sunchendong
|
f494134fe5
|
cvefix:fix CVE-2023-29406
|
2023-07-24 15:46:40 +08:00 |
|
openeuler-ci-bot
|
bc924969cc
|
!206 update: update to go1.20.5
From: @hcnbxx
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2023-07-05 01:25:26 +00:00 |
|
hanchao
|
3f8235235e
|
update: update to go1.20.5
|
2023-07-03 19:23:36 +08:00 |
|
openeuler-ci-bot
|
1197529257
|
!199 [Backport] fix some CVE
From: @dayshappy
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2023-05-11 03:19:18 +00:00 |
|
zhangzhihui
|
f1b37a1aac
|
[Backport] fix some CVE
CVE num upstream commit openEuler patch
CVE-2023-29400 9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 0016-release-branch.go1.19-html-template-emit-filterFails.patch
CVE-2023-24540 ce7bd33345416e6d8cac901792060591cafc2797 0015-release-branch.go1.19-html-template-handle-all-JS-wh.patch
CVE-2023-24539 e49282327b05192e46086bf25fd3ac691205fe80 0014-release-branch.go1.19-html-template-disallow-angle-b.patch
CVE-2023-24538 b1e3ecfa06b67014429a197ec5e134ce4303ad9b 0013-release-branch.go1.19-html-template-disallow-actions.patch
CVE-2023-24537 126a1d02da82f93ede7ce0bd8d3c51ef627f2104 0012-release-branch.go1.19-go-scanner-reject-large-line-a.patch
CVE-2023-24536 7917b5f31204528ea72e0629f0b7d52b35b27538 0011-release-branch.go1.19-mime-multipart-limit-parsed-mi.patch
CVE-2023-24536 7a359a651c7ebdb29e0a1c03102fce793e9f58f0 0010-release-branch.go1.19-net-textproto-mime-multipart-i.patch
CVE-2023-24536 ef41a4e2face45e580c5836eaebd51629fc23f15 0009-release-branch.go1.19-mime-multipart-avoid-excessive.patch
CVE-2023-24534 d6759e7a059f4208f07aa781402841d7ddaaef96 0008-release-branch.go1.19-net-textproto-avoid-overpredic.patch
CVE-2023-24532 639b67ed114151c0d786aa26e7faeab942400703 0007-release-branch.go1.19-crypto-internal-nistec-reduce-.patch
CVE-2022-41723 5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3 0006-release-branch.go1.19-net-http-update-bundled-golang.patch
CVE-2022-41724 00b256e9e3c0fa02a278ec9dfc3e191e02ceaf80 0005-release-branch.go1.19-crypto-tls-replace-all-usages-.patch
CVE-2022-41725 5c55ac9bf1e5f779220294c843526536605f42ab 0004-release-branch.go1.19-mime-multipart-limit-memory-in.patch
CVE-2022-41722 3345ddca41f00f9ed6fc3c1a36f6e2bede02d7ff 0003-release-branch.go1.19-path-filepath-do-not-Clean-a-..patch
Signed-off-by: zhangzhihui <zhangzhihui@xfusion.com>
|
2023-05-10 17:38:15 +08:00 |
|
openeuler-ci-bot
|
f6dc7bf8c9
|
!198 fix CVE-2023-24534
From: @ChendongSun
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2023-05-10 06:50:50 +00:00 |
|
openeuler-ci-bot
|
a5e9b799de
|
!193 golang: fix CVE-2023-24538
From: @ChendongSun
Reviewed-by: @hcnbxx, @jing-rui
Signed-off-by: @jing-rui
|
2023-04-28 02:51:01 +00:00 |
|
ChendongSun
|
6d0f92022c
|
fix CVE-2023-24534
|
2023-04-25 08:34:49 +08:00 |
|
openeuler-ci-bot
|
3ea66250a6
|
!191 golang: fix CVE-2023-24537
From: @ChendongSun
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2023-04-20 12:04:29 +00:00 |
|
openeuler-ci-bot
|
55889a8448
|
!180 Enable go plugin support for riscv64
From: @misaka00251
Reviewed-by: @hcnbxx, @jing-rui
Signed-off-by: @jing-rui
|
2023-04-17 07:48:47 +00:00 |
|
ChendongSun
|
771692cd56
|
fix CVE-2023-24538
|
2023-04-13 19:41:12 +08:00 |
|
ChendongSun
|
eea5870153
|
golang: fix CVE-2023-24537
|
2023-04-13 13:36:11 +08:00 |
|
misaka00251
|
044dd36e7d
|
Enable go plugin support & upstream sv57 enablement for riscv64
|
2023-04-03 15:08:19 +08:00 |
|
openeuler-ci-bot
|
c6bde1dba7
|
!165 golang: upgrade master branch to go1.19.4
From: @hcnbxx
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2023-01-11 01:29:53 +00:00 |
|
hanchao
|
bf9ade514f
|
golang: upgrade to golang1.19.4
|
2023-01-10 19:24:04 +08:00 |
|
openeuler-ci-bot
|
b15ef57675
|
!157 add type definition of String Cut
From: @wanglmb
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2022-12-28 01:52:37 +00:00 |
|
wanglimin
|
a7f58e6f18
|
support Cut in bytes,strings
|
2022-12-21 14:46:41 +08:00 |
|
openeuler-ci-bot
|
4c3abe6a6a
|
!151 golang: remove hard code and strong dependency of git, subversion and mercurial
From: @hcnbxx
Reviewed-by: @zhangsong234, @jing-rui
Signed-off-by: @jing-rui
|
2022-11-21 09:48:13 +00:00 |
|
hanchao
|
9bab37fbc7
|
golang: remove hard code and strong dependency of git, subversion and mercurial
|
2022-11-21 16:40:44 +08:00 |
|
openeuler-ci-bot
|
a63f634d23
|
!146 golang: fix CVE-2022-41716
From: @hcnbxx
Reviewed-by: @duguhaotian, @jing-rui
Signed-off-by: @jing-rui, @duguhaotian
|
2022-11-21 03:28:03 +00:00 |
|
hanchao
|
76ac33e67e
|
golang: fix CVE-2022-41716
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/446916
Conflict: src/os/exec/exec.go;src/syscall/exec_windows.go
Reason: fix CVE-2022-41716
|
2022-11-17 13:05:07 +08:00 |
|
openeuler-ci-bot
|
c6bfc29504
|
!139 golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
From: @hcnbxx
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2022-10-12 09:34:26 +00:00 |
|
hanchao
|
4fd46fe7b9
|
golang: fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
Score:CVE-2022-41715:4,CVE-2022-2880:5.3,CVE-2022-2879:6.2
Reference:https://go-review.googlesource.com/c/go/+/438501,
https://go-review.googlesource.com/c/go/+/433695,
https://go-review.googlesource.com/c/go/+/438500
Conflict:NA
Reason:fix CVE-2022-41715,CVE-2022-2880,CVE-2022-2879
|
2022-10-12 18:24:08 +08:00 |
|
openeuler-ci-bot
|
dcffd45493
|
!132 golang: fix CVE-2022-27664
From: @hcnbxx
Reviewed-by: @jing-rui, @zhangsong234
Signed-off-by: @jing-rui
|
2022-09-15 06:30:51 +00:00 |
|
hanchao
|
793f4d493d
|
golang: fix CVE-2022-27664
Score: 7.5
Reference: https://go-review.googlesource.com/c/go/+/428635/
Conflict: NA
Reason: fix CVE-2022-27664
|
2022-09-15 10:29:01 +08:00 |
|
openeuler-ci-bot
|
f290bfb37b
|
!125 golang.spec: modify the golang.spec to remove unnecessary files from golang-help package
From: @hcnbxx
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2022-09-13 08:31:37 +00:00 |
|
hanchao
|
eac443ba4a
|
golang: modify the golang.spec to remove unnecessary files from
golang-help package
Reason: golang-help package include unnecessary files such as shared
libs. now remove those unnecessary files.
|
2022-09-08 21:14:05 +08:00 |
|
openeuler-ci-bot
|
19509c9e51
|
!122 Synchronize the master branch and openEuler-22.03
From: @hcnbxx
Reviewed-by: @zhangsong234, @jing-rui
Signed-off-by: @jing-rui
|
2022-09-08 12:18:17 +00:00 |
|
hanchao
|
282de33531
|
golang: fix CVE-2022-29804,CVE-2022-29526
Score: CVE-2022-29804: 7.5, CVE-2022-29526: 5.3
Reference: https://go-review.googlesource.com/c/go/+/401595/, https://go-review.googlesource.com/c/go/+/401078/
Conflict: NA
Reason: fix CVE-2022-29804,CVE-2022-29526
|
2022-09-08 20:04:30 +08:00 |
|
hanchao
|
6dd57444d5
|
golang: fix CVE-2022-32189
Score: 6.5
Reference: https://go-review.googlesource.com/c/go/+/419814
Conflict: NA
Reason: fix CVE-2022-32189
|
2022-09-08 20:04:16 +08:00 |
|
hanchao
|
40c91388a1
|
golang: fix CVE-2022-32148,CVE-2022-1962,CVE-2022-1705,CVE-2022-30633,
CVE-2022-30635,CVE-2022-30630,CVE-2022-30632,CVE-2022-28131,
CVE-2022-30631,CVE-2022-30629,CVE-2022-30634
Conflict: NA
Score:
CVE-2022-32148: 5.3
CVE-2022-1962: 6.2
CVE-2022-1705: 5.3
CVE-2022-30633: 6.2
CVE-2022-30635: 5.5
CVE-2022-30630: 6.2
CVE-2022-30632: 6.2
CVE-2022-28131: 6.2
CVE-2022-30631: 7.5
CVE-2022-30629: 2.6
CVE-2022-30634: 7.5
Reference:
CVE-2022-32148: https://go-review.googlesource.com/c/go/+/415221
CVE-2022-1962: https://go-review.googlesource.com/c/go/+/417070
CVE-2022-1705: https://go-review.googlesource.com/c/go/+/415217
CVE-2022-30633: https://go-review.googlesource.com/c/go/+/417069
CVE-2022-30635: https://go-review.googlesource.com/c/go/+/417074
CVE-2022-30630: https://go-review.googlesource.com/c/go/+/417072
CVE-2022-30632: https://go-review.googlesource.com/c/go/+/417073
CVE-2022-28131: https://go-review.googlesource.com/c/go/+/417068
CVE-2022-30631: https://go-review.googlesource.com/c/go/+/417071
CVE-2022-30629: https://go-review.googlesource.com/c/go/+/408574
CVE-2022-30634: https://go-review.googlesource.com/c/go/+/406635
Reason: fix CVE:
CVE-2022-32148: 0005-release-branch.go1.17-net-http-preserve-nil-values-i.patch
CVE-2022-1962: 0006-release-branch.go1.17-go-parser-limit-recursion-dept.patch
CVE-2022-1705: 0007-release-branch.go1.17-net-http-don-t-strip-whitespac.patch
CVE-2022-30633: 0008-release-branch.go1.17-encoding-xml-limit-depth-of-ne.patch
CVE-2022-30635: 0009-release-branch.go1.17-encoding-gob-add-a-depth-limit.patch
CVE-2022-30630: 0010-release-branch.go1.17-io-fs-fix-stack-exhaustion-in-.patch
CVE-2022-30632: 0011-release-branch.go1.17-path-filepath-fix-stack-exhaus.patch
CVE-2022-28131: 0012-release-branch.go1.17-encoding-xml-use-iterative-Ski.patch
CVE-2022-30631: 0013-release-branch.go1.17-compress-gzip-fix-stack-exhaus.patch
CVE-2022-30629: 0014-release-branch.go1.17-crypto-tls-randomly-generate-t.patch
CVE-2022-30634: 0015-release-branch.go1.17-crypto-rand-properly-handle-la.patch
|
2022-09-08 20:04:05 +08:00 |
|
hubin
|
e40a694498
|
backport patch to fix bug of golang plugin mode
Signed-off-by: hubin <hubin73@huawei.com>
|
2022-09-08 20:03:42 +08:00 |
|
hc
|
9ab15eb485
|
update golang.spec.
|
2022-09-08 20:03:32 +08:00 |
|
hanchao
|
6f993c149e
|
fix CVE-2021-44717
Conflict: NA
Score: 4.8
Reference: https://go-review.googlesource.com/c/go/+/370534
Reason: fix CVE-2021-44717
Signed-off-by: hanchao <hanchao47@huawei.com>
|
2022-09-08 20:03:10 +08:00 |
|
hanchao
|
1145718521
|
fix CVE-2022-28327,CVE-2022-24675
Conflict: NA
Score: CVE-2022-28327:7.5,CVE-2022-24675:7.5
Reference: https://go-review.googlesource.com/c/go/+/397136,https://go-review.googlesource.com/c/go/+/399816
Reason: CVE-2022-28327,CVE-2022-24675
|
2022-09-08 20:02:50 +08:00 |
|
openeuler-ci-bot
|
e2c1a804ad
|
!60 golang: upgrade to 1.17.3
Merge pull request !60 from jingxiaolu/upgrade
|
2021-12-15 02:39:42 +00:00 |
|
JackChan8
|
da8a16d28d
|
golang: upgrade to 1.17.3
Signed-off-by: JackChan8 <chenjiankun1@huawei.com>
Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
|
2021-12-15 10:28:39 +08:00 |
|
openeuler-ci-bot
|
8d3cd0f27c
|
!32 golang: speed up build progress
From: @DCCooper
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2021-04-16 09:36:45 +08:00 |
|
DCCooper
|
0953db6ef4
|
golang: speed up build progress
Signed-off-by: DCCooper <1866858@gmail.com>
|
2021-04-15 15:40:15 +08:00 |
|
openeuler-ci-bot
|
c049552c00
|
!22 Upgrade golang to 1.15.7
From: @meilier
Reviewed-by: @jingxiaolu,@jing-rui
Signed-off-by: @jing-rui
|
2021-01-29 08:58:58 +08:00 |
|
meilier
|
10a96e3391
|
golang: upgrade to 1.15.7
|
2021-01-28 20:44:14 +08:00 |
|
openeuler-ci-bot
|
352325f497
|
!17 Enable cgo for risc-v golang
From: @riscv-spare
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2020-12-11 15:02:22 +08:00 |
|
rv_spare
|
7194175613
|
!1 all: add cgo support to the riscv port
Merge pull request !1 from 杨演超/master
|
2020-12-10 15:55:22 +08:00 |
|
yangyanchao
|
d4285b29c9
|
all:add cgo support to the riscv port
Signed-off-by: yangyanchao <yangyanchao6@huawei.com>
|
2020-12-07 15:06:43 +08:00 |
|
openeuler-ci-bot
|
8fc567dddc
|
!16 Adapt for riscv64 and fix error in changelog
From: @whoisxxx
Reviewed-by: @liqingqing_1229,@jing-rui
Signed-off-by: @jing-rui
|
2020-11-30 14:53:56 +08:00 |
|
whoisxxx
|
09c818ff0c
|
Fix error in changelog date
|
2020-11-28 13:22:42 +08:00 |
|
whoisxxx
|
42186258f0
|
Adapt for riscv-64
|
2020-11-28 13:20:11 +08:00 |
|
openeuler-ci-bot
|
72293a06dd
|
!15 golang: upgrade to 1.15.5
From: @zvier
Reviewed-by: @jing-rui
Signed-off-by: @jing-rui
|
2020-11-18 10:58:21 +08:00 |
|
zvier
|
17b4faefc5
|
golang: upgrade to 1.15.5
Signed-off-by: liuzekun <liuzekun@huawei.com>
|
2020-11-18 10:16:36 +08:00 |
|
openeuler-ci-bot
|
2966fbf3da
|
!12 golang: upgrade to 1.13.15
Merge pull request !12 from Vanient/master
|
2020-08-18 20:24:00 +08:00 |
|