1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch
new file mode 100644
index 0000000000..afe4b0d2b8
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch
@@ -0,0 +1,38 @@
+From efb465ada003d23353a91ef930be408eb575dba6 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 16 Jun 2022 17:40:12 +0530
+Subject: [PATCH] CVE-2021-31525
+Upstream-Status: Backport [https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282]
+CVE: CVE-2021-31525
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/vendor/golang.org/x/net/http/httpguts/httplex.go | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
+index e7de24e..c79aa73 100644
+--- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go
+++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
+@@ -137,11 +137,13 @@ func trimOWS(x string) string {
+ // contains token amongst its comma-separated tokens, ASCII
+ // case-insensitively.
+ func headerValueContainsToken(v string, token string) bool {
+-       v = trimOWS(v)
+-       if comma := strings.IndexByte(v, ','); comma != -1 {
+-               return tokenEqual(trimOWS(v[:comma]), token) || headerValueContainsToken(v[comma+1:], token)
+       for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') {
+               if tokenEqual(trimOWS(v[:comma]), token) {
+                       return true
+               }
+               v = v[comma+1:]
+        }
+-       return tokenEqual(v, token)
+       return tokenEqual(trimOWS(v), token)
+ }
+ 
+ // lowerASCII returns the ASCII lowercase version of b.
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch new file mode 100644 index 0000000000..afe4b0d2b8 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-31525.patch
@@ -0,0 +1,38 @@
	1	From efb465ada003d23353a91ef930be408eb575dba6 Mon Sep 17 00:00:00 2001
	2	From: Hitendra Prajapati <hprajapati@mvista.com>
	3	Date: Thu, 16 Jun 2022 17:40:12 +0530
	4	Subject: [PATCH] CVE-2021-31525
	5
	6	Upstream-Status: Backport [https://github.com/argoheyard/lang-net/commit/701957006ef151feb43f86aa99c8a1f474f69282]
	7	CVE: CVE-2021-31525
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9
	10	---
	11	src/vendor/golang.org/x/net/http/httpguts/httplex.go \| 10 ++++++----
	12	1 file changed, 6 insertions(+), 4 deletions(-)
	13
	14	diff --git a/src/vendor/golang.org/x/net/http/httpguts/httplex.go b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
	15	index e7de24e..c79aa73 100644
	16	--- a/src/vendor/golang.org/x/net/http/httpguts/httplex.go
	17	+++ b/src/vendor/golang.org/x/net/http/httpguts/httplex.go
	18	@@ -137,11 +137,13 @@ func trimOWS(x string) string {
	19	// contains token amongst its comma-separated tokens, ASCII
	20	// case-insensitively.
	21	func headerValueContainsToken(v string, token string) bool {
	22	- v = trimOWS(v)
	23	- if comma := strings.IndexByte(v, ','); comma != -1 {
	24	- return tokenEqual(trimOWS(v[:comma]), token) \|\| headerValueContainsToken(v[comma+1:], token)
	25	+ for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') {
	26	+ if tokenEqual(trimOWS(v[:comma]), token) {
	27	+ return true
	28	+ }
	29	+ v = v[comma+1:]
	30	}
	31	- return tokenEqual(v, token)
	32	+ return tokenEqual(trimOWS(v), token)
	33	}
	34
	35	// lowerASCII returns the ASCII lowercase version of b.
	36	--
	37	2.25.1
	38