gcc stable version upgraded from v11.4 to v11.5
Dropped CVE-2023-4039.patch and 0001-aarch64-Update-Neoverse-N2-core-defini.patch
because its been taken to gcc-11.5 with below commits 75c37e0314 and 50d9db203bc
For changes in v11.5 see: https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.5:
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=444046&resolution=FIXED&target_milestone=11.5
There are a total 164 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Assignee▲ Summary
112672 gcc target ubizjak [14 Regression] wrong code with __builtin_parityl() at -O and above on x86_64
111736 gcc sanitize unassigned Address sanitizer is not compatible with named address spaces
80899 gcc ipa hubicka [11/12/13/14 Regression] Devirtualization causes incorrect code generation with placement new in some cases
105301 gcc c++ iains [11 Regression] ICE: tree check: expected tree that contains 'decl minimal' structure, have 'overload' in coro_promise_type_found_p, at cp/coroutines.cc:516
110027 gcc middle-e jakub [11 regression] Stack objects with extended alignments (vectors etc) misaligned on detect_stack_use_after_return
110079 gcc rtl-opti jakub [11 Regression] ICE with -freorder-blocks-and-partition and inline-asm goto
110731 gcc tree-opt jakub [11/12 Regression] Wrong-code because of wide-int division since r5-424
111015 gcc tree-opt jakub [11/12/13/14 Regression] __int128 bitfields optimized incorrectly to the 64 bit operations
112727 gcc sanitize jakub [11/12/13 Regression] UBSAN creates GIMPLE path with uninitialized variable
113674 gcc c++ jakub [11 Regression] [[____attr____]] causes internal compiler error: in decl_attributes, at attribs.cc:776
114310 gcc target jakub [11 Regression] [aarch64] __sync_val_compare_and_swap fails on __int128_t with newval = 0
114493 gcc c jakub [11 Regression] internal compiler error: in fld_incomplete_type_of with may_alias
114566 gcc tree-opt jakub [11 Regression] Misaligned vmovaps when compiling with stack-protector-strong for znver4
114634 gcc c++ jakub [11 Regression] Crash Issue Encountered in GCC Compilation of Template Code with Aligned Attribute since r9-1745
114691 gcc c++ jakub [11 Regression] Bogus ignoring loop annotation warning
114825 gcc fortran Jakub [11 Regression] Compiler error using gfortran and OpenMP since r5-1190
114876 gcc tree-opt jakub [11 Regression] -fprintf-return-value mishandles %lc with a '\0' argument.
114956 gcc sanitize jakub [11 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
106890 gcc c++ jason [11 Regression] virtual inheritance triggers compiler error when instatiating derived class with in-class initialization since r8-2709-g12659e10c7820071
111529 gcc c++ jason [11/12/13 Regression] ICE on bool conversion in an unrolled loop condition inside template lambda nested in another template scope
113598 gcc c++ jason [11/12/13 Regression] GCC internal compiler error since r0-124275
114561 gcc c++ jason [11/12 Regression] Comma operator with forwarding reference to pointer raises invalid lvalue required error since r10-7410
114562 gcc c++ jason [11/12 Regression] ICE when trying to bind rvalue reference to lvalue with comma operator and forwarding reference to pointer since r10-7410
115565 gcc rtl-opti macro [11/12/13/14/15 Regression] CSE: Comparison incorrectly evaluated as constant causing optimization to produce wrong code
109876 gcc c++ mpolacek [11/12 Regression] initializer_list not usable in constant expressions in a template
110106 gcc c++ mpolacek [11/12 Regression] ICE on noexcept(noexcept(...)) with optional
89224 gcc c++ pinskia [11/12/13/14/15 Regression] subscript of const vector has the wrong type
110386 gcc tree-opt pinskia [11/12 Regression] ICE with ABSU in backprop
111331 gcc tree-opt pinskia [11/12 Regression] Wrong code at -O1 on x86_64-linux-gnu since
108120 gcc target rearnsha [11/12 Regression] ICE: in extract_insn, at recog.cc:2791 (on ARM with -mfpu=neon -freciprocal-math -O3)
95048 gcc libstdc+ redi [11 Regression] wstring-constructor of std::filesystem::path throws for non-ASCII characters
104606 gcc libstdc+ redi [11 Regression] comparison operator resolution with std::optional and -std=c++20
90348 gcc middle-e rguenth [11 Regression] Partition of char arrays is incorrect in some cases
96881 gcc tree-opt rguenth [11 Regression] Clobbers on NULL vs. DCE since r8-1519
97990 gcc c++ rguenth [11 Regression] ICE: ‘verify_type’ failed with vector types and non-PODs since r6-5222-gba6a6a1d44c17f25
103006 gcc middle-e rguenth [12/13/14/15 Regression] wrong code at -O1 or -O2 on x86_64-linux-gnu by r7-7101
110176 gcc tree-opt rguenth [11 Regression] wrong code at -Os and above on x86_64-linux-gnu since r11-2446
110295 gcc c++ rguenth [11 Regression] ICE in dwarf2out_finish with local class with inherited operator delete in a templated function and -g
110298 gcc tree-opt rguenth [11 Regression] ICE at -Os on x86_64-linux-gnu since r10-840
111039 gcc tree-opt rguenth [11 Regression] Unable to coalesce ssa_names
111080 gcc debug rguenth [11 Regression] restrict qualifier causes extra debug info to happen
111472 gcc tree-opt rguenth [11 Regression] Wrong code at -Os on x86_64-linux-gnu since r11-4563-gd0d8b5d836
111614 gcc tree-opt rguenth [11 Regression] ICE at -O2: verify_gimple failed since r14-2282-gf703d2fd3f0
111764 gcc tree-opt rguenth [11 Regression] Wrong code at -O3 on x86_64-linux-gnu
111818 gcc middle-e rguenth [11 Regression] ICE with __builtin_memcpy with volatile and constants
111917 gcc tree-opt rguenth [11 Regression] ICE in as_a, at is-a.h:255 since GCC-7
112495 gcc tree-opt rguenth [11 Regression] ICE: verify_gimple failed (after vectorizer) with named address space (__seg_gs )
112505 gcc tree-opt rguenth [11 Regression] internal compiler error: in build_vector_from_val, at tree.cc:2104 since r10-4076
112718 gcc debug rguenth [11 Regression] ICE: in add_dwarf_attr, at dwarf2out.cc:4501 with -g -fdebug-types-section -flto -ffat-lto-objects
112793 gcc tree-opt rguenth [11 regression] ICE when building stellarium (internal compiler error: in vect_schedule_slp_node, at tree-vect-slp.cc:9062)
114027 gcc tree-opt rguenth [11 Regression] miscompile at `-O3 -fno-vect-cost-model -msse4.2`
114734 gcc target rguenth [11 regression] RISC-V rv64gcv_zvl256b miscompile with -flto -O3 -mrvv-vector-bits=zvl since r8-6047-g65dd1346027bb5
108086 gcc rtl-opti rsandifo [11 Regression] internal compiler error: in set_accesses, at rtl-ssa/internals.inl:449
113281 gcc tree-opt rsandifo [11 Regression] Latent wrong code due to vectorization of shift reduction and missing promotions since r9-1590
113552 gcc tree-opt tnfchris [11/12/13 Regression] vectorizer generates calls to vector math routines with 1 simd lane.
29256 gcc target unassigned [11/12/13/14 regression] loop performance regression
82446 gcc tree-opt unassigned [11/12/13/14 Regression] Missed equalities in dr_group_sort_cmp
93631 gcc c unassigned [11/12/13/14 Regression] ICE on an invalid strcmp call in gimple_call_arg, at gimple.h:3258
93930 gcc target unassigned [11/12/13/14 Regression] Unnecessary broadcast instructions for AVX512
94335 gcc tree-opt unassigned [11/12/13/14 Regression] False positive -Wstringop-overflow warning with -O2
97140 gcc target unassigned [11/12/13/14 Regression] ICE in error: unable to generate reloads for since r10-400-gecfdb16c54ad06ac
100623 gcc target unassigned [11 Regression] wrong code with -Os -fno-dce -fno-defer-pop -fno-forward-propagate -flive-range-shrinkage -fno-rerun-cse-after-loop -mno-push-args since r10-7515-g2c0fa3ecf70d199a
100667 gcc libstdc+ unassigned [11/12 Regression] std::tuple<A&&> cannot be constructed from A&&, if A not defined (only forward declared)
103497 gcc c++ unassigned [11/12/13/14 Regression] ICE when decltype(auto)... as parameters
105034 gcc target unassigned [11/12/13/14 regression]Suboptimal codegen for min/max with -Os
107057 gcc rtl-opti unassigned [11/12 Regression] ICE in extract_constrain_insn, at recog.cc:2692
109800 gcc target acoplan [11 Regression] arm: ICE (segfault) loading double with -mpure-code -mbig-endian
110288 gcc fortran anlauf [11/12/13/14] Regression: segfault in findloc with allocatable array of allocatable characters
110585 gcc fortran anlauf ICE in gfc_compare_expr for findloc with complex literal array
110658 gcc fortran anlauf MINVAL/MAXVAL and deferred-length character arrays
115611 gcc target avieira mve: vsetq_lane for 64-bits has wrong codegen when setting lane 1
113893 gcc ada ebotcazou finalization of object allocated by anonymous access type designating local type
111050 gcc libstdc+ fdumont [11/12/13/14 Regression] ABI break in _Hash_node_value_base since GCC 11
110624 gcc target iains Xcode 15 ld warns about -macosx_version_min
114171 gcc d ibuclaw [13/14 Regression] gdc -O2 -mavx generates misaligned vmovdqa instruction
108789 gcc middle-e jakub __builtin_(add|mul|sub)_overflow methods generate duplicate operations if both operands are const which in turn causes wrong code due to overlapping arguments
110115 gcc middle-e jakub [11 Regression] Wrong code at -O1 on x86_64-linux-gnu
110914 gcc tree-opt jakub [11/12/13/14 Regression] Optimization eliminating necessary assignment before 0-byte memcpy since r10-5451
111422 gcc middle-e jakub Wrong code at -O3 on x86_64-linux-gnu
112816 gcc target jakub [11/12 Regression] ICE unrecognizable_insn with __builtin_signbit and returning struct with int[4]
113122 gcc target jakub Assembler messages: Error: operand type mismatch for `movabs' / bad expression / invalid use of register with -fprofile -mcmodel=large -masm=intel
113192 gcc libgomp jakub [11 Regression] ERROR: couldn't execute "../../../gcc/libgomp/testsuite/flock": no such file or directory
113262 gcc c jakub [11 Regression] ICE when using [[gnu::copy("")]] attribute
114533 gcc libquadm jakub libquadmath: printf: fix misaligned access on args
114537 gcc c++ jakub bit_cast does not work NSDMI of bitfields
114572 gcc c++ jakub [OpenMP] "internal compiler error: in assign_temp" with assignment operator and lastprivate clause
115172 gcc sanitize jakub Invalid -fsanitize=bool sanitization of variable from named address space
115440 gcc driver jakub unrecognized command-line option '--c++17'; did you mean '--stdc++17'?
110422 gcc tree-opt jamborm asm goto vs SRA
92145 gcc c++ jason -Wdeprecated-copy false-positive when inheriting base assignment operators
92407 gcc c++ jason Destruction of objects returned from functions skipped by goto
103185 gcc c++ jason [11/12/13 Regression] ind[arr] is rejected when arr is an array prvalue
106310 gcc c++ jason [11 Regression] lookup after this-> seems wrong for dependent lookup since r12-6754-g30f2c22def739211
111357 gcc c++ jason [11/12/13/14 Regression] __integer_pack fails to work with values of dependent type convertible to integers in noexcept context
114130 gcc target kito [11 Regression] RISC-V: `__atomic_compare_exchange` does not use sign-extended value for RV64
113250 gcc libstdc+ kmatsui std::filesystem::equivalent("", "/") should throw
115457 gcc target ktkachov AArch64 should define __ARM_FEATURE_BF16
115475 gcc target ktkachov AArch64 should define __ARM_FEATURE_SVE_BF16 when appropriate
88309 gcc target linkw [11/12/13/14 Regression] ICE: Floating point exception (in is_miss_rate_acceptable), target assigning alignent of 4 bits(!) to vector
104259 gcc libstdc+ marxin libstdc++ fails for epiphany-elf
109822 gcc libstdc+ mkretz Converting std::experimental::simd masks yields an error
59465 gcc c++ mpolacek [11/12/13 Regression] g++ allows direct-initialization of an array of class type from another array in a mem-initializer
100557 gcc c++ mpolacek [11/12/13/14 Regression] Internal compiler error: Error reporting routines re-entered.
115642 gcc c mpolacek [11/12/13/14/15 Regression] internal compiler error: tree check: expected class 'type', have 'exceptional' (error_mark) in c_expr_sizeof_expr
95351 gcc middle-e pinskia [11/12 Regression] Comparison with NAN optimizes incorrectly with -ffast-math disabled
111699 gcc middle-e pinskia [11/12/13 Regression] ICE: SIGSEGV: infinite recursion in fold_build3_loc/fold_ternary_loc/generic_simplify_VEC_COND_EXPR
109761 gcc c++ ppalka [11/12 Regression] Nested class destructor's noexcept specification incorrectly considered as too loose compared to the outer class
111485 gcc c++ ppalka [11/12 Regression] Constraint mismatch on template template parameter
113175 gcc testsuit ppalka [11/12/13/14 Regression] testsuite/std/ranges/iota/max_size_type.cc 5x times slower
111407 gcc tree-opt qinzhao [11/12/13 Regression] ICE: SSA corruption due to widening_mul opt on conflict across an abnormal edge
99327 gcc libstdc+ redi ENOTSUP macro does not exist on djgpp crt
104161 gcc libstdc+ red Potential Security Vulnerability: remove_all and symbolic link
105178 gcc libstdc+ redi [11 Regression] g++ incorrectly reports invalid use of incomplete type
108178 gcc libstdc+ redi Filesystem::copy_file can't copy from /proc on Linux machines
112491 gcc libstdc+ redi std::deque<T,Allocator>::size xmethod output is wrong
114147 gcc libstdc+ redi [11 Regression] tuple allocator-extended constructor requires non-explicit default constructor
114401 gcc libstdc+ redi libstdc++ allocator destructor omitted when reinserting node_handle into tree- and hashtable-based containers
96109 gcc testsuit rguenth [11 Regression] gcc.dg/vect/slp-47.c etc. FAIL
110182 gcc tree-opt rguenth [11 Regression] Vector(2) cast from double to float and back and subtraction seems to produce incorrect results
110200 gcc middle-e rguenth genmatch generating questionable code with convert and !
98237 gcc ipa ro gcc-dg-lto-modref-3-01.exe etc. FAIL when LTO plugin is not enabled
97696 gcc sanitize rsandifo ICE since ASAN_MARK does not handle poly_int sized varibales
100303 gcc debug rsandifo [11 Regression] -fcompare-debug failure (length) with -O -fno-dce -ftracer
111340 gcc target ubizjak gcc.dg/bitint-12.c fails on x86_64-apple-darwin or fails on x86_64-linux-gnu with -fPIE
115297 gcc rtl-opti ubizjak [14/15 regression] alpha: ICE in simplify_subreg, at simplify-rtx.cc:7554 with -O1
115836 gcc middle-e ubizjak ICE when building Firefox with-march=pentium-mmx -mtune=pentium-m
91085 gcc other unassigned [11 only] fixincludes breaks <bits/statx.h>
103183 gcc c++ unassigned [11/12/13/14 Regression] ind[arr] produces an lvalue when arr is an array xvalue
105417 gcc libstdc+ unassigned [11 Regression] powerpc64le-linux abilist changes based on --with-long-double-format=
110309 gcc target unassigned Wrong code for masked load expansion
111922 gcc ipa unassigned [11/12/13/14 Regression] ICE in cp with -O2 -fno-tree-fre
112823 gcc other unassigned [11 only] -Wincompatible-pointer-types errors in libiberty/simple-object-mach-o.c (missing backport for gcc-11)
112891 gcc target unassigned [11/12/13/14 Regression] Missing vzeroupper insert
114049 gcc target unassigned gcc.dg/framework-1.c FAILs with Xcode 15.3 beta 3
114098 gcc target unassigned _tile_loadconfig doesn't work
114521 gcc target unassigned [11 only] aarch64: wrong code with Neon ld1/st1x4 intrinsics gcc-11 and earlier
115261 gcc rtl-opti unassigned [11/12/13/14/15 regression] FAIL: gcc.target/s390/vector/vec-abi-vararg-1.c
115269 gcc libstdc+ unassigned Hardcoded links in 14.1 docs to pages from release 4.3.2
115870 gcc tree-opt unassigned Inlining of different template instances wrongly produces infinite loop
103715 gcc fortran anlauf [11/12/13/14 Regression] ICE in gfc_find_gsymbol, at fortran/symbol.c:4301 since r9-3803-ga5fbc2f36a291cbe
111837 gcc fortran anlauf [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
114474 gcc fortran anlauf [11/12/13/14 Regression] DATA statement with derived type, pointer component rejected
113979 gcc ada ebotcazou [11/12/13/14 regression] bogus error on allocator for array type with Dynamic_Predicate
103506 gcc fortran jvdelisle [11 Regression] ICE in gfc_free_namespace, at fortran/symbol.c:4039 since r10-2798-ge68a35ae4a65d2b3
107397 gcc fortran jvdelisle [11/12 Regression] ICE in gfc_arith_plus, at fortran/arith.cc:654
91035 gcc target krebbel [11/12/13/14 Regression] gotools fails to build on s390x-linux-gnu
84006 gcc fortran pault [11/12 Regression] ICE in storage_size() with CLASS entity
89462 gcc fortran pault [11/12/13 Regression] gfortran loops in code generation
93678 gcc fortran pault [11/12/13 Regression] ICE with TRANSFER and typebound procedures
103312 gcc fortran pault [11/12 Regression] ICE in gfc_find_component since r9-1098-g3cf89a7b992d483e
103368 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15668 since r12-4464-g017665f63047ce47
103716 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15964 since r9-3803-ga5fbc2f36a291cbe
106999 gcc fortran pault [11/12/13 Regression] ICE tree check: expected record_type or union_type or qual_union_type, have function_type in gfc_class_data_get, at fortran/trans-expr.cc:233
71703 gcc fortran unassigned [11 Regression] [OOP] ICE in wide_int_to_tree, at tree.c:1488
89925 gcc fortran unassigned [11 Regression] Wrong array bounds from ALLOCATE with SOURCE or MOLD
99183 gcc fortran unassigned [11 Regression] Incompatible Runtime types
99757 gcc c++ unassigned [11/12/13/14 Regression] ICE: in cp_finish_decl, at cp/decl.c:7736
104391 gcc fortran unassigned [11 Regression] bind(C) and allocatable or pointer attribute don't work
104908 gcc fortran unassigned [11/12/13/14 Regression] incorrect Fortran out-of-bound runtime error.
113179 gcc middle-e unassigned [11/12/13/14/15 Regression] MIPS: INS is used for long long, before SLL
80774 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in gfc_conv_descriptor_data_get, at fortran/trans-array.c
82904 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in make_ssa_name_fn, at tree-ssanames.c:261
111880 gcc fortran anlauf [11/12/13/14] False positive warning of obsolescent COMMON block with Fortran submodule
61527 gcc fortran unassigned [11/12/13/14 Regression] [OOP] class/extends, multiple generic assignment, accept invalid
(From OE-Core rev: 7806e21e7d47fd010872a3967e51bcacdae3a76b)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The presence or lack of nroff on the host was changing the doc type. Stop
the code from looking at host paths outside HOSTTOOLS and hence cause the
doc type to be deterministic and reproducible.
(From OE-Core rev: 88630352d6d1cfee06787fa84b73ca8ad335cb08)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 918e2b266eba6779f19f65349f85caa880ba45e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The presence or lack of nroff on the host was changing the doc type. Set it
explicitly to be deterministic and reproducible.
(From OE-Core rev: dd857d2519fd4f38c67a6fa0087f72798166467a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream commits:
bd385a52982eb42a728d7e1110664e83930780327ead946998
(From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack
via improper synchronization during socket closure when a client keeps a socket open as the server
is taken offline.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-7409
Upstream Patches:
fb1c2aaa98c8a76dbd90b9b72cb3ce3e7ef738c8
(From OE-Core rev: d84ab04dc66cb83638f96fcd2f4c67e67489c410)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport PACKAGECONFIG[editline] from Scarthgap to Kirkstone
because libedit has feature parity with readline but is more
permissively licensed (BSD verses GPLv3). This patch provides
means of enabling editline in a distribution without GPLv3 and
in this case improves Python REPL keyboard support.
(From OE-Core rev: 12dc7d2081a1aaec90ffb3ed6718d757ce14b5ab)
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This package can be built using pep517 classes now.
(From OE-Core rev: 6c1000a2bbfe5e618e42bc5be2058332337d4177)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a32fa3e64d1daf5846c29403e9f258aea42212d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized
root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root
certificates from `GLOBALTRUST` from the root store. These are in the
process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root
certificates are being removed pursuant to an investigation which
identified "long-running and unresolved compliance issues."Certifi is a
curated collection of Root Certificates for validating the trustworthiness
of SSL certificates while verifying the identity of TLS hosts. Certifi
starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates
from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from
`GLOBALTRUST` from the root store. These are in the process of being removed
from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being
removed pursuant to an investigation which identified "long-running and
unresolved compliance issues."
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-39689
Upstream-patch:
bd8153872e
(From OE-Core rev: 96c1e12dc6cb4c321a09a6ddcc4c9f27c30b4564)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The archive/zip package's handling of certain types of invalid zip files
differs from the behavior of most zip implementations. This misalignment
could be exploited to create an zip file with contents that vary depending
on the implementation reading the file. The archive/zip package now rejects
files containing these errors.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-24789
Upstream-patch:
c8e40338cf
(From OE-Core rev: f198fdc392c6e3b99431383ab6577749e83f1cb3)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Debian 12 no longer supports replacing dash with bash as default shell.
Therefore to achieve compatibility with Debian 12, all bashisms need
to be removed.
Shell comparison via == gives an error with dash and thus the condition
is always false.
(From OE-Core rev: 3723b26f82219ff71823335d550dbf29086d63d4)
(From OE-Core rev: c6cafd2aa50357c80fbab79741d575ff567c5766)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Switch to use flit core since upstream changed.
They also changed the capitalisation under pypi.
The license didn't change but the file was renamed, probably as it wasn't
rst.
(From OE-Core rev: 58ee84c274b0c93902aad5d4f434daec5da55134)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e352680528b18c3cdae26233bef7cddc2771d42d)
Upgrade fixes CVE-2024-34064
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A buffer-overread issue was discovered in StringIO 3.0.1, as
distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through
3.1.4. The ungetbyte and ungetc methods on a StringIO can
read past the end of a string, and a subsequent call to
StringIO.gets may return the memory value. 3.0.3 is the main
fixed version; however, for Ruby 3.0 users, a fixed version
is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version
is stringio 3.0.1.2.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27280
(From OE-Core rev: 729310d17310dff955c51811ff3339fdbc017b95)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-32002:
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be
crafted in a way that exploits a bug in Git whereby it can be fooled into
writing files not into the submodule's worktree but into a `.git/` directory.
This allows writing a hook that will be executed while the clone operation
is still running, giving the user no opportunity to inspect the code that is
being executed. The problem has been patched in versions 2.45.1, 2.44.1,
2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is
disabled in Git (e.g. via `git config --global core.symlinks false`), the
described attack won't work. As always, it is best to avoid cloning
repositories from untrusted sources.
CVE-2024-32004:
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository
in such a way that, when cloned, will execute arbitrary code during the
operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories
from untrusted sources.
CVE-2024-32020:
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files
into the target repository's object database when source and target repository
reside on the same disk. If the source repository is owned by a different user,
then those hardlinked files may be rewritten at any point in time by the
untrusted user. Cloning local repositories will cause Git to either copy or
hardlink files of the source repository into the target repository. This
significantly speeds up such local clones compared to doing a "proper" clone and
saves both disk space and compute time. When cloning a repository located on the
same disk that is owned by a different user than the current user we also end up
creating such hardlinks. These files will continue to be owned and controlled by
the potentially-untrusted user and can be rewritten by them at will in the
future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2,
2.41.1, 2.40.2, and 2.39.4.
CVE-2024-32021:
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4,
2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that
contains symlinks via the filesystem, Git may create hardlinks to arbitrary
user-readable files on the same filesystem as the target repository in the
`objects/` directory. Cloning a local repository over the filesystem may
creating hardlinks to arbitrary user-owned files on the same filesystem in the
target Git repository's `objects/` directory. When cloning a repository over the
filesystem (without explicitly specifying the `file://` protocol or `--no-local`),
the optimizations for local cloning will be used, which include attempting to
hard link the object files instead of copying them. While the code includes checks
against symbolic links in the source repository, which were added during the fix
for CVE-2022-39253, these checks can still be raced because the hard link
operation ultimately follows symlinks. If the object on the filesystem appears as
a file during the check, and then a symlink during the operation, this will allow
the adversary to bypass the check and create hardlinks in the destination objects
directory to arbitrary, user-readable files. The problem has been patched in
versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
CVE-2024-32465:
Git is a revision control system. The Git project recommends to avoid working in
untrusted repositories, and instead to clone it first with `git clone --no-local`
to obtain a clean copy. Git has specific protections to make that a safe
operation even with an untrusted source repository, but vulnerabilities allow
those protections to be bypassed. In the context of cloning local repositories
owned by other users, this vulnerability has been covered in CVE-2024-32004. But
there are circumstances where the fixes for CVE-2024-32004 are not enough: For
example, when obtaining a `.zip` file containing a full copy of a Git repository,
it should not be trusted by default to be safe, as e.g. hooks could be configured
to run within the context of that repository. The problem has been patched in
versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a
workaround, avoid using Git in repositories that have been obtained via archives
from untrusted sources.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-32002https://nvd.nist.gov/vuln/detail/CVE-2024-32004https://nvd.nist.gov/vuln/detail/CVE-2024-32020https://nvd.nist.gov/vuln/detail/CVE-2024-32021https://nvd.nist.gov/vuln/detail/CVE-2024-32465
(From OE-Core rev: 209c41377abf6853455b00af3923f1b244a3766b)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2024-24576 only applies when invoking batch files (with the `bat` and `cmd` extensions) on Windows & No other platform or use is affected.
More details about CVE is here: https://nvd.nist.gov/vuln/detail/CVE-2024-24576
(From OE-Core rev: 44e0b6b028657d32de5971d6a42a88767ef8c710)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These test suites are full of timing-sensitive test cases, so skip
them too.
[ YOCTO #15321 ]
(From OE-Core rev: f94c74cee8b2650dd3211a49dc7e88bf60d2e6a7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd06c3668dbe9ec1cf9a0a84d7a6bc9851f9c662)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are several tests in the test suite which are very dependent on
timing and fail on a loaded host system, so skip them.
[ YOCTO #14825#14882#15081 ]
(From OE-Core rev: 161d336a6c57fddb36a0c4e8c2def84ce70128e3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 68beb4f4b5a0bea5d431decddf7656f18ac7a04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Some tests hardcode assumptions on locales, which may not be present in
musl systems e.g., therefore add a way to skip such tests using -skip
option.
Skip unixInit-3* test on musl
(From OE-Core rev: a70f9039259d7d38c5a3e50f7003d3228d1ab692)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fa66f1cee2d88c2276442e8b4aaeccde5490f9ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-47100 is a duplicate of CVE-2023-47038. They have the same
advertised fix commit, which has already been merged into the
perl_5.34.3 sources used in kirkstone.
(From OE-Core rev: 8df158f39f1eed1e3ae88ddf935c67e067b72525)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When using the gcc-sanitizers as part of the SDK on a Linux with a newer
kernel, the ASAN fails randomly. This was seen on Ubuntu 22.04.
This is also described at
https://stackoverflow.com/questions/77894856/possible-bug-in-gcc-sanitizers
Backport the fix from LLVM project, as gcc has not yet backported
anything for the 11 series.
(From OE-Core rev: 7af8e24d6c60a01e398b10a57939947fb156feec)
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
https://github.com/urllib3/urllib3/releases/tag/1.26.18
Major changes in python3-urllib3 1.26.18:
- Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (CVE-2023-45803)
(cherry picked from OE-Core rev: 74da05b63634c248910594456dae286947f33da5)
(From OE-Core rev: c473f32184ea0ab41f6eb4c8dcc1d7bb5fd7b16f)
Signed-off-by: Tan Wen Yan <wen.yan.tan@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
1. scsi-disk: allow MODE SELECT block descriptor to set the block size
Link: 356c4c441e
The MODE SELECT command can contain an optional block descriptor that can be used
to set the device block size. If the block descriptor is present then update the
block size on the SCSI device accordingly.
This allows CDROMs to be used with A/UX which requires a CDROM drive which is
capable of switching from a 2048 byte sector size to a 512 byte sector size.
2. scsi-disk: ensure block size is non-zero and changes limited to bits 8-15
Link: 55794c904d
The existing code assumes that the block size can be generated from p[1] << 8
in multiple places which ignores the top and bottom 8 bits. If the block size
is allowed to be set to an arbitrary value then this causes a mismatch
between the value written by the guest in the block descriptor and the value
subsequently read back using READ CAPACITY causing the guest to generate
requests that can crash QEMU.
For now restrict block size changes to bits 8-15 and also ignore requests to
set the block size to 0 which causes the SCSI emulation to crash in at least
one place with a divide by zero error.
3. Disallow block sizes smaller than 512 [CVE-2023-42467]
Link: 7cfcc79b0a
We are doing things like
nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if
the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes
with a division by 0 exception. Thus disallow block sizes of 256
bytes to avoid this situation.
(From OE-Core rev: e9af3d328db8a32c22bb0798fa8dbb749e3f607b)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake.
The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly
during do_compile the code. Due to this getting sporadic error like below,
fatal error: stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
As cmake already correctly initializes the variable from environment,
So we have to unset it in the toolchain file to avoid overwriting the
variable definition again.
(From OE-Core rev: 2b0b47fd0cafdb9de5025efda4140e11ea447afa)
Signed-off-by: aszh07 <mail2szahir@gmail.com>
Signed-off-by: Zahir Hussain <zahir.basha@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original CVE-2023-29406.patch is not complete, causing docker
failures at runtime, backport a complementary fix from golang upstream.
(From OE-Core rev: 973901530c98bc3f1b10d8bb89d55decf6848713)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-45285:
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable
via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
is not set for said module. This only affects users who are not using
the module proxy and are fetching modules directly (i.e. GOPROXY=off).
CVE-2023-45287:
Before Go 1.20, the RSA based TLS key exchanges used the math/big
library, which is not constant time. RSA blinding was applied to prevent
timing attacks, but analysis shows this may not have been fully effective.
In particular it appears as if the removal of PKCS#1 padding may leak
timing information, which in turn could be used to recover session key
bits. In Go 1.20, the crypto/tls library switched to a fully constant
time RSA implementation, which we do not believe exhibits any timing
side channels.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45285https://nvd.nist.gov/vuln/detail/CVE-2023-45287https://security-tracker.debian.org/tracker/CVE-2023-45285https://security-tracker.debian.org/tracker/CVE-2023-45287
(From OE-Core rev: 616857b9918e8d2e576239b3db2f9f077d1a7222)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Concept of gcc-source prevents cve-check to detect existing
CVE patch file.
So ignore this CVE in all recipes using gcc-source via this
include file.
(From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
