diff --git a/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch b/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch new file mode 100644 index 0000000000000000000000000000000000000000..3d378b4c154696fb152b8a23b962c507ddf01d93 --- /dev/null +++ b/1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch @@ -0,0 +1,90 @@ +From f7a68d3804efabd271f0338391858bc1e7e57422 Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Thu, 11 Sep 2025 13:32:10 -0700 +Subject: [PATCH] archive/tar: set a limit on the size of GNU + sparse file 1.0 regions + +Sparse files in tar archives contain only the non-zero components +of the file. There are several different encodings for sparse +files. When reading GNU tar pax 1.0 sparse files, archive/tar did +not set a limit on the size of the sparse region data. A malicious +archive containing a large number of sparse blocks could cause +archive/tar to read an unbounded amount of data from the archive +into memory. + +Reference: https://go-review.googlesource.com/c/go/+/709861 +Conflict: no + +Since a malicious input can be highly compressable, a small +compressed input could cause very large allocations. + +Cap the size of the sparse block data to the same limit used +for PAX headers (1 MiB). + +Thanks to Harshit Gupta (Mr HAX) (https://www.linkedin.com/in/iam-harshit-gupta/) +for reporting this issue. + +Fixes CVE-2025-58183 +Fixes #75677 + +Change-Id: I70b907b584a7b8676df8a149a1db728ae681a770 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2800 +Reviewed-by: Roland Shoemaker +Reviewed-by: Nicholas Husin +Reviewed-on: https://go-review.googlesource.com/c/go/+/709861 +Auto-Submit: Michael Pratt +TryBot-Bypass: Michael Pratt +Reviewed-by: Carlos Amedee +--- + src/archive/tar/common.go | 1 + + src/archive/tar/reader.go | 9 +++++++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/archive/tar/common.go b/src/archive/tar/common.go +index 7b3945f..ad31bbb 100644 +--- a/src/archive/tar/common.go ++++ b/src/archive/tar/common.go +@@ -39,6 +39,7 @@ var ( + errMissData = errors.New("archive/tar: sparse file references non-existent data") + errUnrefData = errors.New("archive/tar: sparse file contains unreferenced data") + errWriteHole = errors.New("archive/tar: write non-NUL byte in sparse hole") ++ errSparseTooLong = errors.New("archive/tar: sparse map too long") + ) + + type headerError []string +diff --git a/src/archive/tar/reader.go b/src/archive/tar/reader.go +index 8483fb5..16ac2f5 100644 +--- a/src/archive/tar/reader.go ++++ b/src/archive/tar/reader.go +@@ -531,12 +531,17 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) { + cntNewline int64 + buf bytes.Buffer + blk block ++ totalSize int + ) + + // feedTokens copies data in blocks from r into buf until there are + // at least cnt newlines in buf. It will not read more blocks than needed. + feedTokens := func(n int64) error { + for cntNewline < n { ++ totalSize += len(blk) ++ if totalSize > maxSpecialFileSize { ++ return errSparseTooLong ++ } + if _, err := mustReadFull(r, blk[:]); err != nil { + return err + } +@@ -569,8 +574,8 @@ func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) { + } + + // Parse for all member entries. +- // numEntries is trusted after this since a potential attacker must have +- // committed resources proportional to what this library used. ++ // numEntries is trusted after this since feedTokens limits the number of ++ // tokens based on maxSpecialFileSize. + if err := feedTokens(2 * numEntries); err != nil { + return nil, err + } +-- +2.43.0 + diff --git a/1010-CVE-2025-58189-crypto-tls-quote-protocols-incrypto-tls-quote.patch b/1010-CVE-2025-58189-crypto-tls-quote-protocols-incrypto-tls-quote.patch new file mode 100644 index 0000000000000000000000000000000000000000..28a88a03f5acd589046bf7428eb7f98ec5fc2c64 --- /dev/null +++ b/1010-CVE-2025-58189-crypto-tls-quote-protocols-incrypto-tls-quote.patch @@ -0,0 +1,44 @@ +From 4e9006a716533fe1c7ee08df02dfc73078f7dc19 Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker +Date: Mon, 29 Sep 2025 10:11:56 -0700 +Subject: [PATCH] crypto/tls: quote protocols in ALPN + error message + +Quote the protocols sent by the client when returning the ALPN +negotiation error message. + +Reference: https://go-review.googlesource.com/c/go/+/707776 +Conclict: no + +Fixes CVE-2025-58189 +Fixes #75652 + +Change-Id: Ie7b3a1ed0b6efcc1705b71f0f1e8417126661330 +Reviewed-on: https://go-review.googlesource.com/c/go/+/707776 +Auto-Submit: Roland Shoemaker +Reviewed-by: Neal Patel +Reviewed-by: Nicholas Husin +Auto-Submit: Nicholas Husin +Reviewed-by: Nicholas Husin +TryBot-Bypass: Roland Shoemaker +Reviewed-by: Daniel McCarney +--- + src/crypto/tls/handshake_server.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go +index 7c75977..6aebb74 100644 +--- a/src/crypto/tls/handshake_server.go ++++ b/src/crypto/tls/handshake_server.go +@@ -338,7 +338,7 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro + if http11fallback { + return "", nil + } +- return "", fmt.Errorf("tls: client requested unsupported application protocols (%s)", clientProtos) ++ return "", fmt.Errorf("tls: client requested unsupported application protocols (%q)", clientProtos) + } + + // supportsECDHE returns whether ECDHE key exchanges can be used with this +-- +2.43.0 + diff --git a/1011-CVE-2025-61724-net-textproto-avoid-quadratic-complexity.patch b/1011-CVE-2025-61724-net-textproto-avoid-quadratic-complexity.patch new file mode 100644 index 0000000000000000000000000000000000000000..35021ccd55ee952e28deec7af5c884e8700da2df --- /dev/null +++ b/1011-CVE-2025-61724-net-textproto-avoid-quadratic-complexity.patch @@ -0,0 +1,70 @@ +From 5ede095649db7783726c28390812bca9ce2c684a Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Tue, 30 Sep 2025 15:11:16 -0700 +Subject: [PATCH] net/textproto: avoid quadratic complexity in + Reader.ReadResponse + +Reader.ReadResponse constructed a response string from repeated +string concatenation, permitting a malicious sender to cause excessive +memory allocation and CPU consumption by sending a response consisting +of many short lines. + +Reference: https://go-review.googlesource.com/c/go/+/709859 +Conclict: no + +Use a strings.Builder to construct the string instead. + +Thanks to Jakub Ciolek for reporting this issue. + +Fixes CVE-2025-61724 +Fixes #75716 + +Change-Id: I1a98ce85a21b830cb25799f9ac9333a67400d736 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2940 +Reviewed-by: Roland Shoemaker +Reviewed-by: Nicholas Husin +Reviewed-on: https://go-review.googlesource.com/c/go/+/709859 +TryBot-Bypass: Michael Pratt +Auto-Submit: Michael Pratt +Reviewed-by: Carlos Amedee +--- + src/net/textproto/reader.go | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go +index f98e05b..2c926ca 100644 +--- a/src/net/textproto/reader.go ++++ b/src/net/textproto/reader.go +@@ -284,8 +284,10 @@ func (r *Reader) ReadCodeLine(expectCode int) (code int, message string, err err + // + // An expectCode <= 0 disables the check of the status code. + func (r *Reader) ReadResponse(expectCode int) (code int, message string, err error) { +- code, continued, message, err := r.readCodeLine(expectCode) ++ code, continued, first, err := r.readCodeLine(expectCode) + multi := continued ++ var messageBuilder strings.Builder ++ messageBuilder.WriteString(first) + for continued { + line, err := r.ReadLine() + if err != nil { +@@ -296,12 +298,15 @@ func (r *Reader) ReadResponse(expectCode int) (code int, message string, err err + var moreMessage string + code2, continued, moreMessage, err = parseCodeLine(line, 0) + if err != nil || code2 != code { +- message += "\n" + strings.TrimRight(line, "\r\n") ++ messageBuilder.WriteByte('\n') ++ messageBuilder.WriteString(strings.TrimRight(line, "\r\n")) + continued = true + continue + } +- message += "\n" + moreMessage ++ messageBuilder.WriteByte('\n') ++ messageBuilder.WriteString(moreMessage) + } ++ message = messageBuilder.String() + if err != nil && multi && message != "" { + // replace one line error message with all lines (full message) + err = &Error{code, message} +-- +2.43.0 + diff --git a/1012-CVE-2025-58188-crypto-x509-mitigate-Dos-vector-when.patch b/1012-CVE-2025-58188-crypto-x509-mitigate-Dos-vector-when.patch new file mode 100644 index 0000000000000000000000000000000000000000..8121ce53a3dc0126498c4200c004b7aba3914ba9 --- /dev/null +++ b/1012-CVE-2025-58188-crypto-x509-mitigate-Dos-vector-when.patch @@ -0,0 +1,193 @@ +From 6e4007e8cffbb870e6b606307ab7308236ecefb9 Mon Sep 17 00:00:00 2001 +From: Neal Patel +Date: Thu, 11 Sep 2025 16:27:04 -0400 +Subject: [PATCH] crypto/x509: mitigate DoS vector when + intermediate certificate contains DSA public key + +An attacker could craft an intermediate X.509 certificate +containing a DSA public key and can crash a remote host +with an unauthenticated call to any endpoint that +verifies the certificate chain. + +Reference: https://go-review.googlesource.com/c/go/+/709853 +Conclict: no + +Thank you to Jakub Ciolek for reporting this issue. + +Fixes CVE-2025-58188 +Fixes #75675 + +Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780 +Reviewed-by: Damien Neil +Reviewed-by: Roland Shoemaker +Reviewed-on: https://go-review.googlesource.com/c/go/+/709853 +Reviewed-by: Carlos Amedee +Auto-Submit: Michael Pratt +LUCI-TryBot-Result: Go LUCI +--- + src/crypto/x509/verify.go | 5 +- + src/crypto/x509/verify_test.go | 127 +++++++++++++++++++++++++++++++++ + 2 files changed, 131 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go +index 7cc0fb2..755c1db 100644 +--- a/src/crypto/x509/verify.go ++++ b/src/crypto/x509/verify.go +@@ -927,7 +927,10 @@ func alreadyInChain(candidate *Certificate, chain []*Certificate) bool { + if !bytes.Equal(candidate.RawSubject, cert.RawSubject) { + continue + } +- if !candidate.PublicKey.(pubKeyEqual).Equal(cert.PublicKey) { ++ // We enforce the canonical encoding of SPKI (by only allowing the ++ // correct AI paremeter encodings in parseCertificate), so it's safe to ++ // directly compare the raw bytes. ++ if !bytes.Equal(candidate.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) { + continue + } + var certSAN *pkix.Extension +diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go +index 7991f49..5595f99 100644 +--- a/src/crypto/x509/verify_test.go ++++ b/src/crypto/x509/verify_test.go +@@ -6,6 +6,7 @@ package x509 + + import ( + "crypto" ++ "crypto/dsa" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" +@@ -3048,3 +3049,129 @@ func TestInvalidPolicyWithAnyKeyUsage(t *testing.T) { + t.Fatalf("unexpected error, got %q, want %q", err, expectedErr) + } + } ++ ++func TestCertificateChainSignedByECDSA(t *testing.T) { ++ caKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) ++ if err != nil { ++ t.Fatal(err) ++ } ++ root := &Certificate{ ++ SerialNumber: big.NewInt(1), ++ Subject: pkix.Name{CommonName: "X"}, ++ NotBefore: time.Now().Add(-time.Hour), ++ NotAfter: time.Now().Add(365 * 24 * time.Hour), ++ IsCA: true, ++ KeyUsage: KeyUsageCertSign | KeyUsageCRLSign, ++ BasicConstraintsValid: true, ++ } ++ caDER, err := CreateCertificate(rand.Reader, root, root, &caKey.PublicKey, caKey) ++ if err != nil { ++ t.Fatal(err) ++ } ++ root, err = ParseCertificate(caDER) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ leafKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) ++ leaf := &Certificate{ ++ SerialNumber: big.NewInt(42), ++ Subject: pkix.Name{CommonName: "leaf"}, ++ NotBefore: time.Now().Add(-10 * time.Minute), ++ NotAfter: time.Now().Add(24 * time.Hour), ++ KeyUsage: KeyUsageDigitalSignature, ++ ExtKeyUsage: []ExtKeyUsage{ExtKeyUsageServerAuth}, ++ BasicConstraintsValid: true, ++ } ++ leafDER, err := CreateCertificate(rand.Reader, leaf, root, &leafKey.PublicKey, caKey) ++ if err != nil { ++ t.Fatal(err) ++ } ++ leaf, err = ParseCertificate(leafDER) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ inter, err := ParseCertificate(dsaSelfSignedCNX(t)) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ inters := NewCertPool() ++ inters.AddCert(root) ++ inters.AddCert(inter) ++ ++ wantErr := "certificate signed by unknown authority" ++ _, err = leaf.Verify(VerifyOptions{Intermediates: inters, Roots: NewCertPool()}) ++ if !strings.Contains(err.Error(), wantErr) { ++ t.Errorf("got %v, want %q", err, wantErr) ++ } ++} ++ ++// dsaSelfSignedCNX produces DER-encoded ++// certificate with the properties: ++// ++// Subject=Issuer=CN=X ++// DSA SPKI ++// Matching inner/outer signature OIDs ++// Dummy ECDSA signature ++func dsaSelfSignedCNX(t *testing.T) []byte { ++ t.Helper() ++ var params dsa.Parameters ++ if err := dsa.GenerateParameters(¶ms, rand.Reader, dsa.L1024N160); err != nil { ++ t.Fatal(err) ++ } ++ ++ var dsaPriv dsa.PrivateKey ++ dsaPriv.Parameters = params ++ if err := dsa.GenerateKey(&dsaPriv, rand.Reader); err != nil { ++ t.Fatal(err) ++ } ++ dsaPub := &dsaPriv.PublicKey ++ ++ type dsaParams struct{ P, Q, G *big.Int } ++ paramDER, err := asn1.Marshal(dsaParams{dsaPub.P, dsaPub.Q, dsaPub.G}) ++ if err != nil { ++ t.Fatal(err) ++ } ++ yDER, err := asn1.Marshal(dsaPub.Y) ++ if err != nil { ++ t.Fatal(err) ++ } ++ ++ spki := publicKeyInfo{ ++ Algorithm: pkix.AlgorithmIdentifier{ ++ Algorithm: oidPublicKeyDSA, ++ Parameters: asn1.RawValue{FullBytes: paramDER}, ++ }, ++ PublicKey: asn1.BitString{Bytes: yDER, BitLength: 8 * len(yDER)}, ++ } ++ ++ rdn := pkix.Name{CommonName: "X"}.ToRDNSequence() ++ b, err := asn1.Marshal(rdn) ++ if err != nil { ++ t.Fatal(err) ++ } ++ rawName := asn1.RawValue{FullBytes: b} ++ ++ algoIdent := pkix.AlgorithmIdentifier{Algorithm: oidSignatureDSAWithSHA256} ++ tbs := tbsCertificate{ ++ Version: 0, ++ SerialNumber: big.NewInt(1002), ++ SignatureAlgorithm: algoIdent, ++ Issuer: rawName, ++ Validity: validity{NotBefore: time.Now().Add(-time.Hour), NotAfter: time.Now().Add(24 * time.Hour)}, ++ Subject: rawName, ++ PublicKey: spki, ++ } ++ c := certificate{ ++ TBSCertificate: tbs, ++ SignatureAlgorithm: algoIdent, ++ SignatureValue: asn1.BitString{Bytes: []byte{0}, BitLength: 8}, ++ } ++ dsaDER, err := asn1.Marshal(c) ++ if err != nil { ++ t.Fatal(err) ++ } ++ return dsaDER ++} +-- +2.43.0 + diff --git a/1013-CVE-2025-61725-net-mail-avoid-quadratic-behavior.patch b/1013-CVE-2025-61725-net-mail-avoid-quadratic-behavior.patch new file mode 100644 index 0000000000000000000000000000000000000000..d28bd0ee334c5a038eb1705f5785701ad158d942 --- /dev/null +++ b/1013-CVE-2025-61725-net-mail-avoid-quadratic-behavior.patch @@ -0,0 +1,82 @@ +From 463165699d874ef0ac7965fc5788fe1693eaae9a Mon Sep 17 00:00:00 2001 +From: Damien Neil +Date: Thu, 25 Sep 2025 14:41:53 -0700 +Subject: [PATCH] net/mail: avoid quadratic behavior in mail + address parsing + +RFC 5322 domain-literal parsing built the dtext value one character +at a time with string concatenation, resulting in excessive +resource consumption when parsing very large domain-literal values. + +Reference: https://go-review.googlesource.com/c/go/+/709860 +Conflict: no + +Replace with a subslice. + +Benchmark not included in this CL because it's too narrow to be +of general ongoing use, but for: + + ParseAddress("alice@[" + strings.Repeat("a", 0x40000) + "]") + +goos: darwin +goarch: arm64 +pkg: net/mail +cpu: Apple M4 Pro + │ /tmp/bench.0 │ /tmp/bench.1 │ + │ sec/op │ sec/op vs base │ +ParseAddress-14 1987.732m ± 9% 1.524m ± 5% -99.92% (p=0.000 n=10) + + │ /tmp/bench.0 │ /tmp/bench.1 │ + │ B/op │ B/op vs base │ +ParseAddress-14 33692.767Mi ± 0% 1.282Mi ± 0% -100.00% (p=0.000 n=10) + + │ /tmp/bench.0 │ /tmp/bench.1 │ + │ allocs/op │ allocs/op vs base │ +ParseAddress-14 263711.00 ± 0% 17.00 ± 0% -99.99% (p=0.000 n=10) + +Thanks to Philippe Antoine (Catena cyber) for reporting this issue. + +Fixes CVE-2025-61725 +Fixes #75680 + +Change-Id: Id971c2d5b59882bb476e22fceb7e01ec08234bb7 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2840 +Reviewed-by: Roland Shoemaker +Reviewed-by: Nicholas Husin +Reviewed-on: https://go-review.googlesource.com/c/go/+/709860 +Reviewed-by: Carlos Amedee +TryBot-Bypass: Michael Pratt +Auto-Submit: Michael Pratt +--- + src/net/mail/message.go | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/net/mail/message.go b/src/net/mail/message.go +index 21b075e..0925484 100644 +--- a/src/net/mail/message.go ++++ b/src/net/mail/message.go +@@ -725,7 +725,8 @@ func (p *addrParser) consumeDomainLiteral() (string, error) { + } + + // Parse the dtext +- var dtext string ++ dtext := p.s ++ dtextLen := 0 + for { + if p.empty() { + return "", errors.New("mail: unclosed domain-literal") +@@ -742,9 +743,10 @@ func (p *addrParser) consumeDomainLiteral() (string, error) { + return "", fmt.Errorf("mail: bad character in domain-literal: %q", r) + } + +- dtext += p.s[:size] ++ dtextLen += size + p.s = p.s[size:] + } ++ dtext = dtext[:dtextLen] + + // Skip the trailing ] + if !p.consume(']') { +-- +2.43.0 + diff --git a/1014-CVE-2025-58185-encoding-asn1-prevent-memory-exhaustion.patch b/1014-CVE-2025-58185-encoding-asn1-prevent-memory-exhaustion.patch new file mode 100644 index 0000000000000000000000000000000000000000..3a9d3a73400474aef3f49c52502194ddb4dcb6ed --- /dev/null +++ b/1014-CVE-2025-58185-encoding-asn1-prevent-memory-exhaustion.patch @@ -0,0 +1,151 @@ +From 8709a41d5ef7321f486a1857f189c3fee20e8edd Mon Sep 17 00:00:00 2001 +From: Nicholas Husin +Date: Wed, 03 Sep 2025 09:30:56 -0400 +Subject: [PATCH] encoding/asn1: prevent memory exhaustion when + parsing using internal/saferio + +Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate +a slice that is needed in order to fully validate the given DER payload. +The size of the slice allocated are also multiple times larger than the +input DER: + +Reference: https://go-review.googlesource.com/c/go/+/709856 +Conflict: no + +- When using asn1.Unmarshal directly, the allocated slice is ~28x + larger. +- When passing in DER using x509.ParseCertificateRequest, the allocated + slice is ~48x larger. +- When passing in DER using ocsp.ParseResponse, the allocated slice is + ~137x larger. + +As a result, a malicious actor can craft a big empty DER payload, +resulting in an unnecessary large allocation of memories. This can be a +way to cause memory exhaustion. + +To prevent this, we now use SliceCapWithSize within internal/saferio to +enforce a memory allocation cap. + +Thanks to Jakub Ciolek for reporting this issue. + +For #75671 +Fixes CVE-2025-58185 + +Change-Id: Id50e76187eda43f594be75e516b9ca1d2ae6f428 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2700 +Reviewed-by: Roland Shoemaker +Reviewed-by: Damien Neil +Reviewed-on: https://go-review.googlesource.com/c/go/+/709856 +Reviewed-by: Carlos Amedee +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Michael Pratt +--- + src/encoding/asn1/asn1.go | 10 ++++++++- + src/encoding/asn1/asn1_test.go | 38 ++++++++++++++++++++++++++++++++++ + src/go/build/deps_test.go | 2 +- + 3 files changed, 48 insertions(+), 2 deletions(-) + +diff --git a/src/encoding/asn1/asn1.go b/src/encoding/asn1/asn1.go +index 488fb9b..e1f4cba 100644 +--- a/src/encoding/asn1/asn1.go ++++ b/src/encoding/asn1/asn1.go +@@ -22,6 +22,7 @@ package asn1 + import ( + "errors" + "fmt" ++ "internal/saferio" + "math" + "math/big" + "reflect" +@@ -635,10 +636,17 @@ func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type + offset += t.length + numElements++ + } +- ret = reflect.MakeSlice(sliceType, numElements, numElements) ++ elemSize := uint64(elemType.Size()) ++ safeCap := saferio.SliceCapWithSize(elemSize, uint64(numElements)) ++ if safeCap < 0 { ++ err = SyntaxError{fmt.Sprintf("%s slice too big: %d elements of %d bytes", elemType.Kind(), numElements, elemSize)} ++ return ++ } ++ ret = reflect.MakeSlice(sliceType, 0, safeCap) + params := fieldParameters{} + offset := 0 + for i := 0; i < numElements; i++ { ++ ret = reflect.Append(ret, reflect.Zero(elemType)) + offset, err = parseField(ret.Index(i), bytes, offset, params) + if err != nil { + return +diff --git a/src/encoding/asn1/asn1_test.go b/src/encoding/asn1/asn1_test.go +index 9a605e2..249d4e4 100644 +--- a/src/encoding/asn1/asn1_test.go ++++ b/src/encoding/asn1/asn1_test.go +@@ -7,10 +7,12 @@ package asn1 + import ( + "bytes" + "encoding/hex" ++ "errors" + "fmt" + "math" + "math/big" + "reflect" ++ "runtime" + "strings" + "testing" + "time" +@@ -1175,3 +1177,39 @@ func BenchmarkObjectIdentifierString(b *testing.B) { + _ = oidPublicKeyRSA.String() + } + } ++ ++func TestParsingMemoryConsumption(t *testing.T) { ++ // Craft a syntatically valid, but empty, ~10 MB DER bomb. A successful ++ // unmarshal of this bomb should yield ~280 MB. However, the parsing should ++ // fail due to the empty content; and, in such cases, we want to make sure ++ // that we do not unnecessarily allocate memories. ++ derBomb := make([]byte, 10_000_000) ++ for i := range derBomb { ++ derBomb[i] = 0x30 ++ } ++ derBomb = append([]byte{0x30, 0x83, 0x98, 0x96, 0x80}, derBomb...) ++ ++ var m runtime.MemStats ++ runtime.GC() ++ runtime.ReadMemStats(&m) ++ memBefore := m.TotalAlloc ++ ++ var out []struct { ++ Id []int ++ Critical bool `asn1:"optional"` ++ Value []byte ++ } ++ _, err := Unmarshal(derBomb, &out) ++ if !errors.As(err, &SyntaxError{}) { ++ t.Fatalf("Incorrect error result: want (%v), but got (%v) instead", &SyntaxError{}, err) ++ } ++ ++ runtime.ReadMemStats(&m) ++ memDiff := m.TotalAlloc - memBefore ++ ++ // Ensure that the memory allocated does not exceed 10<<21 (~20 MB) when ++ // the parsing fails. ++ if memDiff > 10<<21 { ++ t.Errorf("Too much memory allocated while parsing DER: %v MiB", memDiff/1024/1024) ++ } ++} +diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go +index e3e0107..2a1606e 100644 +--- a/src/go/build/deps_test.go ++++ b/src/go/build/deps_test.go +@@ -533,7 +533,7 @@ var depsRules = ` + + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. + +- CRYPTO, FMT, math/big ++ CRYPTO, FMT, math/big, internal/saferio + < crypto/internal/boring/bbig + < crypto/rand + < crypto/ed25519 # depends on crypto/rand.Reader +-- +2.43.0 + diff --git a/golang.spec b/golang.spec index fedefccb48104ff57bbea5a16cfd9fdc8079f05e..3f826d1022b29714bb46370ff41c6962202f669b 100644 --- a/golang.spec +++ b/golang.spec @@ -66,7 +66,7 @@ Name: golang Version: 1.24.2 -Release: 39 +Release: 40 Summary: The Go Programming Language License: BSD and Public Domain URL: https://golang.org/ @@ -133,6 +133,12 @@ Patch1006: 1006-CVE-2025-4674-disable-support-for-multiple-vcs-in-one-module.pat Patch1007: 1007-CVE-2025-22873-avoid-escape-from-Root-via-paths-endi.patch # Missing part of Patch1001 Patch1008: 1008-cmd-internal-obj-enable-got-pcrel-itype-in-fips140-for-riscv64.patch +Patch1009: 1009-CVE-2025-58183-archive-tar-set-a-limit-on-the-size-of.patch +Patch1010: 1010-CVE-2025-58189-crypto-tls-quote-protocols-incrypto-tls-quote.patch +Patch1011: 1011-CVE-2025-61724-net-textproto-avoid-quadratic-complexity.patch +Patch1012: 1012-CVE-2025-58188-crypto-x509-mitigate-Dos-vector-when.patch +Patch1013: 1013-CVE-2025-61725-net-mail-avoid-quadratic-behavior.patch +Patch1014: 1014-CVE-2025-58185-encoding-asn1-prevent-memory-exhaustion.patch # Backport of RVA23 Patch2001: 2001-cpu-internal-provide-runtime-detection-of-RISC-V-ext.patch @@ -413,6 +419,13 @@ fi %files devel -f go-tests.list -f go-misc.list -f go-src.list %changelog +* Sat Nov 8 2025 huzhangying - 1.24.2-40 +- Type:CVE +- CVE:CVE-2025-58183,CVE-2025-58185, CVE-2025-58188, CVE-2025-58189, CVE-2025-61724, CVE-2025-61725 +- SUG:NA +- DESC:fix CVE-2025-58183, CVE-2025-58188, CVE-2025-58189, CVE-2025-61724, CVE-2025-61725 + + * Thu Sep 25 2025 Julian Zhu - 1.24.2-39 - Backport RISC-V RVA23 support