From patchwork Mon Mar 21 13:40:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 5596 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D06D2C433F5 for ; Mon, 21 Mar 2022 13:40:38 +0000 (UTC) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.30466.1647870036256317774 for ; Mon, 21 Mar 2022 06:40:37 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=jgkdkAmb; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647870037; x=1679406037; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=+HDwbzP/eHDL2aGUo3WL98994oGSMIsv6vCYMnhk8sg=; b=jgkdkAmbWW9e2cU/JNwoH5S+JmzbBB9nT8eHjgCqsRxk3YWc41/wD73s Yk3p64WCMG6nk+j04il3pbyobGi/EVBqeICiQPcqzOAaVASKxsCALtMyO y163XFgQxbgo+PGZQJIxEceGqKhWfFSQSi8qGX28mAIF/jhtGsv/slJQU 6hrbJTu4PNKzTrA3DcrxWN1lmIRpSgo1N50M7c1f4vKcx/vQmODp/javd Kib3uBUXUBYhTITv9BBHbxqt7Mc9+3Wb9XRKMS2J7y0g0na5bZc5vucV1 P57vqDgzWnM5TIv79/XlbxLYEl25/03vlbvT7JnJHVDBS/FuACQ6s6zQo A==; X-IronPort-AV: E=McAfee;i="6200,9189,10292"; a="239711179" X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="239711179" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:37 -0700 X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="648567808" Received: from ttan5-mobl2.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.237.38]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:35 -0700 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 1/3] ghostscript: fix CVE-2021-3781 Date: Mon, 21 Mar 2022 21:40:24 +0800 Message-Id: X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 13:40:38 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163504 From: Chee Yang Lee Signed-off-by: Chee Yang Lee Signed-off-by: Anuj Mittal --- .../ghostscript/CVE-2021-3781.patch | 236 ++++++++++++++++++ .../ghostscript/ghostscript_9.54.0.bb | 1 + 2 files changed, 237 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch new file mode 100644 index 0000000000..27ef83bb85 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-3781.patch @@ -0,0 +1,236 @@ +From a9bd3dec9fde03327a4a2c69dad1036bf9632e20 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 7 Sep 2021 20:36:12 +0100 +Subject: [PATCH] Bug 704342: Include device specifier strings in access + validation + +for the "%pipe%", %handle%" and %printer% io devices. + +We previously validated only the part after the "%pipe%" Postscript device +specifier, but this proved insufficient. + +This rebuilds the original file name string, and validates it complete. The +slight complication for "%pipe%" is it can be reached implicitly using +"|" so we have to check both prefixes. + +Addresses CVE-2021-3781 + +Upstream-Status: Backport[https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20] +CVE: CVE-2021-3781 +Signed-off-by: Chee Yang Lee +--- + base/gdevpipe.c | 22 +++++++++++++++- + base/gp_mshdl.c | 11 +++++++- + base/gp_msprn.c | 10 ++++++- + base/gp_os2pr.c | 13 +++++++++- + base/gslibctx.c | 69 ++++++++++--------------------------------------- + 5 files changed, 65 insertions(+), 60 deletions(-) + +diff --git a/base/gdevpipe.c b/base/gdevpipe.c +index 96d71f5d8..5bdc485be 100644 +--- a/base/gdevpipe.c ++++ b/base/gdevpipe.c +@@ -72,8 +72,28 @@ pipe_fopen(gx_io_device * iodev, const char *fname, const char *access, + #else + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ /* The pipe device can be reached in two ways, explicltly with %pipe% ++ or implicitly with "|", so we have to check for both ++ */ ++ char f[gp_file_name_sizeof]; ++ const char *pipestr = "|"; ++ const size_t pipestrlen = strlen(pipestr); ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); ++ int code1; ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ code1 = gp_validate_path(mem, f, access); ++ ++ memcpy(f, pipestr, pipestrlen); ++ memcpy(f + pipestrlen, fname, nlen + 1); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (code1 != 0 && gp_validate_path(mem, f, access) != 0 ) + return gs_error_invalidfileaccess; + + /* +diff --git a/base/gp_mshdl.c b/base/gp_mshdl.c +index 2b964ed74..8d87ceadc 100644 +--- a/base/gp_mshdl.c ++++ b/base/gp_mshdl.c +@@ -95,8 +95,17 @@ mswin_handle_fopen(gx_io_device * iodev, const char *fname, const char *access, + long hfile; /* Correct for Win32, may be wrong for Win64 */ + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ char f[gp_file_name_sizeof]; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(f, iodev->dname, preflen); ++ memcpy(f + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, f, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_handle method. */ +diff --git a/base/gp_msprn.c b/base/gp_msprn.c +index ed4827968..746a974f7 100644 +--- a/base/gp_msprn.c ++++ b/base/gp_msprn.c +@@ -168,8 +168,16 @@ mswin_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + uintptr_t *ptid = &((tid_t *)(iodev->state))->tid; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const size_t nlen = strlen(fname); + +- if (gp_validate_path(mem, fname, access) != 0) ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(pname, iodev->dname, preflen); ++ memcpy(pname + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, pname, access) != 0) + return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ +diff --git a/base/gp_os2pr.c b/base/gp_os2pr.c +index f852c71fc..ba54cde66 100644 +--- a/base/gp_os2pr.c ++++ b/base/gp_os2pr.c +@@ -107,9 +107,20 @@ os2_printer_fopen(gx_io_device * iodev, const char *fname, const char *access, + FILE ** pfile, char *rfname, uint rnamelen) + { + os2_printer_t *pr = (os2_printer_t *)iodev->state; +- char driver_name[256]; ++ char driver_name[gp_file_name_sizeof]; + gs_lib_ctx_t *ctx = mem->gs_lib_ctx; + gs_fs_list_t *fs = ctx->core->fs; ++ const size_t preflen = strlen(iodev->dname); ++ const int size_t = strlen(fname); ++ ++ if (preflen + nlen >= gp_file_name_sizeof) ++ return_error(gs_error_invalidaccess); ++ ++ memcpy(driver_name, iodev->dname, preflen); ++ memcpy(driver_name + preflen, fname, nlen + 1); ++ ++ if (gp_validate_path(mem, driver_name, access) != 0) ++ return gs_error_invalidfileaccess; + + /* First we try the open_printer method. */ + /* Note that the loop condition here ensures we don't +diff --git a/base/gslibctx.c b/base/gslibctx.c +index 6dfed6cd5..318039fad 100644 +--- a/base/gslibctx.c ++++ b/base/gslibctx.c +@@ -655,82 +655,39 @@ rewrite_percent_specifiers(char *s) + int + gs_add_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ + rewrite_percent_specifiers(f); +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_add_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_add_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_add_control_path(mem, gs_permit_file_control, fp); ++ ++ code = gs_add_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_add_control_path(mem, gs_permit_file_writing, fp); ++ return gs_add_control_path(mem, gs_permit_file_writing, f); + } + + int + gs_remove_outputfile_control_path(gs_memory_t *mem, const char *fname) + { +- char *fp, f[gp_file_name_sizeof]; +- const int pipe = 124; /* ASCII code for '|' */ +- const int len = strlen(fname); +- int i, code; ++ char f[gp_file_name_sizeof]; ++ int code; + + /* Be sure the string copy will fit */ +- if (len >= gp_file_name_sizeof) ++ if (strlen(fname) >= gp_file_name_sizeof) + return gs_error_rangecheck; + strcpy(f, fname); +- fp = f; + /* Try to rewrite any %d (or similar) in the string */ +- for (i = 0; i < len; i++) { +- if (f[i] == pipe) { +- fp = &f[i + 1]; +- /* Because we potentially have to check file permissions at two levels +- for the output file (gx_device_open_output_file and the low level +- fopen API, if we're using a pipe, we have to add both the full string, +- (including the '|', and just the command to which we pipe - since at +- the pipe_fopen(), the leading '|' has been stripped. +- */ +- code = gs_remove_control_path(mem, gs_permit_file_writing, f); +- if (code < 0) +- return code; +- code = gs_remove_control_path(mem, gs_permit_file_control, f); +- if (code < 0) +- return code; +- break; +- } +- if (!IS_WHITESPACE(f[i])) +- break; +- } +- code = gs_remove_control_path(mem, gs_permit_file_control, fp); ++ rewrite_percent_specifiers(f); ++ ++ code = gs_remove_control_path(mem, gs_permit_file_control, f); + if (code < 0) + return code; +- return gs_remove_control_path(mem, gs_permit_file_writing, fp); ++ return gs_remove_control_path(mem, gs_permit_file_writing, f); + } + + int +-- +2.25.1 + diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb index d4442a4908..28d064a1a8 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb @@ -34,6 +34,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://avoid-host-contamination.patch \ file://mkdir-p.patch \ file://CVE-2021-45949.patch \ + file://CVE-2021-3781.patch \ " SRC_URI = "${SRC_URI_BASE} \ From patchwork Mon Mar 21 13:40:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 5597 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D91A6C433FE for ; Mon, 21 Mar 2022 13:40:39 +0000 (UTC) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.30466.1647870036256317774 for ; Mon, 21 Mar 2022 06:40:39 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Zq7YKD9M; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647870038; x=1679406038; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=vN1/s4zZmLF9sFsOsQBD3g1pcEG+gtrfNbIyDv6sGCo=; b=Zq7YKD9MzM+J2P/Hs+K+io94OElZPgQC+ylDJfJFNtNuAdwubIpiPAh+ BpWt4ZfToUO95ES5HMRfcWK/3Qb5fR1HHu9qgxEhsswOLVX0P0x4kaFP/ IpCYfyCwQyQyVN9u98ZOg2ATnWMINovJcnuG2MVRvU/mW8U8ctNsvUNin s6+Ax1B2d8t4cdh8stzZvoequRU76/8s7I7xGHmjqlGwm2alK4TfULyQq JuQrutInW5SrdKXSRz0esUFczW+RpovOVtiV/WhBjWLRDGRoBQpeP7dar zW4qTzQQTL6uJqxsqzAWkY3BwBWgR/9IAnOtF8artpwvEA9EDsTOBTQU1 g==; X-IronPort-AV: E=McAfee;i="6200,9189,10292"; a="239711186" X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="239711186" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:38 -0700 X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="648567816" Received: from ttan5-mobl2.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.237.38]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:37 -0700 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 2/3] go: upgrade 1.16.13 -> 1.16.14 Date: Mon, 21 Mar 2022 21:40:25 +0800 Message-Id: <676614ca3f72242f41263e793de104f3b324f5bb.1647869680.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 13:40:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163505 From: Sakib Sajal go 1.16.14 release includes fix for CVE-2022-23806. (From OE-Core rev: 7b5723ae41b7fcdc73a24f04ec0cda4fba8f8622) Signed-off-by: Sakib Sajal Signed-off-by: Anuj Mittal Signed-off-by: Richard Purdie Signed-off-by: Chee Yang Lee Signed-off-by: Anuj Mittal --- meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} | 4 ++-- ...o-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} | 4 ++-- ...cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} | 0 .../go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} | 0 .../go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} | 0 .../go/{go-native_1.16.13.bb => go-native_1.16.14.bb} | 0 .../go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} | 0 meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.16.13.inc => go-1.16.14.inc} (90%) rename meta/recipes-devtools/go/{go-binary-native_1.16.13.bb => go-binary-native_1.16.14.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.16.13.bb => go-cross-canadian_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.16.13.bb => go-cross_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.16.13.bb => go-crosssdk_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.16.13.bb => go-native_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.16.13.bb => go-runtime_1.16.14.bb} (100%) rename meta/recipes-devtools/go/{go_1.16.13.bb => go_1.16.14.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.16.13.inc b/meta/recipes-devtools/go/go-1.16.14.inc similarity index 90% rename from meta/recipes-devtools/go/go-1.16.13.inc rename to meta/recipes-devtools/go/go-1.16.14.inc index 46c6528dc4..c6445bccff 100644 --- a/meta/recipes-devtools/go/go-1.16.13.inc +++ b/meta/recipes-devtools/go/go-1.16.14.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.13" +PV = "1.16.14" FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,7 +17,7 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "b0926654eaeb01ef43816638f42d7b1681f2d3f41b9559f07735522b7afad41a" +SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.16.13.bb rename to meta/recipes-devtools/go/go-binary-native_1.16.14.bb index 6e498a17be..419fc4ffcf 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.16.13.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.16.14.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "275fc03c90c13b0bbff13125a43f1f7a9f9c00a0d5a9f2d5b16dbc2fa2c6e12a" -SRC_URI[go_linux_arm64.sha256sum] = "3dd8e14837105cbfedf7124c7f8c524ce492748c370036c7316ef99e18d116d7" +SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0" +SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.16.13.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-cross_1.16.13.bb b/meta/recipes-devtools/go/go-cross_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.16.13.bb rename to meta/recipes-devtools/go/go-cross_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.13.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.16.13.bb rename to meta/recipes-devtools/go/go-crosssdk_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-native_1.16.13.bb b/meta/recipes-devtools/go/go-native_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.16.13.bb rename to meta/recipes-devtools/go/go-native_1.16.14.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.16.13.bb b/meta/recipes-devtools/go/go-runtime_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.16.13.bb rename to meta/recipes-devtools/go/go-runtime_1.16.14.bb diff --git a/meta/recipes-devtools/go/go_1.16.13.bb b/meta/recipes-devtools/go/go_1.16.14.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.16.13.bb rename to meta/recipes-devtools/go/go_1.16.14.bb From patchwork Mon Mar 21 13:40:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mittal, Anuj" X-Patchwork-Id: 5598 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0D00C433EF for ; Mon, 21 Mar 2022 13:40:40 +0000 (UTC) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web08.30466.1647870036256317774 for ; Mon, 21 Mar 2022 06:40:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=bAUPeXJz; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: anuj.mittal@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647870040; x=1679406040; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=PaIjpPmS2C4U/G23ZJRV2FRFJfQDIzPcFYUgyeetRDc=; b=bAUPeXJzV/Rw2yA2mfMKrUwUx3NPzVnl+7jtZApXOUL5Jzo/PCGf1aYA 2jeH2wsl/4lNwbo9CRrN6fUpT8VBcgU7MpVx7NbGAyRJnKQS/UdeAyZHo ibfNEKdC9IxeqUAfy6LQmUIj3Vji8PqyRtWtQSqp6qHe95UpM1NcmgKU5 /XnoHWYMY+tIEAlgNGEf8PlCKj98egtD4jd/vynCiQGUhYBnp2/0ukb3a f5K4L6GSWhnygYjTXlxdvCgANHJw+t+zWziJBLkbsXRbft2P2lDt4P5Cu qw8xI2JjPUt8wwFfEu9rdRs2kxkjy67GRrnXrIY6fZ31G9+DPRrvLtuQW A==; X-IronPort-AV: E=McAfee;i="6200,9189,10292"; a="239711192" X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="239711192" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:40 -0700 X-IronPort-AV: E=Sophos;i="5.90,198,1643702400"; d="scan'208";a="648567824" Received: from ttan5-mobl2.gar.corp.intel.com (HELO anmitta2-mobl3.intel.com) ([10.215.237.38]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2022 06:40:38 -0700 From: Anuj Mittal To: openembedded-core@lists.openembedded.org Subject: [honister][PATCH 3/3] go: update to 1.16.15 Date: Mon, 21 Mar 2022 21:40:26 +0800 Message-Id: <685555947d91cfab6db45bca93419bd2f627e294.1647869680.git.anuj.mittal@intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Mar 2022 13:40:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/163506 From: Chee Yang Lee go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and to the net package. Signed-off-by: Chee Yang Lee Signed-off-by: Anuj Mittal --- meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} | 4 ++-- ...o-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} | 4 ++-- ...cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} | 0 .../go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} | 0 .../go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} | 0 .../go/{go-native_1.16.14.bb => go-native_1.16.15.bb} | 0 .../go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} | 0 meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} | 0 8 files changed, 4 insertions(+), 4 deletions(-) rename meta/recipes-devtools/go/{go-1.16.14.inc => go-1.16.15.inc} (90%) rename meta/recipes-devtools/go/{go-binary-native_1.16.14.bb => go-binary-native_1.16.15.bb} (83%) rename meta/recipes-devtools/go/{go-cross-canadian_1.16.14.bb => go-cross-canadian_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.16.14.bb => go-cross_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.16.14.bb => go-crosssdk_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-native_1.16.14.bb => go-native_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.16.14.bb => go-runtime_1.16.15.bb} (100%) rename meta/recipes-devtools/go/{go_1.16.14.bb => go_1.16.15.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.16.14.inc b/meta/recipes-devtools/go/go-1.16.15.inc similarity index 90% rename from meta/recipes-devtools/go/go-1.16.14.inc rename to meta/recipes-devtools/go/go-1.16.15.inc index c6445bccff..50772346df 100644 --- a/meta/recipes-devtools/go/go-1.16.14.inc +++ b/meta/recipes-devtools/go/go-1.16.15.inc @@ -1,7 +1,7 @@ require go-common.inc GO_BASEVERSION = "1.16" -PV = "1.16.14" +PV = "1.16.15" FILESEXTRAPATHS:prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:" LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" @@ -17,7 +17,7 @@ SRC_URI += "\ file://0008-use-GOBUILDMODE-to-set-buildmode.patch \ file://0009-Revert-cmd-go-make-sure-CC-and-CXX-are-absolute.patch \ " -SRC_URI[main.sha256sum] = "467898cd3a216de54dcb9014f541efe77e9b79a7154dbc1fd2dd778b0c63fb56" +SRC_URI[main.sha256sum] = "90a08c689279e35f3865ba510998c33a63255c36089b3ec206c912fc0568c3d3" # Upstream don't believe it is a signifiant real world issue and will only # fix in 1.17 onwards where we can drop this. diff --git a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb similarity index 83% rename from meta/recipes-devtools/go/go-binary-native_1.16.14.bb rename to meta/recipes-devtools/go/go-binary-native_1.16.15.bb index 419fc4ffcf..ba11ee5695 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.16.14.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.16.15.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" PROVIDES = "go-native" SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "f4f5f02eb6809ac5bf19b5ad517b23504fd5fc036f6487651968ad36aa7a20e0" -SRC_URI[go_linux_arm64.sha256sum] = "5e59056e36704acb25809bcdb27191f27593cb7aba4d716b523008135a1e764a" +SRC_URI[go_linux_amd64.sha256sum] = "77c782a633186d78c384f972fb113a43c24be0234c42fef22c2d8c4c4c8e7475" +SRC_URI[go_linux_arm64.sha256sum] = "c2f27f0ce5620a9bc2ff3446165d1974ef94e9b885ec12dbfa3c07e0e198b7ce" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb b/meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.16.14.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-cross_1.16.14.bb b/meta/recipes-devtools/go/go-cross_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.16.14.bb rename to meta/recipes-devtools/go/go-cross_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.16.14.bb b/meta/recipes-devtools/go/go-crosssdk_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.16.14.bb rename to meta/recipes-devtools/go/go-crosssdk_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-native_1.16.14.bb b/meta/recipes-devtools/go/go-native_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-native_1.16.14.bb rename to meta/recipes-devtools/go/go-native_1.16.15.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.16.14.bb b/meta/recipes-devtools/go/go-runtime_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.16.14.bb rename to meta/recipes-devtools/go/go-runtime_1.16.15.bb diff --git a/meta/recipes-devtools/go/go_1.16.14.bb b/meta/recipes-devtools/go/go_1.16.15.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.16.14.bb rename to meta/recipes-devtools/go/go_1.16.15.bb