardtailloop
 +backwardtaillarge:
 +	// Do 8/16-byte write if possible.
 +	// See comment at forwardtail.
 +	TBZ	$3, R6, 3(PC)
 +	MOVD.W	-8(R4), R8
 +	MOVD.W	R8, -8(R3)
 +
 +	TBZ	$4, R6, 3(PC)
 +	LDP.W	-16(R4), (R8, R10)
 +	STP.W	(R8, R10), -16(R3)
 +
 nobackwardtail:
 	CBNZ     R7, backwardlarge	// Do we need to do any doubleword-by-doubleword copying?
 	RET
 -- 
 1.8.3.1
--- a/0014-bump-version-to-1.13.4.patch
+++ b/0014-bump-version-to-1.13.4.patch
@ -1,20 +0,0 @@
 From 15a9cd0590cacb4b189e39a6863d6abbe9bf0a10 Mon Sep 17 00:00:00 2001
 From: xiadanni1 <xiadanni1@huawei.com>
 Date: Fri, 24 Jul 2020 04:20:57 +0800
 Subject: [PATCH] bump to 1.13.4
 Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
 ---
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/VERSION b/VERSION
 index 5d371fc..478bafe 100644
 --- a/VERSION
 +++ b/VERSION
@@ -1 +1 @@
 -go1.13.3
 \ No newline at end of file
 +go1.13.4
 -- 
 1.8.3.1
--- a/backport-0013-release-branch.go1.13-security-src-go.mod-import-x-c.patch
+++ b/backport-0013-release-branch.go1.13-security-src-go.mod-import-x-c.patch
@ -1,124 +0,0 @@
 From f938e06d0623d0e1de202575d16f1e126741f6e0 Mon Sep 17 00:00:00 2001
 From: Filippo Valsorda <filippo@golang.org>
 Date: Fri, 24 Jan 2020 18:04:20 -0500
 Subject: [PATCH] [release-branch.go1.13-security] src/go.mod: import
 x/crypto/cryptobyte security fix for 32-bit archs
    cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
    When int is 32 bits wide (on 32-bit architectures like 386 and arm), an
    overflow could occur, causing a panic, due to malformed ASN.1 being
    passed to any of the ASN1 methods of String.
    Tested on linux/386 and darwin/amd64.
    This fixes CVE-2020-7919 and was found thanks to the Project Wycheproof
    test vectors.
    Change-Id: I8c9696a8bfad1b40ec877cd740dba3467d66ab54
    Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/645211
    Reviewed-by: Katie Hockman <katiehockman@google.com>
    Reviewed-by: Adam Langley <agl@google.com>
 x/crypto/cryptobyte is used in crypto/x509 for parsing certificates.
 Malformed certificates might cause a panic during parsing on 32-bit
 architectures (like arm and 386).
 Change-Id: I840feb54eba880dbb96780ef7adcade073c4c4e3
 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/647741
 Reviewed-by: Katie Hockman <katiehockman@google.com>
 ---
 src/go.mod                                          | 2 +-
 src/go.sum                                          | 4 ++--
 src/vendor/golang.org/x/crypto/cryptobyte/asn1.go   | 5 +++--
 src/vendor/golang.org/x/crypto/cryptobyte/string.go | 7 +------
 src/vendor/modules.txt                              | 2 +-
 5 files changed, 8 insertions(+), 12 deletions(-)
 diff --git a/src/go.mod b/src/go.mod
 index 90af2a7ea0..9c9026f0d8 100644
 --- a/src/go.mod
 +++ b/src/go.mod
@@ -3,7 +3,7 @@ module std
 go 1.12
 require (
 -	golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
 +	golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
 	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 // indirect
 	golang.org/x/text v0.3.2 // indirect
 diff --git a/src/go.sum b/src/go.sum
 index e358118e4c..e408f66328 100644
 --- a/src/go.sum
 +++ b/src/go.sum
@@ -1,6 +1,6 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
 -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 +golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68 h1:WPLCzSEbawp58wezcvLvLnvhiDJAai54ESbc41NdXS0=
 +golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
 index 528b9bff67..f930f7e526 100644
 --- a/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
 +++ b/src/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -470,7 +470,8 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
 // It reports whether the read was successful.
 func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
 	var bytes String
 -	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
 +	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
 +		len(bytes)*8/8 != len(bytes) {
 		return false
 	}
@@ -740,7 +741,7 @@ func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
 		length = headerLen + len32
 	}
 -	if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
 +	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
 		return false
 	}
 	if skipHeader && !out.Skip(int(headerLen)) {
 diff --git a/src/vendor/golang.org/x/crypto/cryptobyte/string.go b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
 index 39bf98aeea..589d297e6b 100644
 --- a/src/vendor/golang.org/x/crypto/cryptobyte/string.go
 +++ b/src/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -24,7 +24,7 @@ type String []byte
 // read advances a String by n bytes and returns them. If less than n bytes
 // remain, it returns nil.
 func (s *String) read(n int) []byte {
 -	if len(*s) < n {
 +	if len(*s) < n || n < 0 {
 		return nil
 	}
 	v := (*s)[:n]
@@ -105,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
 		length = length << 8
 		length = length | uint32(b)
 	}
 -	if int(length) < 0 {
 -		// This currently cannot overflow because we read uint24 at most, but check
 -		// anyway in case that changes in the future.
 -		return false
 -	}
 	v := s.read(int(length))
 	if v == nil {
 		return false
 diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
 index 453a312661..cff8acd02e 100644
 --- a/src/vendor/modules.txt
 +++ b/src/vendor/modules.txt
@@ -1,4 +1,4 @@
 -# golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
 +# golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
 golang.org/x/crypto/chacha20poly1305
 golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1
 -- 
 2.17.1
--- a/go1.13.14.src.tar.gz
+++ b/go1.13.14.src.tar.gz
--- a/golang.spec
+++ b/golang.spec
@ -61,12 +61,12 @@
 %endif
 Name:           golang
-Version:        1.13.4
+Version:        1.13.14
 Release:        1
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
-URL:            http://golang.org/
+URL:            https://golang.org/
-Source0:        https://dl.google.com/go/go1.13.3.src.tar.gz
+Source0:        https://dl.google.com/go/go1.13.14.src.tar.gz
 %if !%{golang_bootstrap}
 BuildRequires:  gcc-go >= 5
@ -156,13 +156,7 @@ Patch6005:       0005-runtime-fix-crash-during-VDSO-calls-on-arm.patch
 Patch6006:       0006-runtime-save-fetch-g-register-during-VDSO-on-ARM-and.patch
 Patch6007:       0007-runtime-don-t-fetch-G-from-signal-stack-when-using-c.patch
 Patch6008:       0008-runtime-don-t-save-G-during-VDSO-if-we-re-handling-s.patch
 Patch6009:       0009-release-branch.go1.13-net-http-don-t-cache-http2.err.patch
 Patch6010:       0010-release-branch.go1.13-net-http-fix-Server.ConnContex.patch
 Patch6011:       0011-release-branch.go1.13-runtime-fix-textOff-for-multip.patch
 Patch6012:       0012-release-branch.go1.13-runtime-ensure-memmove-write-p.patch
 Patch6013:       backport-0013-release-branch.go1.13-security-src-go.mod-import-x-c.patch
 Patch6014:       0013-drop-hard-code-cert.patch
 Patch6015:	 0014-bump-version-to-1.13.4.patch
 ExclusiveArch:  %{golang_arches}
@ -396,6 +390,9 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 %changelog
 * Thu Jul 30 xiadanni <xiadanni1@huawei.com> - 1.13.14-1
 - upgrade to 1.13.14
 * Thu Jul 23 xiadanni <xiadanni1@huawei.com> - 1.13-4.1
 - bump to 1.13.4