commit b507f9ea33d455eb5986429644ba55de18a42e36 [browse]
Author: Sergey Matveev
Date: 2022-07-13 10:24:54 +03:00
Autogenerated TLS-related strings
go install golang.org/x/tools/cmd/stringer@latest
cd src/crypto/tls ; go generate
commit 6ee998d0a7ff7b277e47522f96594064b14e9768 [browse]
Author: Sergey Matveev
Date: 2020-06-19 13:26:58 +03:00
GOST X.509 and TLS 1.3 support via GoGOST
commit 88a06f40dfcdc4d37346be169f2b1b9070f38bb3 [browse]
Author: Gopher Robot
Date: 2022-07-12 19:41:20 Z
[release-branch.go1.18] go1.18.4
Change-Id: I9f64c24e60775e23095bf144fecad32e13fbd9d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/417177
Run-TryBot: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
commit fb979a50823e5a0575cf6166b3f17a13364cbf81 [browse]
Author: Roland Shoemaker
Date: 2022-06-07 13:00:43 -07:00
[release-branch.go1.18] encoding/gob: add a depth limit for ignored fields
Enforce a nesting limit of 10,000 for ignored fields during decoding
of messages. This prevents the possibility of triggering stack
exhaustion.
Fixes #53710
Updates #53615
Fixes CVE-2022-30635
Change-Id: I05103d06dd5ca3945fcba3c1f5d3b5a645e8fb0f
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1484771
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
(cherry picked from commit 55e8f938d22bfec29cc9dc9671044c5a41d1ea9c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417060
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
commit 5ebd862b1714dad1544bd10a24c47cdb53ad7f46 [browse]
Author: Julie Qiu
Date: 2022-06-23 23:18:56 Z
[release-branch.go1.18] path/filepath: fix stack exhaustion in Glob
A limit is added to the number of path separators allowed by an input to
Glob, to prevent stack exhaustion issues.
Thanks to Juho Nurminen of Mattermost who reported the issue.
Fixes #53714
Updates #53416
Fixes CVE-2022-30632
Change-Id: I1b9fd4faa85411a05dbc91dceae1c0c8eb021f07
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1498176
Reviewed-by: Roland Shoemaker <bracewell@google.com>
(cherry picked from commit d182a6d1217fd0d04c9babfa9a7ccd3515435c39)
Reviewed-on: https://go-review.googlesource.com/c/go/+/417059
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Michael Knyszek <mknyszek@google.com>
clone the repository to get more history