go: Fix CVE-2023-39323 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Libo Chen <libo.chen.cn@windriver.com>	2025-12-18 15:18:18 +0800
committer	Steve Sakoman <steve@sakoman.com>	2025-12-31 07:24:54 -0800
commit	9af12b047ec2e3b2d04c760be18e2f5cbfb5d5d3 (patch)
tree	ce1db61dd7d3ef5eb24a37fd6ed0d1a3bd694c9e /meta/recipes-devtools/python/python3
parent	652e8fc3b9d5c586ba291041c3d15d362c24b6ea (diff)
download	poky-9af12b047ec2e3b2d04c760be18e2f5cbfb5d5d3.tar.gz

go: Fix CVE-2023-39323

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. Made below changes for Go 1.17 backport: - drop the modifications of test codes References: https://nvd.nist.gov/vuln/detail/CVE-2023-39323 Upstream-patch: https://github.com/golang/go/commit/e7c142a19d8b3944c2f1b9ab7fd94c63d8d0c555 (From OE-Core rev: 62f4c3aec8f80a259472ce19104596d08741c101) Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: