2 files changed, 75 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc
index b621fb189c..bb5e839950 100644
--- a/meta/recipes-devtools/go/go-1.17.13.inc
+++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -72,6 +72,7 @@ SRC_URI = "https://golang.org/dl/go${PV}.src.tar.gz;name=main \
           file://CVE-2025-58187.patch \
           file://CVE-2025-58189.patch \
           file://CVE-2025-61723.patch \
+           file://CVE-2025-61724.patch \
           "
 SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch b/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch
new file mode 100644
index 0000000000..8c63022909
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch
@@ -0,0 +1,74 @@
+From a402f4ad285514f5f3db90516d72047d591b307a Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Tue, 30 Sep 2025 15:11:16 -0700
+Subject: [PATCH] net/textproto: avoid quadratic complexity in
+ Reader.ReadResponse Reader.ReadResponse constructed a response string from
+ repeated string concatenation, permitting a malicious sender to cause
+ excessive memory allocation and CPU consumption by sending a response
+ consisting of many short lines.
+Use a strings.Builder to construct the string instead.
+Thanks to Jakub Ciolek for reporting this issue.
+Fixes CVE-2025-61724
+For #75716
+Fixes #75717
+Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-by: Nicholas Husin <husin@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2980
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/709837
+Reviewed-by: Carlos Amedee <carlos@golang.org>
+TryBot-Bypass: Michael Pratt <mpratt@google.com>
+Auto-Submit: Michael Pratt <mpratt@google.com>
+CVE: CVE-2025-61724
+Upstream-Status: Backport [https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/net/textproto/reader.go | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
+index 3ac4d4d..a996257 100644
+--- a/src/net/textproto/reader.go
+++ b/src/net/textproto/reader.go
+@@ -288,8 +288,10 @@ func (r *Reader) ReadCodeLine(expectCode int) (code int, message string, err err
+ // An expectCode <= 0 disables the check of the status code.
+ //
+ func (r *Reader) ReadResponse(expectCode int) (code int, message string, err error) {
+-       code, continued, message, err := r.readCodeLine(expectCode)
+       code, continued, first, err := r.readCodeLine(expectCode)
+        multi := continued
+       var messageBuilder strings.Builder
+       messageBuilder.WriteString(first)
+        for continued {
+                line, err := r.ReadLine()
+                if err != nil {
+@@ -300,12 +302,15 @@ func (r *Reader) ReadResponse(expectCode int) (code int, message string, err err
+                var moreMessage string
+                code2, continued, moreMessage, err = parseCodeLine(line, 0)
+                if err != nil || code2 != code {
+-                       message += "\n" + strings.TrimRight(line, "\r\n")
+                       messageBuilder.WriteByte('\n')
+                       messageBuilder.WriteString(strings.TrimRight(line, "\r\n"))
+                        continued = true
+                        continue
+                }
+-               message += "\n" + moreMessage
+               messageBuilder.WriteByte('\n')
+               messageBuilder.WriteString(moreMessage)
+        }
+       message = messageBuilder.String()
+        if err != nil && multi && message != "" {
+                // replace one line error message with all lines (full message)
+                err = &Error{code, message}
+-- 
+2.40.0

diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index b621fb189c..bb5e839950 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc
@@ -72,6 +72,7 @@ SRC_URI = "https://golang.org/dl/go${PV}.src.tar.gz;name=main \
72	file://CVE-2025-58187.patch \	72	file://CVE-2025-58187.patch \
73	file://CVE-2025-58189.patch \	73	file://CVE-2025-58189.patch \
74	file://CVE-2025-61723.patch \	74	file://CVE-2025-61723.patch \
		75	file://CVE-2025-61724.patch \
75	"	76	"
76	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"	77	SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd"
77		78


diff --git a/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch b/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch new file mode 100644 index 0000000000..8c63022909 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.18/CVE-2025-61724.patch
@@ -0,0 +1,74 @@
		1	From a402f4ad285514f5f3db90516d72047d591b307a Mon Sep 17 00:00:00 2001
		2	From: Damien Neil <dneil@google.com>
		3	Date: Tue, 30 Sep 2025 15:11:16 -0700
		4	Subject: [PATCH] net/textproto: avoid quadratic complexity in
		5	Reader.ReadResponse Reader.ReadResponse constructed a response string from
		6	repeated string concatenation, permitting a malicious sender to cause
		7	excessive memory allocation and CPU consumption by sending a response
		8	consisting of many short lines.
		9
		10	Use a strings.Builder to construct the string instead.
		11
		12	Thanks to Jakub Ciolek for reporting this issue.
		13
		14	Fixes CVE-2025-61724
		15	For #75716
		16	Fixes #75717
		17
		18	Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736
		19	Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940
		20	Reviewed-by: Roland Shoemaker <bracewell@google.com>
		21	Reviewed-by: Nicholas Husin <husin@google.com>
		22	Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2980
		23	Reviewed-by: Damien Neil <dneil@google.com>
		24	Reviewed-on: https://go-review.googlesource.com/c/go/+/709837
		25	Reviewed-by: Carlos Amedee <carlos@golang.org>
		26	TryBot-Bypass: Michael Pratt <mpratt@google.com>
		27	Auto-Submit: Michael Pratt <mpratt@google.com>
		28
		29	CVE: CVE-2025-61724
		30
		31	Upstream-Status: Backport [https://github.com/golang/go/commit/a402f4ad285514f5f3db90516d72047d591b307a]
		32
		33	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		34	---
		35	src/net/textproto/reader.go \| 11 ++++++++---
		36	1 file changed, 8 insertions(+), 3 deletions(-)
		37
		38	diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
		39	index 3ac4d4d..a996257 100644
		40	--- a/src/net/textproto/reader.go
		41	+++ b/src/net/textproto/reader.go
		42	@@ -288,8 +288,10 @@ func (r *Reader) ReadCodeLine(expectCode int) (code int, message string, err err
		43	// An expectCode <= 0 disables the check of the status code.
		44	//
		45	func (r *Reader) ReadResponse(expectCode int) (code int, message string, err error) {
		46	- code, continued, message, err := r.readCodeLine(expectCode)
		47	+ code, continued, first, err := r.readCodeLine(expectCode)
		48	multi := continued
		49	+ var messageBuilder strings.Builder
		50	+ messageBuilder.WriteString(first)
		51	for continued {
		52	line, err := r.ReadLine()
		53	if err != nil {
		54	@@ -300,12 +302,15 @@ func (r *Reader) ReadResponse(expectCode int) (code int, message string, err err
		55	var moreMessage string
		56	code2, continued, moreMessage, err = parseCodeLine(line, 0)
		57	if err != nil \|\| code2 != code {
		58	- message += "\n" + strings.TrimRight(line, "\r\n")
		59	+ messageBuilder.WriteByte('\n')
		60	+ messageBuilder.WriteString(strings.TrimRight(line, "\r\n"))
		61	continued = true
		62	continue
		63	}
		64	- message += "\n" + moreMessage
		65	+ messageBuilder.WriteByte('\n')
		66	+ messageBuilder.WriteString(moreMessage)
		67	}
		68	+ message = messageBuilder.String()
		69	if err != nil && multi && message != "" {
		70	// replace one line error message with all lines (full message)
		71	err = &Error{code, message}
		72	--
		73	2.40.0
		74