1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
new file mode 100644
index 0000000000..aab98e99fd
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
@@ -0,0 +1,49 @@
+From 0fe3adec199e8cd2c101933f75d8cd617de70350 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Fri, 26 Aug 2022 12:48:13 +0530
+Subject: [PATCH] CVE-2022-32148
+Upstream-Status: Backport [https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e]
+CVE: CVE-2022-32148
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/net/http/header.go      | 6 ++++++
+ src/net/http/header_test.go | 5 +++++
+ 2 files changed, 11 insertions(+)
+diff --git a/src/net/http/header.go b/src/net/http/header.go
+index b9b5391..221f613 100644
+--- a/src/net/http/header.go
+++ b/src/net/http/header.go
+@@ -100,6 +100,12 @@ func (h Header) Clone() Header {
+        sv := make([]string, nv) // shared backing array for headers' values
+        h2 := make(Header, len(h))
+        for k, vv := range h {
+               if vv == nil {
+                       // Preserve nil values. ReverseProxy distinguishes
+                       // between nil and zero-length header values.
+                       h2[k] = nil
+                       continue
+               }
+                n := copy(sv, vv)
+                h2[k] = sv[:n:n]
+                sv = sv[n:]
+diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go
+index 4789362..80c0035 100644
+--- a/src/net/http/header_test.go
+++ b/src/net/http/header_test.go
+@@ -235,6 +235,11 @@ func TestCloneOrMakeHeader(t *testing.T) {
+                        in:   Header{"foo": {"bar"}},
+                        want: Header{"foo": {"bar"}},
+                },
+               {
+                       name: "nil value",
+                       in:   Header{"foo": nil},
+                       want: Header{"foo": nil},
+               },
+        }
+ 
+        for _, tt := range tests {
+-- 
+2.25.1

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch new file mode 100644 index 0000000000..aab98e99fd --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-32148.patch
@@ -0,0 +1,49 @@
	1	From 0fe3adec199e8cd2c101933f75d8cd617de70350 Mon Sep 17 00:00:00 2001
	2	From: Hitendra Prajapati <hprajapati@mvista.com>
	3	Date: Fri, 26 Aug 2022 12:48:13 +0530
	4	Subject: [PATCH] CVE-2022-32148
	5
	6	Upstream-Status: Backport [https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e]
	7	CVE: CVE-2022-32148
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	---
	10	src/net/http/header.go \| 6 ++++++
	11	src/net/http/header_test.go \| 5 +++++
	12	2 files changed, 11 insertions(+)
	13
	14	diff --git a/src/net/http/header.go b/src/net/http/header.go
	15	index b9b5391..221f613 100644
	16	--- a/src/net/http/header.go
	17	+++ b/src/net/http/header.go
	18	@@ -100,6 +100,12 @@ func (h Header) Clone() Header {
	19	sv := make([]string, nv) // shared backing array for headers' values
	20	h2 := make(Header, len(h))
	21	for k, vv := range h {
	22	+ if vv == nil {
	23	+ // Preserve nil values. ReverseProxy distinguishes
	24	+ // between nil and zero-length header values.
	25	+ h2[k] = nil
	26	+ continue
	27	+ }
	28	n := copy(sv, vv)
	29	h2[k] = sv[:n:n]
	30	sv = sv[n:]
	31	diff --git a/src/net/http/header_test.go b/src/net/http/header_test.go
	32	index 4789362..80c0035 100644
	33	--- a/src/net/http/header_test.go
	34	+++ b/src/net/http/header_test.go
	35	@@ -235,6 +235,11 @@ func TestCloneOrMakeHeader(t *testing.T) {
	36	in: Header{"foo": {"bar"}},
	37	want: Header{"foo": {"bar"}},
	38	},
	39	+ {
	40	+ name: "nil value",
	41	+ in: Header{"foo": nil},
	42	+ want: Header{"foo": nil},
	43	+ },
	44	}
	45
	46	for _, tt := range tests {
	47	--
	48	2.25.1
	49