From a084693cf1f77e6ad9f9cb6322c6174d18e18eab Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 15 Apr 2022 23:27:14 +0800 Subject: [PATCH] golang: Update to 1.18.1 Includes fixes for: * CVE-2022-24675 - encoding/pem: stack overflow * CVE-2022-28327 - crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes This also adds -buildvcs=false to omit VCS information in Go programs. Signed-off-by: Jeffery To (cherry picked from commit 8c0477a89525422f633e9693cc1fe6192db785df) --- lang/golang/golang-package.mk | 1 + lang/golang/golang/Makefile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lang/golang/golang-package.mk b/lang/golang/golang-package.mk index 7d0a99dd1c..6b62e58878 100644 --- a/lang/golang/golang-package.mk +++ b/lang/golang/golang-package.mk @@ -238,6 +238,7 @@ GO_PKG_CUSTOM_LDFLAGS= \ GO_PKG_INSTALL_ARGS= \ -v \ + -buildvcs=false \ -trimpath \ -ldflags "all=$(GO_PKG_DEFAULT_LDFLAGS)" \ $(if $(GO_PKG_DEFAULT_GCFLAGS),-gcflags "all=$(GO_PKG_DEFAULT_GCFLAGS)") \ diff --git a/lang/golang/golang/Makefile b/lang/golang/golang/Makefile index 8bbe49cb82..8ad218c765 100644 --- a/lang/golang/golang/Makefile +++ b/lang/golang/golang/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk GO_VERSION_MAJOR_MINOR:=1.18 -GO_VERSION_PATCH:= +GO_VERSION_PATCH:=1 PKG_NAME:=golang PKG_VERSION:=$(GO_VERSION_MAJOR_MINOR)$(if $(GO_VERSION_PATCH),.$(GO_VERSION_PATCH)) @@ -20,7 +20,7 @@ GO_SOURCE_URLS:=https://dl.google.com/go/ \ PKG_SOURCE:=go$(PKG_VERSION).src.tar.gz PKG_SOURCE_URL:=$(GO_SOURCE_URLS) -PKG_HASH:=38f423db4cc834883f2b52344282fa7a39fbb93650dc62a11fdf0be6409bdad6 +PKG_HASH:=efd43e0f1402e083b73a03d444b7b6576bb4c539ac46208b63a916b69aca4088 PKG_MAINTAINER:=Jeffery To PKG_LICENSE:=BSD-3-Clause -- 2.30.2