Requests is a HTTP library. Prior to 2.32.0, when making requests
through a Requests `Session`, if the first request is made with
`verify=False` to disable cert verification, all subsequent requests to
the same host will continue to ignore cert verification regardless of
changes to the value of `verify`. This behavior will continue for the
lifecycle of the connection in the connection pool. This vulnerability
is fixed in 2.32.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Upstream patches:
a58d7f2ffb
(From OE-Core rev: 8bc8d316a6e8ac08b4eb2b9e2ec30b1f2309c31c)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A heap-based buffer overflow was found in the SDHCI device
emulation of QEMU. The bug is triggered when both
`s->data_count` and the size of `s->fifo_buffer` are set to
0x200, leading to an out-of-bound access. A malicious guest
could use this flaw to crash the QEMU process on the host,
resulting in a denial of service condition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3447
Upstream patch:
2429cb7a9f
(From OE-Core rev: 01d7ac9244364b7f89cd2f99fff11c2417bcad03)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A double free vulnerability was found in QEMU virtio devices
(virtio-gpu, virtio-serial-bus, virtio-crypto), where the
mem_reentrancy_guard flag insufficiently protects against DMA
reentrancy issues. This issue could allow a malicious privileged
guest to crash the QEMU process on the host, resulting in a d
enial of service or allow arbitrary code execution within the
context of the QEMU process on the host.
CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006
are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002,
CVE-2024-3446-0003 are dependent commits to fix the CVE.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-3446
Upstream patches:
9c86c97f12f63192b054ec0504b989ba28e0ff4db4295bff25f4729ec39a
(From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The CVE has disputed flag in NVD DB.
(From OE-Core rev: bd01091c33c1de6ae7e1605301e3f73350ee7e7e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13
This commit adds a backport patch to use subprocess module instead
(From OE-Core rev: 1a02cf1997216cb943d8965fe74f971a8cb2f70f)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When installing a package from a Mercurial VCS URL (ie "pip install
hg+...") with pip prior to v23.3, the specified Mercurial revision could
be used to inject arbitrary configuration options to the "hg clone" call
(ie "--config"). Controlling the Mercurial configuration can modify how
and which repository is installed. This vulnerability does not affect
users who aren't installing from Mercurial.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-5752
Upstream patches:
389cb799d0
(From OE-Core rev: 862c0338fba06077a26c775b49f993eac63762c9)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster.
(From OE-Core rev: 13a2f43920c53f9f1bc5ec52eba9eb48da265ef6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
(From OE-Core rev: 89b64526ac2bf0609a18c4d44b4835028f686978)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"
(From OE-Core rev: cc87b332c5d09d4d7aaa2569fa046a16012597d2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
(From OE-Core rev: 63d7c11b46119f0c97d08f2fa837c02e633ab75f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is needed to work with coreutils 9.5.
Also contains some README tweaks.
(From OE-Core rev: c2549844031c30d2c1a6965ee66f163878d46fab)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into. This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.
Merge in that fix and a gcc14 fix.
(From OE-Core rev: 1b181d1fcef45f969ef9147912995d80dbe87d87)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pulls in the changes:
Eilís 'pidge' Ní Fhlannagáin (1):
subports: Add _GNU_SOURCE for syncfs probe
Richard Purdie (1):
SECURITY.md: Add file
Wu Zhenyu (1):
pseudo.1: Fix a typo
(From OE-Core rev: 40a013f7134aec1d0e953ad4906944072cfb2ca1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pull in:
pseudo_util.c: Open file with O_CLOEXEC to avoid fd leak
Use close-on-exec (O_CLOEXEC) flag when open log file to
make sure its file descriptor is not leaked to parent
process on fork/exec.
Fixes [YOCTO #13311]
(From OE-Core rev: b8445072f4009b3e912792931bd71a4201d541e9)
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
OE is the main user of pseudo and we've had the changes in the oe-core branch
around long enough that we're going to run with them. Swicth back to directly
using the master branch.
(From OE-Core rev: 198ff9141f94c551d2a29f3a036c209e3e554a37)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Luca: re-add 'branch' parameter to fix "does not set any branch parameter" warning]
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
pseudo overrides certain libc functions which are aliases when LFS64 is
enabled. In anycase pseudo may not be of much use on 32bit systems
(From OE-Core rev: 215367b62ac1f48ba224e56e7b8862c0a7bdbcd0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to pull in:
pseudo.c: Avoid patch mismatch errors for NAMELESS file entries
In rare cases we see failures, often in linux-libc-headers for things like:
| INSTALL /XXX/linux-libc-headers/6.1-r0/image/usr/include
| abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.
Pseudo log:
path mismatch [2 links]: ino 46662476 db 'NAMELESS FILE' req '/XXX/linux-libc-headers/6.1-r0/image/usr'.
Setup complete, sending SIGUSR1 to pid 3630890.
Whilst this doesn't easily reproduce, the issue is that multiple different processes are
likely working on the directory and the creation in pseudo might not match accesses
made by other processes.
Ultimately, the "NAMELESS FILE" is harmless and pseudo will reconcile things
so rather than error out, we should ignore this case.
(From OE-Core rev: 77d018ce3b3a9390a5cc020bce9f9ea9017820dd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f30a1a74828e105cbe69677b3fbe5623f371543)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
(From OE-Core rev: 8e2233fd0509b9f20c19d5006dd7ef0c2260bdba)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Commit 7806e21e7d47 ("gcc: upgrade to v11.5") removed one patch named
0001-aarch64-Update-Neoverse-N2-core-defini.patch by mistake, this will
cause the Neoverse N2 core to be identified as the armv8.5 architecture,
restore this patch to avoid related compilation issues.
(From OE-Core rev: 4c75edda8ec28fb8dee19ca90a1ea7f33ba80999)
Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* to allow building vala-native on hosts with gcc-14
* we could backport:
23ec71b1a5
which is already included in scarthgap, but that's big patch doing almost the same
(From OE-Core rev: 0f850f213071d4bc3a7065334debabd32c7bd9a1)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
(From OE-Core rev: ec300eadd0ab51583502b833798a6b46956f0f47)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These CVEs were fixed in 3.10.15
Commit 487e8cdf1d removed patches in favor
of version upgrade, which caused the CVEs to re-appear in reports.
(From OE-Core rev: 2cf10084c56c83da3deff4e65e619afab80e08e1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A DMA reentrancy issue leading to a use-after-free error
was found in the e1000e NIC emulation code in QEMU. This
issue could allow a privileged guest user to crash the
QEMU process on the host, resulting in a denial of service.
CVE-2023-3019-0002 is the CVE fix and CVE-2023-3019-0001
is dependent CVE fix.
fix indent issue in qemu.inc file.
CVE-2023-3019 patch required Mem ReenttranceyGuard structure
definition, it's defined in commit:
a2e1753b80
but the patch is causing errors:
Failed: qemux86 does not shutdown within timeout(120)
so backported only required structure definition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3019
Upstream patches:
7d0fefdf813c0463a650
(From OE-Core rev: 3782e1b21882ffc5e4cc466418e066179470241e)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
syslinux has vendored copy of ext2fs/ext2_fs.h but uses ext2fs/ext2fs.h
from e2fsprogs package, however, ext2fs/ext2fs.h has dependencies on
ext2fs/ext2_fs.h coming from e2fsprogs package as these both headers
come from same package, here syslinux uses ext2fs.h from e2fsprogs but
supplies its own copy of ext2_fs.h which maybe out of sync and that
results in warnings about implicit implicit-function-declarations
e.g.
recipe-sysroot/usr/include/ext2fs/ext2fs.h:727:16: error: implicit declaration of function 'ext2fs_has_feature_gdt_csum' [-Wimplicit-function-declaration]
| 727 | ext2fs_has_feature_gdt_csum(fs->super);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
ext2fs_has_feature_gdt_csum here comes from newer version of
ext2fs/ext2_fs.h but missing from vendored copy, hence the warning.
With gcc-14 this warning is treated as error by default, which breaks
the build, so lets treat it as warning only.
All these functions are never used in syslinux, so functionality-wise we
are fine.
(From OE-Core rev: 14fdee535c37aaa44898dc22149004c97b2456ca)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a2b30108055e68b62fdad7319d7d569bc38a07b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Last version bump removed patch for this CVE because it was integrated
in new release. This has caused the CVE to reappear in reports because
2023-09-12 is "higher" than 11.5...
(From OE-Core rev: d74fd7c4e9353fc00f0b79f05de101efb0148a6f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This test fails consistently on the new valkyrie autobuilder cluster
The estimate instructions (rcpss, rcpps, rsqrtps, rsqrtss) are, as the
name suggests, not expected to give a fully accurate result. They may
produce slighly different results on different CPU families because
their results are not defined by the IEEE standard.
(From OE-Core rev: 9269edb63d3c68de62326f5960ffff0c1068e709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes:
http://errors.yoctoproject.org/Errors/Details/770525/
| checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works... no
| configure: error: installation or configuration problem: C compiler cannot create executables.
| RULES/rules.cnf:70: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf: No such file or directory
| make: *** [RULES/rules.cnf:59: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf] Error 1
| make: *** Waiting for unfinished jobs....
where config.log show it's caused by gcc-14:
configure:1189: checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works
configure:1211: gcc -o conftest -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe -D_GNU_SOURCE conftest.c 1>&5
configure:1208:1: error: return type defaults to 'int' [-Wimplicit-int]
configure: failed program was:
main(){return(0);}
(From OE-Core rev: 6fd1bc0620e6d6ce9b940eaeb68474f4d0b9369b)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 094273bd7d1768e14fbdcd2f239bee14c630a625)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
gcc stable version upgraded from v11.4 to v11.5
Dropped CVE-2023-4039.patch and 0001-aarch64-Update-Neoverse-N2-core-defini.patch
because its been taken to gcc-11.5 with below commits 75c37e0314 and 50d9db203bc
For changes in v11.5 see: https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.5:
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=444046&resolution=FIXED&target_milestone=11.5
There are a total 164 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Assignee▲ Summary
112672 gcc target ubizjak [14 Regression] wrong code with __builtin_parityl() at -O and above on x86_64
111736 gcc sanitize unassigned Address sanitizer is not compatible with named address spaces
80899 gcc ipa hubicka [11/12/13/14 Regression] Devirtualization causes incorrect code generation with placement new in some cases
105301 gcc c++ iains [11 Regression] ICE: tree check: expected tree that contains 'decl minimal' structure, have 'overload' in coro_promise_type_found_p, at cp/coroutines.cc:516
110027 gcc middle-e jakub [11 regression] Stack objects with extended alignments (vectors etc) misaligned on detect_stack_use_after_return
110079 gcc rtl-opti jakub [11 Regression] ICE with -freorder-blocks-and-partition and inline-asm goto
110731 gcc tree-opt jakub [11/12 Regression] Wrong-code because of wide-int division since r5-424
111015 gcc tree-opt jakub [11/12/13/14 Regression] __int128 bitfields optimized incorrectly to the 64 bit operations
112727 gcc sanitize jakub [11/12/13 Regression] UBSAN creates GIMPLE path with uninitialized variable
113674 gcc c++ jakub [11 Regression] [[____attr____]] causes internal compiler error: in decl_attributes, at attribs.cc:776
114310 gcc target jakub [11 Regression] [aarch64] __sync_val_compare_and_swap fails on __int128_t with newval = 0
114493 gcc c jakub [11 Regression] internal compiler error: in fld_incomplete_type_of with may_alias
114566 gcc tree-opt jakub [11 Regression] Misaligned vmovaps when compiling with stack-protector-strong for znver4
114634 gcc c++ jakub [11 Regression] Crash Issue Encountered in GCC Compilation of Template Code with Aligned Attribute since r9-1745
114691 gcc c++ jakub [11 Regression] Bogus ignoring loop annotation warning
114825 gcc fortran Jakub [11 Regression] Compiler error using gfortran and OpenMP since r5-1190
114876 gcc tree-opt jakub [11 Regression] -fprintf-return-value mishandles %lc with a '\0' argument.
114956 gcc sanitize jakub [11 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
106890 gcc c++ jason [11 Regression] virtual inheritance triggers compiler error when instatiating derived class with in-class initialization since r8-2709-g12659e10c7820071
111529 gcc c++ jason [11/12/13 Regression] ICE on bool conversion in an unrolled loop condition inside template lambda nested in another template scope
113598 gcc c++ jason [11/12/13 Regression] GCC internal compiler error since r0-124275
114561 gcc c++ jason [11/12 Regression] Comma operator with forwarding reference to pointer raises invalid lvalue required error since r10-7410
114562 gcc c++ jason [11/12 Regression] ICE when trying to bind rvalue reference to lvalue with comma operator and forwarding reference to pointer since r10-7410
115565 gcc rtl-opti macro [11/12/13/14/15 Regression] CSE: Comparison incorrectly evaluated as constant causing optimization to produce wrong code
109876 gcc c++ mpolacek [11/12 Regression] initializer_list not usable in constant expressions in a template
110106 gcc c++ mpolacek [11/12 Regression] ICE on noexcept(noexcept(...)) with optional
89224 gcc c++ pinskia [11/12/13/14/15 Regression] subscript of const vector has the wrong type
110386 gcc tree-opt pinskia [11/12 Regression] ICE with ABSU in backprop
111331 gcc tree-opt pinskia [11/12 Regression] Wrong code at -O1 on x86_64-linux-gnu since
108120 gcc target rearnsha [11/12 Regression] ICE: in extract_insn, at recog.cc:2791 (on ARM with -mfpu=neon -freciprocal-math -O3)
95048 gcc libstdc+ redi [11 Regression] wstring-constructor of std::filesystem::path throws for non-ASCII characters
104606 gcc libstdc+ redi [11 Regression] comparison operator resolution with std::optional and -std=c++20
90348 gcc middle-e rguenth [11 Regression] Partition of char arrays is incorrect in some cases
96881 gcc tree-opt rguenth [11 Regression] Clobbers on NULL vs. DCE since r8-1519
97990 gcc c++ rguenth [11 Regression] ICE: ‘verify_type’ failed with vector types and non-PODs since r6-5222-gba6a6a1d44c17f25
103006 gcc middle-e rguenth [12/13/14/15 Regression] wrong code at -O1 or -O2 on x86_64-linux-gnu by r7-7101
110176 gcc tree-opt rguenth [11 Regression] wrong code at -Os and above on x86_64-linux-gnu since r11-2446
110295 gcc c++ rguenth [11 Regression] ICE in dwarf2out_finish with local class with inherited operator delete in a templated function and -g
110298 gcc tree-opt rguenth [11 Regression] ICE at -Os on x86_64-linux-gnu since r10-840
111039 gcc tree-opt rguenth [11 Regression] Unable to coalesce ssa_names
111080 gcc debug rguenth [11 Regression] restrict qualifier causes extra debug info to happen
111472 gcc tree-opt rguenth [11 Regression] Wrong code at -Os on x86_64-linux-gnu since r11-4563-gd0d8b5d836
111614 gcc tree-opt rguenth [11 Regression] ICE at -O2: verify_gimple failed since r14-2282-gf703d2fd3f0
111764 gcc tree-opt rguenth [11 Regression] Wrong code at -O3 on x86_64-linux-gnu
111818 gcc middle-e rguenth [11 Regression] ICE with __builtin_memcpy with volatile and constants
111917 gcc tree-opt rguenth [11 Regression] ICE in as_a, at is-a.h:255 since GCC-7
112495 gcc tree-opt rguenth [11 Regression] ICE: verify_gimple failed (after vectorizer) with named address space (__seg_gs )
112505 gcc tree-opt rguenth [11 Regression] internal compiler error: in build_vector_from_val, at tree.cc:2104 since r10-4076
112718 gcc debug rguenth [11 Regression] ICE: in add_dwarf_attr, at dwarf2out.cc:4501 with -g -fdebug-types-section -flto -ffat-lto-objects
112793 gcc tree-opt rguenth [11 regression] ICE when building stellarium (internal compiler error: in vect_schedule_slp_node, at tree-vect-slp.cc:9062)
114027 gcc tree-opt rguenth [11 Regression] miscompile at `-O3 -fno-vect-cost-model -msse4.2`
114734 gcc target rguenth [11 regression] RISC-V rv64gcv_zvl256b miscompile with -flto -O3 -mrvv-vector-bits=zvl since r8-6047-g65dd1346027bb5
108086 gcc rtl-opti rsandifo [11 Regression] internal compiler error: in set_accesses, at rtl-ssa/internals.inl:449
113281 gcc tree-opt rsandifo [11 Regression] Latent wrong code due to vectorization of shift reduction and missing promotions since r9-1590
113552 gcc tree-opt tnfchris [11/12/13 Regression] vectorizer generates calls to vector math routines with 1 simd lane.
29256 gcc target unassigned [11/12/13/14 regression] loop performance regression
82446 gcc tree-opt unassigned [11/12/13/14 Regression] Missed equalities in dr_group_sort_cmp
93631 gcc c unassigned [11/12/13/14 Regression] ICE on an invalid strcmp call in gimple_call_arg, at gimple.h:3258
93930 gcc target unassigned [11/12/13/14 Regression] Unnecessary broadcast instructions for AVX512
94335 gcc tree-opt unassigned [11/12/13/14 Regression] False positive -Wstringop-overflow warning with -O2
97140 gcc target unassigned [11/12/13/14 Regression] ICE in error: unable to generate reloads for since r10-400-gecfdb16c54ad06ac
100623 gcc target unassigned [11 Regression] wrong code with -Os -fno-dce -fno-defer-pop -fno-forward-propagate -flive-range-shrinkage -fno-rerun-cse-after-loop -mno-push-args since r10-7515-g2c0fa3ecf70d199a
100667 gcc libstdc+ unassigned [11/12 Regression] std::tuple<A&&> cannot be constructed from A&&, if A not defined (only forward declared)
103497 gcc c++ unassigned [11/12/13/14 Regression] ICE when decltype(auto)... as parameters
105034 gcc target unassigned [11/12/13/14 regression]Suboptimal codegen for min/max with -Os
107057 gcc rtl-opti unassigned [11/12 Regression] ICE in extract_constrain_insn, at recog.cc:2692
109800 gcc target acoplan [11 Regression] arm: ICE (segfault) loading double with -mpure-code -mbig-endian
110288 gcc fortran anlauf [11/12/13/14] Regression: segfault in findloc with allocatable array of allocatable characters
110585 gcc fortran anlauf ICE in gfc_compare_expr for findloc with complex literal array
110658 gcc fortran anlauf MINVAL/MAXVAL and deferred-length character arrays
115611 gcc target avieira mve: vsetq_lane for 64-bits has wrong codegen when setting lane 1
113893 gcc ada ebotcazou finalization of object allocated by anonymous access type designating local type
111050 gcc libstdc+ fdumont [11/12/13/14 Regression] ABI break in _Hash_node_value_base since GCC 11
110624 gcc target iains Xcode 15 ld warns about -macosx_version_min
114171 gcc d ibuclaw [13/14 Regression] gdc -O2 -mavx generates misaligned vmovdqa instruction
108789 gcc middle-e jakub __builtin_(add|mul|sub)_overflow methods generate duplicate operations if both operands are const which in turn causes wrong code due to overlapping arguments
110115 gcc middle-e jakub [11 Regression] Wrong code at -O1 on x86_64-linux-gnu
110914 gcc tree-opt jakub [11/12/13/14 Regression] Optimization eliminating necessary assignment before 0-byte memcpy since r10-5451
111422 gcc middle-e jakub Wrong code at -O3 on x86_64-linux-gnu
112816 gcc target jakub [11/12 Regression] ICE unrecognizable_insn with __builtin_signbit and returning struct with int[4]
113122 gcc target jakub Assembler messages: Error: operand type mismatch for `movabs' / bad expression / invalid use of register with -fprofile -mcmodel=large -masm=intel
113192 gcc libgomp jakub [11 Regression] ERROR: couldn't execute "../../../gcc/libgomp/testsuite/flock": no such file or directory
113262 gcc c jakub [11 Regression] ICE when using [[gnu::copy("")]] attribute
114533 gcc libquadm jakub libquadmath: printf: fix misaligned access on args
114537 gcc c++ jakub bit_cast does not work NSDMI of bitfields
114572 gcc c++ jakub [OpenMP] "internal compiler error: in assign_temp" with assignment operator and lastprivate clause
115172 gcc sanitize jakub Invalid -fsanitize=bool sanitization of variable from named address space
115440 gcc driver jakub unrecognized command-line option '--c++17'; did you mean '--stdc++17'?
110422 gcc tree-opt jamborm asm goto vs SRA
92145 gcc c++ jason -Wdeprecated-copy false-positive when inheriting base assignment operators
92407 gcc c++ jason Destruction of objects returned from functions skipped by goto
103185 gcc c++ jason [11/12/13 Regression] ind[arr] is rejected when arr is an array prvalue
106310 gcc c++ jason [11 Regression] lookup after this-> seems wrong for dependent lookup since r12-6754-g30f2c22def739211
111357 gcc c++ jason [11/12/13/14 Regression] __integer_pack fails to work with values of dependent type convertible to integers in noexcept context
114130 gcc target kito [11 Regression] RISC-V: `__atomic_compare_exchange` does not use sign-extended value for RV64
113250 gcc libstdc+ kmatsui std::filesystem::equivalent("", "/") should throw
115457 gcc target ktkachov AArch64 should define __ARM_FEATURE_BF16
115475 gcc target ktkachov AArch64 should define __ARM_FEATURE_SVE_BF16 when appropriate
88309 gcc target linkw [11/12/13/14 Regression] ICE: Floating point exception (in is_miss_rate_acceptable), target assigning alignent of 4 bits(!) to vector
104259 gcc libstdc+ marxin libstdc++ fails for epiphany-elf
109822 gcc libstdc+ mkretz Converting std::experimental::simd masks yields an error
59465 gcc c++ mpolacek [11/12/13 Regression] g++ allows direct-initialization of an array of class type from another array in a mem-initializer
100557 gcc c++ mpolacek [11/12/13/14 Regression] Internal compiler error: Error reporting routines re-entered.
115642 gcc c mpolacek [11/12/13/14/15 Regression] internal compiler error: tree check: expected class 'type', have 'exceptional' (error_mark) in c_expr_sizeof_expr
95351 gcc middle-e pinskia [11/12 Regression] Comparison with NAN optimizes incorrectly with -ffast-math disabled
111699 gcc middle-e pinskia [11/12/13 Regression] ICE: SIGSEGV: infinite recursion in fold_build3_loc/fold_ternary_loc/generic_simplify_VEC_COND_EXPR
109761 gcc c++ ppalka [11/12 Regression] Nested class destructor's noexcept specification incorrectly considered as too loose compared to the outer class
111485 gcc c++ ppalka [11/12 Regression] Constraint mismatch on template template parameter
113175 gcc testsuit ppalka [11/12/13/14 Regression] testsuite/std/ranges/iota/max_size_type.cc 5x times slower
111407 gcc tree-opt qinzhao [11/12/13 Regression] ICE: SSA corruption due to widening_mul opt on conflict across an abnormal edge
99327 gcc libstdc+ redi ENOTSUP macro does not exist on djgpp crt
104161 gcc libstdc+ red Potential Security Vulnerability: remove_all and symbolic link
105178 gcc libstdc+ redi [11 Regression] g++ incorrectly reports invalid use of incomplete type
108178 gcc libstdc+ redi Filesystem::copy_file can't copy from /proc on Linux machines
112491 gcc libstdc+ redi std::deque<T,Allocator>::size xmethod output is wrong
114147 gcc libstdc+ redi [11 Regression] tuple allocator-extended constructor requires non-explicit default constructor
114401 gcc libstdc+ redi libstdc++ allocator destructor omitted when reinserting node_handle into tree- and hashtable-based containers
96109 gcc testsuit rguenth [11 Regression] gcc.dg/vect/slp-47.c etc. FAIL
110182 gcc tree-opt rguenth [11 Regression] Vector(2) cast from double to float and back and subtraction seems to produce incorrect results
110200 gcc middle-e rguenth genmatch generating questionable code with convert and !
98237 gcc ipa ro gcc-dg-lto-modref-3-01.exe etc. FAIL when LTO plugin is not enabled
97696 gcc sanitize rsandifo ICE since ASAN_MARK does not handle poly_int sized varibales
100303 gcc debug rsandifo [11 Regression] -fcompare-debug failure (length) with -O -fno-dce -ftracer
111340 gcc target ubizjak gcc.dg/bitint-12.c fails on x86_64-apple-darwin or fails on x86_64-linux-gnu with -fPIE
115297 gcc rtl-opti ubizjak [14/15 regression] alpha: ICE in simplify_subreg, at simplify-rtx.cc:7554 with -O1
115836 gcc middle-e ubizjak ICE when building Firefox with-march=pentium-mmx -mtune=pentium-m
91085 gcc other unassigned [11 only] fixincludes breaks <bits/statx.h>
103183 gcc c++ unassigned [11/12/13/14 Regression] ind[arr] produces an lvalue when arr is an array xvalue
105417 gcc libstdc+ unassigned [11 Regression] powerpc64le-linux abilist changes based on --with-long-double-format=
110309 gcc target unassigned Wrong code for masked load expansion
111922 gcc ipa unassigned [11/12/13/14 Regression] ICE in cp with -O2 -fno-tree-fre
112823 gcc other unassigned [11 only] -Wincompatible-pointer-types errors in libiberty/simple-object-mach-o.c (missing backport for gcc-11)
112891 gcc target unassigned [11/12/13/14 Regression] Missing vzeroupper insert
114049 gcc target unassigned gcc.dg/framework-1.c FAILs with Xcode 15.3 beta 3
114098 gcc target unassigned _tile_loadconfig doesn't work
114521 gcc target unassigned [11 only] aarch64: wrong code with Neon ld1/st1x4 intrinsics gcc-11 and earlier
115261 gcc rtl-opti unassigned [11/12/13/14/15 regression] FAIL: gcc.target/s390/vector/vec-abi-vararg-1.c
115269 gcc libstdc+ unassigned Hardcoded links in 14.1 docs to pages from release 4.3.2
115870 gcc tree-opt unassigned Inlining of different template instances wrongly produces infinite loop
103715 gcc fortran anlauf [11/12/13/14 Regression] ICE in gfc_find_gsymbol, at fortran/symbol.c:4301 since r9-3803-ga5fbc2f36a291cbe
111837 gcc fortran anlauf [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
114474 gcc fortran anlauf [11/12/13/14 Regression] DATA statement with derived type, pointer component rejected
113979 gcc ada ebotcazou [11/12/13/14 regression] bogus error on allocator for array type with Dynamic_Predicate
103506 gcc fortran jvdelisle [11 Regression] ICE in gfc_free_namespace, at fortran/symbol.c:4039 since r10-2798-ge68a35ae4a65d2b3
107397 gcc fortran jvdelisle [11/12 Regression] ICE in gfc_arith_plus, at fortran/arith.cc:654
91035 gcc target krebbel [11/12/13/14 Regression] gotools fails to build on s390x-linux-gnu
84006 gcc fortran pault [11/12 Regression] ICE in storage_size() with CLASS entity
89462 gcc fortran pault [11/12/13 Regression] gfortran loops in code generation
93678 gcc fortran pault [11/12/13 Regression] ICE with TRANSFER and typebound procedures
103312 gcc fortran pault [11/12 Regression] ICE in gfc_find_component since r9-1098-g3cf89a7b992d483e
103368 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15668 since r12-4464-g017665f63047ce47
103716 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15964 since r9-3803-ga5fbc2f36a291cbe
106999 gcc fortran pault [11/12/13 Regression] ICE tree check: expected record_type or union_type or qual_union_type, have function_type in gfc_class_data_get, at fortran/trans-expr.cc:233
71703 gcc fortran unassigned [11 Regression] [OOP] ICE in wide_int_to_tree, at tree.c:1488
89925 gcc fortran unassigned [11 Regression] Wrong array bounds from ALLOCATE with SOURCE or MOLD
99183 gcc fortran unassigned [11 Regression] Incompatible Runtime types
99757 gcc c++ unassigned [11/12/13/14 Regression] ICE: in cp_finish_decl, at cp/decl.c:7736
104391 gcc fortran unassigned [11 Regression] bind(C) and allocatable or pointer attribute don't work
104908 gcc fortran unassigned [11/12/13/14 Regression] incorrect Fortran out-of-bound runtime error.
113179 gcc middle-e unassigned [11/12/13/14/15 Regression] MIPS: INS is used for long long, before SLL
80774 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in gfc_conv_descriptor_data_get, at fortran/trans-array.c
82904 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in make_ssa_name_fn, at tree-ssanames.c:261
111880 gcc fortran anlauf [11/12/13/14] False positive warning of obsolescent COMMON block with Fortran submodule
61527 gcc fortran unassigned [11/12/13/14 Regression] [OOP] class/extends, multiple generic assignment, accept invalid
(From OE-Core rev: 7806e21e7d47fd010872a3967e51bcacdae3a76b)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The presence or lack of nroff on the host was changing the doc type. Stop
the code from looking at host paths outside HOSTTOOLS and hence cause the
doc type to be deterministic and reproducible.
(From OE-Core rev: 88630352d6d1cfee06787fa84b73ca8ad335cb08)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 918e2b266eba6779f19f65349f85caa880ba45e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The presence or lack of nroff on the host was changing the doc type. Set it
explicitly to be deterministic and reproducible.
(From OE-Core rev: dd857d2519fd4f38c67a6fa0087f72798166467a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream commits:
bd385a52982eb42a728d7e1110664e83930780327ead946998
(From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack
via improper synchronization during socket closure when a client keeps a socket open as the server
is taken offline.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-7409
Upstream Patches:
fb1c2aaa98c8a76dbd90b9b72cb3ce3e7ef738c8
(From OE-Core rev: d84ab04dc66cb83638f96fcd2f4c67e67489c410)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport PACKAGECONFIG[editline] from Scarthgap to Kirkstone
because libedit has feature parity with readline but is more
permissively licensed (BSD verses GPLv3). This patch provides
means of enabling editline in a distribution without GPLv3 and
in this case improves Python REPL keyboard support.
(From OE-Core rev: 12dc7d2081a1aaec90ffb3ed6718d757ce14b5ab)
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This package can be built using pep517 classes now.
(From OE-Core rev: 6c1000a2bbfe5e618e42bc5be2058332337d4177)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a32fa3e64d1daf5846c29403e9f258aea42212d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized
root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root
certificates from `GLOBALTRUST` from the root store. These are in the
process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root
certificates are being removed pursuant to an investigation which
identified "long-running and unresolved compliance issues."Certifi is a
curated collection of Root Certificates for validating the trustworthiness
of SSL certificates while verifying the identity of TLS hosts. Certifi
starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates
from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from
`GLOBALTRUST` from the root store. These are in the process of being removed
from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being
removed pursuant to an investigation which identified "long-running and
unresolved compliance issues."
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-39689
Upstream-patch:
bd8153872e
(From OE-Core rev: 96c1e12dc6cb4c321a09a6ddcc4c9f27c30b4564)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The archive/zip package's handling of certain types of invalid zip files
differs from the behavior of most zip implementations. This misalignment
could be exploited to create an zip file with contents that vary depending
on the implementation reading the file. The archive/zip package now rejects
files containing these errors.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-24789
Upstream-patch:
c8e40338cf
(From OE-Core rev: f198fdc392c6e3b99431383ab6577749e83f1cb3)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
