go: fix and ignore several CVEs

backport fixes: CVE-2021-27918 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 ignore: CVE-2022-29526 CVE-2022-30634 (From OE-Core rev: ddb09ccc3caebbd3cf643bb3bb3c198845050c69) Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chee Yang Lee <chee.yang.lee@intel.com> 2022-09-14 23:14:49 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-16 18:41:14 +0100
commit: 2fa8edea5a7842beaa77f6e0bc90e57230275967 (patch)
tree: 7b4f71f34d49691cbe33592ec440ef25c2570908 /meta/recipes-devtools/go/go-1.14.inc
parent: e49990f01e52a33f041341a4d492aee3db2ebd0a (diff)
download: poky-2fa8edea5a7842beaa77f6e0bc90e57230275967.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc
index 1458a11b3f..af6345205e 100644
--- a/meta/recipes-devtools/go/go-1.14.inc
+++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -32,6 +32,10 @@ SRC_URI += "\
    file://CVE-2022-30635.patch \
    file://CVE-2022-32148.patch \
    file://CVE-2022-32189.patch \
+    file://CVE-2021-27918.patch \
+    file://CVE-2021-36221.patch \
+    file://CVE-2021-39293.patch \
+    file://CVE-2021-41771.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
@@ -42,3 +46,9 @@ SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d8
 # https://github.com/golang/go/issues/30999#issuecomment-910470358
 CVE_CHECK_WHITELIST += "CVE-2021-29923"
+# this issue affected go1.15 onwards
+# https://security-tracker.debian.org/tracker/CVE-2022-29526
+CVE_CHECK_WHITELIST += "CVE-2022-29526"
+# Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2022-30634"
author	Chee Yang Lee <chee.yang.lee@intel.com>	2022-09-14 23:14:49 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-16 18:41:14 +0100
commit	2fa8edea5a7842beaa77f6e0bc90e57230275967 (patch)
tree	7b4f71f34d49691cbe33592ec440ef25c2570908 /meta/recipes-devtools/go/go-1.14.inc
parent	e49990f01e52a33f041341a4d492aee3db2ebd0a (diff)
download	poky-2fa8edea5a7842beaa77f6e0bc90e57230275967.tar.gz

diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 1458a11b3f..af6345205e 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc
@@ -32,6 +32,10 @@ SRC_URI += "\
32	file://CVE-2022-30635.patch \	32	file://CVE-2022-30635.patch \
33	file://CVE-2022-32148.patch \	33	file://CVE-2022-32148.patch \
34	file://CVE-2022-32189.patch \	34	file://CVE-2022-32189.patch \
		35	file://CVE-2021-27918.patch \
		36	file://CVE-2021-36221.patch \
		37	file://CVE-2021-39293.patch \
		38	file://CVE-2021-41771.patch \
35	"	39	"
36		40
37	SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"	41	SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
@@ -42,3 +46,9 @@ SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d8
42	# https://github.com/golang/go/issues/30999#issuecomment-910470358	46	# https://github.com/golang/go/issues/30999#issuecomment-910470358
43	CVE_CHECK_WHITELIST += "CVE-2021-29923"	47	CVE_CHECK_WHITELIST += "CVE-2021-29923"
44		48
		49	# this issue affected go1.15 onwards
		50	# https://security-tracker.debian.org/tracker/CVE-2022-29526
		51	CVE_CHECK_WHITELIST += "CVE-2022-29526"
		52
		53	# Issue only on windows
		54	CVE_CHECK_WHITELIST += "CVE-2022-30634"