diff options
author | Shubham Kulkarni <skulkarni@mvista.com> | 2022-09-29 20:11:11 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-30 16:34:52 +0100 |
commit | aa449287a0d2b8cc83243519cc995571e2b92c09 (patch) | |
tree | 963bb95f659eba2b476527849594504107ada5ad /meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch | |
parent | 95ba88b93546bbea9dd958b3d02c937835c4f9ce (diff) | |
download | poky-aa449287a0d2b8cc83243519cc995571e2b92c09.tar.gz |
go: Add fix for CVE-2022-32190
Link: https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec
(From OE-Core rev: 3362bbb1a1ce599418dc8377043f7549f9327315)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch b/meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch new file mode 100644 index 0000000000..816d914983 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/0003-CVE-2022-32190.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 2c632b883b0f11084cc247c8b50ad6c71fa7b447 Mon Sep 17 00:00:00 2001 | ||
2 | From: Sean Liao <sean@liao.dev> | ||
3 | Date: Sat, 9 Jul 2022 18:38:45 +0100 | ||
4 | Subject: [PATCH 3/4] net/url: use EscapedPath for url.JoinPath | ||
5 | |||
6 | Fixes #53763 | ||
7 | |||
8 | Change-Id: I08b53f159ebdce7907e8cc17316fd0c982363239 | ||
9 | Reviewed-on: https://go-review.googlesource.com/c/go/+/416774 | ||
10 | TryBot-Result: Gopher Robot <gobot@golang.org> | ||
11 | Reviewed-by: Damien Neil <dneil@google.com> | ||
12 | Reviewed-by: Bryan Mills <bcmills@google.com> | ||
13 | Run-TryBot: Ian Lance Taylor <iant@golang.org> | ||
14 | |||
15 | Upstream-Status: Backport [https://github.com/golang/go/commit/bf5898ef53d1693aa572da0da746c05e9a6f15c5] | ||
16 | CVE: CVE-2022-32190 | ||
17 | Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> | ||
18 | --- | ||
19 | src/net/url/url.go | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/src/net/url/url.go b/src/net/url/url.go | ||
23 | index 3436707..73079a5 100644 | ||
24 | --- a/src/net/url/url.go | ||
25 | +++ b/src/net/url/url.go | ||
26 | @@ -1111,7 +1111,7 @@ func (u *URL) UnmarshalBinary(text []byte) error { | ||
27 | func (u *URL) JoinPath(elem ...string) *URL { | ||
28 | url := *u | ||
29 | if len(elem) > 0 { | ||
30 | - elem = append([]string{u.Path}, elem...) | ||
31 | + elem = append([]string{u.EscapedPath()}, elem...) | ||
32 | p := path.Join(elem...) | ||
33 | // path.Join will remove any trailing slashes. | ||
34 | // Preserve at least one. | ||
35 | -- | ||
36 | 2.7.4 | ||