[dunfell] go: update 1.14.4 -> 1.14.6

Includes security Fixes for CVE-2020-14039 and CVE-2020-15586

(cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
(cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
(cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta/recipes-devtools/go/go-1.14.inc | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Zhixiong Chi submitted a patch today to fix CVE-2020-16845.

I don't see that referenced in your patch, so I assume we'll need to
take both patches.

Will do an autobuilder test this morning with both applied.

Steve

On Tue, Aug 11, 2020 at 8:17 AM Khem Raj <raj.khem@gmail.com> wrote:
>
> Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
>
> (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
> (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
> (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
>  meta/recipes-devtools/go/go-1.14.inc | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> index c52593db6b..64c2768f7e 100644
> --- a/meta/recipes-devtools/go/go-1.14.inc
> +++ b/meta/recipes-devtools/go/go-1.14.inc
> @@ -1,7 +1,7 @@
>  require go-common.inc
>
>  GO_BASEVERSION = "1.14"
> -GO_MINOR = ".1"
> +GO_MINOR = ".6"
>  PV .= "${GO_MINOR}"
>  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
>
> @@ -18,5 +18,4 @@ SRC_URI += "\
>      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
>  "
>  SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> -
> -SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
> +SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
> --
> 2.28.0
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141381): https://lists.openembedded.org/g/openembedded-core/message/141381
Mute This Topic: https://lists.openembedded.org/mt/76132217/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman <steve@sakoman.com> wrote:
>
> Zhixiong Chi submitted a patch today to fix CVE-2020-16845.
>
> I don't see that referenced in your patch, so I assume we'll need to
> take both patches.

right that will come with 1.14.7 update which is not yet proposed, so
I guess we should do that in master and then backport it to dunfell
instead as a follow up
I will send upgrade patch to oe-core/master

>
> Will do an autobuilder test this morning with both applied.
>
> Steve
>
> On Tue, Aug 11, 2020 at 8:17 AM Khem Raj <raj.khem@gmail.com> wrote:
> >
> > Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
> >
> > (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
> > (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
> > (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
> >
> > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > ---
> >  meta/recipes-devtools/go/go-1.14.inc | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> > index c52593db6b..64c2768f7e 100644
> > --- a/meta/recipes-devtools/go/go-1.14.inc
> > +++ b/meta/recipes-devtools/go/go-1.14.inc
> > @@ -1,7 +1,7 @@
> >  require go-common.inc
> >
> >  GO_BASEVERSION = "1.14"
> > -GO_MINOR = ".1"
> > +GO_MINOR = ".6"
> >  PV .= "${GO_MINOR}"
> >  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
> >
> > @@ -18,5 +18,4 @@ SRC_URI += "\
> >      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
> >  "
> >  SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> > -
> > -SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
> > +SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
> > --
> > 2.28.0
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141385): https://lists.openembedded.org/g/openembedded-core/message/141385
Mute This Topic: https://lists.openembedded.org/mt/76132217/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Tue, Aug 11, 2020 at 8:36 AM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman <steve@sakoman.com> wrote:
> >
> > Zhixiong Chi submitted a patch today to fix CVE-2020-16845.
> >
> > I don't see that referenced in your patch, so I assume we'll need to
> > take both patches.
>
> right that will come with 1.14.7 update which is not yet proposed, so
> I guess we should do that in master and then backport it to dunfell
> instead as a follow up
> I will send upgrade patch to oe-core/master

No need, he's already submitted patches for master, dunfell, and zeus.

Steve


> > Will do an autobuilder test this morning with both applied.
> >
> > Steve
> >
> > On Tue, Aug 11, 2020 at 8:17 AM Khem Raj <raj.khem@gmail.com> wrote:
> > >
> > > Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
> > >
> > > (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
> > > (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
> > > (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
> > >
> > > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > > ---
> > >  meta/recipes-devtools/go/go-1.14.inc | 5 ++---
> > >  1 file changed, 2 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> > > index c52593db6b..64c2768f7e 100644
> > > --- a/meta/recipes-devtools/go/go-1.14.inc
> > > +++ b/meta/recipes-devtools/go/go-1.14.inc
> > > @@ -1,7 +1,7 @@
> > >  require go-common.inc
> > >
> > >  GO_BASEVERSION = "1.14"
> > > -GO_MINOR = ".1"
> > > +GO_MINOR = ".6"
> > >  PV .= "${GO_MINOR}"
> > >  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
> > >
> > > @@ -18,5 +18,4 @@ SRC_URI += "\
> > >      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
> > >  "
> > >  SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> > > -
> > > -SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
> > > +SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
> > > --
> > > 2.28.0
> > >
> > >
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141386): https://lists.openembedded.org/g/openembedded-core/message/141386
Mute This Topic: https://lists.openembedded.org/mt/76132217/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Tue, Aug 11, 2020 at 11:45 AM Steve Sakoman <sakoman@gmail.com> wrote:
>
> On Tue, Aug 11, 2020 at 8:36 AM Khem Raj <raj.khem@gmail.com> wrote:
> >
> > On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman <steve@sakoman.com> wrote:
> > >
> > > Zhixiong Chi submitted a patch today to fix CVE-2020-16845.
> > >
> > > I don't see that referenced in your patch, so I assume we'll need to
> > > take both patches.
> >
> > right that will come with 1.14.7 update which is not yet proposed, so
> > I guess we should do that in master and then backport it to dunfell
> > instead as a follow up
> > I will send upgrade patch to oe-core/master
>
> No need, he's already submitted patches for master, dunfell, and zeus.
>

I was talking about upgrading go to 1.14.7 see [1] which should
address the CVE too

[1] https://patchwork.openembedded.org/patch/175232/

> Steve
>
>
> > > Will do an autobuilder test this morning with both applied.
> > >
> > > Steve
> > >
> > > On Tue, Aug 11, 2020 at 8:17 AM Khem Raj <raj.khem@gmail.com> wrote:
> > > >
> > > > Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
> > > >
> > > > (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
> > > > (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
> > > > (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
> > > >
> > > > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > > > ---
> > > >  meta/recipes-devtools/go/go-1.14.inc | 5 ++---
> > > >  1 file changed, 2 insertions(+), 3 deletions(-)
> > > >
> > > > diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> > > > index c52593db6b..64c2768f7e 100644
> > > > --- a/meta/recipes-devtools/go/go-1.14.inc
> > > > +++ b/meta/recipes-devtools/go/go-1.14.inc
> > > > @@ -1,7 +1,7 @@
> > > >  require go-common.inc
> > > >
> > > >  GO_BASEVERSION = "1.14"
> > > > -GO_MINOR = ".1"
> > > > +GO_MINOR = ".6"
> > > >  PV .= "${GO_MINOR}"
> > > >  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
> > > >
> > > > @@ -18,5 +18,4 @@ SRC_URI += "\
> > > >      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
> > > >  "
> > > >  SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> > > > -
> > > > -SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
> > > > +SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
> > > > --
> > > > 2.28.0
> > > >
> > > >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141388): https://lists.openembedded.org/g/openembedded-core/message/141388
Mute This Topic: https://lists.openembedded.org/mt/76132217/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-

Ah, OK, I understand now.

Steve

On Tue, Aug 11, 2020 at 8:50 AM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Tue, Aug 11, 2020 at 11:45 AM Steve Sakoman <sakoman@gmail.com> wrote:
> >
> > On Tue, Aug 11, 2020 at 8:36 AM Khem Raj <raj.khem@gmail.com> wrote:
> > >
> > > On Tue, Aug 11, 2020 at 11:27 AM Steve Sakoman <steve@sakoman.com> wrote:
> > > >
> > > > Zhixiong Chi submitted a patch today to fix CVE-2020-16845.
> > > >
> > > > I don't see that referenced in your patch, so I assume we'll need to
> > > > take both patches.
> > >
> > > right that will come with 1.14.7 update which is not yet proposed, so
> > > I guess we should do that in master and then backport it to dunfell
> > > instead as a follow up
> > > I will send upgrade patch to oe-core/master
> >
> > No need, he's already submitted patches for master, dunfell, and zeus.
> >
>
> I was talking about upgrading go to 1.14.7 see [1] which should
> address the CVE too
>
> [1] https://patchwork.openembedded.org/patch/175232/
>
> > Steve
> >
> >
> > > > Will do an autobuilder test this morning with both applied.
> > > >
> > > > Steve
> > > >
> > > > On Tue, Aug 11, 2020 at 8:17 AM Khem Raj <raj.khem@gmail.com> wrote:
> > > > >
> > > > > Includes security Fixes for CVE-2020-14039 and CVE-2020-15586
> > > > >
> > > > > (cherry picked from commit 97d5c2d1f2dffe2518f46bbe57cb9348eb59c633)
> > > > > (cherry picked from commit 6591d269792fe864d7af4e379035f1cebc4510f5)
> > > > > (cherry picked from commit c9011d04eb624aeabf5d707e88de80137bcc2eb1)
> > > > >
> > > > > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > > > > ---
> > > > >  meta/recipes-devtools/go/go-1.14.inc | 5 ++---
> > > > >  1 file changed, 2 insertions(+), 3 deletions(-)
> > > > >
> > > > > diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> > > > > index c52593db6b..64c2768f7e 100644
> > > > > --- a/meta/recipes-devtools/go/go-1.14.inc
> > > > > +++ b/meta/recipes-devtools/go/go-1.14.inc
> > > > > @@ -1,7 +1,7 @@
> > > > >  require go-common.inc
> > > > >
> > > > >  GO_BASEVERSION = "1.14"
> > > > > -GO_MINOR = ".1"
> > > > > +GO_MINOR = ".6"
> > > > >  PV .= "${GO_MINOR}"
> > > > >  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
> > > > >
> > > > > @@ -18,5 +18,4 @@ SRC_URI += "\
> > > > >      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
> > > > >  "
> > > > >  SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> > > > > -
> > > > > -SRC_URI[main.sha256sum] = "2ad2572115b0d1b4cb4c138e6b3a31cee6294cb48af75ee86bec3dca04507676"
> > > > > +SRC_URI[main.sha256sum] = "73fc9d781815d411928eccb92bf20d5b4264797be69410eac854babe44c94c09"
> > > > > --
> > > > > 2.28.0
> > > > >
> > > > >
> > >
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#141389): https://lists.openembedded.org/g/openembedded-core/message/141389
Mute This Topic: https://lists.openembedded.org/mt/76132217/3617530
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-