diff options
author | Ralph Siemsen <ralph.siemsen@linaro.org> | 2022-11-17 11:54:48 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-07 15:06:36 +0000 |
commit | b574cdd1e09285f04a031b814186198bbd57baa8 (patch) | |
tree | 5da04608bb74bc0fb3ee120f6f8306a151968bf4 | |
parent | 9bb56c4550a69765e000f06f380c00e644c3e0fd (diff) | |
download | poky-b574cdd1e09285f04a031b814186198bbd57baa8.tar.gz |
golang: fix CVE-2021-44716
Upstream-Status: Backport [https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a]
CVE: CVE-2021-44716
(From OE-Core rev: c5ec3e8701a1b81d8e5b17d2521530345892a09b)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch | 93 |
2 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index ae2c4746f4..73b981db2b 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -45,6 +45,7 @@ SRC_URI += "\ | |||
45 | file://CVE-2022-2879.patch \ | 45 | file://CVE-2022-2879.patch \ |
46 | file://CVE-2021-33195.patch \ | 46 | file://CVE-2021-33195.patch \ |
47 | file://CVE-2021-33198.patch \ | 47 | file://CVE-2021-33198.patch \ |
48 | file://CVE-2021-44716.patch \ | ||
48 | " | 49 | " |
49 | 50 | ||
50 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 51 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch new file mode 100644 index 0000000000..9c4fee2db4 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-44716.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | From 9f1860075990e7bf908ca7cc329d1d3ef91741c8 Mon Sep 17 00:00:00 2001 | ||
2 | From: Filippo Valsorda <filippo@golang.org> | ||
3 | Date: Thu, 9 Dec 2021 06:13:31 -0500 | ||
4 | Subject: [PATCH] net/http: update bundled golang.org/x/net/http2 | ||
5 | |||
6 | Upstream-Status: Backport [https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a] | ||
7 | CVE: CVE-2021-44716 | ||
8 | Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> | ||
9 | |||
10 | |||
11 | Pull in security fix | ||
12 | |||
13 | a5309b3 http2: cap the size of the server's canonical header cache | ||
14 | |||
15 | Updates #50058 | ||
16 | Fixes CVE-2021-44716 | ||
17 | |||
18 | Change-Id: Ifdd13f97fce168de5fb4b2e74ef2060d059800b9 | ||
19 | Reviewed-on: https://go-review.googlesource.com/c/go/+/370575 | ||
20 | Trust: Filippo Valsorda <filippo@golang.org> | ||
21 | Run-TryBot: Filippo Valsorda <filippo@golang.org> | ||
22 | Reviewed-by: Alex Rakoczy <alex@golang.org> | ||
23 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
24 | (cherry picked from commit d0aebe3e74fe14799f97ddd3f01129697c6a290a) | ||
25 | --- | ||
26 | src/go.mod | 2 +- | ||
27 | src/go.sum | 4 ++-- | ||
28 | src/net/http/h2_bundle.go | 10 +++++++++- | ||
29 | src/vendor/modules.txt | 2 +- | ||
30 | 4 files changed, 13 insertions(+), 5 deletions(-) | ||
31 | |||
32 | diff --git a/src/go.mod b/src/go.mod | ||
33 | index ec6bd98..56f2fbb 100644 | ||
34 | --- a/src/go.mod | ||
35 | +++ b/src/go.mod | ||
36 | @@ -4,7 +4,7 @@ go 1.14 | ||
37 | |||
38 | require ( | ||
39 | golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d | ||
40 | - golang.org/x/net v0.0.0-20210129194117-4acb7895a057 | ||
41 | + golang.org/x/net v0.0.0-20211209100217-a5309b321dca | ||
42 | golang.org/x/sys v0.0.0-20200201011859-915c9c3d4ccf // indirect | ||
43 | golang.org/x/text v0.3.3-0.20191031172631-4b67af870c6f // indirect | ||
44 | ) | ||
45 | diff --git a/src/go.sum b/src/go.sum | ||
46 | index 171e083..1ceba05 100644 | ||
47 | --- a/src/go.sum | ||
48 | +++ b/src/go.sum | ||
49 | @@ -2,8 +2,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk | ||
50 | golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d h1:9FCpayM9Egr1baVnV1SX0H87m+XB0B8S0hAMi99X/3U= | ||
51 | golang.org/x/crypto v0.0.0-20200128174031-69ecbb4d6d5d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= | ||
52 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= | ||
53 | -golang.org/x/net v0.0.0-20210129194117-4acb7895a057 h1:HThQeV5c0Ab/Puir+q6mC97b7+3dfZdsLWMLoBrzo68= | ||
54 | -golang.org/x/net v0.0.0-20210129194117-4acb7895a057/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= | ||
55 | +golang.org/x/net v0.0.0-20211209100217-a5309b321dca h1:UmeWAm8AwB6NA/e4FSaGlK1EKTLXKX3utx4Si+6kfPg= | ||
56 | +golang.org/x/net v0.0.0-20211209100217-a5309b321dca/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= | ||
57 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= | ||
58 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | ||
59 | golang.org/x/sys v0.0.0-20200201011859-915c9c3d4ccf h1:+4j7oujXP478CVb/AFvHJmVX5+Pczx2NGts5yirA0oY= | ||
60 | diff --git a/src/net/http/h2_bundle.go b/src/net/http/h2_bundle.go | ||
61 | index 702fd5a..83f2a72 100644 | ||
62 | --- a/src/net/http/h2_bundle.go | ||
63 | +++ b/src/net/http/h2_bundle.go | ||
64 | @@ -4293,7 +4293,15 @@ func (sc *http2serverConn) canonicalHeader(v string) string { | ||
65 | sc.canonHeader = make(map[string]string) | ||
66 | } | ||
67 | cv = CanonicalHeaderKey(v) | ||
68 | - sc.canonHeader[v] = cv | ||
69 | + // maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of | ||
70 | + // entries in the canonHeader cache. This should be larger than the number | ||
71 | + // of unique, uncommon header keys likely to be sent by the peer, while not | ||
72 | + // so high as to permit unreaasonable memory usage if the peer sends an unbounded | ||
73 | + // number of unique header keys. | ||
74 | + const maxCachedCanonicalHeaders = 32 | ||
75 | + if len(sc.canonHeader) < maxCachedCanonicalHeaders { | ||
76 | + sc.canonHeader[v] = cv | ||
77 | + } | ||
78 | return cv | ||
79 | } | ||
80 | |||
81 | diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt | ||
82 | index 669bd9b..1d67183 100644 | ||
83 | --- a/src/vendor/modules.txt | ||
84 | +++ b/src/vendor/modules.txt | ||
85 | @@ -8,7 +8,7 @@ golang.org/x/crypto/curve25519 | ||
86 | golang.org/x/crypto/hkdf | ||
87 | golang.org/x/crypto/internal/subtle | ||
88 | golang.org/x/crypto/poly1305 | ||
89 | -# golang.org/x/net v0.0.0-20210129194117-4acb7895a057 | ||
90 | +# golang.org/x/net v0.0.0-20211209100217-a5309b321dca | ||
91 | ## explicit | ||
92 | golang.org/x/net/dns/dnsmessage | ||
93 | golang.org/x/net/http/httpguts | ||