We had this CVE patched but the patch was removed with last 2.44 branch
updates as it is now included.
Since there is no new version which could be set in NVD DB, this needs
to be explicitly handled.
(From OE-Core rev: 32f18145dee54f61203506daef339cd132908287)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
NVD has CVE-2023-25584 listed as < 2.40, so we don't need to ignore it
for version 2.44 anymore.
(From OE-Core rev: eaf80096f96e5bebed53076c1dfe7e35e539f383)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libbfd is enabled and it invokes libtool relink step to get rid of
rpaths during install step. libtool 2.4 patches rightly prepend
lt_sysroot to target libdir which relink step would use, such a patch
is also upstreamed into libtool [1]
However, when we do not specify --with-libtool-sysroot, lt_sysoot prefix
turns out to be empty and relink step adds -L/usr/lib to linker command
line. it cause all sort of problems e.g. when the build host has zlib
installed then libbfd tries to link with /usr/lib/libz.so instead of the
one in target sysroot, fortunately OE linker reports host path contamination
and fails the build. Second problem seen when building target binutils on
musl, it links with libc.so correctly but libtool relink step resolves
libc.so in /usr/lib due to this path and expands it into libc.so.6 and
ld-linux-x86-64.so.2 ( glibc host's libc.so is a linker stub ) in
DT_NEEDED ELF section which does not work with
musl linker and build QA detects this anamoly as well.
ERROR: binutils-2.44-r0 do_package_qa: QA Issue: /usr/lib/libbfd-2.44.so contained in package libbfd requires libc.so.6(GLIBC_2.34)(64bit), but no providers found in RDEPENDS:libbfd? [file-rdeps]
This inconsistency may cause produced binaries mistakenly linked against
libraries from the host distro.
Add libtool sysroot to point libtool to correct sysroot location during
build.
[1] https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=3221f9f0fb98d5740ab5d0e8db6a731302520644
(From OE-Core rev: 89e984bd7edb9a2013b65d0215fd6af9aadd59e8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on binutils-2.44 stable branch are updated.
fe459e33c67 PR 32603, revert message changes in 0b7f992b78fe and 31e9e2e8d109
37d12dd25d8 gdb/compile: add missing entry in bfd_link_callbacks array
31e9e2e8d10 PR 32603, more ld -w misbehaviour
0b7f992b78f PR 32603, ld -w misbehaviour
8cb98edf123 s390: Add support for z17 as CPU name
ed70d86b491 x86: Remove AVX10.2 256 bit rounding support
e1af7e590a5 elf: Clear the SEC_ALLOC bit for NOLOAD note sections
35db8c6dd2f ld: Pass -Wl,-z,lazy to compiler for i386 lazy binding tests
cc7ec316a45 Updated translations for bfd and gold
bf088ee09a7 PR 32731 ub sanitizer accessing filenames_reversed
78082591ec7 score-elf gas SEGV
d4c7ee9fbc1 gas: fix rs_fill_nop listing
a68d096a0ab Open the 2.44 branch for further development
Dropped: 0015-CVE-2025-1153.patch
Testing was done and there were no regressions found
(From OE-Core rev: 749bdd5bda6f9b5af8d63794858bbb9834294fcb)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gold hasn't seen development in some time and is being dropped from binutils
releases. Drop the small number of special cases for it we were carrying.
This patch also turns off gold in the binutils recipe.
(From OE-Core rev: a4addb9ab63011e7c604fc5daff95559e7d214e7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop the CVE-2024-53589 patch, its included in 2.44
* Package newly rename gp-* to gprofng-* binaries and remove old gp-*
symlinks
* Gold linker is now deprecated and will be removed in future release
its already deleted in tarball releases
* Support for the Nios II target has been removed.
* Assembler:
- Support for new architecture extensions for AArch64, Risc-V and
x86.
* Linker:
The default maximum page size was changed from 16KiB to 64KiB for
LoongArch.
This now supports mixed LTO and non-LTO object files in
relocatable output.
The ELF forms of the linker support a --image-base=<ADDR> option
for compatibility with LLD.
The --build-id= option now accepts an argument of "xx" which
enables the use of the xxhash library. This produces a 128-bit
hash and is 2-4x faster than md5 or sha1.
The ELF linker option --package-metadata supports percent-encoded
and %[string] encoded JSON payloads.
* Disassembler:
The RISC-V disassembler now supports -M,max option like QEMU to
dump instruction without checking architecture support as usual.
* GprofNG:
Support added for hardware event counters for Neoverse-N1,
Ampere-1, and Appliedmicro processors.
Detailed release notes [1]
[1] https://lists.gnu.org/archive/html/info-gnu/2025-02/msg00001.html
(From OE-Core rev: df3c43e69542939a4bec3893f1e927edf2ad7179)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recipes are much more readable with whitespace around the assignment operators.
Fix various assignments in OE-Core to show this is definitely the preferred
formatting.
(From OE-Core rev: 30ea609d3357fb3de911f2f6a5e6856c151b976a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, providers are set on a global config basis. This change allows
for a select set of providers to be configured using BB_RECIPE_VIRTUAL_PROVIDERS
on a per recipe basis. This would allow for the selection of virtual/cross-cc
as gcc or clang for example.
The PROVIDERS are removed from the recipes so that if a version of the
dependency accidentally slips through, the build will fail and the user
can correct the issue.
(From OE-Core rev: 6eeab1a5d7f23917b94c130e417d59afb757b546)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The idea of the base class dependency is to say "yes, I need a C cross compiler"
and this was never meant to be gcc specific. Looking at the codebase, whilst we
code triplets into this, it does overcomplicate things as there are only ever
limited, "target", "sdk" and the class extended versions like mutlilib.
After much thought, we can simplify this to virtual/cross-cc and virtual/nativesdk-cross-cc.
This lets us remove the "gcc" specific element as well as removing the over
complicated triplet usage.
At the same time, change the much less widely used "g++" variant to "c++" for
similar reasons and remove the triplet from virtual/XXX-binutils too.
Backwards compatibility mappings could be left but are just going to confuse
things in future so we'll just require users to update.
This simplification, whilst disruptive for any toolchain focused layers, will
make improved toolchain selection in the future much easier.
Since we no longer have overlapping variables, some code for that can just
be removed. The class extension code does need to start remapping some variables
but not the crosssdk target recipe names.
This patch is in two pieces, this one handles the renaming with the functional
changes separate in a second for easier review even if this breaks bisection.
(From OE-Core rev: 4ccc3bc8266c327bcc18c9a3faf7536210dfb9f0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.
Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
(From OE-Core rev: 7c9a9020d1e9204ba875ac10b20ab7ccabce82bc)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commit on binutils-2.43.1 stable branch are updated.
b82e2250574 Automatic date update in version.in
280374309b1 PR32300, --dependency-file: link dependencies are not all collected
263e116833e s390: Add arch15 instructions
645da6d426e s390: Relax risbg[n]z, risb{h|l}gz, {rns|ros|rxs}bgt operand constraints
7f7047a9c6c s390: Simplify (dis)assembly of insn operands with const bits
e7592364504 s390: Align opcodes to lower-case
d6ab1d2efdc s390: Document syntax to omit base register operand
c40337b1784 LoongArch: Add elfNN_loongarch_mkobject to initialize LoongArch tdata
95ed7cf1be2 segv in bfd_elf_get_str_section
0a71d78f6a6 ld: Don't explicitly add .note.gnu.build-id in elf.sc
ad2ce1e6457 x86: Turn PLT32 to PC32 only for PC-relative relocations
238493e7f09 x86-64: Disable PIE on PR gas/32189 test
68d5dbd315d x86-64: Never make R_X86_64_GOT64 section relative
d77d08180d1 x86/APX: Don't promote AVX/AVX2 instructions out of APX spec
f307db3d8b7 bfd: Pass true to ld_plugin_object_p
cd3e2b58f2c PR32109, aborting at bfd/bfd.c:1236 in int _bfd_doprnt
2d37b890e56 lto: Add a test for PR ld/32083
d16a1893c44 ld: Add an LTO test for common symbol override
e4cfe6dab3e Re-enable development changes on the 2_43 branch
Testing was done and there were no regressions found
(From OE-Core rev: 4950a2d67a85b3f4a643a46fdc54d348abce5ed6)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use SOLIBSDEV in FILES to fix nativesdk-binutils packaging on mingw
builds.
(From OE-Core rev: cba58ab2f380252f231fc78944499ade65e32223)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In SDK, missing perl modules causes 'x86_64-pokysdk-linux-gp-display-html --help' to abort with below errors..
- Can't locate bignum.pm in @INC (you may need to install the feature module).
- Can't locate Math/BigInt.pm in @INC (you may need to install the Math::BigInt module)
By adding the following perl modules to RDEPENDS fixes the above errors:
nativesdk-perl-module-bignum
nativesdk-perl-module-bigint
nativesdk-perl-module-math-bigint
(From OE-Core rev: 05f1099acbbb10b6ce33ea117d313749f7dc4a47)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reword so that it does not have to be updated with
every new major release of binutils
(From OE-Core rev: 679a12c21407ce32d0835e0fec6e5099f227b30b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on binutils-2.42 stable branch are updated.
29ae8b8ea71 x86-64: Skip -z mark-plt tests on MUSL
92cc764e58f hppa: Fix handling of relocations that apply to data
c439c1e1f56 elf: Add glibc version dependency only if needed
68ae8e2a849 ld: pass -g for ld-elf tests
a1e3cb45c67 aarch64: Enable +cssc for armv8.9-a
(From OE-Core rev: f857a88f7b3c3e50d0c3135bc461beae8ebf5e5c)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This recipe needs to be renamed because the "-cross-" substring in the
name triggers the cross architecture detection in sstate, but this
recipe is not actually a cross recipe.
(From OE-Core rev: 812c114a8a872ad59b19c7ffb8c1f230fc64c823)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Code backported from binutils development tree.
aarch64: Remove asserts from operand qualifier decoders [PR31595]
Given that the disassembler should never abort when decoding
(potentially random) data, assertion statements in the
`get_*reg_qualifier_from_value' function family prove problematic.
...
(From OE-Core rev: 00f3d8495a1d8fe44336b53c5a9d9a5f8a8d5664)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The diff hunks were not doing anything important, just remove them.
(From OE-Core rev: 06003911df37d41b6d04946571a9c1fbe41a6414)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on binutils-2.41 stable branch are updated.
eb49941e7e1 Gold/MIPS: Add targ_extra_size=64 for mips32 triples
c27eff41737 Gold/MIPS: Use EM_MIPS instead of EM_MIPS_RS3_LE for little endian
7fe76f02413 x86-64: fix suffix-less PUSH of symbol address
(From OE-Core rev: 580119844fd93eb7bbc778722a6117a31b7c1591)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise this can be used from the host leading to output determinism issues
where the output may have zero length files for man pages without it.
Limit it to target only since we don't need this for native/cross.
(From OE-Core rev: 77f615fd49efe4b38db030c602eff709e3bc0f14)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In some cases we need to pass the linker arguments to the linker, particularly when
the default in LD differs to that which gcc and our compiler flags are using (mips
defaults to 32 bit). Ensure these are passed in.
(From OE-Core rev: 0243af31f404f0b9187cebef192e626e290ead49)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit f72fd51e0d (binutils: package static libs from gprofng) added
corresponding FILES:${PN}-staticdev entry to the main .bb recipe.
But binutils-cross-canadian fails with exactly the same QA issue,
hence move FILES:${PN}-staticdev to the common shared .inc file.
(From OE-Core rev: 75beddd33e132333c36ad067e2cf90edffeb5bf5)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a patch from upstream to fix CVE-2023-1972.
(From OE-Core rev: 10d63933e3a30bfac2f6cec896460c22e04baadd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* fixes:
ERROR: binutils-2.40-r0 do_package: QA Issue: binutils: Files/directories were installed but not shipped in any package:
/usr/lib/gprofng/libgp-collectorAPI.a
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
binutils: 1 installed and not shipped files. [installed-vs-shipped]
(From OE-Core rev: ab6ae4b715143364288ba164f8ab5c3cd7f486ae)
(From OE-Core rev: f72fd51e0da100e7ed90992225688bf43e2a69b6)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- Rebase existing patches
- Drop 0014-configure-remove-dependencies-on-gmp-and-mpfr-when-g.patch
which is already in
- Correct packaging path to libgprofng.so
- Below commits on binutils-2.40 stable branch are updated.
4671be001eb Updated Hungarian translation for the gprof directory
ded035f913e lto: Don't add indirect symbols for versioned aliases in IR
74cb2ddeabc gas: arm: Change warning message to not reference specific A-class architecture revision
570b9c09bbf gas: arm: Fix a further IT-predicated vcvt issue in the presense of MVE vcvtn
bddd62e188c libctf: get the offsets of fields of unnamed structs/unions right
7aa47eafcce libctf: fix assertion failure with no system qsort_r
165accf0752 coff_get_normalized_symtab bfd_release
af35798e957 PR30217, dynamic relocations using local dynamic symbols
18bb604f1e1 PR30198, Assertion and segfault when linking x86_64 elf and coff
34a2b4a0e21 PR30155, ld segfault in _bfd_nearby_section
3d0046f39aa PR30046, power cmpi leads to unknown architecture
5c87fb1d59b ppc32 and "LOAD segment with RWX permissions"
11f5c1ebf14 Updated Serbian translations for gold, gprof and opcodes sub-directories
38e455b1d9a Updated translations for the bfd and gprof directories.
b2bc62b7b4e gas: correct symbol name comparison in .startof./.sizeof. handling
17294931e3e configure: remove dependencies on gmp and mpfr when gdb is disabled
1fc096a4c59 Regen config files
e1815414077 Pass $JANSSON_LIBS and $ZSTD_LIBS to ld-bootstrap/bootrap.exp
3e888977f16 bpf: fix error conversion from long unsigned int to unsigned int [-Werror=overflow]
65dbb942145 Updated Swedish translation for the binutils sub-directory
27f59ec47a1 RISC-V: make C-extension JAL available again for (32-bit) assembly
edd36b26f35 gprofng: PR30043 libgprofng.so.* are installed to a wrong location
c6e269febbc gprofng: PR29521 [docs] man pages are not in the release tarball
bcea253f5fa toplevel: Makefile.def: add install-strip dependency on libsframe
(From OE-Core rev: 5d7389770af6613af4ca8a2d30cc79d494a91075)
(From OE-Core rev: dcaf5192599b9474901ab73b66c330a401623fc1)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recommendation from server maintainers is that the https protocol
is both faster and more reliable than the dedicated git protocol at this point.
Switch to it where possible.
(From OE-Core rev: 139102a73d4151f4748b4a861bd4ab28dda7dab7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is little point in having "crosssdk" suffex added to the virtual provider within
gcc/go since the TARGET_PREFIX or SDK_PREFIX already encapsulates this. Remove it
allowing some of the special case overriding to be removed.
This also allows removal of some of the MLPREFIX usage since again, the triplet
also covers this.
(From OE-Core rev: fe0206ba482d209b24e636d578aa68ba5e67ba1b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is little point in having "crosssdk" suffex added to the virtual provider within
binutils since the TARGET_PREFIX or SDK_PREFIX already encapsulates this. Remove it
allowing some of the special case overriding to be removed.
(From OE-Core rev: 6856fc5c848cc2564bebe03a007ef109f46d0adb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use DT_RUNPATH over DT_RPATH. If DT_RUNPATH is present, LD_LIBRARY_PATH is searched before
DT_RUNPATH, Search order is DT_RPATH then LD_LIBRARY_PATH then
DT_RUNPATH, this order ensures that injecting
malicious shared objects is way harder with DT_RUNPATH.
This is now default on major linux distributions already
(From OE-Core rev: 66f8a745668a067d8d763fa2af3e65f26c9c1ebe)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
(From OE-Core rev: ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
