packages/golang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93 Commits 1 Branch 0 Tags
Commit Graph

93 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
hanchao
7c72730658 backport: fix CVE-2023-45288 2024-04-16 21:41:37 +08:00
openeuler-ci-bot
eacf858572
!324 enabling the patching function and fix CVE-2024-24784 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2024-03-28 09:31:42 +00:00
hanchao
7e7f663d4b backport: fix CVE-2024-24784 2024-03-28 18:35:18 +08:00
hanchao
24ce46ddd0 bugfix: enabling the patching function 2024-03-28 18:35:13 +08:00
openeuler-ci-bot
68cf0a0025
!318 [sync] PR-313: fix build error for loongarch64 
From: @openeuler-sync-bot 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2024-03-28 08:36:49 +00:00
zhangwenlong01
1628c33a1f fix build error for loongarch64 
Signed-off-by: zhangwenlong01 <zhangwenlong@loongson.cn>
(cherry picked from commit ab448e9c4c9ac0f334fd4fc519e73c193597fcc8)
 2024-03-28 09:18:26 +08:00
openeuler-ci-bot
a0fd601fe3
!305 backport: fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2024-03-15 08:36:17 +00:00
hanchao
5f0e9e311b backport: fix CVE-2024-24783,CVE-2024-24785,CVE-2023-45290,CVE-2023-45289 2024-03-15 16:41:17 +08:00
openeuler-ci-bot
a0067aaa00
!284 Init support for ppc64le 
From: @jiahua-yu 
Reviewed-by: @jing-rui, @hcnbxx 
Signed-off-by: @jing-rui
 2023-12-15 12:27:43 +00:00
jiahua.yu
89e31d4307 Init support for arch ppc64le 2023-12-13 10:31:08 +08:00
openeuler-ci-bot
330b9ef9fb
!283 update: update to go1.21.4 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2023-12-05 08:37:26 +00:00
hanchao
f514094aa2 upgrade to 1.21.4 2023-12-05 14:37:44 +08:00
openeuler-ci-bot
2d83be12d5
!246 permit requests with invalid Host headers 
From: @wanglmb 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-08-25 08:43:53 +00:00
wanglimin
007faac7bf permit requests with invalid Host headers 2023-08-24 18:17:26 +08:00
openeuler-ci-bot
83d85f3eda
!236 Update to version 1.20.7 
From: @fundawang 
Reviewed-by: @jing-rui, @hcnbxx 
Signed-off-by: @jing-rui
 2023-08-16 02:45:29 +00:00
root
c79107b0b3 1.20.7 2023-08-07 16:01:31 +08:00
openeuler-ci-bot
36208f464b
!235 Use local proxy for speed up 
From: @fundawang 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-08-07 06:05:12 +00:00
Funda Wang
cf15318291 Use local proxy and sumdb for speed up 2023-07-31 19:55:14 +08:00
openeuler-ci-bot
e10a8672a7
!221 cvefix:fix CVE-2023-29406 
From: @ChendongSun 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-07-28 02:00:13 +00:00
sunchendong
f494134fe5 cvefix:fix CVE-2023-29406 2023-07-24 15:46:40 +08:00
openeuler-ci-bot
bc924969cc
!206 update: update to go1.20.5 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-07-05 01:25:26 +00:00
hanchao
3f8235235e update: update to go1.20.5 2023-07-03 19:23:36 +08:00
openeuler-ci-bot
1197529257
!199 [Backport] fix some CVE 
From: @dayshappy 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-05-11 03:19:18 +00:00
zhangzhihui
f1b37a1aac [Backport] fix some CVE 
CVE num	        upstream commit	                          openEuler patch
CVE-2023-29400	9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5	0016-release-branch.go1.19-html-template-emit-filterFails.patch
CVE-2023-24540	ce7bd33345416e6d8cac901792060591cafc2797	0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch
CVE-2023-24539	e49282327b05192e46086bf25fd3ac691205fe80	0014-release-branch.go1.19-html-template-disallow-angle-b.patch
CVE-2023-24538	b1e3ecfa06b67014429a197ec5e134ce4303ad9b	0013-release-branch.go1.19-html-template-disallow-actions.patch
CVE-2023-24537	126a1d02da82f93ede7ce0bd8d3c51ef627f2104	0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch
CVE-2023-24536	7917b5f31204528ea72e0629f0b7d52b35b27538	0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch
CVE-2023-24536	7a359a651c7ebdb29e0a1c03102fce793e9f58f0	0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch
CVE-2023-24536	ef41a4e2face45e580c5836eaebd51629fc23f15	0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch
CVE-2023-24534	d6759e7a059f4208f07aa781402841d7ddaaef96	0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch
CVE-2023-24532	639b67ed114151c0d786aa26e7faeab942400703	0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch
CVE-2022-41723	5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3	0006-release-branch.go1.19-net-http-update-bundled-golang.patch
CVE-2022-41724	00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80	0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch
CVE-2022-41725	5c55ac9bf1e5f779220294c843526536605f42ab	0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch
CVE-2022-41722	3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff	0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch

Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com>
 2023-05-10 17:38:15 +08:00
openeuler-ci-bot
f6dc7bf8c9
!198 fix CVE-2023-24534 
From: @ChendongSun 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-05-10 06:50:50 +00:00
openeuler-ci-bot
a5e9b799de
!193 golang: fix CVE-2023-24538 
From: @ChendongSun 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-04-28 02:51:01 +00:00
ChendongSun
6d0f92022c fix CVE-2023-24534 2023-04-25 08:34:49 +08:00
openeuler-ci-bot
3ea66250a6
!191 golang: fix CVE-2023-24537 
From: @ChendongSun 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-04-20 12:04:29 +00:00
openeuler-ci-bot
55889a8448
!180 Enable go plugin support for riscv64 
From: @misaka00251 
Reviewed-by: @hcnbxx, @jing-rui 
Signed-off-by: @jing-rui
 2023-04-17 07:48:47 +00:00
ChendongSun
771692cd56 fix CVE-2023-24538 2023-04-13 19:41:12 +08:00
ChendongSun
eea5870153 golang: fix CVE-2023-24537 2023-04-13 13:36:11 +08:00
misaka00251
044dd36e7d
Enable go plugin support & upstream sv57 enablement for riscv64 2023-04-03 15:08:19 +08:00
openeuler-ci-bot
c6bde1dba7
!165 golang: upgrade master branch to go1.19.4 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2023-01-11 01:29:53 +00:00
hanchao
bf9ade514f golang: upgrade to golang1.19.4 2023-01-10 19:24:04 +08:00
openeuler-ci-bot
b15ef57675
!157 add type definition of String Cut 
From: @wanglmb 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-12-28 01:52:37 +00:00
wanglimin
a7f58e6f18 support Cut in bytes,strings 2022-12-21 14:46:41 +08:00
openeuler-ci-bot
4c3abe6a6a
!151 golang: remove hard code and strong dependency of git, subversion and mercurial 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-11-21 09:48:13 +00:00
hanchao
9bab37fbc7 golang: remove hard code and strong dependency of git, subversion and mercurial 2022-11-21 16:40:44 +08:00
openeuler-ci-bot
a63f634d23
!146 golang: fix CVE-2022-41716 
From: @hcnbxx 
Reviewed-by: @duguhaotian, @jing-rui 
Signed-off-by: @jing-rui, @duguhaotian
 2022-11-21 03:28:03 +00:00
hanchao
76ac33e67e golang: fix CVE-2022-41716 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
 2022-11-17 13:05:07 +08:00
openeuler-ci-bot
c6bfc29504
!139 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-10-12 09:34:26 +00:00
hanchao
4fd46fe7b9 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879 
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
	https://go-review.googlesource.com/c/go/+/433695,
	https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
 2022-10-12 18:24:08 +08:00
openeuler-ci-bot
dcffd45493
!132 golang: fix CVE-2022-27664 
From: @hcnbxx 
Reviewed-by: @jing-rui, @zhangsong234 
Signed-off-by: @jing-rui
 2022-09-15 06:30:51 +00:00
hanchao
793f4d493d golang: fix CVE-2022-27664 
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
 2022-09-15 10:29:01 +08:00
openeuler-ci-bot
f290bfb37b
!125 golang.spec: modify the golang.spec to remove unnecessary files from golang-help package 
From: @hcnbxx 
Reviewed-by: @jing-rui 
Signed-off-by: @jing-rui
 2022-09-13 08:31:37 +00:00
hanchao
eac443ba4a golang: modify the golang.spec to remove unnecessary files from 
golang-help package

Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.
 2022-09-08 21:14:05 +08:00
openeuler-ci-bot
19509c9e51
!122 Synchronize the master branch and openEuler-22.03 
From: @hcnbxx 
Reviewed-by: @zhangsong234, @jing-rui 
Signed-off-by: @jing-rui
 2022-09-08 12:18:17 +00:00
hanchao
282de33531 golang: fix CVE-2022-29804,CVE-2022-29526 
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
 2022-09-08 20:04:30 +08:00
hanchao
6dd57444d5 golang: fix CVE-2022-32189 
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
 2022-09-08 20:04:16 +08:00
hanchao
40c91388a1 golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633, 
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634

Conflict: NA

Score:
CVE-2022-32148: 5.3
CVE-2022-1962:  6.2
CVE-2022-1705:  5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5

Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962:	https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705:  https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635

Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962:	0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705:  0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
 2022-09-08 20:04:05 +08:00