1 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
new file mode 100644
index 0000000000..47313a547f
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
@@ -0,0 +1,47 @@
+From 8d0bbb5a6280c2cf951241ec7f6579c90d38df57 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Thu, 25 Aug 2022 10:55:08 +0530
+Subject: [PATCH] CVE-2022-30629
+Upstream-Status: Backport [https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c]
+CVE: CVE-2022-30629
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/crypto/tls/handshake_server_tls13.go | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
+index 5432145..d91797e 100644
+--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
+@@ -9,6 +9,7 @@ import (
+        "crypto"
+        "crypto/hmac"
+        "crypto/rsa"
+       "encoding/binary"
+        "errors"
+        "hash"
+        "io"
+@@ -742,6 +743,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
+        }
+        m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
+ 
+       // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1
+       // The value is not stored anywhere; we never need to check the ticket age
+       // because 0-RTT is not supported.
+       ageAdd := make([]byte, 4)
+       _, err = hs.c.config.rand().Read(ageAdd)
+       if err != nil {
+               return err
+       }
+       m.ageAdd = binary.LittleEndian.Uint32(ageAdd)
+
+       // ticket_nonce, which must be unique per connection, is always left at
+       // zero because we only ever send one ticket per connection.
+
+        if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
+                return err
+        }
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch new file mode 100644 index 0000000000..47313a547f --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-30629.patch
@@ -0,0 +1,47 @@
	1	From 8d0bbb5a6280c2cf951241ec7f6579c90d38df57 Mon Sep 17 00:00:00 2001
	2	From: Hitendra Prajapati <hprajapati@mvista.com>
	3	Date: Thu, 25 Aug 2022 10:55:08 +0530
	4	Subject: [PATCH] CVE-2022-30629
	5
	6	Upstream-Status: Backport [https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c]
	7	CVE: CVE-2022-30629
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	---
	10	src/crypto/tls/handshake_server_tls13.go \| 14 ++++++++++++++
	11	1 file changed, 14 insertions(+)
	12
	13	diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
	14	index 5432145..d91797e 100644
	15	--- a/src/crypto/tls/handshake_server_tls13.go
	16	+++ b/src/crypto/tls/handshake_server_tls13.go
	17	@@ -9,6 +9,7 @@ import (
	18	"crypto"
	19	"crypto/hmac"
	20	"crypto/rsa"
	21	+ "encoding/binary"
	22	"errors"
	23	"hash"
	24	"io"
	25	@@ -742,6 +743,19 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
	26	}
	27	m.lifetime = uint32(maxSessionTicketLifetime / time.Second)
	28
	29	+ // ticket_age_add is a random 32-bit value. See RFC 8446, section 4.6.1
	30	+ // The value is not stored anywhere; we never need to check the ticket age
	31	+ // because 0-RTT is not supported.
	32	+ ageAdd := make([]byte, 4)
	33	+ _, err = hs.c.config.rand().Read(ageAdd)
	34	+ if err != nil {
	35	+ return err
	36	+ }
	37	+ m.ageAdd = binary.LittleEndian.Uint32(ageAdd)
	38	+
	39	+ // ticket_nonce, which must be unique per connection, is always left at
	40	+ // zero because we only ever send one ticket per connection.
	41	+
	42	if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
	43	return err
	44	}
	45	--
	46	2.25.1
	47