dgit.raspbian.org Git - golang-1.7.git/commit

author	Ian Lance Taylor <iant@golang.org>
	Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)
committer	Sylvain Beucler <beuc@debian.org>
	Sat, 13 Mar 2021 14:48:57 +0000 (14:48 +0000)
commit	80751bb029fa391280e1b8e5ac480c3db9e6e7db
tree	ee49157bc7e792ca8266d21aad1b1ff0298beb12	tree \| snapshot
parent	f1e86e0fb35f9dd22b2d4f7abe43cfa10e653c09	commit \| diff

[PATCH] cmd/go: restrict meta imports to valid schemes

Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.

Fixes #23867

Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gbp-Pq: Name cve-2018-7187.patch

src/cmd/go/vcs.go		diff \| blob \| history
src/cmd/go/vcs_test.go		diff \| blob \| history