From 576108dc9bc184e886401e2734fa33a1ad8eab50 Mon Sep 17 00:00:00 2001
From: wenyuzifang <lzx02244079@alibaba-inc.com>
Date: Wed, 10 Dec 2025 11:46:53 +0800
Subject: [PATCH] Update code from upstream

---
 golang.spec | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/golang.spec b/golang.spec
index f63534e..dd78a55 100644
--- a/golang.spec
+++ b/golang.spec
@@ -1,4 +1,4 @@
-%define anolis_release 11
+%define anolis_release 12
 
 # Disable debuginfo packages
 %global debug_package %{nil}
@@ -155,6 +155,7 @@ Patch1013: 0013-crypto-hash-math-Add-sw64-port.patch
 Patch1014: 0014-api-Add-sw64-port.patch
 Patch1015: 0015-debug-Add-sw64-port.patch
 Patch1016: 0016-encoding-os-sw64-add-var-NativeEndian.patch
+Patch50: go-CVE-2025-58185-fix-memory-exhaustion-in-asn1.patch
 
 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 %if %{with bootstrap}
@@ -632,6 +633,12 @@ fi
 %files docs -f go-docs.list
 
 %changelog
+* Mon Apr 05 2025 Upstream Sync - 1.24.0-12
+- Sync upstream changes from commit 5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1
+- Fix memory exhaustion in encoding/asn1 when parsing large DER sequences
+- Prevent potential DoS via oversized slice allocation in parseSequenceOf
+- Fixes CVE-2025-58185
+
 * Mon Nov 3 2025 wh02252983 <wh02252983@alibaba-inc.com> - 1.24.0-11
 - add patch to fix CVE-2025-58189
 
-- 
Gitee