From 709e550b487a251e1091329a3b48d9bb68dfb881 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Fri, 3 Dec 2021 15:09:24 +0100
Subject: [PATCH 1/2] app-arch/torcx: update golang.org/x/{text,crypto}

Update golang.org/x/{text,crypto} mainly to address CVE-2021-38561,
CVE-2021-43565.

Pulls in https://github.com/flatcar-linux/torcx/pull/11 .
---
 .../torcx/{torcx-0.2.0-r4.ebuild => torcx-0.2.0-r5.ebuild}      | 0
 .../third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/app-arch/torcx/{torcx-0.2.0-r4.ebuild => torcx-0.2.0-r5.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r5.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-0.2.0-r5.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
index 94e336ad1b..d9a8ace78f 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-arch/torcx/torcx-9999.ebuild
@@ -11,7 +11,7 @@ COREOS_GO_GO111MODULE="off"
 if [[ "${PV}" == 9999 ]]; then
 	KEYWORDS="~amd64 ~arm64"
 else
-	CROS_WORKON_COMMIT="13042171585a28260486237ddf67e63ed88dce3f" # flatcar-master
+	CROS_WORKON_COMMIT="e170ca9d6e2894adf289962a917fcb5a245ef2dc" # flatcar-master
 	KEYWORDS="amd64 arm64"
 fi
 

From 219c7681b497f509756502a0c6bac28ad61b7f9b Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Fri, 3 Dec 2021 15:12:56 +0100
Subject: [PATCH 2/2] changelog: add changelog for golang.org/x/{crypto,text}
 in torcx

---
 .../changelog/security/2021-12-03-torcx-golang-crypto-text.md   | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-torcx-golang-crypto-text.md

diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-torcx-golang-crypto-text.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-torcx-golang-crypto-text.md
new file mode 100644
index 0000000000..2baea277fe
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2021-12-03-torcx-golang-crypto-text.md
@@ -0,0 +1,2 @@
+- [CVE-2021-38561](https://nvd.nist.gov/vuln/detail/CVE-2021-38561)
+- [CVE-2021-43565](https://nvd.nist.gov/vuln/detail/CVE-2021-43565)