From 5b3bd625f9a0cbe9468421fd334bcf3d6810bf6e Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Fri, 3 Dec 2021 15:42:37 +0100 Subject: [PATCH 1/3] coreos-devel/mantle: update to 0.17.0-r1 for golang.org/x/{crypto,text} Update coreos-devel/mantle to 0.17.0-r1, to include the security updates of golang.org/x/{crypto,text}, mainly to address CVE-2021-38561, CVE-2021-43565. Pulls in https://github.com/flatcar-linux/mantle/pull/262. --- .../mantle/{mantle-0.16.0.ebuild => mantle-0.17.0-r1.ebuild} | 0 .../coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/{mantle-0.16.0.ebuild => mantle-0.17.0-r1.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-0.16.0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-0.17.0-r1.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-0.16.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-0.17.0-r1.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild index defadd5a4d..64d442000c 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild @@ -11,7 +11,7 @@ COREOS_GO_MOD="vendor" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="8957a93e17c7c6491ff5e95e226832032ceea576" # v0.16.0 + CROS_WORKON_COMMIT="b64b6db71c2651b80ec2eb30eb07285a0bc344fd" # v0.17.0 KEYWORDS="amd64 arm64" fi From 82370a58472493485957f256082daa1532183c7c Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Fri, 3 Dec 2021 15:52:40 +0100 Subject: [PATCH 2/3] coreos-devel/mantle: fix Github org name Now that the Github org name of mantle was changed from coreos to flatcar-linux, via https://github.com/flatcar-linux/mantle/pull/241, we need to change the Github org name in ebuilds as well. --- .../coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild index 64d442000c..2d78fefe62 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/mantle/mantle-9999.ebuild @@ -5,7 +5,7 @@ EAPI=7 CROS_WORKON_PROJECT="flatcar-linux/mantle" CROS_WORKON_LOCALNAME="mantle" CROS_WORKON_REPO="https://github.com" -COREOS_GO_PACKAGE="github.com/coreos/mantle" +COREOS_GO_PACKAGE="github.com/flatcar-linux/mantle" COREOS_GO_MOD="vendor" if [[ "${PV}" == 9999 ]]; then @@ -17,8 +17,8 @@ fi inherit coreos-go cros-workon -DESCRIPTION="Mantle: Gluing CoreOS together" -HOMEPAGE="https://github.com/coreos/mantle" +DESCRIPTION="Mantle: Gluing Flatcar together" +HOMEPAGE="https://github.com/flatcar-linux/mantle" LICENSE="Apache-2.0" SLOT="0" # objcopy/split have trouble with our cross-compiled kolet From 36df933e3c81a73d021906faac05b77ddb66b05f Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Fri, 3 Dec 2021 15:46:22 +0100 Subject: [PATCH 3/3] changelog: add changelog for mantle 0.17.0 Add changelog for mantle 0.17.0. Also add changelog for security updates of golang.org/x/{crypto,text} in mantle, as well as github.com/gogo/protobuf 1.3.2. --- .../changelog/security/2021-12-03-mantle-golang-crypto-text.md | 3 +++ .../changelog/updates/2021-12-03-mantle-update.md | 1 + 2 files changed, 4 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-mantle-golang-crypto-text.md create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/updates/2021-12-03-mantle-update.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-mantle-golang-crypto-text.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-mantle-golang-crypto-text.md new file mode 100644 index 0000000000..2157cf44be --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-mantle-golang-crypto-text.md @@ -0,0 +1,3 @@ +- [CVE-2021-3121](https://nvd.nist.gov/vuln/detail/CVE-2021-3121) +- [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561) +- [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565) diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/updates/2021-12-03-mantle-update.md b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2021-12-03-mantle-update.md new file mode 100644 index 0000000000..04e2a82b33 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2021-12-03-mantle-update.md @@ -0,0 +1 @@ +- mantle ([0.17.0](https://github.com/flatcar-linux/mantle/releases/tag/v0.17.0))