<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta, branch yocto-4.0.12</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.12</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-4.0.12'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-08-07T14:44:16+00:00</updated>
<entry>
<title>build-appliance-image: Update to kirkstone head revision</title>
<updated>2023-08-07T14:44:16+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2023-08-07T14:41:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d6b8790370500b99ca11f0d8a05c39b661ab2ba6'/>
<id>urn:sha1:d6b8790370500b99ca11f0d8a05c39b661ab2ba6</id>
<content type='text'>
(From OE-Core rev: e1a604db8d2cf8782038b4016cc2e2052467333b)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gcc: fix runpath errors in cc1 binary</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2023-08-03T19:46:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ab9b43f60bc125e1e799cf3546491edd4b1b22b3'/>
<id>urn:sha1:ab9b43f60bc125e1e799cf3546491edd4b1b22b3</id>
<content type='text'>
The runpath in the cc1 binary is:

Library runpath: [$ORIGIN/../../../recipe-sysroot-native/usr/lib:$ORIGIN/../../../recipe-sysroot-native/lib]

This does not match the actual location of the libraries, which would require:

Library runpath: [$ORIGIN/../../recipe-sysroot-native/usr/lib:$ORIGIN/../../recipe-sysroot-native/lib]

Prior to gcc 9.1 the recipe set B explicity with:

B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"

and this build directory structure matches the runpath in cc1, so there is no issue.

This line was commented out in versions 9.1 through 11.3.  The upgrade to 12.1 once
again uncommented this line.

As a result the runpath is incorrect in version 9.1 through 11.3 and cc1 defaults
to using host libraries.

This patch restores setting B as done in master and versions prior to 9.1

(From OE-Core rev: b6f4b3d43a399c2b446754de56ebea35657e13de)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>openssl: Upgrade 3.0.9 -&gt; 3.0.10</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2023-08-01T16:13:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7e2d3b8346a798587e77aff41d59a53145b0fb19'/>
<id>urn:sha1:7e2d3b8346a798587e77aff41d59a53145b0fb19</id>
<content type='text'>
https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-309-and-openssl-3010-1-aug-2023
Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
* Do not ignore empty associated data entries with AES-SIV (CVE-2023-2975)

(From OE-Core rev: 94ce10791ce10aa30d3a3bdef53f9b2f3c1b331a)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>gcc : upgrade to v11.4</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Sundeep KOKKONDA</name>
<email>sundeep.kokkonda@windriver.com</email>
</author>
<published>2023-07-27T10:53:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e8c1d3e07ee55678845574594faa3b2dd326b1f5'/>
<id>urn:sha1:e8c1d3e07ee55678845574594faa3b2dd326b1f5</id>
<content type='text'>
gcc stable version upgraded from v11.3 to v11.4

For changes in v11.4 see - https://gcc.gnu.org/gcc-11/changes.html

Below is the bug fix list for v11.4
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&amp;order=short_desc%2Cbug_status%2Cpriority%2Cassigned_to%2Cbug_id&amp;query_format=advanced&amp;resolution=FIXED&amp;target_milestone=11.4

There are a total 115 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.

ID	Product	Comp	    Resolution	Summary▲
108199	gcc	tree-opt	FIXE	Bitfields, unions and SRA and storage_order_attribute
107801	gcc	libstdc+	FIXE	Building cross compiler for H8 family fails in libstdc++ (c++17/memory_resource.cc)
108265	gcc	libstdc+	FIXE	chrono::hh_mm_ss can't be constructed from unsigned durations
104443	gcc	libstdc+	FIXE	common_iterator&lt;I, S&gt;::operator-&gt; is not correctly implemented
98056	gcc	c++		FIXE	coroutines: ICE tree check: expected record_type or union_type or qual_union_type, have array_type since r11-2183-g0f66b8486cea8668
107061	gcc	target		FIXE	ENCODEKEY128 clobbers xmm4-xmm6
105433	gcc	testsuit	FIXE	FAIL: gcc.target/i386/iamcu/test_3_element_struct_and_unions.c
105095	gcc	testsuit	FIXE	gcc.dg/vect/complex/fast-math-complex-* tests are not executed
100474	gcc	c++		FIXE	ICE: in diagnose_trait_expr, at cp/constraint.cc:3706
105854	gcc	target		FIXE	ICE: in extract_constrain_insn, at recog.cc:2692 (insn does not satisfy its constraints: sse2_lshrv1ti3)
104462	gcc	target		FIXE	ICE: in extract_constrain_insn_cached, at recog.cc:2682 with -mavx512fp16 -mno-xsave
106045	gcc	libgomp		FIXE	Incorrect testcase in libgomp.c/target-31.c at -O0
56189	gcc	c++		FIXE	Infinite recursion with noexcept when instantiating function template
100295	gcc	c++		FIXE	Internal compiler error from generic lambda capturing parameter pack and expanding it in if constexpr
100613	gcc	jit		FIXE	libgccjit should produce dylib on macOS
104875	gcc	libstdc+	FIXE	libstdc++-v3/src/c++11/codecvt.cc:312:24: warning: left shift count &gt;= width of type
107471	gcc	libstdc+	FIXE	mismatching constraints in common_iterator
105284	gcc	libstdc+	FIXE	missing syncstream and spanstream forward decl. in &lt;iosfwd&gt;
98821	gcc	c++		FIXE	modules : c++tools configures with CC but code fragments assume CXX.
109846	gcc	fortran		FIXE	Pointer-valued function reference rejected as actual argument
101324	gcc	target		FIXE	powerpc64le: hashst appears before mflr at -O1 or higher
102479	gcc	c++		FIXE	segfault when deducing class template arguments for tuple with libc++-14
105128	gcc	libstdc+	FIXE	source_location compile error for latest clang 15
106183	gcc	libstdc+	FIXE	std::atomic::wait might fail to be unblocked by notify_one/all on platforms without platform_wait()
102994	gcc	libstdc+	FIXE	std::atomic&lt;ptr&gt;::wait is not marked const
105324	gcc	libstdc+	FIXE	std::from_chars() assertion at floating_from_chars.cc:78 when parsing 1.11111111....
105375	gcc	libstdc+	FIXE	std::packaged_task has no deduction guide.
104602	gcc	libstdc+	FIXE	std::source_location::current uses cast from void*
106808	gcc	libstdc+	FIXE	std::string_view range concept requirement causes compile error with Boost.Filesystem
105725	gcc	c++		FIXE	[ICE] segfault with `-Wmismatched-tags`
105920	gcc	target		FIXE	__builtin_cpu_supports ("f16c") should check AVX

(From OE-Core rev: 4fd7e5951c42336729f12cde71450ec298f2078b)

Signed-off-by: Sundeep KOKKONDA &lt;sundeep.kokkonda@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>cve-update-nvd2-native: always pass str for json.loads()</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Yuta Hayama</name>
<email>hayama@lineo.co.jp</email>
</author>
<published>2023-07-27T08:56:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=cd1d34d5106c4484372552bb3cf93198f7b25d76'/>
<id>urn:sha1:cd1d34d5106c4484372552bb3cf93198f7b25d76</id>
<content type='text'>
Currently json.loads() accepts one of the types str, bytes, or bytearray
as an argument, but bytes and bytearrays have only been allowed since
python 3.6. The version of Python3 provided by default on Ubuntu 16.04
and Debian 9.x is 3.5, so make raw_data type str to work correctly on
these build hosts.

(From OE-Core rev: e67d659847afe648de1b1eca2d19c4f6375dd12c)

Signed-off-by: Yuta Hayama &lt;hayama@lineo.co.jp&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>go: fix CVE-2023-24531</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Sakib Sajal</name>
<email>sakib.sajal@windriver.com</email>
</author>
<published>2023-08-02T00:18:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1aae734721c24ce8df40e7e76af409ab507f72dc'/>
<id>urn:sha1:1aae734721c24ce8df40e7e76af409ab507f72dc</id>
<content type='text'>
Backport required patches from go1.21 to fix CVE-2023-24531.

(From OE-Core rev: 6d892c52bd5806507a05e8b6f749c54bbd9e9da6)

Signed-off-by: Sakib Sajal &lt;sakib.sajal@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>go: fix CVE-2023-24536</title>
<updated>2023-08-07T14:40:44+00:00</updated>
<author>
<name>Sakib Sajal</name>
<email>sakib.sajal@windriver.com</email>
</author>
<published>2023-08-02T00:18:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1ba43f2c8858ffb0a05644b455daf5ea75aa2fe5'/>
<id>urn:sha1:1ba43f2c8858ffb0a05644b455daf5ea75aa2fe5</id>
<content type='text'>
Backport required patches to fix CVE-2023-24536.

(From OE-Core rev: a774c895f4a425979cef8e05e8dd17c2dcb67654)

Signed-off-by: Sakib Sajal &lt;sakib.sajal@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>qemu: fix CVE-2023-2861</title>
<updated>2023-08-07T14:40:43+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-08-01T04:20:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ae7992e3b7b688e1e06b20c92aaa60af01f6bbbb'/>
<id>urn:sha1:ae7992e3b7b688e1e06b20c92aaa60af01f6bbbb</id>
<content type='text'>
9pfs: prevent opening special files

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-2861

Upstream patches:
https://github.com/qemu/qemu/commit/10fad73a2bf1c76c8aa9d6322755e5f877d83ce5

(From OE-Core rev: 9bd4ddeb4b5efc65b0514d50d6991211271924c1)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>qemu: fix CVE-2023-3255</title>
<updated>2023-08-07T14:40:43+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-08-01T04:18:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=76f6267368fa6e3475b5ee94f00c188624ae5236'/>
<id>urn:sha1:76f6267368fa6e3475b5ee94f00c188624ae5236</id>
<content type='text'>
VNC: infinite loop in inflate_buffer() leads to denial of service

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3255

Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/d921fea338c1059a27ce7b75309d7a2e485f710b

(From OE-Core rev: 52711b1392ed0c5cbe4ddf70a94b21be2f4e6e58)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>qemu: fix CVE-2023-3301</title>
<updated>2023-08-07T14:40:43+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2023-08-01T04:17:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2587c36e870ed0b4363e59444bad160b46e8959b'/>
<id>urn:sha1:2587c36e870ed0b4363e59444bad160b46e8959b</id>
<content type='text'>
qemu: hotplug/hotunplug mlx vdpa device to the occupied addr port,
then qemu core dump occurs after shutdown guest

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3301

Upstream patches:
https://gitlab.com/qemu-project/qemu/-/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8

(From OE-Core rev: f549ff6db018f66a80fc65987675e8bb6afcd002)

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
