projects / golang-1.7.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
golang-1.7.git
3 years agoCVE-2017-15041
commit | commitdiff | tree
Go Compiler Team [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
CVE-2017-15041

Origin: https://github.com/golang/go/commit/9a97c3bfe41d1ed768ea3bd3d8f0f52b8a51bb62
Origin: https://github.com/golang/go/commit/a4544a0f8af001d1fb6df0e70750f570ec49ccf9
Origin: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e
Reviewed-by: Sylvain Beucler <beuc@debian.org>
Last-Update: 2021-03-02

From 9a97c3bfe41d1ed768ea3bd3d8f0f52b8a51bb62 Mon Sep 17 00:00:00 2001
From: Russ Cox <rsc@golang.org>
Date: Thu, 13 Oct 2016 13:45:31 -0400
Subject: [PATCH] cmd/go: accept plain file for .vcs (instead of directory)

Sometimes .git is a plain file; maybe others will follow.
This CL matches CL 21430, made in x/tools/go/vcs.

The change in the Swift test case makes the test case
pass by changing the test to match current behavior,
which I assume is better than the reverse.
(The test only runs locally and without -short, so the
builders are not seeing this particular failure.)

For #10322.

Change-Id: Iccd08819a01c5609a2880b9d8a99af936e20faff
Reviewed-on: https://go-review.googlesource.com/30948
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Gbp-Pq: Name CVE-2017-15041.patch

3 years agoCVE-2020-15586
commit | commitdiff | tree
Go Compiler Team [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
CVE-2020-15586

===================================================================

Gbp-Pq: Name CVE-2020-15586.patch

3 years agoCVE-2020-16845
commit | commitdiff | tree
Go Compiler Team [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
CVE-2020-16845

Gbp-Pq: Name CVE-2020-16845.patch

3 years ago[PATCH] cmd/go: restrict meta imports to valid schemes
commit | commitdiff | tree
Ian Lance Taylor [Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)]
[PATCH] cmd/go: restrict meta imports to valid schemes

Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.

Fixes #23867

Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gbp-Pq: Name cve-2018-7187.patch

3 years agocve-2019-6486
commit | commitdiff | tree
Go Compiler Team [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
cve-2019-6486

Gbp-Pq: Name cve-2019-6486.patch

3 years ago[PATCH] time: make the ParseInLocation test more robust
commit | commitdiff | tree
Alberto Donizetti [Thu, 9 Mar 2017 12:20:54 +0000 (13:20 +0100)]
[PATCH] time: make the ParseInLocation test more robust

The tzdata 2017a update (2017-02-28) changed the abbreviation of the
Asia/Baghdad time zone (used in TestParseInLocation) from 'AST' to the
numeric '+03'.

Update the test so that it skips the checks if we're using a recent
tzdata release.

Fixes #19457

Change-Id: I45d705a5520743a611bdd194dc8f8d618679980c
Reviewed-on: https://go-review.googlesource.com/37964
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

Gbp-Pq: Name cl-37964--tzdata-2017a.patch

3 years ago[PATCH] time: update test for tzdata-2016g
commit | commitdiff | tree
Alberto Donizetti [Thu, 29 Sep 2016 11:59:10 +0000 (13:59 +0200)]
[PATCH] time: update test for tzdata-2016g

From c5434f2973a87acff76bac359236e690d632ce95 Mon Sep 17 00:00:00 2001
Origin: https://golang.org/cl/29995
Bug: https://golang.org/issue/17276
Applied-Upstream: 1.8

Fixes #17276

Change-Id: I0188cf9bc5fdb48c71ad929cc54206d03e0b96e4
Reviewed-on: https://go-review.googlesource.com/29995
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

Gbp-Pq: Name cl-29995--tzdata-2016g.patch

3 years agogolang-1.7 (1.7.4-2+deb9u4) stretch-security; urgency=high
commit | commitdiff | tree
Sylvain Beucler [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
golang-1.7 (1.7.4-2+deb9u4) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2021-36221: Go has a race condition that can lead to a
    net/http/httputil ReverseProxy panic upon an ErrAbortHandler
    abort. (Closes: #991961)
  * CVE-2021-33196: in archive/zip, a crafted file count (in an archive's
    header) can cause a NewReader or OpenReader panic. (Closes: #989492)
  * CVE-2021-39293: follow-up fix to CVE-2021-33196
  * CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat)
    accesses a Memory Location After the End of a Buffer, aka an
    out-of-bounds slice situation.
  * CVE-2021-44716: net/http allows uncontrolled memory consumption in the
    header canonicalization cache via HTTP/2 requests.
  * CVE-2021-44717: Go on UNIX allows write operations to an unintended
    file or unintended network connection as a consequence of erroneous
    closing of file descriptor 0 after file-descriptor exhaustion.

[dgit import unpatched golang-1.7 1.7.4-2+deb9u4]

3 years agoImport golang-1.7_1.7.4-2+deb9u4.debian.tar.xz
commit | commitdiff | tree
Sylvain Beucler [Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)]
Import golang-1.7_1.7.4-2+deb9u4.debian.tar.xz

[dgit import tarball golang-1.7 1.7.4-2+deb9u4 golang-1.7_1.7.4-2+deb9u4.debian.tar.xz]

9 years agoImport golang-1.7_1.7.4.orig.tar.gz
commit | commitdiff | tree
Tianon Gravi [Fri, 2 Dec 2016 21:30:36 +0000 (21:30 +0000)]
Import golang-1.7_1.7.4.orig.tar.gz

[dgit import orig golang-1.7_1.7.4.orig.tar.gz]

Unnamed repository; edit this file 'description' to name the repository.