The qemu update caused several errors:
* We currently don't have Python 3.8 available in the SDK, so adding it in
the PYTHON_COMPAT field causes a build failure.
* The manifest needed to be updated
* A patch file was missing
This commit fixes these errors and makes the package build.
Since rsync 3.2.0, the ebuild sets `--enable-simd` option in case of
amd64. However, the cross toolchain in Flatcar SDK is not able to deal
with the SIMD feature, so configure in rsync fails like:
```
gcc version 8.3.0 (Gentoo Hardened 8.3.0-r1 p1.1)
configure.sh:3774: $? = 0
configure.sh:3763: x86_64-cros-linux-gnu-g++ -V >&5
x86_64-cros-linux-gnu-g++: error: unrecognized command line option '-V'
x86_64-cros-linux-gnu-g++: fatal error: no input files
compilation terminated.
```
Until we could resolve the toolchain issue, we should disable
`cpu_flags_x86_sse2`, to disable simd for rsync.
Update net-libs/libpcap to 1.9.1, to address security issue
CVE-2019-15163, an issue of allowing attackers to cause a denial of
service (NULL pointer dereference and daemon crash) if a crypt() call
fails.
Update rsync to 3.2.3, actually to update zlib bundled in rsync.
It is to address security issue CVE-2016-9841, an issue of allowing
context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic.
Update app-misc/jq to 1.6-r3, to address security issue CVE-2015-8863.
It is mainly to fix off-by-one error in the tokenadd function. It allows
remote attackers to cause a denial of service (crash) via a long
JSON-encoded number, which triggers a heap-based buffer overflow.
Improve body text of each PR for `virtual/rust`, by mentioning that
it should be merged together with its paired PR in coreos-overlay.
Explicitly name `virtual/rust` instead of `Cargo`, because there is
no more ebuild for `cargo`.
Rename the dispatched event-type name to `rust-pull-request-main`, as
`cargo` has already disappeared.
Make the repository-dispatch action receive additional client-payload with
a field `coreos-overlay-pull-request-number` sent by the corresponding PR
in coreos-overlay. The PR number is then used for adding a link in the body
text, for pointing back to the PR in coreos-overlay.
Improve body text of each PR for `dev-lang/rust`, by mentioning that
it should be merged together with its paired PR in portage-stable.
Explicitly name `dev-lang/rust` instead of `Rust`, because now there are
`dev-lang/rust` as well as `virtual/rust`.
Rename the dispatched event-type name to `rust-pull-request-main`, as
`cargo` has already disappeared.
Make the repository-dispatch action send additional client-payload with
a field `coreos-overlay-pull-request-number`, which will be later used
by the corresponding PR in portage-stable for adding a link back to the
PR in coreos-overlay.
This will not be enabled by default, and still requires the "lockdown"
kernel parameter. Users can test by setting in
`/usr/share/oem/grub.cfg`:
```
set linux_append="lockdown=integrity"
```
After this is set, dmesg output you'll see:
```
[ 0.000000] Kernel is locked down from command line; see man
kernel_lockdown.7
```
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
Github Action for Go has had a bug when parsing the current Go version
from `dev-lang/go/Manifest`, only when the current ebuild file has only
major + minor versions, without patchlevel. For example, it could parse
well `1.13.15`, but not `1.15`. We need to make it deal with both
versions, `x.y.z` and `x.y`.
With this PR, for example, when `VERSION_SHORT` is `1.15` and the
Manifest includes a tarball `go1.15.src.tar.gz`, we can confirm the new
regexp works well like below:
```
$ sed -n "s/^DIST go\(1\.15\.*[0-9]*\)\.src.*/\1/p" dev-lang/go/Manifest
1.15
```
