From patchwork Thu Mar 17 07:32:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 5376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19851C433F5 for ; Thu, 17 Mar 2022 07:35:19 +0000 (UTC) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web12.7502.1647502517616720222 for ; Thu, 17 Mar 2022 00:35:17 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Xa0VnkXZ; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647502517; x=1679038517; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=wlKKevOQl9Mavu1fILDforIe0s/Dz6yLBOlvEft1Aqw=; b=Xa0VnkXZBvj21JjD/E3LQq2o3M6kB6mQI0V5c+ZJpE2RmsGKYLW3xn8D i0sJjufs4mm/Prip9epG3Rr/JXvUwo2UccqSW/GfLYmFsWTdBWPvSXwxm RUbSLpysE24M9+uPXVOwmXPobHpZFhnoE3gK0jWtMTMfKW2VU7CvWGBcY 2ub5pZXlOYMam7lo+sPn96XIgbSOW+K8dOfhL/9TZCYGVgGgrhyTf5MrO uuTAMIugCoP/rRFSJawMH86u2vuAxg+BvrwXyJykudd7CG2Qj/2fAE7+W HmRZJsjizrREY00K8TOKLykbRwdLSxvqcvmDICpLzOi9Mtppisdj9nb4O Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236750492" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236750492" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 00:35:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="581208453" Received: from cheeyang-desk1.png.intel.com ([10.158.87.104]) by orsmga001.jf.intel.com with ESMTP; 17 Mar 2022 00:35:13 -0700 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 1/4] ghostscript: fix CVE-2021-3781 Date: Thu, 17 Mar 2022 15:32:44 +0800 Message-Id: <20220317073247.4117889-1-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 07:35:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163373 From: Chee Yang Lee Signed-off-by: Chee Yang Lee --- .../ghostscript/CVE-2021-3781.patch | 236 ++++++++++++++++++ .../ghostscript/ghostscript_9.54.0.bb | 1 + 2 files changed, 237 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch new file mode 100644 index 0000000000..27ef83bb85 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch @@ -0,0 +1,236 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +Upstream-Status: Backport[https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20] +CVE: CVE-2021-3781 +Signed-off-by: Chee Yang Lee +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb index d4442a4908..28d064a1a8 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb @@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://CVE-2021-45949.patch \ + file://CVE-2021-3781.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Thu Mar 17 07:32:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 5377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA07DC4332F for ; Thu, 17 Mar 2022 07:35:19 +0000 (UTC) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web12.7502.1647502517616720222 for ; Thu, 17 Mar 2022 00:35:19 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=aHUqW9XX; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647502518; x=1679038518; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=uVVbx727yMVyQoir2UZdEdiH3qmiWPzn7eBlw0KyKCg=; b=aHUqW9XXFso9R4JIYiLoy4r/PimoYnhjSN5D0l67otfHIU/y8osztmOd HwCUV5yxScDKP7Jlm2lNvWEAq/BTXH4xpmqOToGooKoh9a37Lo0R2Eo4Q N+STm7P/1JTkMml/5zr3U2cQ2JtK5iQIfiWw4FtRFeAXHyUub/JmtjbzI IbqUNy0cMbgjXebry5K7ciIKH9BJ0788i6MY9PKMQKilkSbHOFYXEdMFr LSB/qKaN+BpbmSselvJs9kkWMPCuEk8/+jyYsDybPuPA2vJdjJOrJ9Hn+ SQLbj+AWC9D/o0d9q3onS1HXqef5EJOEUYGedV31As0updwdLcQZO3lD0 Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236750494" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236750494" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 00:35:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="581208458" Received: from cheeyang-desk1.png.intel.com ([10.158.87.104]) by orsmga001.jf.intel.com with ESMTP; 17 Mar 2022 00:35:15 -0700 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 2/4] webkitgtk: update to 2.32.4 Date: Thu, 17 Mar 2022 15:32:45 +0800 Message-Id: <20220317073247.4117889-2-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317073247.4117889-1-chee.yang.lee@intel.com> References: <20220317073247.4117889-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 07:35:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163375 From: Chee Yang Lee This is a bug fix release in the stable 2.32 series. change in the WebKitGTK 2.32.4 release: Do not append .asc extension to downloaded text/plain files. Fix several crashes and rendering issues. https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html Signed-off-by: Chee Yang Lee --- .../webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-sato/webkit/{webkitgtk_2.32.3.bb => webkitgtk_2.32.4.bb} (98%) diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb similarity index 98% rename from meta/recipes-sato/webkit/webkitgtk_2.32.3.bb rename to meta/recipes-sato/webkit/webkitgtk_2.32.4.bb index bab1c17902..3e0ecb4611 100644 --- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb +++ b/meta/recipes-sato/webkit/webkitgtk_2.32.4.bb @@ -22,7 +22,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ file://reproducibility.patch \ " -SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc" +SRC_URI[sha256sum] = "00ce2d3f798d7bc5e9039d9059f0c3c974d51de38c8b716f00e94452a177d3fd" inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc From patchwork Thu Mar 17 07:32:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 5378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9591C433EF for ; Thu, 17 Mar 2022 07:35:19 +0000 (UTC) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web09.7632.1647502518263805547 for ; Thu, 17 Mar 2022 00:35:18 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=EVWW31pE; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647502518; x=1679038518; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=TaaKGA0p4XGZ4Fo3nlPe72Lxox0RudGIao0mXSQQ7/Q=; b=EVWW31pEtBtmLCeL05N70BhHBkk3Fem9B5o2OxOcJj6+DkUNE4Wz6wU7 +750CpltGmYdgAdv50Aovbi3QXd5pV8XRuLGKoGmiTcsapDX0fJ4Lbau0 znyjvEa7ioi3fJPxqX+Rt5jt248DrEHRN03LkudW4jeSA4wwZ4SrAeiBx qJHGUnN918dxcSZhdt2AUTEDEtwSZYpqsidBODepqNr3VSS2sPAH5nM8D DOqbHZWhFTRdRb7qnApJjKOx5IQcA5svi12XMW7MDV3JKTssSYIjt8KPk 0h7mgqql94MSjx8Uzi6XFS1DIqqrR38RRJ7t5kiJQQyQlZKXfT7LU9s+w g==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236750496" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236750496" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 00:35:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="581208461" Received: from cheeyang-desk1.png.intel.com ([10.158.87.104]) by orsmga001.jf.intel.com with ESMTP; 17 Mar 2022 00:35:16 -0700 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 3/4] go: upgrade 1.16.13 -> 1.16.14 Date: Thu, 17 Mar 2022 15:32:46 +0800 Message-Id: <20220317073247.4117889-3-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317073247.4117889-1-chee.yang.lee@intel.com> References: <20220317073247.4117889-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 07:35:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163374 From: Sakib Sajal go 1.16.14 release includes fix for CVE-2022-23806. (From OE-Core rev: 7b5723ae41b7fcdc73a24f04ec0cda4fba8f8622) Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie Signed-off-by: Chee Yang Lee --- meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} | 4 ++-- ...o-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} | 4 ++-- ...cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} | 0 .../go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} | 0 .../go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} | 0 .../go/{go-native_1.16.13.bb => go-native_1.16.14.bb} | 0 .../go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} | 0 meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} (90%) rename meta/recipes-devtools/go/{go-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.16.13.bb => go-native_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.16.13.inc b/meta/recipes-devtools/go/go-1.16.14.inc similarity index 90% rename from meta/recipes-devtools/go/go-1.16.13.inc rename to meta/recipes-devtools/go/go-1.16.14.inc index 46c6528dc4..c6445bccff 100644 --- a/meta/recipes-devtools/go/go-1.16.13.inc +++ b/meta/recipes-devtools/go/go-1.16.14.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.13" +PV = "1.16.14" FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,7 +17,7 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "b0926654eaeb01ef43816638f42d7b1681f2d3f41b9559f07735522b7afad41a" +SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.16.13.bb rename to meta/recipes-devtools/go/go-binary-native_1.16.14.bb index 6e498a17be..419fc4ffcf 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "275fc03c90c13b0bbff13125a43f1f7a9f9c00a0d5a9f2d5b16dbc2fa2c6e12a" -SRC_URI[go_linux_arm64.sha256sum] = "3dd8e14837105cbfedf7124c7f8c524ce492748c370036c7316ef99e18d116d7" +SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0" +SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-cross_1.16.13.bb b/meta/recipes-devtools/go/go-cross_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.16.13.bb rename to meta/recipes-devtools/go/go-cross_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.16.13.bb rename to meta/recipes-devtools/go/go-crosssdk_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-native_1.16.13.bb b/meta/recipes-devtools/go/go-native_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.16.13.bb rename to meta/recipes-devtools/go/go-native_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.16.13.bb b/meta/recipes-devtools/go/go-runtime_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.16.13.bb rename to meta/recipes-devtools/go/go-runtime_1.16.14.bb diff --git a/meta/recipes-devtools/go/go_1.16.13.bb b/meta/recipes-devtools/go/go_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.16.13.bb rename to meta/recipes-devtools/go/go_1.16.14.bb From patchwork Thu Mar 17 07:32:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Lee, Chee Yang" X-Patchwork-Id: 5379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00409C433FE for ; Thu, 17 Mar 2022 07:35:19 +0000 (UTC) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web09.7632.1647502518263805547 for ; Thu, 17 Mar 2022 00:35:19 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Pf8PJ8N+; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: chee.yang.lee@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647502519; x=1679038519; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=Ka03K+qBUFs+XvxTAykW7DE7yQssubNqX4S0+f/YAVA=; b=Pf8PJ8N+xR7AcjqVTnHYtHSAVHD8tvou2fQK/KyTDPo909QOU0shrTnY qCuDjt1a+sx10HOmdN//Kn5CKsthH7AtYB7EH9HSHiDyIdl2Nz20rL1kR EfYBy20z+j3mMWpcdz/hbpU9qCVDOHqt3uzmV/tcCH2OCq47uvK/Qyicy jE4vbcQZE9gxluZ7sAb/AE7QKLwz52ypAyy7Lr2QtgFrvd9FkLoEEsJ/9 bqUW7AL9daf7kgtY/5A4nBy1e4ogGrHWNAGwu0x5C6sbdyC9d9AiSDjC3 0DrSZBOiA973Tftiszb0aeyX3UhcPm9dpM6yxWwKjutttlGWE+Ct3yGpN g==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236750500" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236750500" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 00:35:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="581208464" Received: from cheeyang-desk1.png.intel.com ([10.158.87.104]) by orsmga001.jf.intel.com with ESMTP; 17 Mar 2022 00:35:17 -0700 From: chee.yang.lee@intel.com To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 4/4] go: update to 1.16.15 Date: Thu, 17 Mar 2022 15:32:47 +0800 Message-Id: <20220317073247.4117889-4-chee.yang.lee@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317073247.4117889-1-chee.yang.lee@intel.com> References: <20220317073247.4117889-1-chee.yang.lee@intel.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 07:35:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163376 From: Chee Yang Lee go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and to the net package. Signed-off-by: Chee Yang Lee --- meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} | 4 ++-- ...o-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} | 4 ++-- ...cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} | 0 .../go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} | 0 .../go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} | 0 .../go/{go-native_1.16.14.bb => go-native_1.16.15.bb} | 0 .../go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} | 0 meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} (90%) rename meta/recipes-devtools/go/{go-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.16.14.bb => go-native_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.16.14.inc b/meta/recipes-devtools/go/go-1.16.15.inc similarity index 90% rename from meta/recipes-devtools/go/go-1.16.14.inc rename to meta/recipes-devtools/go/go-1.16.15.inc index c6445bccff..50772346df 100644 --- a/meta/recipes-devtools/go/go-1.16.14.inc +++ b/meta/recipes-devtools/go/go-1.16.15.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.14" +PV = "1.16.15" FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,7 +17,7 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56" +SRC_URI[main.sha256sum] = "90a08c689279e35f3865ba510998c33a63255c36089b3ec206c912fc0568c3d3" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.16.14.bb rename to meta/recipes-devtools/go/go-binary-native_1.16.15.bb index 419fc4ffcf..ba11ee5695 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0" -SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a" +SRC_URI[go_linux_amd64.sha256sum] = "77c782a633186d78c384f972fb113a43c24be0234c42fef22c2d8c4c4c8e7475" +SRC_URI[go_linux_arm64.sha256sum] = "c2f27f0ce5620a9bc2ff3446165d1974ef94e9b885ec12dbfa3c07e0e198b7ce" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-cross_1.16.14.bb b/meta/recipes-devtools/go/go-cross_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.16.14.bb rename to meta/recipes-devtools/go/go-cross_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.16.14.bb rename to meta/recipes-devtools/go/go-crosssdk_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-native_1.16.14.bb b/meta/recipes-devtools/go/go-native_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.16.14.bb rename to meta/recipes-devtools/go/go-native_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.16.14.bb b/meta/recipes-devtools/go/go-runtime_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.16.14.bb rename to meta/recipes-devtools/go/go-runtime_1.16.15.bb diff --git a/meta/recipes-devtools/go/go_1.16.14.bb b/meta/recipes-devtools/go/go_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.16.14.bb rename to meta/recipes-devtools/go/go_1.16.15.bb