dgit.raspbian.org Git - golang-1.7.git/log

Ian Lance Taylor [Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)]

[PATCH] cmd/go: restrict meta imports to valid schemes

Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.

Fixes #23867

Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gbp-Pq: Name cve-2018-7187.patch

commit | commitdiff | tree

Go Compiler Team [Fri, 20 Nov 2020 16:03:02 +0000 (16:03 +0000)]

cve-2019-6486

Gbp-Pq: Name cve-2019-6486.patch

commit | commitdiff | tree

Alberto Donizetti [Thu, 9 Mar 2017 12:20:54 +0000 (13:20 +0100)]

[PATCH] time: make the ParseInLocation test more robust

The tzdata 2017a update (2017-02-28) changed the abbreviation of the
Asia/Baghdad time zone (used in TestParseInLocation) from 'AST' to the
numeric '+03'.

Update the test so that it skips the checks if we're using a recent
tzdata release.

Fixes #19457

Change-Id: I45d705a5520743a611bdd194dc8f8d618679980c
Reviewed-on: https://go-review.googlesource.com/37964
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

Gbp-Pq: Name cl-37964--tzdata-2017a.patch

commit | commitdiff | tree

Alberto Donizetti [Thu, 29 Sep 2016 11:59:10 +0000 (13:59 +0200)]

[PATCH] time: update test for tzdata-2016g

From c5434f2973a87acff76bac359236e690d632ce95 Mon Sep 17 00:00:00 2001
Origin: https://golang.org/cl/29995
Bug: https://golang.org/issue/17276
Applied-Upstream: 1.8

Fixes #17276

Change-Id: I0188cf9bc5fdb48c71ad929cc54206d03e0b96e4
Reviewed-on: https://go-review.googlesource.com/29995
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

Gbp-Pq: Name cl-29995--tzdata-2016g.patch

commit | commitdiff | tree

Thorsten Alteholz [Fri, 20 Nov 2020 16:03:02 +0000 (16:03 +0000)]

golang-1.7 (1.7.4-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * CVE-2020-15586
    Using the 100-continue in HTTP headers received by a net/http/Server
    can lead to a data race involving the connection's buffered writer.
  * CVE-2020-16845
    Certain invalid inputs to ReadUvarint or ReadVarint could cause those
    functions to read an unlimited number of bytes from the ByteReader
    argument before returning an error.

[dgit import unpatched golang-1.7 1.7.4-2+deb9u2]

commit | commitdiff | tree

Thorsten Alteholz [Fri, 20 Nov 2020 16:03:02 +0000 (16:03 +0000)]

Import golang-1.7_1.7.4-2+deb9u2.debian.tar.xz

[dgit import tarball golang-1.7 1.7.4-2+deb9u2 golang-1.7_1.7.4-2+deb9u2.debian.tar.xz]

commit | commitdiff | tree

Tianon Gravi [Fri, 2 Dec 2016 21:30:36 +0000 (21:30 +0000)]

Import golang-1.7_1.7.4.orig.tar.gz

[dgit import orig golang-1.7_1.7.4.orig.tar.gz]

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom