packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
54 Commits 1 Branch 0 Tags
Commit Graph

32 Commits

Author SHA1 Message Date
hanchao
76ac33e67e golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
 2022-11-17 13:05:07 +08:00
hanchao
4fd46fe7b9 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
 2022-10-12 18:24:08 +08:00
hanchao
793f4d493d golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
 2022-09-15 10:29:01 +08:00
hanchao
eac443ba4a golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.
 2022-09-08 21:14:05 +08:00
hanchao
282de33531 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-09-08 20:04:30 +08:00
hanchao
6dd57444d5 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
 2022-09-08 20:04:16 +08:00
hanchao
40c91388a1 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-09-08 20:04:05 +08:00
hubin
e40a694498 backport patch to fix bug of golang plugin mode 
Signed-off-by: hubin <hubin73@huawei.com>
 2022-09-08 20:03:42 +08:00
hc
9ab15eb485 update golang.spec. 2022-09-08 20:03:32 +08:00
hanchao
6f993c149e fix CVE-2021-44717 
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717

Signed-off-by: hanchao <hanchao47@huawei.com>
 2022-09-08 20:03:10 +08:00
hanchao
1145718521 fix CVE-2022-28327,CVE-2022-24675 
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
 2022-09-08 20:02:50 +08:00
JackChan8
da8a16d28d golang: upgrade to 1.17.3 
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
 2021-12-15 10:28:39 +08:00
DCCooper
0953db6ef4 golang: speed up build progress 
Signed-off-by: DCCooper <1866858@gmail.com>
 2021-04-15 15:40:15 +08:00
meilier
10a96e3391 golang: upgrade to 1.15.7 2021-01-28 20:44:14 +08:00
yangyanchao
d4285b29c9 all:add cgo support to the riscv port 
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
 2020-12-07 15:06:43 +08:00
whoisxxx
09c818ff0c Fix error in changelog date 2020-11-28 13:22:42 +08:00
whoisxxx
42186258f0 Adapt for riscv-64 2020-11-28 13:20:11 +08:00
zvier
17b4faefc5 golang: upgrade to 1.15.5 
Signed-off-by: liuzekun <liuzekun@huawei.com>
 2020-11-18 10:16:36 +08:00
xiadanni
6ad438669a golang: upgrade to 1.13.15 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-08-18 19:23:22 +08:00
xiadanni
5820a98415 golang: add yaml 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 11:24:52 +08:00
xiadanni
52c05d8eb6 golang: upgrade to 1.13.14 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-31 09:27:27 +08:00
xiadanni
e6fdab00b8 golang: bump to 1.13.4 
Signed-off-by: xiadanni <xiadanni1@huawei.com>
 2020-07-23 19:40:56 +08:00
DCCooper
deb13bfa9d golang: sync code with CVE and cleancode 
reason: 1. drop hard code cert
        2. rename tar name and make it same with upstream

Signed-off-by: DCCooper <1866858@gmail.com>
 2020-05-12 17:08:40 +08:00
jingrui
d9ea2f312b golang: fix cve CVE-2020-7919 
Change-Id: I0c69fd3added6f82599c1cb9e4a1dbb02112de84
Signed-off-by: jingrui <jingrui@huawei.com>
 2020-04-16 16:22:51 +08:00
Grooooot
03aa981a87 golang: remove unused requires "mercurial" 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-02-20 18:22:53 +08:00
Grooooot
1ce9a9033f golang: fix patch 0012 format 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-10 10:06:14 +08:00
Grooooot
8b0d150421 runtime: use innermost frame's func name for async preemption check 
We don't asynchronously preempt if we are in the runtime. We do
this by checking the function name. However, it failed to take
inlining into account. If a runtime function gets inlined into
a non-runtime function, it can be preempted, and bad things can
happen. One instance of this is dounlockOSThread inlined into
UnlockOSThread which is in turn inlined into a non-runtime
function.

Fix this by using the innermost frame's function name.

Change-Id: Ifa036ce1320700aaaefd829b4bee0d04d05c395d
Reviewed-on: https://go-review.googlesource.com/c/go/+/211978
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-08 15:04:53 +08:00
Grooooot
592bf09553 golang: modification of spec 
Signed-off-by: Grooooot <isula@huawei.com>
 2020-01-06 10:24:02 +08:00
openeuler-iSula
747b3d9598 golang: modify source0 download address 
Signed-off-by: openeuler-iSula <isula@huawei.com>
 2019-12-29 15:43:54 +08:00
dogsheng
ce820709f2 Package init 2019-12-25 15:47:08 +08:00
dogsheng
f6abdd32e1 Package init 2019-12-13 15:19:17 +08:00
overweight
c29de2f632 Package init 2019-09-30 10:41:22 -04:00