poky/meta/recipes-devtools/go/go-1.21/CVE-2023-24531_2.patch

From b2624f973692ca093348395c2418d1c422f2a162 Mon Sep 17 00:00:00 2001
From: miller <millerresearch@gmail.com>
Date: Mon, 8 May 2023 16:56:21 +0100
Subject: [PATCH 2/2] cmd/go: quote entries in list-valued variables for go env
 in plan9

When 'go env' without an argument prints environment variables as
a script which can be executed by the shell, variables with a
list value in Plan 9 (such as GOPATH) need to be printed with each
element enclosed in single quotes in case it contains characters
significant to the Plan 9 shell (such as ' ' or '=').

For #58508

Change-Id: Ia30f51307cc6d07a7e3ada6bf9d60bf9951982ff
Reviewed-on: https://go-review.googlesource.com/c/go/+/493535
Run-TryBot: Cherry Mui <cherryyz@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>

CVE: CVE-2023-24531
Upstream-Status: Backport [05cc9e55876874462a4726ca0101c970838c80e5]

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
 src/cmd/go/internal/envcmd/env.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
index 0ce8843..b48d0bd 100644
--- a/src/cmd/go/internal/envcmd/env.go
+++ b/src/cmd/go/internal/envcmd/env.go
@@ -397,8 +397,7 @@ func PrintEnv(w io.Writer, env []cfg.EnvVar) {
 						if x > 0 {
 							fmt.Fprintf(w, " ")
 						}
-						// TODO(#59979): Does this need to be quoted like above?
-						fmt.Fprintf(w, "%s", s)
+						fmt.Fprintf(w, "'%s'", strings.ReplaceAll(s, "'", "''"))
 					}
 					fmt.Fprintf(w, ")\n")
 				}
-- 
2.35.5