bump to 1.8.3
fix for CVE-2017-8932 make possible to use 31bit OID in ASN1 Resolves: BZ#1454978, BZ#14551
This commit is contained in:
parent
0a43a1cbaf
commit
45041c89fe
1
.gitignore
vendored
1
.gitignore
vendored
@ -40,3 +40,4 @@
|
|||||||
/go1.8rc3.src.tar.gz
|
/go1.8rc3.src.tar.gz
|
||||||
/go1.8.src.tar.gz
|
/go1.8.src.tar.gz
|
||||||
/go1.8.1.src.tar.gz
|
/go1.8.1.src.tar.gz
|
||||||
|
/go1.8.3.src.tar.gz
|
||||||
|
83
31bit-OID-asn1.patch
Normal file
83
31bit-OID-asn1.patch
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
From 94aba76639cf4d5e30975d846bb0368db8202269 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Monis Khan <mkhan@redhat.com>
|
||||||
|
Date: Wed, 12 Apr 2017 16:00:58 -0400
|
||||||
|
Subject: [PATCH] encoding/asn1: support 31 bit identifiers with OID
|
||||||
|
|
||||||
|
The current implementation uses a max of 28 bits when decoding an
|
||||||
|
ObjectIdentifier. This change makes it so that an int64 is used to
|
||||||
|
accumulate up to 35 bits. If the resulting data would not overflow
|
||||||
|
an int32, it is used as an int. Thus up to 31 bits may be used to
|
||||||
|
represent each subidentifier of an ObjectIdentifier.
|
||||||
|
|
||||||
|
Fixes #19933
|
||||||
|
|
||||||
|
Change-Id: I95d74b64b24cdb1339ff13421055bce61c80243c
|
||||||
|
Reviewed-on: https://go-review.googlesource.com/40436
|
||||||
|
Reviewed-by: Adam Langley <agl@golang.org>
|
||||||
|
Run-TryBot: Adam Langley <agl@golang.org>
|
||||||
|
---
|
||||||
|
src/encoding/asn1/asn1.go | 15 ++++++++++++---
|
||||||
|
src/encoding/asn1/asn1_test.go | 3 +++
|
||||||
|
2 files changed, 15 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/encoding/asn1/asn1.go b/src/encoding/asn1/asn1.go
|
||||||
|
index c2c0ee420ac..65f018d0148 100644
|
||||||
|
--- a/src/encoding/asn1/asn1.go
|
||||||
|
+++ b/src/encoding/asn1/asn1.go
|
||||||
|
@@ -22,6 +22,7 @@ package asn1
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
+ "math"
|
||||||
|
"math/big"
|
||||||
|
"reflect"
|
||||||
|
"strconv"
|
||||||
|
@@ -293,16 +294,24 @@ type Flag bool
|
||||||
|
// given byte slice. It returns the value and the new offset.
|
||||||
|
func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error) {
|
||||||
|
offset = initOffset
|
||||||
|
+ var ret64 int64
|
||||||
|
for shifted := 0; offset < len(bytes); shifted++ {
|
||||||
|
- if shifted == 4 {
|
||||||
|
+ // 5 * 7 bits per byte == 35 bits of data
|
||||||
|
+ // Thus the representation is either non-minimal or too large for an int32
|
||||||
|
+ if shifted == 5 {
|
||||||
|
err = StructuralError{"base 128 integer too large"}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
- ret <<= 7
|
||||||
|
+ ret64 <<= 7
|
||||||
|
b := bytes[offset]
|
||||||
|
- ret |= int(b & 0x7f)
|
||||||
|
+ ret64 |= int64(b & 0x7f)
|
||||||
|
offset++
|
||||||
|
if b&0x80 == 0 {
|
||||||
|
+ ret = int(ret64)
|
||||||
|
+ // Ensure that the returned value fits in an int on all platforms
|
||||||
|
+ if ret64 > math.MaxInt32 {
|
||||||
|
+ err = StructuralError{"base 128 integer too large"}
|
||||||
|
+ }
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/src/encoding/asn1/asn1_test.go b/src/encoding/asn1/asn1_test.go
|
||||||
|
index 9976656df89..2dd799f2362 100644
|
||||||
|
--- a/src/encoding/asn1/asn1_test.go
|
||||||
|
+++ b/src/encoding/asn1/asn1_test.go
|
||||||
|
@@ -7,6 +7,7 @@ package asn1
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
+ "math"
|
||||||
|
"math/big"
|
||||||
|
"reflect"
|
||||||
|
"strings"
|
||||||
|
@@ -386,6 +387,8 @@ var tagAndLengthData = []tagAndLengthTest{
|
||||||
|
{[]byte{0xa0, 0x81, 0x7f}, false, tagAndLength{}},
|
||||||
|
// Tag numbers which would overflow int32 are rejected. (The value below is 2^31.)
|
||||||
|
{[]byte{0x1f, 0x88, 0x80, 0x80, 0x80, 0x00, 0x00}, false, tagAndLength{}},
|
||||||
|
+ // Tag numbers that fit in an int32 are valid. (The value below is 2^31 - 1.)
|
||||||
|
+ {[]byte{0x1f, 0x87, 0xFF, 0xFF, 0xFF, 0x7F, 0x00}, true, tagAndLength{tag: math.MaxInt32}},
|
||||||
|
// Long tag number form may not be used for tags that fit in short form.
|
||||||
|
{[]byte{0x1f, 0x1e, 0x00}, false, tagAndLength{}},
|
||||||
|
}
|
15
golang.spec
15
golang.spec
@ -94,11 +94,11 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%global go_api 1.8
|
%global go_api 1.8
|
||||||
%global go_version 1.8.1
|
%global go_version 1.8.3
|
||||||
|
|
||||||
Name: golang
|
Name: golang
|
||||||
Version: 1.8.1
|
Version: 1.8.3
|
||||||
Release: 2%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The Go Programming Language
|
Summary: The Go Programming Language
|
||||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||||
License: BSD and Public Domain
|
License: BSD and Public Domain
|
||||||
@ -137,7 +137,8 @@ Patch215: ./go1.5-zoneinfo_testing_only.patch
|
|||||||
|
|
||||||
# Proposed patch by mmunday https://golang.org/cl/35262
|
# Proposed patch by mmunday https://golang.org/cl/35262
|
||||||
Patch219: s390x-expose-IfInfomsg-X__ifi_pad.patch
|
Patch219: s390x-expose-IfInfomsg-X__ifi_pad.patch
|
||||||
Patch220: s390x-uint-codegen.patch
|
# https://github.com/golang/go/commit/94aba76639cf4d5e30975d846bb0368db8202269
|
||||||
|
Patch220: 31bit-OID-asn1.patch
|
||||||
|
|
||||||
# Having documentation separate was broken
|
# Having documentation separate was broken
|
||||||
Obsoletes: %{name}-docs < 1.1-4
|
Obsoletes: %{name}-docs < 1.1-4
|
||||||
@ -508,6 +509,12 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 25 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.3-1
|
||||||
|
- bump to 1.8.3
|
||||||
|
- fix for CVE-2017-8932
|
||||||
|
- make possible to use 31bit OID in ASN1
|
||||||
|
- Resolves: BZ#1454978, BZ#1455191
|
||||||
|
|
||||||
* Fri Apr 21 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-2
|
* Fri Apr 21 2017 Jakub Čajka <jcajka@redhat.com> - 1.8.1-2
|
||||||
- fix uint64 constant codegen on s390x
|
- fix uint64 constant codegen on s390x
|
||||||
- Resolves: BZ#1441078
|
- Resolves: BZ#1441078
|
||||||
|
File diff suppressed because it is too large
Load Diff
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (go1.8.1.src.tar.gz) = f01fe7b35ac23101610f6fc169b88dafe2edc49b3b044d5d0aff771b05dcb2c8d2e7a5090ed6dbe67f861e78e792ace32e209ed464399ca02dcd186b13ec8037
|
SHA512 (go1.8.3.src.tar.gz) = c6e67dd9e3acdf2aa776d920f91f3fb1802d624ba5d51e06b2c7c6b71bcfaf91f4024f7a442cecde69175c589f7f1163f0ae86d887e15ddde710e53ce0961284
|
||||||
|
Loading…
Reference in New Issue
Block a user