| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rebase patches.
(From OE-Core rev: 827c787893caa973c509acf7cac9e17fec5692a4)
(From OE-Core rev: 798009f46f2044aaa0bac753430cca1964677741)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS
vulnerability when it parses an XML that has many digits between &# and x...;
in a hex numeric character reference (&#x.... This does not happen with
Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby.
The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
CVE-2024-49761-0009.patch is the CVE fix and rest are dependent commits.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-49761
Upstream-patch:
https://github.com/ruby/rexml/commit/810d2285235d5501a0a124f300832e6e9515da3c
https://github.com/ruby/rexml/commit/83ca5c4b0f76cf7b307dd1be1dc934e1e8199863
https://github.com/ruby/rexml/commit/51217dbcc64ecc34aa70f126b103bedf07e153fc
https://github.com/ruby/rexml/commit/7e4049f6a68c99c4efec2df117057ee080680c9f
https://github.com/ruby/rexml/commit/fc6cad570b849692a28f26a963ceb58edc282bbc
https://github.com/ruby/rexml/commit/77128555476cb0db798e2912fb3a07d6411dc320
https://github.com/ruby/rexml/commit/370666e314816b57ecd5878e757224c3b6bc93f5
https://github.com/ruby/rexml/commit/a579730f25ec7443796495541ec57c071b91805d
https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
(From OE-Core rev: 5b453400e9dd878b81b1447d14b3f518809de17e)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling Parse on a "// +build" build tag line with deeply nested
expressions can cause a panic due to stack exhaustion.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-34158
Upstream-patch:
https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002
(From OE-Core rev: eb14e9722d023b4d1668c55ce4bc6ef02f8ce6c2)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling Decoder.Decode on a message which contains deeply nested structures can
cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-34156
Upstream-patch:
https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01
(From OE-Core rev: 3aeeee86a53cee14bb1a6a485f8781459b6f2ffc)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Calling any of the Parse functions on Go source code which contains
deeply nested literals can cause a panic due to stack exhaustion.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-34155
Upstream-patch:
https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb
(From OE-Core rev: 9d21d527e2448e202030ae7ad38c88e25943a2f3)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Handles CVE-2024-50602, CVE-2024-11168 and CVE-2024-9287.
(From OE-Core rev: 5a611fbbdb3e373d379f922ffc5606ff70279831)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Insufficient validation of filenames against control characters in
Apache Subversion repositories served via mod_dav_svn allows
authenticated users with commit access to commit a corrupted revision,
leading to disruption for users of the repository. All versions of
Subversion up to and including Subversion 1.14.4 are affected if serving
repositories via mod_dav_svn. Users are recommended to upgrade to
version 1.14.5, which fixes this issue. Repositories served via other
access methods are not affected.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-46901
Upstream patches:
https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
(From OE-Core rev: 2082038de00090e4b10a151068876f83c83f94c7)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requests is a HTTP library. Prior to 2.32.0, when making requests
through a Requests `Session`, if the first request is made with
`verify=False` to disable cert verification, all subsequent requests to
the same host will continue to ignore cert verification regardless of
changes to the value of `verify`. This behavior will continue for the
lifecycle of the connection in the connection pool. This vulnerability
is fixed in 2.32.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Upstream patches:
https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
(From OE-Core rev: 8bc8d316a6e8ac08b4eb2b9e2ec30b1f2309c31c)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A heap-based buffer overflow was found in the SDHCI device
emulation of QEMU. The bug is triggered when both
`s->data_count` and the size of `s->fifo_buffer` are set to
0x200, leading to an out-of-bound access. A malicious guest
could use this flaw to crash the QEMU process on the host,
resulting in a denial of service condition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-3447
Upstream patch:
https://gitlab.com/qemu-project/qemu/-/commit/2429cb7a9f460b544f4b07bcf02dbdedfc4dcb39
(From OE-Core rev: 01d7ac9244364b7f89cd2f99fff11c2417bcad03)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A double free vulnerability was found in QEMU virtio devices
(virtio-gpu, virtio-serial-bus, virtio-crypto), where the
mem_reentrancy_guard flag insufficiently protects against DMA
reentrancy issues. This issue could allow a malicious privileged
guest to crash the QEMU process on the host, resulting in a d
enial of service or allow arbitrary code execution within the
context of the QEMU process on the host.
CVE-2024-3446-0004, CVE-2024-3446-0005, CVE-2024-3446-0006
are CVE fix and CVE-2024-3446-0001, CVE-2024-3446-0002,
CVE-2024-3446-0003 are dependent commits to fix the CVE.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-3446
Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/9c86c97f12c060bf7484dd931f38634e166a81f0
https://gitlab.com/qemu-project/qemu/-/commit/f63192b0544af5d3e4d5edfd85ab520fcf671377
https://gitlab.com/qemu-project/qemu/-/commit/ec0504b989ca61e03636384d3602b7bf07ffe4da
https://gitlab.com/qemu-project/qemu/-/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132
https://gitlab.com/qemu-project/qemu/-/commit/b4295bff25f7b50de1d9cc94a9c6effd40056bca
https://gitlab.com/qemu-project/qemu/-/commit/f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc
(From OE-Core rev: db7e3a56656db0bc61ec2e35ccc149e9b90a389b)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch [3] as linked from [1] via [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-6505
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2295760
[3] https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb
(From OE-Core rev: 7e725e126689cc44055e27a05efafb7b52e89192)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
The CVE has disputed flag in NVD DB.
(From OE-Core rev: bd01091c33c1de6ae7e1605301e3f73350ee7e7e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to [1] which provided the fix link [2], but upstream author
reworked it later [3][4][5]
Backport and rebase all the patches for tracing
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-5569
[2] https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd
[3] https://github.com/jaraco/zipp/commit/3cb5609002263eb19f7b5efda82d96f1f57fe876
[4] https://github.com/jaraco/zipp/commit/f89b93f0370dd85d23d243e25dfc1f99f4d8de48
[5] https://github.com/jaraco/zipp/commit/cc61e6140f0dfde2ff372db932442cf6df890f09
(From OE-Core rev: 13bd99e17f0aca108839e81e9aa0b14351116fdf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13
This commit adds a backport patch to use subprocess module instead
(From OE-Core rev: 1a02cf1997216cb943d8965fe74f971a8cb2f70f)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When installing a package from a Mercurial VCS URL (ie "pip install
hg+...") with pip prior to v23.3, the specified Mercurial revision could
be used to inject arbitrary configuration options to the "hg clone" call
(ie "--config"). Controlling the Mercurial configuration can modify how
and which repository is installed. This vulnerability does not affect
users who aren't installing from Mercurial.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-5752
Upstream patches:
https://github.com/pypa/pip/pull/12306/commits/389cb799d0da9a840749fcd14878928467ed49b4
(From OE-Core rev: 862c0338fba06077a26c775b49f993eac63762c9)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster.
(From OE-Core rev: 13a2f43920c53f9f1bc5ec52eba9eb48da265ef6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
(From OE-Core rev: 89b64526ac2bf0609a18c4d44b4835028f686978)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"
(From OE-Core rev: cc87b332c5d09d4d7aaa2569fa046a16012597d2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
(From OE-Core rev: 63d7c11b46119f0c97d08f2fa837c02e633ab75f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Pull in a fix which avoids syntax warnings with python 3.12.
(From OE-Core rev: 82526703823e252070dbf689e6f82a12ceb3b035)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is needed to work with coreutils 9.5.
Also contains some README tweaks.
(From OE-Core rev: c2549844031c30d2c1a6965ee66f163878d46fab)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into. This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.
Merge in that fix and a gcc14 fix.
(From OE-Core rev: 1b181d1fcef45f969ef9147912995d80dbe87d87)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pulls in the changes:
Eilís 'pidge' Ní Fhlannagáin (1):
subports: Add _GNU_SOURCE for syncfs probe
Richard Purdie (1):
SECURITY.md: Add file
Wu Zhenyu (1):
pseudo.1: Fix a typo
(From OE-Core rev: 40a013f7134aec1d0e953ad4906944072cfb2ca1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull in:
pseudo_util.c: Open file with O_CLOEXEC to avoid fd leak
Use close-on-exec (O_CLOEXEC) flag when open log file to
make sure its file descriptor is not leaked to parent
process on fork/exec.
Fixes [YOCTO #13311]
(From OE-Core rev: b8445072f4009b3e912792931bd71a4201d541e9)
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The logic in the previous commit was reversed, update to fix it.
(From OE-Core rev: 9b06d2741191333c7b11c66e9ab5848f95cb4e42)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OE is the main user of pseudo and we've had the changes in the oe-core branch
around long enough that we're going to run with them. Swicth back to directly
using the master branch.
(From OE-Core rev: 198ff9141f94c551d2a29f3a036c209e3e554a37)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Luca: re-add 'branch' parameter to fix "does not set any branch parameter" warning]
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
pseudo overrides certain libc functions which are aliases when LFS64 is
enabled. In anycase pseudo may not be of much use on 32bit systems
(From OE-Core rev: 215367b62ac1f48ba224e56e7b8862c0a7bdbcd0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to pull in:
pseudo.c: Avoid patch mismatch errors for NAMELESS file entries
In rare cases we see failures, often in linux-libc-headers for things like:
| INSTALL /XXX/linux-libc-headers/6.1-r0/image/usr/include
| abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.
Pseudo log:
path mismatch [2 links]: ino 46662476 db 'NAMELESS FILE' req '/XXX/linux-libc-headers/6.1-r0/image/usr'.
Setup complete, sending SIGUSR1 to pid 3630890.
Whilst this doesn't easily reproduce, the issue is that multiple different processes are
likely working on the directory and the creation in pseudo might not match accesses
made by other processes.
Ultimately, the "NAMELESS FILE" is harmless and pseudo will reconcile things
so rather than error out, we should ignore this case.
(From OE-Core rev: 77d018ce3b3a9390a5cc020bce9f9ea9017820dd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f30a1a74828e105cbe69677b3fbe5623f371543)
Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
(From OE-Core rev: 8e2233fd0509b9f20c19d5006dd7ef0c2260bdba)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* need to add dependency on flex-native because now when the
.l file is modified by the .patch file it will try to regenerate
the c code and fail:
| make[1]: Entering directory 'work/x86_64-linux/xmlto-native/0.0.28-r0/build'
| /bin/bash ../xmlto-0.0.28/ylwrap ../xmlto-0.0.28/xmlif/xmlif.l .c xmlif/xmlif.c -- /bin/bash 'work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing' flex
| work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing: line 81: flex: command not found
| WARNING: 'flex' is missing on your system.
| You should only need it if you modified a '.l' file.
| You may want to install the Fast Lexical Analyzer package:
| <https://github.com/westes/flex>
* backport
https://pagure.io/xmlto/c/32376c053733c6c0ebaca3c25c0725509342fdf3?branch=master
as well, so that patched xmlif/xmlif.c is newer than xmlif/xmlif.l and the build
won't try to regenerate it with flex as that leads to random build failures reported
in:
https://lists.openembedded.org/g/openembedded-core/message/206412
https://errors.yoctoproject.org/Errors/Details/810853/
https://lists.openembedded.org/g/openembedded-core/message/206496
https://valkyrie.yoctoproject.org/#/builders/29/builds/355
(From OE-Core rev: 2e8819c0b9ada2b600aecc40c974a18eb7c0a666)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit 7806e21e7d47 ("gcc: upgrade to v11.5") removed one patch named
0001-aarch64-Update-Neoverse-N2-core-defini.patch by mistake, this will
cause the Neoverse N2 core to be identified as the armv8.5 architecture,
restore this patch to avoid related compilation issues.
(From OE-Core rev: 4c75edda8ec28fb8dee19ca90a1ea7f33ba80999)
Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* to allow building vala-native on hosts with gcc-14
* we could backport:
https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79
which is already included in scarthgap, but that's big patch doing almost the same
(From OE-Core rev: 0f850f213071d4bc3a7065334debabd32c7bd9a1)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
(From OE-Core rev: ec300eadd0ab51583502b833798a6b46956f0f47)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These CVEs were fixed in 3.10.15
Commit 487e8cdf1df6feba6d88fa29e11791f4ebaaa362 removed patches in favor
of version upgrade, which caused the CVEs to re-appear in reports.
(From OE-Core rev: 2cf10084c56c83da3deff4e65e619afab80e08e1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A DMA reentrancy issue leading to a use-after-free error
was found in the e1000e NIC emulation code in QEMU. This
issue could allow a privileged guest user to crash the
QEMU process on the host, resulting in a denial of service.
CVE-2023-3019-0002 is the CVE fix and CVE-2023-3019-0001
is dependent CVE fix.
fix indent issue in qemu.inc file.
CVE-2023-3019 patch required Mem ReenttranceyGuard structure
definition, it's defined in commit:
https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380
but the patch is causing errors:
Failed: qemux86 does not shutdown within timeout(120)
so backported only required structure definition.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-3019
Upstream patches:
https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66
https://github.com/qemu/qemu/commit/3c0463a650008aec7de29cf84540652730510921
(From OE-Core rev: 3782e1b21882ffc5e4cc466418e066179470241e)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
syslinux has vendored copy of ext2fs/ext2_fs.h but uses ext2fs/ext2fs.h
from e2fsprogs package, however, ext2fs/ext2fs.h has dependencies on
ext2fs/ext2_fs.h coming from e2fsprogs package as these both headers
come from same package, here syslinux uses ext2fs.h from e2fsprogs but
supplies its own copy of ext2_fs.h which maybe out of sync and that
results in warnings about implicit implicit-function-declarations
e.g.
recipe-sysroot/usr/include/ext2fs/ext2fs.h:727:16: error: implicit declaration of function 'ext2fs_has_feature_gdt_csum' [-Wimplicit-function-declaration]
| 727 | ext2fs_has_feature_gdt_csum(fs->super);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
ext2fs_has_feature_gdt_csum here comes from newer version of
ext2fs/ext2_fs.h but missing from vendored copy, hence the warning.
With gcc-14 this warning is treated as error by default, which breaks
the build, so lets treat it as warning only.
All these functions are never used in syslinux, so functionality-wise we
are fine.
(From OE-Core rev: 14fdee535c37aaa44898dc22149004c97b2456ca)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a2b30108055e68b62fdad7319d7d569bc38a07b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Last version bump removed patch for this CVE because it was integrated
in new release. This has caused the CVE to reappear in reports because
2023-09-12 is "higher" than 11.5...
(From OE-Core rev: d74fd7c4e9353fc00f0b79f05de101efb0148a6f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This test fails consistently on the new valkyrie autobuilder cluster
The estimate instructions (rcpss, rcpps, rsqrtps, rsqrtss) are, as the
name suggests, not expected to give a fully accurate result. They may
produce slighly different results on different CPU families because
their results are not defined by the IEEE standard.
(From OE-Core rev: 9269edb63d3c68de62326f5960ffff0c1068e709)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://errors.yoctoproject.org/Errors/Details/770525/
| checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works... no
| configure: error: installation or configuration problem: C compiler cannot create executables.
| RULES/rules.cnf:70: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf: No such file or directory
| make: *** [RULES/rules.cnf:59: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf] Error 1
| make: *** Waiting for unfinished jobs....
where config.log show it's caused by gcc-14:
configure:1189: checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works
configure:1211: gcc -o conftest -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe -D_GNU_SOURCE conftest.c 1>&5
configure:1208:1: error: return type defaults to 'int' [-Wimplicit-int]
configure: failed program was:
main(){return(0);}
(From OE-Core rev: 6fd1bc0620e6d6ce9b940eaeb68474f4d0b9369b)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 094273bd7d1768e14fbdcd2f239bee14c630a625)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This CVE iwas created because fix for CVE-2024-24576 was incomplete.
Ignore the new CVE in the same way as the old one.
See https://nvd.nist.gov/vuln/detail/CVE-2024-43402
(From OE-Core rev: 62bb1b8f89c97fa32a7b15021e9e3fbbb878ae68)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Below commit on binutils-2.38 stable branch are updated.
4d71e17a9fd libctf: fix ref leak of names of newly-inserted non-root-visible types
(From OE-Core rev: 98517fbc5bbddbe8608b41a7771eb7d90d7860a7)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc stable version upgraded from v11.4 to v11.5
Dropped CVE-2023-4039.patch and 0001-aarch64-Update-Neoverse-N2-core-defini.patch
because its been taken to gcc-11.5 with below commits 75c37e0314 and 50d9db203bc
For changes in v11.5 see: https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.5:
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=444046&resolution=FIXED&target_milestone=11.5
There are a total 164 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Assignee▲ Summary
112672 gcc target ubizjak [14 Regression] wrong code with __builtin_parityl() at -O and above on x86_64
111736 gcc sanitize unassigned Address sanitizer is not compatible with named address spaces
80899 gcc ipa hubicka [11/12/13/14 Regression] Devirtualization causes incorrect code generation with placement new in some cases
105301 gcc c++ iains [11 Regression] ICE: tree check: expected tree that contains 'decl minimal' structure, have 'overload' in coro_promise_type_found_p, at cp/coroutines.cc:516
110027 gcc middle-e jakub [11 regression] Stack objects with extended alignments (vectors etc) misaligned on detect_stack_use_after_return
110079 gcc rtl-opti jakub [11 Regression] ICE with -freorder-blocks-and-partition and inline-asm goto
110731 gcc tree-opt jakub [11/12 Regression] Wrong-code because of wide-int division since r5-424
111015 gcc tree-opt jakub [11/12/13/14 Regression] __int128 bitfields optimized incorrectly to the 64 bit operations
112727 gcc sanitize jakub [11/12/13 Regression] UBSAN creates GIMPLE path with uninitialized variable
113674 gcc c++ jakub [11 Regression] [[____attr____]] causes internal compiler error: in decl_attributes, at attribs.cc:776
114310 gcc target jakub [11 Regression] [aarch64] __sync_val_compare_and_swap fails on __int128_t with newval = 0
114493 gcc c jakub [11 Regression] internal compiler error: in fld_incomplete_type_of with may_alias
114566 gcc tree-opt jakub [11 Regression] Misaligned vmovaps when compiling with stack-protector-strong for znver4
114634 gcc c++ jakub [11 Regression] Crash Issue Encountered in GCC Compilation of Template Code with Aligned Attribute since r9-1745
114691 gcc c++ jakub [11 Regression] Bogus ignoring loop annotation warning
114825 gcc fortran Jakub [11 Regression] Compiler error using gfortran and OpenMP since r5-1190
114876 gcc tree-opt jakub [11 Regression] -fprintf-return-value mishandles %lc with a '\0' argument.
114956 gcc sanitize jakub [11 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
106890 gcc c++ jason [11 Regression] virtual inheritance triggers compiler error when instatiating derived class with in-class initialization since r8-2709-g12659e10c7820071
111529 gcc c++ jason [11/12/13 Regression] ICE on bool conversion in an unrolled loop condition inside template lambda nested in another template scope
113598 gcc c++ jason [11/12/13 Regression] GCC internal compiler error since r0-124275
114561 gcc c++ jason [11/12 Regression] Comma operator with forwarding reference to pointer raises invalid lvalue required error since r10-7410
114562 gcc c++ jason [11/12 Regression] ICE when trying to bind rvalue reference to lvalue with comma operator and forwarding reference to pointer since r10-7410
115565 gcc rtl-opti macro [11/12/13/14/15 Regression] CSE: Comparison incorrectly evaluated as constant causing optimization to produce wrong code
109876 gcc c++ mpolacek [11/12 Regression] initializer_list not usable in constant expressions in a template
110106 gcc c++ mpolacek [11/12 Regression] ICE on noexcept(noexcept(...)) with optional
89224 gcc c++ pinskia [11/12/13/14/15 Regression] subscript of const vector has the wrong type
110386 gcc tree-opt pinskia [11/12 Regression] ICE with ABSU in backprop
111331 gcc tree-opt pinskia [11/12 Regression] Wrong code at -O1 on x86_64-linux-gnu since
108120 gcc target rearnsha [11/12 Regression] ICE: in extract_insn, at recog.cc:2791 (on ARM with -mfpu=neon -freciprocal-math -O3)
95048 gcc libstdc+ redi [11 Regression] wstring-constructor of std::filesystem::path throws for non-ASCII characters
104606 gcc libstdc+ redi [11 Regression] comparison operator resolution with std::optional and -std=c++20
90348 gcc middle-e rguenth [11 Regression] Partition of char arrays is incorrect in some cases
96881 gcc tree-opt rguenth [11 Regression] Clobbers on NULL vs. DCE since r8-1519
97990 gcc c++ rguenth [11 Regression] ICE: ‘verify_type’ failed with vector types and non-PODs since r6-5222-gba6a6a1d44c17f25
103006 gcc middle-e rguenth [12/13/14/15 Regression] wrong code at -O1 or -O2 on x86_64-linux-gnu by r7-7101
110176 gcc tree-opt rguenth [11 Regression] wrong code at -Os and above on x86_64-linux-gnu since r11-2446
110295 gcc c++ rguenth [11 Regression] ICE in dwarf2out_finish with local class with inherited operator delete in a templated function and -g
110298 gcc tree-opt rguenth [11 Regression] ICE at -Os on x86_64-linux-gnu since r10-840
111039 gcc tree-opt rguenth [11 Regression] Unable to coalesce ssa_names
111080 gcc debug rguenth [11 Regression] restrict qualifier causes extra debug info to happen
111472 gcc tree-opt rguenth [11 Regression] Wrong code at -Os on x86_64-linux-gnu since r11-4563-gd0d8b5d836
111614 gcc tree-opt rguenth [11 Regression] ICE at -O2: verify_gimple failed since r14-2282-gf703d2fd3f0
111764 gcc tree-opt rguenth [11 Regression] Wrong code at -O3 on x86_64-linux-gnu
111818 gcc middle-e rguenth [11 Regression] ICE with __builtin_memcpy with volatile and constants
111917 gcc tree-opt rguenth [11 Regression] ICE in as_a, at is-a.h:255 since GCC-7
112495 gcc tree-opt rguenth [11 Regression] ICE: verify_gimple failed (after vectorizer) with named address space (__seg_gs )
112505 gcc tree-opt rguenth [11 Regression] internal compiler error: in build_vector_from_val, at tree.cc:2104 since r10-4076
112718 gcc debug rguenth [11 Regression] ICE: in add_dwarf_attr, at dwarf2out.cc:4501 with -g -fdebug-types-section -flto -ffat-lto-objects
112793 gcc tree-opt rguenth [11 regression] ICE when building stellarium (internal compiler error: in vect_schedule_slp_node, at tree-vect-slp.cc:9062)
114027 gcc tree-opt rguenth [11 Regression] miscompile at `-O3 -fno-vect-cost-model -msse4.2`
114734 gcc target rguenth [11 regression] RISC-V rv64gcv_zvl256b miscompile with -flto -O3 -mrvv-vector-bits=zvl since r8-6047-g65dd1346027bb5
108086 gcc rtl-opti rsandifo [11 Regression] internal compiler error: in set_accesses, at rtl-ssa/internals.inl:449
113281 gcc tree-opt rsandifo [11 Regression] Latent wrong code due to vectorization of shift reduction and missing promotions since r9-1590
113552 gcc tree-opt tnfchris [11/12/13 Regression] vectorizer generates calls to vector math routines with 1 simd lane.
29256 gcc target unassigned [11/12/13/14 regression] loop performance regression
82446 gcc tree-opt unassigned [11/12/13/14 Regression] Missed equalities in dr_group_sort_cmp
93631 gcc c unassigned [11/12/13/14 Regression] ICE on an invalid strcmp call in gimple_call_arg, at gimple.h:3258
93930 gcc target unassigned [11/12/13/14 Regression] Unnecessary broadcast instructions for AVX512
94335 gcc tree-opt unassigned [11/12/13/14 Regression] False positive -Wstringop-overflow warning with -O2
97140 gcc target unassigned [11/12/13/14 Regression] ICE in error: unable to generate reloads for since r10-400-gecfdb16c54ad06ac
100623 gcc target unassigned [11 Regression] wrong code with -Os -fno-dce -fno-defer-pop -fno-forward-propagate -flive-range-shrinkage -fno-rerun-cse-after-loop -mno-push-args since r10-7515-g2c0fa3ecf70d199a
100667 gcc libstdc+ unassigned [11/12 Regression] std::tuple<A&&> cannot be constructed from A&&, if A not defined (only forward declared)
103497 gcc c++ unassigned [11/12/13/14 Regression] ICE when decltype(auto)... as parameters
105034 gcc target unassigned [11/12/13/14 regression]Suboptimal codegen for min/max with -Os
107057 gcc rtl-opti unassigned [11/12 Regression] ICE in extract_constrain_insn, at recog.cc:2692
109800 gcc target acoplan [11 Regression] arm: ICE (segfault) loading double with -mpure-code -mbig-endian
110288 gcc fortran anlauf [11/12/13/14] Regression: segfault in findloc with allocatable array of allocatable characters
110585 gcc fortran anlauf ICE in gfc_compare_expr for findloc with complex literal array
110658 gcc fortran anlauf MINVAL/MAXVAL and deferred-length character arrays
115611 gcc target avieira mve: vsetq_lane for 64-bits has wrong codegen when setting lane 1
113893 gcc ada ebotcazou finalization of object allocated by anonymous access type designating local type
111050 gcc libstdc+ fdumont [11/12/13/14 Regression] ABI break in _Hash_node_value_base since GCC 11
110624 gcc target iains Xcode 15 ld warns about -macosx_version_min
114171 gcc d ibuclaw [13/14 Regression] gdc -O2 -mavx generates misaligned vmovdqa instruction
108789 gcc middle-e jakub __builtin_(add|mul|sub)_overflow methods generate duplicate operations if both operands are const which in turn causes wrong code due to overlapping arguments
110115 gcc middle-e jakub [11 Regression] Wrong code at -O1 on x86_64-linux-gnu
110914 gcc tree-opt jakub [11/12/13/14 Regression] Optimization eliminating necessary assignment before 0-byte memcpy since r10-5451
111422 gcc middle-e jakub Wrong code at -O3 on x86_64-linux-gnu
112816 gcc target jakub [11/12 Regression] ICE unrecognizable_insn with __builtin_signbit and returning struct with int[4]
113122 gcc target jakub Assembler messages: Error: operand type mismatch for `movabs' / bad expression / invalid use of register with -fprofile -mcmodel=large -masm=intel
113192 gcc libgomp jakub [11 Regression] ERROR: couldn't execute "../../../gcc/libgomp/testsuite/flock": no such file or directory
113262 gcc c jakub [11 Regression] ICE when using [[gnu::copy("")]] attribute
114533 gcc libquadm jakub libquadmath: printf: fix misaligned access on args
114537 gcc c++ jakub bit_cast does not work NSDMI of bitfields
114572 gcc c++ jakub [OpenMP] "internal compiler error: in assign_temp" with assignment operator and lastprivate clause
115172 gcc sanitize jakub Invalid -fsanitize=bool sanitization of variable from named address space
115440 gcc driver jakub unrecognized command-line option '--c++17'; did you mean '--stdc++17'?
110422 gcc tree-opt jamborm asm goto vs SRA
92145 gcc c++ jason -Wdeprecated-copy false-positive when inheriting base assignment operators
92407 gcc c++ jason Destruction of objects returned from functions skipped by goto
103185 gcc c++ jason [11/12/13 Regression] ind[arr] is rejected when arr is an array prvalue
106310 gcc c++ jason [11 Regression] lookup after this-> seems wrong for dependent lookup since r12-6754-g30f2c22def739211
111357 gcc c++ jason [11/12/13/14 Regression] __integer_pack fails to work with values of dependent type convertible to integers in noexcept context
114130 gcc target kito [11 Regression] RISC-V: `__atomic_compare_exchange` does not use sign-extended value for RV64
113250 gcc libstdc+ kmatsui std::filesystem::equivalent("", "/") should throw
115457 gcc target ktkachov AArch64 should define __ARM_FEATURE_BF16
115475 gcc target ktkachov AArch64 should define __ARM_FEATURE_SVE_BF16 when appropriate
88309 gcc target linkw [11/12/13/14 Regression] ICE: Floating point exception (in is_miss_rate_acceptable), target assigning alignent of 4 bits(!) to vector
104259 gcc libstdc+ marxin libstdc++ fails for epiphany-elf
109822 gcc libstdc+ mkretz Converting std::experimental::simd masks yields an error
59465 gcc c++ mpolacek [11/12/13 Regression] g++ allows direct-initialization of an array of class type from another array in a mem-initializer
100557 gcc c++ mpolacek [11/12/13/14 Regression] Internal compiler error: Error reporting routines re-entered.
115642 gcc c mpolacek [11/12/13/14/15 Regression] internal compiler error: tree check: expected class 'type', have 'exceptional' (error_mark) in c_expr_sizeof_expr
95351 gcc middle-e pinskia [11/12 Regression] Comparison with NAN optimizes incorrectly with -ffast-math disabled
111699 gcc middle-e pinskia [11/12/13 Regression] ICE: SIGSEGV: infinite recursion in fold_build3_loc/fold_ternary_loc/generic_simplify_VEC_COND_EXPR
109761 gcc c++ ppalka [11/12 Regression] Nested class destructor's noexcept specification incorrectly considered as too loose compared to the outer class
111485 gcc c++ ppalka [11/12 Regression] Constraint mismatch on template template parameter
113175 gcc testsuit ppalka [11/12/13/14 Regression] testsuite/std/ranges/iota/max_size_type.cc 5x times slower
111407 gcc tree-opt qinzhao [11/12/13 Regression] ICE: SSA corruption due to widening_mul opt on conflict across an abnormal edge
99327 gcc libstdc+ redi ENOTSUP macro does not exist on djgpp crt
104161 gcc libstdc+ red Potential Security Vulnerability: remove_all and symbolic link
105178 gcc libstdc+ redi [11 Regression] g++ incorrectly reports invalid use of incomplete type
108178 gcc libstdc+ redi Filesystem::copy_file can't copy from /proc on Linux machines
112491 gcc libstdc+ redi std::deque<T,Allocator>::size xmethod output is wrong
114147 gcc libstdc+ redi [11 Regression] tuple allocator-extended constructor requires non-explicit default constructor
114401 gcc libstdc+ redi libstdc++ allocator destructor omitted when reinserting node_handle into tree- and hashtable-based containers
96109 gcc testsuit rguenth [11 Regression] gcc.dg/vect/slp-47.c etc. FAIL
110182 gcc tree-opt rguenth [11 Regression] Vector(2) cast from double to float and back and subtraction seems to produce incorrect results
110200 gcc middle-e rguenth genmatch generating questionable code with convert and !
98237 gcc ipa ro gcc-dg-lto-modref-3-01.exe etc. FAIL when LTO plugin is not enabled
97696 gcc sanitize rsandifo ICE since ASAN_MARK does not handle poly_int sized varibales
100303 gcc debug rsandifo [11 Regression] -fcompare-debug failure (length) with -O -fno-dce -ftracer
111340 gcc target ubizjak gcc.dg/bitint-12.c fails on x86_64-apple-darwin or fails on x86_64-linux-gnu with -fPIE
115297 gcc rtl-opti ubizjak [14/15 regression] alpha: ICE in simplify_subreg, at simplify-rtx.cc:7554 with -O1
115836 gcc middle-e ubizjak ICE when building Firefox with-march=pentium-mmx -mtune=pentium-m
91085 gcc other unassigned [11 only] fixincludes breaks <bits/statx.h>
103183 gcc c++ unassigned [11/12/13/14 Regression] ind[arr] produces an lvalue when arr is an array xvalue
105417 gcc libstdc+ unassigned [11 Regression] powerpc64le-linux abilist changes based on --with-long-double-format=
110309 gcc target unassigned Wrong code for masked load expansion
111922 gcc ipa unassigned [11/12/13/14 Regression] ICE in cp with -O2 -fno-tree-fre
112823 gcc other unassigned [11 only] -Wincompatible-pointer-types errors in libiberty/simple-object-mach-o.c (missing backport for gcc-11)
112891 gcc target unassigned [11/12/13/14 Regression] Missing vzeroupper insert
114049 gcc target unassigned gcc.dg/framework-1.c FAILs with Xcode 15.3 beta 3
114098 gcc target unassigned _tile_loadconfig doesn't work
114521 gcc target unassigned [11 only] aarch64: wrong code with Neon ld1/st1x4 intrinsics gcc-11 and earlier
115261 gcc rtl-opti unassigned [11/12/13/14/15 regression] FAIL: gcc.target/s390/vector/vec-abi-vararg-1.c
115269 gcc libstdc+ unassigned Hardcoded links in 14.1 docs to pages from release 4.3.2
115870 gcc tree-opt unassigned Inlining of different template instances wrongly produces infinite loop
103715 gcc fortran anlauf [11/12/13/14 Regression] ICE in gfc_find_gsymbol, at fortran/symbol.c:4301 since r9-3803-ga5fbc2f36a291cbe
111837 gcc fortran anlauf [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
114474 gcc fortran anlauf [11/12/13/14 Regression] DATA statement with derived type, pointer component rejected
113979 gcc ada ebotcazou [11/12/13/14 regression] bogus error on allocator for array type with Dynamic_Predicate
103506 gcc fortran jvdelisle [11 Regression] ICE in gfc_free_namespace, at fortran/symbol.c:4039 since r10-2798-ge68a35ae4a65d2b3
107397 gcc fortran jvdelisle [11/12 Regression] ICE in gfc_arith_plus, at fortran/arith.cc:654
91035 gcc target krebbel [11/12/13/14 Regression] gotools fails to build on s390x-linux-gnu
84006 gcc fortran pault [11/12 Regression] ICE in storage_size() with CLASS entity
89462 gcc fortran pault [11/12/13 Regression] gfortran loops in code generation
93678 gcc fortran pault [11/12/13 Regression] ICE with TRANSFER and typebound procedures
103312 gcc fortran pault [11/12 Regression] ICE in gfc_find_component since r9-1098-g3cf89a7b992d483e
103368 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15668 since r12-4464-g017665f63047ce47
103716 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15964 since r9-3803-ga5fbc2f36a291cbe
106999 gcc fortran pault [11/12/13 Regression] ICE tree check: expected record_type or union_type or qual_union_type, have function_type in gfc_class_data_get, at fortran/trans-expr.cc:233
71703 gcc fortran unassigned [11 Regression] [OOP] ICE in wide_int_to_tree, at tree.c:1488
89925 gcc fortran unassigned [11 Regression] Wrong array bounds from ALLOCATE with SOURCE or MOLD
99183 gcc fortran unassigned [11 Regression] Incompatible Runtime types
99757 gcc c++ unassigned [11/12/13/14 Regression] ICE: in cp_finish_decl, at cp/decl.c:7736
104391 gcc fortran unassigned [11 Regression] bind(C) and allocatable or pointer attribute don't work
104908 gcc fortran unassigned [11/12/13/14 Regression] incorrect Fortran out-of-bound runtime error.
113179 gcc middle-e unassigned [11/12/13/14/15 Regression] MIPS: INS is used for long long, before SLL
80774 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in gfc_conv_descriptor_data_get, at fortran/trans-array.c
82904 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in make_ssa_name_fn, at tree-ssanames.c:261
111880 gcc fortran anlauf [11/12/13/14] False positive warning of obsolescent COMMON block with Fortran submodule
61527 gcc fortran unassigned [11/12/13/14 Regression] [OOP] class/extends, multiple generic assignment, accept invalid
(From OE-Core rev: 7806e21e7d47fd010872a3967e51bcacdae3a76b)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes security fixes for CVE-2024-4030, CVE-2024-7592, CVE-2024-4032, CVE-2024-8088
CVE-2024-6232, CVE-2024-6923, CVE-2023-27043 and other bug fixes.
Removed below patches, as the fixes included in 3.10.15 upgrade:
1. CVE-2023-27043.patch
2. CVE-2024-6232.patch
3. CVE-2024-7592.patch
4. CVE-2024-8088.patch
Release Notes:
https://www.python.org/downloads/release/python-31015/
(From OE-Core rev: e64ead97ae3d680f97bf85422f777cd77ae7c434)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The presence or lack of nroff on the host was changing the doc type. Stop
the code from looking at host paths outside HOSTTOOLS and hence cause the
doc type to be deterministic and reproducible.
(From OE-Core rev: 88630352d6d1cfee06787fa84b73ca8ad335cb08)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 918e2b266eba6779f19f65349f85caa880ba45e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The presence or lack of nroff on the host was changing the doc type. Set it
explicitly to be deterministic and reproducible.
(From OE-Core rev: dd857d2519fd4f38c67a6fa0087f72798166467a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the COPYING file included in the current source code
package match those of GPL-3.0-only license, which seems to have been
the case since 2008 commit
http://git.savannah.gnu.org/gitweb/?p=dejagnu.git;a=commitdiff;h=9bebe7b9bfb9b02e5e4d86ad74e8ce3eb32a36b9;hp=50fbdd118dba066e201c73a8b0155381cd65a32d
("* COPYING: Update to GPL version 3.")
(From OE-Core rev: 26b71cfb7815a096c5962629801cc3bc85147284)
(From OE-Core rev: cdedb408247e48f59c948e8c57918b88baf304b4)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream commits:
https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6
https://gitlab.com/qemu-project/qemu/-/commit/83930780325b144a5908c45b3957b9b6457b3831
https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613
(From OE-Core rev: c23ad8c89c3dd5b6004677cd0b534e22a293134d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/python/cpython/commit/2a9273a0e4466e2f057f9ce6fe98cd8ce570331b
(From OE-Core rev: 793c22623e8b3da2ca8e28fe662d8428b0f805a7)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a
Upstream-Status: Backport from https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
(From OE-Core rev: 3e5697687c8fb0aa6312773b233442b8df974feb)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE fixed:
- CVE-2024-8088: python: cpython: denial of service in zipfile
Upstream-Status: Backport from https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db
(From OE-Core rev: 295addec33c83443423a3ef87905c3a70f44a4e7)
Signed-off-by: Rohini Sangam <rsangam@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
