From ecd238e6797d88d5d3671dffb65089402a9fa6f5 Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Mon, 9 Nov 2020 07:29:16 +0000
Subject: [PATCH 1/3] dev-lang: Upgrade Go 1.15.3 to 1.15.4

---
 .../src/third_party/coreos-overlay/dev-lang/go/Manifest         | 2 +-
 .../dev-lang/go/{go-1.15.3.ebuild => go-1.15.4.ebuild}          | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/dev-lang/go/{go-1.15.3.ebuild => go-1.15.4.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
index 4a5f2119fb..071fb09329 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
@@ -1,5 +1,5 @@
 DIST go1.12.17.src.tar.gz 20725913 BLAKE2B 2eef7374195302656268a42409619445dfeb3ede1f9218ae4eab195916876b97f7510cc62585a0bfdd9f86dddf8a74000032a84b29bc9891d84fc69db94f0274 SHA512 069f8f445d9d2268ebb14b2446fab34843d56283c04561636d122fd8b4c1ea0b63640a84437db7a7be71039440ffe170cd3f8025b03b0acf95f2a56fa2febec6
-DIST go1.15.3.src.tar.gz 23015071 BLAKE2B a2f4f944cdd7347c2b01abe1e4da66559e07571c3f822a8502164a791e3c5d5e7b36907910392ec940361b644a08609f0a7635bfea9f990ec1ae8fd499cb2b87 SHA512 883fb327ce8aec77381aaa01e95acd0826c74d56a769d2077449b964411e30a5844117fdd941737015983c451a3e8d419bd40954842b199a09c26704577b5bca
+DIST go1.15.4.src.tar.gz 23017785 BLAKE2B f398ea81f925d342ddc24bd24d4081278b7329757436bf5f3835bc8ac830b61965d96d2b4f72c5a491c13a83102abce2344c826da52066faf7e7670cda35de63 SHA512 84fc687806d7904be0afcdfb4f45a74b4b45820c5c79b21b0c82cd51d07f3f8ae37e7f80730a411b96bdcf7f635b473ab0233c1bce977d2cf307d9a63aeb3df5
 DIST go1.6.3.src.tar.gz 12617426 BLAKE2B 4d51c4f848d29176282e61396ea8a6ae580e743cc4a21deb3b0fc1f417ed50ff33bec4f3712f4d0c89d33ce1ec34638d5fc1b356ff0b88a6cb290d5aae789d15 SHA512 43e9b01220788112a185500bd53f091e7a0023a790092f428e2f40fc1a334dd148558b99d2a1c871b8cc79ad7d2d87a092b93eee7b5a27c2ee675c494de35306
 DIST go1.7.6.src.tar.gz 14173249 BLAKE2B 5202382c293213f02909c52c8057776abf1104bba3443db4956d9ab2aa37cfc0661eafb6f56d539384fd425c86aff4f6a756ecd09688d5be0086d761b2865b77 SHA512 b01846bfb17bf91a9c493c4d6c43bbe7e17270b9e8a229a2be4032b78ef9395f5512917ea9faab74a120c755bbd53bbd816b033caadcbb7679e91702b37f8c7f
 DIST go1.8.7.src.tar.gz 15359792 BLAKE2B b645964d99c0e04f56bd81db820b6cc07bbea608ec5497469a14e99ba42153bd1b2653b182ec27a76b9327eb386ccd5e901871bce62f2f719f35a96594969cbb SHA512 bbe78ab240ce66f0e7c0ba0d5c8915699db1538087cbcd22fa1566c62cb2e4658f467cbbde107f254e84e5744a1db578fc1a6f1784586937cba3d0942e2e6532
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.3.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.4.ebuild

From 72e72c2b3c84bee5d4c8f31d65607b77859fe834 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Fri, 13 Nov 2020 09:22:30 +0100
Subject: [PATCH 2/3] dev-lang/go: update to 1.15.5

Update Go to 1.15.5, to fix multiple security issues,
CVE-2020-28362, CVE-2020-28367, CVE-2020-28366.

See also https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM .
---
 .../src/third_party/coreos-overlay/dev-lang/go/Manifest         | 2 +-
 .../dev-lang/go/{go-1.15.4.ebuild => go-1.15.5.ebuild}          | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/dev-lang/go/{go-1.15.4.ebuild => go-1.15.5.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
index 071fb09329..7ddcbd875b 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/Manifest
@@ -1,5 +1,5 @@
 DIST go1.12.17.src.tar.gz 20725913 BLAKE2B 2eef7374195302656268a42409619445dfeb3ede1f9218ae4eab195916876b97f7510cc62585a0bfdd9f86dddf8a74000032a84b29bc9891d84fc69db94f0274 SHA512 069f8f445d9d2268ebb14b2446fab34843d56283c04561636d122fd8b4c1ea0b63640a84437db7a7be71039440ffe170cd3f8025b03b0acf95f2a56fa2febec6
-DIST go1.15.4.src.tar.gz 23017785 BLAKE2B f398ea81f925d342ddc24bd24d4081278b7329757436bf5f3835bc8ac830b61965d96d2b4f72c5a491c13a83102abce2344c826da52066faf7e7670cda35de63 SHA512 84fc687806d7904be0afcdfb4f45a74b4b45820c5c79b21b0c82cd51d07f3f8ae37e7f80730a411b96bdcf7f635b473ab0233c1bce977d2cf307d9a63aeb3df5
+DIST go1.15.5.src.tar.gz 23019303 BLAKE2B 549f0e9c4e22432db7a1c6e06724d6ada0ac90c09c0886d3053296390d85686df89bcaff86c703e8a2789119f670ffb2c6c11f4bf7e186c14a75896e8e6b8c6e SHA512 8e1d71f628d364b949b1e124af8950a563bbe9d9ae73b94c66af6ce029f67c26e2654556c0c118d0bc8566af52a7e9ed736b4667bbef7ccdab2bd338c43e6eb4
 DIST go1.6.3.src.tar.gz 12617426 BLAKE2B 4d51c4f848d29176282e61396ea8a6ae580e743cc4a21deb3b0fc1f417ed50ff33bec4f3712f4d0c89d33ce1ec34638d5fc1b356ff0b88a6cb290d5aae789d15 SHA512 43e9b01220788112a185500bd53f091e7a0023a790092f428e2f40fc1a334dd148558b99d2a1c871b8cc79ad7d2d87a092b93eee7b5a27c2ee675c494de35306
 DIST go1.7.6.src.tar.gz 14173249 BLAKE2B 5202382c293213f02909c52c8057776abf1104bba3443db4956d9ab2aa37cfc0661eafb6f56d539384fd425c86aff4f6a756ecd09688d5be0086d761b2865b77 SHA512 b01846bfb17bf91a9c493c4d6c43bbe7e17270b9e8a229a2be4032b78ef9395f5512917ea9faab74a120c755bbd53bbd816b033caadcbb7679e91702b37f8c7f
 DIST go1.8.7.src.tar.gz 15359792 BLAKE2B b645964d99c0e04f56bd81db820b6cc07bbea608ec5497469a14e99ba42153bd1b2653b182ec27a76b9327eb386ccd5e901871bce62f2f719f35a96594969cbb SHA512 bbe78ab240ce66f0e7c0ba0d5c8915699db1538087cbcd22fa1566c62cb2e4658f467cbbde107f254e84e5744a1db578fc1a6f1784586937cba3d0942e2e6532
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.4.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.5.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-lang/go/go-1.15.5.ebuild

From 5f7126329eab199e615612bec11a074d01c0fec8 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Fri, 13 Nov 2020 09:45:21 +0100
Subject: [PATCH 3/3] eclass: remove -Wl,-O1 from LDFLAGS passed to go_export

Go 1.15.5 fixed a security issue CVE-2020-28366, by rejecting certain
LDFLAGS for CGO. See https://github.com/golang/go/issues/42559.

However, that change breaks builds based on the Flatcar build chain,
because `go_export` sets `$LDFLAGS` to `-Wl,-O1 -Wl,--as-needed`.
As a result, Go build fails like:

```
go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
```

We need to remove the flag `-Wl,-O1` from $LDFLAGS before building the
Go runtime, to fix the failure.
---
 .../third_party/coreos-overlay/eclass/coreos-go-utils.eclass | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
index aff37573b3..c0b339d86b 100644
--- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
@@ -84,6 +84,11 @@ go_export() {
 		append-ldflags -nopie
 	fi
 
+	# Remove certain flags from $LDFLAGS to fix validation errors in
+	# Go >= 1.15.5 like:
+	#   go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
+	filter-ldflags "-Wl,-O1"
+
 	export CC=$(tc-getCC)
 	export CXX=$(tc-getCXX)
 	export CGO_ENABLED=${CGO_ENABLED:-1}