From ea5b382bb3111daf19854bfb8dc2ebc5a7fbbe6e Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 22 Feb 2023 10:11:23 +0100 Subject: [PATCH 1/2] app-arch/torcx: update golang.org/x/text to 0.3.8 Update golang.org/x/text to 0.3.8, mainly to address CVE-2022-32149. Pulls in https://github.com/flatcar/torcx/pull/15. --- .../torcx/{torcx-0.2.0-r7.ebuild => torcx-0.2.0-r8.ebuild} | 0 .../third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename sdk_container/src/third_party/coreos-overlay/app-arch/torcx/{torcx-0.2.0-r7.ebuild => torcx-0.2.0-r8.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r8.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r7.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r8.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild index b5f39c1b73..0f46c47f77 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild @@ -11,7 +11,7 @@ COREOS_GO_GO111MODULE="off" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm64" else - CROS_WORKON_COMMIT="72556df98e14575721b6a8dc3c9775d2b4d6e3e8" # flatcar-master + CROS_WORKON_COMMIT="3e7173395658a7e43ec0cb0dd2077795931d857f" # flatcar-master KEYWORDS="amd64 arm64" fi From 4781811b296ecbbf9cb965de978becaf8c47ea43 Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Wed, 22 Feb 2023 14:46:41 +0100 Subject: [PATCH 2/2] changelog: add changelog for torcx with golang.org/x/text 0.3.8 --- .../changelog/security/2023-02-23-torcx-golang-text.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-23-torcx-golang-text.md diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-23-torcx-golang-text.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-23-torcx-golang-text.md new file mode 100644 index 0000000000..799122a837 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2023-02-23-torcx-golang-text.md @@ -0,0 +1 @@ +- torcx ([CVE-2022-32149](https://nvd.nist.gov/vuln/detail/CVE-2022-32149))