From d57e23e7bd6a8f80ace3f1d668a387cf1bc989f7 Mon Sep 17 00:00:00 2001
From: hanchao <hanchao47@huawei.com>
Date: Wed, 23 Mar 2022 20:51:31 +0800
Subject: [PATCH 2/2] fix patch
 cmd-go-internal-modfetch-do-not-short-circuit-canoni.patch

reason:the above patch is to fix CVE-2022-23773, but it does not work with golang1.15,
so this patch is used to fix the above issue.

Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/378400/

Signed-off-by: hanchao <hanchao47@huawei.com>
---
 src/cmd/go/internal/modfetch/coderepo.go | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/src/cmd/go/internal/modfetch/coderepo.go b/src/cmd/go/internal/modfetch/coderepo.go
index c654b36..def62d7 100644
--- a/src/cmd/go/internal/modfetch/coderepo.go
+++ b/src/cmd/go/internal/modfetch/coderepo.go
@@ -456,11 +456,6 @@ func (r *codeRepo) convert(info *codehost.RevInfo, statVers string) (*RevInfo, e
 		tagPrefix = r.codeDir + "/"
 	}
 
-	isRetracted, err := r.retractedVersions()
-	if err != nil {
-		isRetracted = func(string) bool { return false }
-	}
-
 	// tagToVersion returns the version obtained by trimming tagPrefix from tag.
 	// If the tag is invalid, retracted, or a pseudo-version, tagToVersion returns
 	// an empty version.
@@ -523,7 +518,7 @@ func (r *codeRepo) convert(info *codehost.RevInfo, statVers string) (*RevInfo, e
 		}
 		// Save the highest non-retracted canonical tag for the revision.
 		// If we don't find a better match, we'll use it as the canonical version.
-		if tagIsCanonical && semver.Compare(highestCanonical, v) < 0 && !isRetracted(v) {
+		if tagIsCanonical && semver.Compare(highestCanonical, v) < 0 {
 			if module.MatchPathMajor(v, r.pathMajor) || canUseIncompatible(v) {
 				highestCanonical = v
 			}
@@ -536,27 +531,18 @@ func (r *codeRepo) convert(info *codehost.RevInfo, statVers string) (*RevInfo, e
 		return checkCanonical(highestCanonical)
 	}
 
-	// Find the highest tagged version in the revision's history, subject to
-	// major version and +incompatible constraints. Use that version as the
-	// pseudo-version base so that the pseudo-version sorts higher. Ignore
-	// retracted versions.
-	allowedMajor := func(major string) func(v string) bool {
-		return func(v string) bool {
-			return ((major == "" && canUseIncompatible(v)) || semver.Major(v) == major) && !isRetracted(v)
-		}
-	}
 	if pseudoBase == "" {
 		var tag string
 		if r.pseudoMajor != "" || canUseIncompatible("") {
-			tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor(r.pseudoMajor))
+			tag, _ = r.code.RecentTag(info.Name, tagPrefix, r.pseudoMajor)
 		} else {
 			// Allow either v1 or v0, but not incompatible higher versions.
-			tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor("v1"))
+			tag, _ = r.code.RecentTag(info.Name, tagPrefix, "v1")
 			if tag == "" {
-				tag, _ = r.code.RecentTag(info.Name, tagPrefix, allowedMajor("v0"))
+				tag, _ = r.code.RecentTag(info.Name, tagPrefix, "v0")
 			}
 		}
-		pseudoBase, _ = tagToVersion(tag)
+		pseudoBase, _ = tagToVersion(tag) // empty if the tag is invalid
 	}
 
 	return checkCanonical(PseudoVersion(r.pseudoMajor, pseudoBase, info.Time, info.Short))
-- 
2.30.0