1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
new file mode 100644
index 0000000000..369eca581e
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
@@ -0,0 +1,38 @@
+From 1008486a9ff979dbd21c7466eeb6abf378f9c637 Mon Sep 17 00:00:00 2001
+From: Ian Lance Taylor <iant@golang.org>
+Date: Tue, 6 Jun 2023 12:51:17 -0700
+Subject: [PATCH] [release-branch.go1.20] cmd/cgo: correct _cgo_flags output
+For #60306
+For #60514
+Change-Id: I3f5d14aee7d7195030e8872e42b1d97aa11d3582
+Reviewed-on: https://go-review.googlesource.com/c/go/+/501298
+Run-TryBot: Ian Lance Taylor <iant@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: David Chase <drchase@google.com>
+Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
+---
+Upstream-Status: Backport [https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637]
+CVE: CVE-2023-29405
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+ src/cmd/cgo/out.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
+index d0c6fe3d4c2c2..a48f52105628a 100644
+--- a/src/cmd/cgo/out.go
+++ b/src/cmd/cgo/out.go
+@@ -48,7 +48,7 @@ func (p *Package) writeDefs() {
+        fflg := creat(*objDir + "_cgo_flags")
+        for k, v := range p.CgoFlags {
+                for _, arg := range v {
+-                       fmt.Fprintf(fflg, "_CGO_%s=%s\n", arg)
+                       fmt.Fprintf(fflg, "_CGO_%s=%s\n", k, arg)
+                }
+                if k == "LDFLAGS" && !*gccgo {
+                        for _, arg := range v {

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch new file mode 100644 index 0000000000..369eca581e --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29405-2.patch
@@ -0,0 +1,38 @@
	1	From 1008486a9ff979dbd21c7466eeb6abf378f9c637 Mon Sep 17 00:00:00 2001
	2	From: Ian Lance Taylor <iant@golang.org>
	3	Date: Tue, 6 Jun 2023 12:51:17 -0700
	4	Subject: [PATCH] [release-branch.go1.20] cmd/cgo: correct _cgo_flags output
	5
	6	For #60306
	7	For #60514
	8
	9	Change-Id: I3f5d14aee7d7195030e8872e42b1d97aa11d3582
	10	Reviewed-on: https://go-review.googlesource.com/c/go/+/501298
	11	Run-TryBot: Ian Lance Taylor <iant@golang.org>
	12	TryBot-Result: Gopher Robot <gobot@golang.org>
	13	Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
	14	Reviewed-by: David Chase <drchase@google.com>
	15	Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
	16	---
	17
	18	Upstream-Status: Backport [https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637]
	19	CVE: CVE-2023-29405
	20	Signed-off-by: Ashish Sharma <asharma@mvista.com>
	21
	22
	23	src/cmd/cgo/out.go \| 2 +-
	24	1 file changed, 1 insertion(+), 1 deletion(-)
	25
	26	diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go
	27	index d0c6fe3d4c2c2..a48f52105628a 100644
	28	--- a/src/cmd/cgo/out.go
	29	+++ b/src/cmd/cgo/out.go
	30	@@ -48,7 +48,7 @@ func (p *Package) writeDefs() {
	31	fflg := creat(*objDir + "_cgo_flags")
	32	for k, v := range p.CgoFlags {
	33	for _, arg := range v {
	34	- fmt.Fprintf(fflg, "_CGO_%s=%s\n", arg)
	35	+ fmt.Fprintf(fflg, "_CGO_%s=%s\n", k, arg)
	36	}
	37	if k == "LDFLAGS" && !*gccgo {
	38	for _, arg := range v {