packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137 Commits 1 Branch 0 Tags
Commit Graph

75 Commits

Author SHA1 Message Date
Vanient
28875f707c [Backport]golang:allow update of system stack bounds on callback from C thread 
Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/527715

Signed-off-by: Vanient <xiadanni1@huawei.com>
(cherry picked from commit 4c90ff3bda0159f2ce04595e25c0ca2f0f881e27)
 2025-01-26 10:47:44 +08:00
wangshuo
d7448dbe57 [Backport]crypto/tls: fix Config.Time in tests using expired certificates 
(cherry picked from commit 727b3ef66b2fd50d42edc7a99fa3c6dae07fa872)
 2025-01-23 15:36:29 +08:00
Vanient
2ce91ac6b0 [Backport]golang:add race annotations in IncNonDefault 
reason:add race annotations in IncNonDefault

Signed-off-by: Vanient <xiadanni1@huawei.com>
(cherry picked from commit 550dafd8720b312651cc44c931484ff205ddd5b6)
 2024-12-09 09:45:45 +08:00
EulerOSWander
8dddbed90e backport: runtime: put ReadMemStats debug assertions behind a double-check mode 2024-12-05 19:33:10 +08:00
Vanient
2e10551773 [Backport]golang:add the disablethp GODEBUG setting 
runtime: add the disablethp GODEBUG setting

Signed-off-by: Vanient <xiadanni1@huawei.com>
(cherry picked from commit cc5d48f4b7efbea6fda3cac36203412597a6d177)
 2024-11-18 16:45:59 +08:00
wangshuo
6888f70044 [Backport-24.03-LTS]fix CVE-2024-34158, optimize the names of the first two patch files 2024-11-05 14:06:52 +08:00
changtao
81ce7d99f5 fix-2024-34156 2024-10-23 06:18:49 +08:00
Vanient
3f6ccc8c81 [Backport]golang:fix CVE-2024-34155 
Signed-off-by: Vanient <xiadanni1@huawei.com>
 2024-10-12 12:26:16 +08:00
EulerOSWander
7a64ba73c9 runtime/pprof:fix generics function names 2024-10-10 11:39:24 +08:00
Vanient
bd2d899b4e cmd/compile: fix escape analysis of string min/max 
Reference:https://go-review.googlesource.com/c/go/+/547715

Signed-off-by: Vanient <xiadanni1@huawei.com>
(cherry picked from commit 4d3cae30bcd490c3034a16e118c204d45ea29c3f)
 2024-09-19 17:24:19 +08:00
EulerOSWander
753da7ae9d cmd/compile: fix findIndVar so it does not match disjointed loop headers 
cmd/compile: fix findIndVar so it does not match disjointed loop headers

Signed-off-by: EulerOSWander <314264452@qq.com>
(cherry picked from commit 9d7cc4fab07218f896e6a9265a231f5108d53135)
 2024-09-19 16:29:29 +08:00
EulerOSWander
fd0ec1d282 runtime: call enableMetadataHugePages and its callees on the systemstack 
runtime: call enableMetadataHugePages and its callees on the systemstack

Signed-off-by: EulerOSWander <314264452@qq.com>
(cherry picked from commit d0a5cf4f0b233ea21ea8d2ad3d7e0a705c0a4863)
 2024-09-19 16:29:29 +08:00
EulerOSWander
34ef1309b1 internal/poll:add SPLICE_F_NONBLOCK flag for splice to avoid insonsistency with O_NONBLOC 
internal/poll:add SPLICE_F_NONBLOCK flag for splice to avoid insonsistency with O_NONBLOC

Signed-off-by: EulerOSWander <314264452@qq.com>
(cherry picked from commit 1e4bf241308377399305e37d1993066ca37baaa7)
 2024-09-19 16:29:29 +08:00
Lu Jingxiao
1ab3d795f9 backport: ensure pointer arithmetic happens after the nil check 
cmd/compile: ensure pointer arithmetic happens after the nil check

Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/537775

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit bcf346236f2120b938d24cfd37971113c5355394)
 2024-07-30 20:00:38 +08:00
Lu Jingxiao
6ce297ae7e backport: handle constant pointer offsets in dead store elimination 
Backport cmd/compile: handle constant pointer offsets in dead store elimination
Reference:https://go-review.googlesource.com/c/go/+/538595

Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
(cherry picked from commit 85e89048359f503459f974783059e9d80a50f6fd)
 2024-07-30 16:21:19 +08:00
EulerOSWander
45cadb6ea8 backport: fix send correct LastStreamID in stream-cause GOAWAY 
fix send correct LastStreamID in stream-cause GOAWAY

Signed-off-by: EulerOSWander <314264452@qq.com>
 2024-07-29 11:28:04 +08:00
kywqs
d300371526 [Backport]fix CVE-2024-24791 
(cherry picked from commit 4be9bd5130e62a4e04ec556ca4d27cfd2e6c7a93)
 2024-07-15 10:16:32 +08:00
hanchao
52c6cc644d [Backport]fix CVE-2023-39326,CVE-2024-24789 
Reference:https://go-review.googlesource.com/c/go/+/547356,https://go-review.googlesource.com/c/go/+/585397
reason:fix CVE-2023-39326,CVE-2024-24789
 2024-06-24 13:00:59 +08:00
EulerOSWander
ad1139cf93 backport: fix CVE-2023-45285 
Signed-off-by: EulerOSWander <314264452@qq.com>
 2024-06-21 15:23:30 +08:00
EulerOSWander
159f203404 bugfix: fix CVE-2024-24787 
Signed-off-by: EulerOSWander <314264452@qq.com>
 2024-06-21 15:12:50 +08:00
Zhao Mengmeng
75945c5da0 Fix CVE-2024-24790 
Backport from upstream commit:
051bdf3fd1

Signed-off-by: Zhao Mengmeng <zhaomengmeng@kylinos.cn>
 2024-06-14 09:28:43 +08:00
chenguoqi
0f1da4a7e6 Fix missing go.env file 2024-06-12 10:54:39 +08:00
Huang Yang
6bf75f794e enable external_linker and cgo on loongarch64 2024-04-18 08:13:54 +00:00
hanchao
7c72730658 backport: fix CVE-2023-45288 2024-04-16 21:41:37 +08:00
hanchao
7e7f663d4b backport: fix CVE-2024-24784 2024-03-28 18:35:18 +08:00
hanchao
24ce46ddd0 bugfix: enabling the patching function 2024-03-28 18:35:13 +08:00
zhangwenlong01
1628c33a1f fix build error for loongarch64 
Signed-off-by: zhangwenlong01 <zhangwenlong@loongson.cn>
(cherry picked from commit ab448e9c4c9ac0f334fd4fc519e73c193597fcc8)
 2024-03-28 09:18:26 +08:00
hanchao
5f0e9e311b backport: fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 2024-03-15 16:41:17 +08:00
jiahua.yu
89e31d4307 Init support for arch ppc64le 2023-12-13 10:31:08 +08:00
hanchao
f514094aa2 upgrade to 1.21.4 2023-12-05 14:37:44 +08:00
wanglimin
007faac7bf permit requests with invalid Host headers 2023-08-24 18:17:26 +08:00
root
c79107b0b3 1.20.7 2023-08-07 16:01:31 +08:00
Funda Wang
cf15318291 Use local proxy and sumdb for speed up 2023-07-31 19:55:14 +08:00
sunchendong
f494134fe5 cvefix:fix CVE-2023-29406 2023-07-24 15:46:40 +08:00
hanchao
3f8235235e update: update to go1.20.5 2023-07-03 19:23:36 +08:00
zhangzhihui
f1b37a1aac [Backport] fix some CVE 
CVE num	        upstream commit	                          openEuler patch
CVE-2023-29400	9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5	0016-release-branch.go1.19-html-template-emit-filterFails.patch
CVE-2023-24540	ce7bd33345416e6d8cac901792060591cafc2797	0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch
CVE-2023-24539	e49282327b05192e46086bf25fd3ac691205fe80	0014-release-branch.go1.19-html-template-disallow-angle-b.patch
CVE-2023-24538	b1e3ecfa06b67014429a197ec5e134ce4303ad9b	0013-release-branch.go1.19-html-template-disallow-actions.patch
CVE-2023-24537	126a1d02da82f93ede7ce0bd8d3c51ef627f2104	0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch
CVE-2023-24536	7917b5f31204528ea72e0629f0b7d52b35b27538	0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch
CVE-2023-24536	7a359a651c7ebdb29e0a1c03102fce793e9f58f0	0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch
CVE-2023-24536	ef41a4e2face45e580c5836eaebd51629fc23f15	0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch
CVE-2023-24534	d6759e7a059f4208f07aa781402841d7ddaaef96	0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch
CVE-2023-24532	639b67ed114151c0d786aa26e7faeab942400703	0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch
CVE-2022-41723	5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3	0006-release-branch.go1.19-net-http-update-bundled-golang.patch
CVE-2022-41724	00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80	0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch
CVE-2022-41725	5c55ac9bf1e5f779220294c843526536605f42ab	0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch
CVE-2022-41722	3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff	0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch

Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com>
 2023-05-10 17:38:15 +08:00
ChendongSun
6d0f92022c fix CVE-2023-24534 2023-04-25 08:34:49 +08:00
ChendongSun
771692cd56 fix CVE-2023-24538 2023-04-13 19:41:12 +08:00
ChendongSun
eea5870153 golang: fix CVE-2023-24537 2023-04-13 13:36:11 +08:00
misaka00251
044dd36e7d
Enable go plugin support & upstream sv57 enablement for riscv64 2023-04-03 15:08:19 +08:00
hanchao
bf9ade514f golang: upgrade to golang1.19.4 2023-01-10 19:24:04 +08:00
wanglimin
a7f58e6f18 support Cut in bytes,strings 2022-12-21 14:46:41 +08:00
hanchao
9bab37fbc7 golang: remove hard code and strong dependency of git, subversion and mercurial 2022-11-21 16:40:44 +08:00
hanchao
76ac33e67e golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
 2022-11-17 13:05:07 +08:00
hanchao
4fd46fe7b9 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
 2022-10-12 18:24:08 +08:00
hanchao
793f4d493d golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
 2022-09-15 10:29:01 +08:00
hanchao
eac443ba4a golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.
 2022-09-08 21:14:05 +08:00
hanchao
282de33531 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-09-08 20:04:30 +08:00
hanchao
6dd57444d5 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
 2022-09-08 20:04:16 +08:00
hanchao
40c91388a1 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-09-08 20:04:05 +08:00