diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch new file mode 100644 index 0000000000..23c5075e41 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-24538-1.patch | |||
@@ -0,0 +1,125 @@ | |||
1 | From 8acd01094d9ee17f6e763a61e49a8a808b3a9ddb Mon Sep 17 00:00:00 2001 | ||
2 | From: Brad Fitzpatrick <bradfitz@golang.org> | ||
3 | Date: Mon, 2 Aug 2021 14:55:51 -0700 | ||
4 | Subject: [PATCH 1/6] net/netip: add new IP address package | ||
5 | |||
6 | Co-authored-by: Alex Willmer <alex@moreati.org.uk> (GitHub @moreati) | ||
7 | Co-authored-by: Alexander Yastrebov <yastrebov.alex@gmail.com> | ||
8 | Co-authored-by: David Anderson <dave@natulte.net> (Tailscale CLA) | ||
9 | Co-authored-by: David Crawshaw <crawshaw@tailscale.com> (Tailscale CLA) | ||
10 | Co-authored-by: Dmytro Shynkevych <dmytro@tailscale.com> (Tailscale CLA) | ||
11 | Co-authored-by: Elias Naur <mail@eliasnaur.com> | ||
12 | Co-authored-by: Joe Tsai <joetsai@digital-static.net> (Tailscale CLA) | ||
13 | Co-authored-by: Jonathan Yu <jawnsy@cpan.org> (GitHub @jawnsy) | ||
14 | Co-authored-by: Josh Bleecher Snyder <josharian@gmail.com> (Tailscale CLA) | ||
15 | Co-authored-by: Maisem Ali <maisem@tailscale.com> (Tailscale CLA) | ||
16 | Co-authored-by: Manuel Mendez (Go AUTHORS mmendez534@...) | ||
17 | Co-authored-by: Matt Layher <mdlayher@gmail.com> | ||
18 | Co-authored-by: Noah Treuhaft <noah.treuhaft@gmail.com> (GitHub @nwt) | ||
19 | Co-authored-by: Stefan Majer <stefan.majer@gmail.com> | ||
20 | Co-authored-by: Terin Stock <terinjokes@gmail.com> (Cloudflare CLA) | ||
21 | Co-authored-by: Tobias Klauser <tklauser@distanz.ch> | ||
22 | |||
23 | Fixes #46518 | ||
24 | |||
25 | Change-Id: I0041f9e1115d61fa6e95fcf32b01d9faee708712 | ||
26 | Reviewed-on: https://go-review.googlesource.com/c/go/+/339309 | ||
27 | Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> | ||
28 | TryBot-Result: Go Bot <gobot@golang.org> | ||
29 | Reviewed-by: Russ Cox <rsc@golang.org> | ||
30 | Trust: Brad Fitzpatrick <bradfitz@golang.org> | ||
31 | |||
32 | Dependency Patch #1 | ||
33 | |||
34 | Upstream-Status: Backport from https://github.com/golang/go/commit/a59e33224e42d60a97fa720a45e1b74eb6aaa3d0 | ||
35 | CVE: CVE-2023-24538 | ||
36 | Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> | ||
37 | --- | ||
38 | src/internal/godebug/godebug.go | 34 ++++++++++++++++++++++++++++++++++ | ||
39 | src/internal/godebug/godebug_test.go | 34 ++++++++++++++++++++++++++++++++++ | ||
40 | 2 files changed, 68 insertions(+) | ||
41 | create mode 100644 src/internal/godebug/godebug.go | ||
42 | create mode 100644 src/internal/godebug/godebug_test.go | ||
43 | |||
44 | diff --git a/src/internal/godebug/godebug.go b/src/internal/godebug/godebug.go | ||
45 | new file mode 100644 | ||
46 | index 0000000..ac434e5 | ||
47 | --- /dev/null | ||
48 | +++ b/src/internal/godebug/godebug.go | ||
49 | @@ -0,0 +1,34 @@ | ||
50 | +// Copyright 2021 The Go Authors. All rights reserved. | ||
51 | +// Use of this source code is governed by a BSD-style | ||
52 | +// license that can be found in the LICENSE file. | ||
53 | + | ||
54 | +// Package godebug parses the GODEBUG environment variable. | ||
55 | +package godebug | ||
56 | + | ||
57 | +import "os" | ||
58 | + | ||
59 | +// Get returns the value for the provided GODEBUG key. | ||
60 | +func Get(key string) string { | ||
61 | + return get(os.Getenv("GODEBUG"), key) | ||
62 | +} | ||
63 | + | ||
64 | +// get returns the value part of key=value in s (a GODEBUG value). | ||
65 | +func get(s, key string) string { | ||
66 | + for i := 0; i < len(s)-len(key)-1; i++ { | ||
67 | + if i > 0 && s[i-1] != ',' { | ||
68 | + continue | ||
69 | + } | ||
70 | + afterKey := s[i+len(key):] | ||
71 | + if afterKey[0] != '=' || s[i:i+len(key)] != key { | ||
72 | + continue | ||
73 | + } | ||
74 | + val := afterKey[1:] | ||
75 | + for i, b := range val { | ||
76 | + if b == ',' { | ||
77 | + return val[:i] | ||
78 | + } | ||
79 | + } | ||
80 | + return val | ||
81 | + } | ||
82 | + return "" | ||
83 | +} | ||
84 | diff --git a/src/internal/godebug/godebug_test.go b/src/internal/godebug/godebug_test.go | ||
85 | new file mode 100644 | ||
86 | index 0000000..41b9117 | ||
87 | --- /dev/null | ||
88 | +++ b/src/internal/godebug/godebug_test.go | ||
89 | @@ -0,0 +1,34 @@ | ||
90 | +// Copyright 2021 The Go Authors. All rights reserved. | ||
91 | +// Use of this source code is governed by a BSD-style | ||
92 | +// license that can be found in the LICENSE file. | ||
93 | + | ||
94 | +package godebug | ||
95 | + | ||
96 | +import "testing" | ||
97 | + | ||
98 | +func TestGet(t *testing.T) { | ||
99 | + tests := []struct { | ||
100 | + godebug string | ||
101 | + key string | ||
102 | + want string | ||
103 | + }{ | ||
104 | + {"", "", ""}, | ||
105 | + {"", "foo", ""}, | ||
106 | + {"foo=bar", "foo", "bar"}, | ||
107 | + {"foo=bar,after=x", "foo", "bar"}, | ||
108 | + {"before=x,foo=bar,after=x", "foo", "bar"}, | ||
109 | + {"before=x,foo=bar", "foo", "bar"}, | ||
110 | + {",,,foo=bar,,,", "foo", "bar"}, | ||
111 | + {"foodecoy=wrong,foo=bar", "foo", "bar"}, | ||
112 | + {"foo=", "foo", ""}, | ||
113 | + {"foo", "foo", ""}, | ||
114 | + {",foo", "foo", ""}, | ||
115 | + {"foo=bar,baz", "loooooooong", ""}, | ||
116 | + } | ||
117 | + for _, tt := range tests { | ||
118 | + got := get(tt.godebug, tt.key) | ||
119 | + if got != tt.want { | ||
120 | + t.Errorf("get(%q, %q) = %q; want %q", tt.godebug, tt.key, got, tt.want) | ||
121 | + } | ||
122 | + } | ||
123 | +} | ||
124 | -- | ||
125 | 2.7.4 | ||