summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-devtools/go/go-1.14.inc
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-devtools/go/go-1.14.inc')
-rw-r--r--poky/meta/recipes-devtools/go/go-1.14.inc9
1 files changed, 9 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/go/go-1.14.inc b/poky/meta/recipes-devtools/go/go-1.14.inc
index 3dfd671d11..abc6f42184 100644
--- a/poky/meta/recipes-devtools/go/go-1.14.inc
+++ b/poky/meta/recipes-devtools/go/go-1.14.inc
@@ -16,6 +16,15 @@ SRC_URI += "\
file://0006-cmd-dist-separate-host-and-target-builds.patch \
file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+ file://CVE-2021-34558.patch \
+ file://CVE-2021-33196.patch \
+ file://CVE-2021-33197.patch \
"
SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
SRC_URI[main.sha256sum] = "7ed13b2209e54a451835997f78035530b331c5b6943cdcd68a3d815fdc009149"
+
+# Upstream don't believe it is a signifiant real world issue and will only
+# fix in 1.17 onwards where we can drop this.
+# https://github.com/golang/go/issues/30999#issuecomment-910470358
+CVE_CHECK_WHITELIST += "CVE-2021-29923"
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-12 04:34:32 +0300