| Message ID | 20220330154946.70352-1-davide.gardenal@huawei.com |
|---|---|
| State | Accepted, archived |
| Commit | e9e3c3969544d18f0da90a10156c40da84d5b549 |
| Headers | show |
| Series | [dunfell] go: backport patch fix for CVE-2021-38297 | expand |
Unfortunately this patch doesn't seem to apply:
Applying: go: backport patch fix for CVE-2021-38297
Using index info to reconstruct a base tree...
M meta/recipes-devtools/go/go-1.14.inc
.git/rebase-apply/patch:73: space before tab in indent.
offset += 8;
.git/rebase-apply/patch:74: space before tab in indent.
});
.git/rebase-apply/patch:75: trailing whitespace.
.git/rebase-apply/patch:83: space before tab in indent.
this._inst.exports.run(argc, argv);
.git/rebase-apply/patch:84: space before tab in indent.
if (this.exited) {
warning: squelched 13 whitespace errors
warning: 18 lines add whitespace errors.
Falling back to patching base and 3-way merge...
Auto-merging meta/recipes-devtools/go/go-1.14.inc
CONFLICT (content): Merge conflict in meta/recipes-devtools/go/go-1.14.inc
error: Failed to merge in the changes.
Patch failed at 0001 go: backport patch fix for CVE-2021-38297
hint: Use 'git am --show-current-patch' to see the failed patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
It appears that you haven't based your patch on the current dunfell
head -- you seem to be missing a couple of go CVE patches from last
month!
Steve
On Wed, Mar 30, 2022 at 5:50 AM Davide Gardenal
<davidegarde2000@gmail.com> wrote:
>
> Patch taken from
> https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> from the following issue
> https://github.com/golang/go/issues/48797
>
> Original repo
> https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4
>
> Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> ---
> meta/recipes-devtools/go/go-1.14.inc | 1 +
> .../go/go-1.14/CVE-2021-38297.patch | 94 +++++++++++++++++++
> 2 files changed, 95 insertions(+)
> create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
>
> diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
> index abc6f42184..947f1798ee 100644
> --- a/meta/recipes-devtools/go/go-1.14.inc
> +++ b/meta/recipes-devtools/go/go-1.14.inc
> @@ -19,6 +19,7 @@ SRC_URI += "\
> file://CVE-2021-34558.patch \
> file://CVE-2021-33196.patch \
> file://CVE-2021-33197.patch \
> + file://CVE-2021-38297.patch \
> "
> SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
> SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
> diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> new file mode 100644
> index 0000000000..0b5d0b591e
> --- /dev/null
> +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch
> @@ -0,0 +1,94 @@
> +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001
> +From: Michael Knyszek <mknyszek@google.com>
> +Date: Thu, 2 Sep 2021 16:51:59 -0400
> +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let
> + command line args overwrite global data
> +
> +On Wasm, wasm_exec.js puts command line arguments at the beginning
> +of the linear memory (following the "zero page"). Currently there
> +is no limit for this, and a very long command line can overwrite
> +the program's data section. Prevent this by limiting the command
> +line to 4096 bytes, and in the linker ensuring the data section
> +starts at a high enough address (8192).
> +
> +(Arguably our address assignment on Wasm is a bit confusing. This
> +is the minimum fix I can come up with.)
> +
> +Thanks to Ben Lubar for reporting this issue.
> +
> +Change by Cherry Mui <cherryyz@google.com>.
> +
> +For #48797
> +Fixes #48799
> +Fixes CVE-2021-38297
> +
> +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3
> +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933
> +Reviewed-by: Roland Shoemaker <bracewell@google.com>
> +Reviewed-by: Than McIntosh <thanm@google.com>
> +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591
> +Trust: Michael Knyszek <mknyszek@google.com>
> +Reviewed-by: Heschi Kreinick <heschi@google.com>
> +
> +CVE: CVE-2021-38297
> +
> +Upstream-Status: Backport:
> +https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564
> +
> +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
> +---
> + misc/wasm/wasm_exec.js | 7 +++++++
> + src/cmd/link/internal/ld/data.go | 11 ++++++++++-
> + 2 files changed, 17 insertions(+), 1 deletion(-)
> +
> +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js
> +index 82041e6bb901..a0a264278b1b 100644
> +--- a/misc/wasm/wasm_exec.js
> ++++ b/misc/wasm/wasm_exec.js
> +@@ -564,6 +564,13 @@
> + offset += 8;
> + });
> +
> ++ // The linker guarantees global data starts from at least wasmMinDataAddr.
> ++ // Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr.
> ++ const wasmMinDataAddr = 4096 + 4096;
> ++ if (offset >= wasmMinDataAddr) {
> ++ throw new Error("command line too long");
> ++ }
> ++
> + this._inst.exports.run(argc, argv);
> + if (this.exited) {
> + this._resolveExitPromise();
> +diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go
> +index 52035e96301c..54a1d188cdb9 100644
> +--- a/src/cmd/link/internal/ld/data.go
> ++++ b/src/cmd/link/internal/ld/data.go
> +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64
> + return sect, n, va
> + }
> +
> ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js
> ++// to store command line args. Data sections starts from at least address 8192.
> ++// Keep in sync with wasm_exec.js.
> ++const wasmMinDataAddr = 4096 + 4096
> ++
> + // address assigns virtual addresses to all segments and sections and
> + // returns all segments in file order.
> + func (ctxt *Link) address() []*sym.Segment {
> +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment {
> + order = append(order, &Segtext)
> + Segtext.Rwx = 05
> + Segtext.Vaddr = va
> +- for _, s := range Segtext.Sections {
> ++ for i, s := range Segtext.Sections {
> + va = uint64(Rnd(int64(va), int64(s.Align)))
> + s.Vaddr = va
> + va += s.Length
> ++
> ++ if ctxt.IsWasm() && i == 0 && va < wasmMinDataAddr {
> ++ va = wasmMinDataAddr
> ++ }
> + }
> +
> + Segtext.Length = va - uint64(*FlagTextAddr)
> +
> \ No newline at end of file
> --
> 2.32.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#163787): https://lists.openembedded.org/g/openembedded-core/message/163787
> Mute This Topic: https://lists.openembedded.org/mt/90134464/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
On Wed, Mar 30, 2022 at 6:16 AM Steve Sakoman via lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> wrote: > > Unfortunately this patch doesn't seem to apply: > > Applying: go: backport patch fix for CVE-2021-38297 > Using index info to reconstruct a base tree... > M meta/recipes-devtools/go/go-1.14.inc > .git/rebase-apply/patch:73: space before tab in indent. > offset += 8; > .git/rebase-apply/patch:74: space before tab in indent. > }); > .git/rebase-apply/patch:75: trailing whitespace. > > .git/rebase-apply/patch:83: space before tab in indent. > this._inst.exports.run(argc, argv); > .git/rebase-apply/patch:84: space before tab in indent. > if (this.exited) { > warning: squelched 13 whitespace errors > warning: 18 lines add whitespace errors. > Falling back to patching base and 3-way merge... > Auto-merging meta/recipes-devtools/go/go-1.14.inc > CONFLICT (content): Merge conflict in meta/recipes-devtools/go/go-1.14.inc > error: Failed to merge in the changes. > Patch failed at 0001 go: backport patch fix for CVE-2021-38297 > hint: Use 'git am --show-current-patch' to see the failed patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > > It appears that you haven't based your patch on the current dunfell > head -- you seem to be missing a couple of go CVE patches from last > month! And once I fixed the above issue the build failed: ERROR: go-native-1.14.15-r0 do_compile: Execution of '/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597' failed with exit code 2 ERROR: Logfile of failure stored in: /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/log.do_compile.2927597 Log data follows: | DEBUG: Executing shell function do_compile | Building Go cmd/dist using /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go. (go1.4-bootstrap-20170531 linux/amd64) | Building Go toolchain1 using /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go. | # bootstrap/cmd/link/internal/ld | /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go/src/cmd/link/internal/ld/data.go:2194[/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go/pkg/bootstrap/src/bootstrap/cmd/link/internal/ld/data.go:2198]: ctxt.IsWasm undefined (type *Link has no field or method IsWasm) | go tool dist: FAILED: /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/go1.4/go/bin/go install -gcflags=-l -tags=math_big_pure_go compiler_bootstrap bootstrap/cmd/...: exit status 2 | WARNING: /home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597:1 exit 2 from './make.bash --no-banner' | ERROR: Execution of '/home/steve/builds/poky-contrib/build/tmp/work/x86_64-linux/go-native/1.14.15-r0/temp/run.do_compile.2927597' failed with exit code 2 ERROR: Task (/home/steve/builds/poky-contrib/meta/recipes-devtools/go/go-native_1.14.bb:do_compile) failed with exit code '1' NOTE: Tasks Summary: Attempted 548 tasks of which 527 didn't need to be rerun and 1 failed. So it definitely looks like a v2 is required! > Steve > > On Wed, Mar 30, 2022 at 5:50 AM Davide Gardenal > <davidegarde2000@gmail.com> wrote: > > > > Patch taken from > > https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 > > from the following issue > > https://github.com/golang/go/issues/48797 > > > > Original repo > > https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4 > > > > Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > > --- > > meta/recipes-devtools/go/go-1.14.inc | 1 + > > .../go/go-1.14/CVE-2021-38297.patch | 94 +++++++++++++++++++ > > 2 files changed, 95 insertions(+) > > create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > > > > diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc > > index abc6f42184..947f1798ee 100644 > > --- a/meta/recipes-devtools/go/go-1.14.inc > > +++ b/meta/recipes-devtools/go/go-1.14.inc > > @@ -19,6 +19,7 @@ SRC_URI += "\ > > file://CVE-2021-34558.patch \ > > file://CVE-2021-33196.patch \ > > file://CVE-2021-33197.patch \ > > + file://CVE-2021-38297.patch \ > > " > > SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" > > SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" > > diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > > new file mode 100644 > > index 0000000000..0b5d0b591e > > --- /dev/null > > +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch > > @@ -0,0 +1,94 @@ > > +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001 > > +From: Michael Knyszek <mknyszek@google.com> > > +Date: Thu, 2 Sep 2021 16:51:59 -0400 > > +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let > > + command line args overwrite global data > > + > > +On Wasm, wasm_exec.js puts command line arguments at the beginning > > +of the linear memory (following the "zero page"). Currently there > > +is no limit for this, and a very long command line can overwrite > > +the program's data section. Prevent this by limiting the command > > +line to 4096 bytes, and in the linker ensuring the data section > > +starts at a high enough address (8192). > > + > > +(Arguably our address assignment on Wasm is a bit confusing. This > > +is the minimum fix I can come up with.) > > + > > +Thanks to Ben Lubar for reporting this issue. > > + > > +Change by Cherry Mui <cherryyz@google.com>. > > + > > +For #48797 > > +Fixes #48799 > > +Fixes CVE-2021-38297 > > + > > +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3 > > +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933 > > +Reviewed-by: Roland Shoemaker <bracewell@google.com> > > +Reviewed-by: Than McIntosh <thanm@google.com> > > +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591 > > +Trust: Michael Knyszek <mknyszek@google.com> > > +Reviewed-by: Heschi Kreinick <heschi@google.com> > > + > > +CVE: CVE-2021-38297 > > + > > +Upstream-Status: Backport: > > +https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 > > + > > +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> > > +--- > > + misc/wasm/wasm_exec.js | 7 +++++++ > > + src/cmd/link/internal/ld/data.go | 11 ++++++++++- > > + 2 files changed, 17 insertions(+), 1 deletion(-) > > + > > +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js > > +index 82041e6bb901..a0a264278b1b 100644 > > +--- a/misc/wasm/wasm_exec.js > > ++++ b/misc/wasm/wasm_exec.js > > +@@ -564,6 +564,13 @@ > > + offset += 8; > > + }); > > + > > ++ // The linker guarantees global data starts from at least wasmMinDataAddr. > > ++ // Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr. > > ++ const wasmMinDataAddr = 4096 + 4096; > > ++ if (offset >= wasmMinDataAddr) { > > ++ throw new Error("command line too long"); > > ++ } > > ++ > > + this._inst.exports.run(argc, argv); > > + if (this.exited) { > > + this._resolveExitPromise(); > > +diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go > > +index 52035e96301c..54a1d188cdb9 100644 > > +--- a/src/cmd/link/internal/ld/data.go > > ++++ b/src/cmd/link/internal/ld/data.go > > +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64 > > + return sect, n, va > > + } > > + > > ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js > > ++// to store command line args. Data sections starts from at least address 8192. > > ++// Keep in sync with wasm_exec.js. > > ++const wasmMinDataAddr = 4096 + 4096 > > ++ > > + // address assigns virtual addresses to all segments and sections and > > + // returns all segments in file order. > > + func (ctxt *Link) address() []*sym.Segment { > > +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment { > > + order = append(order, &Segtext) > > + Segtext.Rwx = 05 > > + Segtext.Vaddr = va > > +- for _, s := range Segtext.Sections { > > ++ for i, s := range Segtext.Sections { > > + va = uint64(Rnd(int64(va), int64(s.Align))) > > + s.Vaddr = va > > + va += s.Length > > ++ > > ++ if ctxt.IsWasm() && i == 0 && va < wasmMinDataAddr { > > ++ va = wasmMinDataAddr > > ++ } > > + } > > + > > + Segtext.Length = va - uint64(*FlagTextAddr) > > + > > \ No newline at end of file > > -- > > 2.32.0 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#163788): https://lists.openembedded.org/g/openembedded-core/message/163788 > Mute This Topic: https://lists.openembedded.org/mt/90134464/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index abc6f42184..947f1798ee 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc @@ -19,6 +19,7 @@ SRC_URI += "\ file://CVE-2021-34558.patch \ file://CVE-2021-33196.patch \ file://CVE-2021-33197.patch \ + file://CVE-2021-38297.patch \ " SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149" diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch new file mode 100644 index 0000000000..0b5d0b591e --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch @@ -0,0 +1,94 @@ +From 4548fcc8dfd933c237f29bba6f90040a85922564 Mon Sep 17 00:00:00 2001 +From: Michael Knyszek <mknyszek@google.com> +Date: Thu, 2 Sep 2021 16:51:59 -0400 +Subject: [PATCH] [release-branch.go1.16] misc/wasm, cmd/link: do not let + command line args overwrite global data + +On Wasm, wasm_exec.js puts command line arguments at the beginning +of the linear memory (following the "zero page"). Currently there +is no limit for this, and a very long command line can overwrite +the program's data section. Prevent this by limiting the command +line to 4096 bytes, and in the linker ensuring the data section +starts at a high enough address (8192). + +(Arguably our address assignment on Wasm is a bit confusing. This +is the minimum fix I can come up with.) + +Thanks to Ben Lubar for reporting this issue. + +Change by Cherry Mui <cherryyz@google.com>. + +For #48797 +Fixes #48799 +Fixes CVE-2021-38297 + +Change-Id: I0f50fbb2a5b6d0d047e3c134a88988d9133e4ab3 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1205933 +Reviewed-by: Roland Shoemaker <bracewell@google.com> +Reviewed-by: Than McIntosh <thanm@google.com> +Reviewed-on: https://go-review.googlesource.com/c/go/+/354591 +Trust: Michael Knyszek <mknyszek@google.com> +Reviewed-by: Heschi Kreinick <heschi@google.com> + +CVE: CVE-2021-38297 + +Upstream-Status: Backport: +https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 + +Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> +--- + misc/wasm/wasm_exec.js | 7 +++++++ + src/cmd/link/internal/ld/data.go | 11 ++++++++++- + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/misc/wasm/wasm_exec.js b/misc/wasm/wasm_exec.js +index 82041e6bb901..a0a264278b1b 100644 +--- a/misc/wasm/wasm_exec.js ++++ b/misc/wasm/wasm_exec.js +@@ -564,6 +564,13 @@ + offset += 8; + }); + ++ // The linker guarantees global data starts from at least wasmMinDataAddr. ++ // Keep in sync with cmd/link/internal/ld/data.go:wasmMinDataAddr. ++ const wasmMinDataAddr = 4096 + 4096; ++ if (offset >= wasmMinDataAddr) { ++ throw new Error("command line too long"); ++ } ++ + this._inst.exports.run(argc, argv); + if (this.exited) { + this._resolveExitPromise(); +diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go +index 52035e96301c..54a1d188cdb9 100644 +--- a/src/cmd/link/internal/ld/data.go ++++ b/src/cmd/link/internal/ld/data.go +@@ -2330,6 +2330,11 @@ func assignAddress(ctxt *Link, sect *sym.Section, n int, s loader.Sym, va uint64 + return sect, n, va + } + ++// On Wasm, we reserve 4096 bytes for zero page, then 4096 bytes for wasm_exec.js ++// to store command line args. Data sections starts from at least address 8192. ++// Keep in sync with wasm_exec.js. ++const wasmMinDataAddr = 4096 + 4096 ++ + // address assigns virtual addresses to all segments and sections and + // returns all segments in file order. + func (ctxt *Link) address() []*sym.Segment { +@@ -2339,10 +2344,14 @@ func (ctxt *Link) address() []*sym.Segment { + order = append(order, &Segtext) + Segtext.Rwx = 05 + Segtext.Vaddr = va +- for _, s := range Segtext.Sections { ++ for i, s := range Segtext.Sections { + va = uint64(Rnd(int64(va), int64(s.Align))) + s.Vaddr = va + va += s.Length ++ ++ if ctxt.IsWasm() && i == 0 && va < wasmMinDataAddr { ++ va = wasmMinDataAddr ++ } + } + + Segtext.Length = va - uint64(*FlagTextAddr) + \ No newline at end of file
Patch taken from https://github.com/golang/go/commit/4548fcc8dfd933c237f29bba6f90040a85922564 from the following issue https://github.com/golang/go/issues/48797 Original repo https://go.googlesource.com/go/+/77f2750f4398990eed972186706f160631d7dae4 Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> --- meta/recipes-devtools/go/go-1.14.inc | 1 + .../go/go-1.14/CVE-2021-38297.patch | 94 +++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2021-38297.patch