[gatesgarth] go: 1.15.2 -> 1.15.6

Submitted by khairul.rohaizzat.jamaluddin@intel.com on Dec. 14, 2020, 1:53 a.m. | Patch ID: 178949

Details

Message ID 1607910781-88071-1-git-send-email-khairul.rohaizzat.jamaluddin@intel.com
State New
Headers show

Commit Message

khairul.rohaizzat.jamaluddin@intel.com Dec. 14, 2020, 1:53 a.m.
From: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>


update minor version to 1.15.6

go-1.15.3 includes fixes to cgo, the compiler, runtime, the go command, and the bytes, plugin, and testing packages.
go-1.15.4 includes fixes to cgo, the compiler, linker, runtime, and the compress/flate, net/http, reflect, and time packages.
go-1.15.5 includes security fixes to the go command and the math/big package.
go-1.15.6 includes fixes to the compiler, linker, runtime, the go command, and the io package.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-28362
https://nvd.nist.gov/vuln/detail/CVE-2020-28366
https://nvd.nist.gov/vuln/detail/CVE-2020-28367
https://golang.org/doc/devel/release.html#go1.15.minor

Updates includes fix for:
CVE-2020-28362
CVE-2020-28366
CVE-2020-28367

Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>

---
 meta/recipes-devtools/go/go-1.15.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#145499): https://lists.openembedded.org/g/openembedded-core/message/145499
Mute This Topic: https://lists.openembedded.org/mt/78942223/1003190
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mhalstead@linuxfoundation.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patch hide | download patch | download mbox

diff --git a/meta/recipes-devtools/go/go-1.15.inc b/meta/recipes-devtools/go/go-1.15.inc
index 97d748b..c5e3fe0 100644
--- a/meta/recipes-devtools/go/go-1.15.inc
+++ b/meta/recipes-devtools/go/go-1.15.inc
@@ -1,7 +1,7 @@ 
 require go-common.inc
 
 GO_BASEVERSION = "1.15"
-GO_MINOR = ".2"
+GO_MINOR = ".6"
 PV .= "${GO_MINOR}"
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
@@ -17,4 +17,4 @@  SRC_URI += "\
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
 "
-SRC_URI[main.sha256sum] = "28bf9d0bcde251011caae230a4a05d917b172ea203f2a62f2c2f9533589d4b4d"
+SRC_URI[main.sha256sum] = "890bba73c5e2b19ffb1180e385ea225059eb008eb91b694875dd86ea48675817"

Comments

Anuj Mittal Dec. 14, 2020, 4:15 a.m.
Hi Khairul

On Mon, 2020-12-14 at 09:53 +0800, Jamaluddin, Khairul Rohaizzat wrote:
> From: Khairul Rohaizzat Jamaluddin <

> khairul.rohaizzat.jamaluddin@intel.com>

> 

> update minor version to 1.15.6

> 

> go-1.15.3 includes fixes to cgo, the compiler, runtime, the go

> command, and the bytes, plugin, and testing packages.

> go-1.15.4 includes fixes to cgo, the compiler, linker, runtime, and

> the compress/flate, net/http, reflect, and time packages.

> go-1.15.5 includes security fixes to the go command and the math/big

> package.


master has 1.15.5 so I would like to cherry-pick those updates from
master instead.

> go-1.15.6 includes fixes to the compiler, linker, runtime, the go

> command, and the io package.


I will cherry-pick 1.15.6 update that you've sent for master once that
is merged there.

Thanks,

Anuj

> 

> References:

> https://nvd.nist.gov/vuln/detail/CVE-2020-28362

> https://nvd.nist.gov/vuln/detail/CVE-2020-28366

> https://nvd.nist.gov/vuln/detail/CVE-2020-28367

> https://golang.org/doc/devel/release.html#go1.15.minor

> 

> Updates includes fix for:

> CVE-2020-28362

> CVE-2020-28366

> CVE-2020-28367

> 

> Signed-off-by: Khairul Rohaizzat Jamaluddin < 

> khairul.rohaizzat.jamaluddin@intel.com>

> ---

>  meta/recipes-devtools/go/go-1.15.inc | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

> 

> diff --git a/meta/recipes-devtools/go/go-1.15.inc b/meta/recipes-

> devtools/go/go-1.15.inc

> index 97d748b..c5e3fe0 100644

> --- a/meta/recipes-devtools/go/go-1.15.inc

> +++ b/meta/recipes-devtools/go/go-1.15.inc

> @@ -1,7 +1,7 @@

>  require go-common.inc

>  

>  GO_BASEVERSION = "1.15"

> -GO_MINOR = ".2"

> +GO_MINOR = ".6"

>  PV .= "${GO_MINOR}"

>  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"

>  

> @@ -17,4 +17,4 @@ SRC_URI += "\

>      file://0007-cmd-go-make-GOROOT-precious-by-default.patch \

>      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \

>  "

> -SRC_URI[main.sha256sum] =

> "28bf9d0bcde251011caae230a4a05d917b172ea203f2a62f2c2f9533589d4b4d"

> +SRC_URI[main.sha256sum] =

> "890bba73c5e2b19ffb1180e385ea225059eb008eb91b694875dd86ea48675817"

> 

> 

>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#145523): https://lists.openembedded.org/g/openembedded-core/message/145523
Mute This Topic: https://lists.openembedded.org/mt/78942223/1003190
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mhalstead@linuxfoundation.org]
-=-=-=-=-=-=-=-=-=-=-=-
khairul.rohaizzat.jamaluddin@intel.com Dec. 14, 2020, 6:40 a.m.
Hi Anuj,

Duly noted. Please do proceed as needed.

Thank you & Kind regards,
Khairul

-----Original Message-----
From: Mittal, Anuj <anuj.mittal@intel.com> 

Sent: Monday, December 14, 2020 12:15 PM
To: openembedded-core@lists.openembedded.org; Jamaluddin, Khairul Rohaizzat <khairul.rohaizzat.jamaluddin@intel.com>
Subject: Re: [OE-core] [PATCH][gatesgarth] go: 1.15.2 -> 1.15.6

Hi Khairul

On Mon, 2020-12-14 at 09:53 +0800, Jamaluddin, Khairul Rohaizzat wrote:
> From: Khairul Rohaizzat Jamaluddin <

> khairul.rohaizzat.jamaluddin@intel.com>

> 

> update minor version to 1.15.6

> 

> go-1.15.3 includes fixes to cgo, the compiler, runtime, the go 

> command, and the bytes, plugin, and testing packages.

> go-1.15.4 includes fixes to cgo, the compiler, linker, runtime, and 

> the compress/flate, net/http, reflect, and time packages.

> go-1.15.5 includes security fixes to the go command and the math/big 

> package.


master has 1.15.5 so I would like to cherry-pick those updates from master instead.

> go-1.15.6 includes fixes to the compiler, linker, runtime, the go 

> command, and the io package.


I will cherry-pick 1.15.6 update that you've sent for master once that is merged there.

Thanks,

Anuj

> 

> References:

> https://nvd.nist.gov/vuln/detail/CVE-2020-28362

> https://nvd.nist.gov/vuln/detail/CVE-2020-28366

> https://nvd.nist.gov/vuln/detail/CVE-2020-28367

> https://golang.org/doc/devel/release.html#go1.15.minor

> 

> Updates includes fix for:

> CVE-2020-28362

> CVE-2020-28366

> CVE-2020-28367

> 

> Signed-off-by: Khairul Rohaizzat Jamaluddin < 

> khairul.rohaizzat.jamaluddin@intel.com>

> ---

>  meta/recipes-devtools/go/go-1.15.inc | 4 ++--

>  1 file changed, 2 insertions(+), 2 deletions(-)

> 

> diff --git a/meta/recipes-devtools/go/go-1.15.inc b/meta/recipes- 

> devtools/go/go-1.15.inc index 97d748b..c5e3fe0 100644

> --- a/meta/recipes-devtools/go/go-1.15.inc

> +++ b/meta/recipes-devtools/go/go-1.15.inc

> @@ -1,7 +1,7 @@

>  require go-common.inc

>  

>  GO_BASEVERSION = "1.15"

> -GO_MINOR = ".2"

> +GO_MINOR = ".6"

>  PV .= "${GO_MINOR}"

>  FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"

>  

> @@ -17,4 +17,4 @@ SRC_URI += "\

>      file://0007-cmd-go-make-GOROOT-precious-by-default.patch \

>      file://0008-use-GOBUILDMODE-to-set-buildmode.patch \  "

> -SRC_URI[main.sha256sum] =

> "28bf9d0bcde251011caae230a4a05d917b172ea203f2a62f2c2f9533589d4b4d"

> +SRC_URI[main.sha256sum] =

> "890bba73c5e2b19ffb1180e385ea225059eb008eb91b694875dd86ea48675817"

> 

> 

>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#145528): https://lists.openembedded.org/g/openembedded-core/message/145528
Mute This Topic: https://lists.openembedded.org/mt/78942223/1003190
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [mhalstead@linuxfoundation.org]
-=-=-=-=-=-=-=-=-=-=-=-
khairul.rohaizzat.jamaluddin@intel.com Dec. 14, 2020, 6:43 a.m.
Hi Raj,

Duly noted.
The update to master have been submitted, waiting for review.
Anuj will be cherry picking the updates for gatesgarth with his submission afterward.
Apologies for the little confusion..

Thank you & Kind regards,
Khairul

From: Khem Raj <raj.khem@gmail.com>

Sent: Monday, December 14, 2020 11:37 AM
To: Jamaluddin, Khairul Rohaizzat <khairul.rohaizzat.jamaluddin@intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH][gatesgarth] go: 1.15.2 -> 1.15.6

Can you first update it on master and then do needed backport ?

On Sun, Dec 13, 2020 at 5:53 PM Jamaluddin, Khairul Rohaizzat <khairul.rohaizzat.jamaluddin@intel.com<mailto:khairul.rohaizzat.jamaluddin@intel.com>> wrote:
From: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com<mailto:khairul.rohaizzat.jamaluddin@intel.com>>


update minor version to 1.15.6

go-1.15.3 includes fixes to cgo, the compiler, runtime, the go command, and the bytes, plugin, and testing packages.
go-1.15.4 includes fixes to cgo, the compiler, linker, runtime, and the compress/flate, net/http, reflect, and time packages.
go-1.15.5 includes security fixes to the go command and the math/big package.
go-1.15.6 includes fixes to the compiler, linker, runtime, the go command, and the io package.

References:
https://nvd.nist.gov/vuln/detail/CVE-2020-28362
https://nvd.nist.gov/vuln/detail/CVE-2020-28366
https://nvd.nist.gov/vuln/detail/CVE-2020-28367
https://golang.org/doc/devel/release.html#go1.15.minor

Updates includes fix for:
CVE-2020-28362
CVE-2020-28366
CVE-2020-28367

Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com<mailto:khairul.rohaizzat.jamaluddin@intel.com>>

---
 meta/recipes-devtools/go/go-1.15.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--
2.7.4
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#145529): https://lists.openembedded.org/g/openembedded-core/message/145529
Mute This Topic: https://lists.openembedded.org/mt/78942223/3616849
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [michael@yoctoproject.org]
-=-=-=-=-=-=-=-=-=-=-=-